www.MegaLab.it

[whiterock]

ciao ragazzi.ho un problema con internet.
quando mi connetto inizialmente per le prime 2 o 3 pagine e' veloce poi non le carica piu'.
devo spegnere il computer e riaccenderlo il giorno dopo per fare in modo che tutto vada bene.
ho un portatile con vista e l'ads 7 mega con ethernet.ho antivir con superantispyware da cui non risulta niente.
posto qui il mio log nella speranza che possa essere utile.
grazie mille in anticipo per l'aiuto. ciao

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.33.55, on 27/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D457517F-6933-4A9E-8830-A659E19C111D}: NameServer = 85.37.17.46 85.38.28.84
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9576 bytes

l 7 mega collegata ethernet.ho antivir e superantispyware da cui non risulta nulla.

[Amantide]

Ciao e benvenuto/a

Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto usando il tag LOG.

[whiterock]

grazie mille amantide per avere risposto.sei molto gentile.
ecco il post di combo.ciao e grazie in anticipo.

ComboFix 08-12-26.03 - user 2008-12-27 14.23.13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2046.1064 [GMT 1:00]
Eseguito da: c:\users\user\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*
FW: Kaspersky Internet Security *disabled*
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-11-27 al 2008-12-27 )))))))))))))))))))))))))))))))))))
.

2008-12-25 21:32 . 2008-12-25 21:32 <DIR> d-------- c:\users\user\AppData\Roaming\CANON INC
2008-12-25 21:32 . 2008-12-25 21:32 <DIR> d-------- c:\users\user\AppData\Roaming\CameraWindowDC
2008-12-24 19:54 . 2008-12-24 19:54 <DIR> d-------- c:\users\user\AppData\Roaming\ZoomBrowser EX
2008-12-24 19:50 . 2008-12-24 19:50 <DIR> d-------- c:\users\All Users\ZoomBrowser
2008-12-24 19:50 . 2008-12-24 19:50 <DIR> d-------- c:\programdata\ZoomBrowser
2008-12-24 19:48 . 2008-12-24 19:48 <DIR> d-------- c:\program files\Common Files\Canon
2008-12-14 15:13 . 2008-12-14 21:24 <DIR> d-------- c:\program files\The Cleaner Demo
2008-12-14 13:11 . 2008-12-14 14:02 270,368 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-12-14 13:11 . 2008-12-14 14:02 4,244 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-12-14 10:06 . 2008-12-25 19:36 <DIR> d-------- c:\program files\Panda Security
2008-12-12 21:37 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 20:42 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-12 20:41 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-12 20:41 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-12 20:41 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-12 18:40 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-12 18:40 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-12 18:40 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-12 18:40 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 19:59 . 2008-12-09 19:59 <DIR> d-------- c:\users\user\AppData\Roaming\TuneUp Software
2008-12-09 19:16 . 2008-12-23 22:24 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-06 16:51 . 2008-12-07 14:41 <DIR> d-------- c:\users\user\AppData\Roaming\skypePM
2008-12-06 16:51 . 2008-12-06 16:51 32 --a------ c:\users\All Users\ezsid.dat
2008-12-06 16:51 . 2008-12-06 16:51 32 --a------ c:\programdata\ezsid.dat
2008-12-05 23:01 . 2008-12-05 23:01 <DIR> d-------- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2008-12-05 23:01 . 2008-12-05 23:01 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-12-05 23:01 . 2008-12-05 23:01 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-12-05 23:01 . 2008-12-09 18:33 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-05 23:00 . 2008-12-10 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-02 19:20 . 2008-12-20 16:35 <DIR> d-a------ c:\users\All Users\TEMP
2008-12-02 19:20 . 2008-12-20 16:35 <DIR> d-a------ c:\programdata\TEMP
2008-12-02 19:19 . 2008-12-07 18:20 <DIR> d-------- c:\users\All Users\Skype
2008-12-02 19:19 . 2008-12-07 18:20 <DIR> d-------- c:\programdata\Skype
2008-12-02 19:18 . 2008-12-02 19:18 <DIR> d-------- c:\users\All Users\Google
2008-12-01 21:28 . 2008-12-26 14:28 <DIR> d-------- c:\users\All Users\Google Updater
2008-12-01 21:28 . 2008-12-26 14:28 <DIR> d-------- c:\programdata\Google Updater
2008-12-01 21:28 . 2008-12-02 19:19 <DIR> d-------- c:\program files\Google
2008-12-01 17:42 . 2008-12-20 18:27 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-01 17:42 . 2008-12-20 18:27 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-01 17:42 . 2008-12-20 18:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-01 17:31 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-01 17:30 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-01 17:30 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-12-01 17:30 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-01 17:30 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-01 17:30 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-01 17:30 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-01 17:30 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-01 17:25 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-01 17:25 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-01 17:25 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-01 17:25 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-01 17:25 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-01 17:25 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-01 17:25 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-01 17:25 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-01 17:25 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-30 19:18 . 2008-11-30 19:18 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-30 19:18 . 2008-11-30 19:18 <DIR> d-------- c:\programdata\WindowsSearch
2008-11-29 17:25 . 2008-11-29 17:25 264 --a------ c:\windows\_delis32.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 11:50 --------- d-----w c:\program files\CCleaner
2008-12-24 18:51 --------- d-----w c:\program files\Canon
2008-12-14 12:11 --------- d-----w c:\programdata\Kaspersky Lab
2008-12-12 22:17 --------- d-----w c:\program files\Windows Mail
2008-12-12 20:40 --------- d-----w c:\programdata\Microsoft Help
2008-12-01 18:10 294,345,571 ----a-w c:\windows\DUMP7aab.tmp
2008-11-30 13:10 --------- d-----w c:\users\user\AppData\Roaming\Comodo
2008-11-30 13:10 --------- d-----w c:\programdata\comodo
2008-11-30 13:10 --------- d-----w c:\program files\COMODO
2008-11-07 18:51 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-30 20:42 249,592 ----a-w c:\windows\System32\cssdll32.dll
2008-10-30 19:09 --------- d-----w c:\programdata\Avira
2008-10-30 19:09 --------- d-----w c:\program files\Avira
2008-10-29 18:56 --------- d-----w c:\programdata\Avg8
2008-09-29 21:21 174 --sha-w c:\program files\desktop.ini
2008-09-29 21:01 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-29 21:01 101,888 ----a-w c:\windows\System32\ifxcardm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-01 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-02 30192]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" [2003-07-07 729088]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-29 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-06-29 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-09 18:33 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4F9EAF6B-6F99-40C7-9ACE-2469FFA6F139}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C9A23E54-55B1-4763-A97F-7C3577496CF2}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{A4D7AAFB-A74D-46E6-A882-D9BC2F36325A}"= Disabled:UDP:c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe:Nokia PC Suite
"{66D7EDF1-170B-4A98-A512-960DCB1173EA}"= Disabled:TCP:c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe:Nokia PC Suite
"TCP Query User{635772A6-BC24-4494-BA55-A8CCB4F46FE9}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{CC9EBEA5-12C6-4AE6-B5C9-FC4C164349BA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F2D9F7CF-5BE4-479D-9A5A-791A04D4A370}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{72FC1513-6CD3-4F8A-8A08-7CE99D818D40}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{22A9D9CC-B931-43AB-ABD9-7185D3480792}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{436C1642-4825-46CD-BF6A-4C2702C9F646}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-10-13 15:06:06 13560]
R2 BcmSqlStartupSvc;Servizio di avvio SQL Server di Business Contact Manager;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-08 451072]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-02 30192]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-12-26 c:\windows\Tasks\User_Feed_Synchronization-{94A873B7-0707-4DE8-B731-048AD8A19EA3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 14:25:37
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\user\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'Explorer.exe'(536)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
Ora fine scansione: 2008-12-27 14.32.44
ComboFix-quarantined-files.txt 2008-12-27 13:32:41

Pre-Run: 79.955.410.944 byte disponibili
Post-Run: 79,493,496,832 byte disponibili

198 --- E O F --- 2008-12-26 18:15:54

[Amantide]

Scusa se ti rispondo un po' in ritardo, spero che la mia risposta ti sarà ancora utile.
Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.

Codice: Seleziona tutto

File::
c:\windows\_delis32.ini


Ora trascina il file CFScript.txt sull'icona di ComboFix. Aspetta il termine della scansione e posta il nuovo log di Combofix.

Fai anche la scansione completa con Malwarebytes Anti-malware e posta qui anche il suo report.

[whiterock]

grazie mille amantide il problema l'ho ancora e non sei in ritardo anzi al contrario.
e' difficile trovare qualcuno che ti dia una mano.sei molto gentile.
l'unica cosa che non ho capito e'cosa devo fare con questa riga:c:\windows\_delis32.ini
per il resto ho capito.
per domani cerchero' di farlo.

grazie mille in anticipo.ciao

[whiterock]

ecco il post di combo con le modifiche che mi hai chiesto piu' tardi postero' il resto ciao e grazie

ComboFix 08-12-28.04 - user 2008-12-30 0.31.42.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2046.1118 [GMT 1:00]
Eseguito da: c:\users\user\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\users\user\Desktop\cfscript.txt.txt
* Creato nuovo punto di ripristino

FILE ::
c:\windows\_delis32.ini
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\_delis32.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-11-28 al 2008-12-29 )))))))))))))))))))))))))))))))))))
.

2008-12-29 19:19 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-12-27 23:53 . 2008-12-27 23:53 250 --a------ c:\windows\gmer.ini
2008-12-27 19:10 . 2008-12-27 19:10 <DIR> d-------- c:\users\user\AppData\Roaming\Avira
2008-12-27 18:59 . 2008-12-27 18:59 <DIR> d-------- c:\users\All Users\Avira
2008-12-27 18:59 . 2008-12-27 18:59 <DIR> d-------- c:\programdata\Avira
2008-12-27 18:59 . 2008-12-27 18:59 <DIR> d-------- c:\program files\Avira
2008-12-25 21:32 . 2008-12-25 21:32 <DIR> d-------- c:\users\user\AppData\Roaming\CANON INC
2008-12-25 21:32 . 2008-12-25 21:32 <DIR> d-------- c:\users\user\AppData\Roaming\CameraWindowDC
2008-12-24 19:54 . 2008-12-28 21:53 <DIR> d-------- c:\users\user\AppData\Roaming\ZoomBrowser EX
2008-12-24 19:50 . 2008-12-28 21:51 <DIR> d-------- c:\users\All Users\ZoomBrowser
2008-12-24 19:50 . 2008-12-28 21:51 <DIR> d-------- c:\programdata\ZoomBrowser
2008-12-24 19:48 . 2008-12-24 19:48 <DIR> d-------- c:\program files\Common Files\Canon
2008-12-14 13:11 . 2008-12-14 14:02 270,368 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-12-14 13:11 . 2008-12-14 14:02 4,244 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-12-12 21:37 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 20:42 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-12 20:41 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-12 20:41 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-12 20:41 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-12 18:40 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-12 18:40 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-12 18:40 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-12 18:40 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 19:59 . 2008-12-09 19:59 <DIR> d-------- c:\users\user\AppData\Roaming\TuneUp Software
2008-12-09 19:16 . 2008-12-23 22:24 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-06 16:51 . 2008-12-07 14:41 <DIR> d-------- c:\users\user\AppData\Roaming\skypePM
2008-12-06 16:51 . 2008-12-06 16:51 32 --a------ c:\users\All Users\ezsid.dat
2008-12-06 16:51 . 2008-12-06 16:51 32 --a------ c:\programdata\ezsid.dat
2008-12-05 23:01 . 2008-12-05 23:01 <DIR> d-------- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2008-12-05 23:01 . 2008-12-05 23:01 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-12-05 23:01 . 2008-12-05 23:01 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-12-05 23:01 . 2008-12-09 18:33 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-05 23:00 . 2008-12-29 13:46 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-02 19:20 . 2008-12-20 16:35 <DIR> d-a------ c:\users\All Users\TEMP
2008-12-02 19:20 . 2008-12-20 16:35 <DIR> d-a------ c:\programdata\TEMP
2008-12-02 19:19 . 2008-12-07 18:20 <DIR> d-------- c:\users\All Users\Skype
2008-12-02 19:19 . 2008-12-07 18:20 <DIR> d-------- c:\programdata\Skype
2008-12-02 19:18 . 2008-12-28 21:03 <DIR> d-------- c:\users\All Users\Google
2008-12-01 21:28 . 2008-12-30 00:04 <DIR> d-------- c:\users\All Users\Google Updater
2008-12-01 21:28 . 2008-12-30 00:04 <DIR> d-------- c:\programdata\Google Updater
2008-12-01 21:28 . 2008-12-28 21:05 <DIR> d-------- c:\program files\Google
2008-12-01 17:42 . 2008-12-20 18:27 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-01 17:42 . 2008-12-20 18:27 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-01 17:31 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-01 17:30 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-01 17:30 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-12-01 17:30 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-01 17:30 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-01 17:30 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-01 17:30 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-01 17:30 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-01 17:25 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-01 17:25 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-01 17:25 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-01 17:25 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-01 17:25 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-01 17:25 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-01 17:25 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-01 17:25 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-01 17:25 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-30 19:18 . 2008-11-30 19:18 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-30 19:18 . 2008-11-30 19:18 <DIR> d-------- c:\programdata\WindowsSearch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 11:50 --------- d-----w c:\program files\CCleaner
2008-12-24 18:51 --------- d-----w c:\program files\Canon
2008-12-14 12:11 --------- d-----w c:\programdata\Kaspersky Lab
2008-12-12 22:17 --------- d-----w c:\program files\Windows Mail
2008-12-12 20:40 --------- d-----w c:\programdata\Microsoft Help
2008-12-01 18:10 294,345,571 ----a-w c:\windows\DUMP7aab.tmp
2008-11-30 13:10 --------- d-----w c:\users\user\AppData\Roaming\Comodo
2008-11-30 13:10 --------- d-----w c:\programdata\comodo
2008-11-07 18:51 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-30 20:42 249,592 ----a-w c:\windows\System32\cssdll32.dll
2008-10-29 18:56 --------- d-----w c:\programdata\Avg8
2008-09-29 21:21 174 --sha-w c:\program files\desktop.ini
2008-09-29 21:01 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-29 21:01 101,888 ----a-w c:\windows\System32\ifxcardm.dll
.

((((((((((((((((((((((((((((( snapshot_2008-12-30_ 0.19.59,17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-29 23:14:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-29 23:25:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-29 23:14:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-29 23:25:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-29 23:14:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-29 23:25:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-29 23:16:13 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-29 23:31:17 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-29 23:31:17 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-02 30192]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" [2003-07-07 729088]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-29 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-09 18:33 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-09 18:33 1809648 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-12-01 21:28 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-11-05 21:48 57344 c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4F9EAF6B-6F99-40C7-9ACE-2469FFA6F139}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C9A23E54-55B1-4763-A97F-7C3577496CF2}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{A4D7AAFB-A74D-46E6-A882-D9BC2F36325A}"= Disabled:UDP:c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe:Nokia PC Suite
"{66D7EDF1-170B-4A98-A512-960DCB1173EA}"= Disabled:TCP:c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe:Nokia PC Suite
"TCP Query User{635772A6-BC24-4494-BA55-A8CCB4F46FE9}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{CC9EBEA5-12C6-4AE6-B5C9-FC4C164349BA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F2D9F7CF-5BE4-479D-9A5A-791A04D4A370}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{72FC1513-6CD3-4F8A-8A08-7CE99D818D40}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{22A9D9CC-B931-43AB-ABD9-7185D3480792}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{436C1642-4825-46CD-BF6A-4C2702C9F646}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-29 28544]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-10-13 15:06:06 13560]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;"c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-12-27 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"c:\program files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-12-27 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;"c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-12-27 41217]
R2 BcmSqlStartupSvc;Servizio di avvio SQL Server di Business Contact Manager;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-08 451072]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-02 30192]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-12-29 c:\windows\Tasks\User_Feed_Synchronization-{94A873B7-0707-4DE8-B731-048AD8A19EA3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:34:11
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-12-30 0.38.30
ComboFix-quarantined-files.txt 2008-12-29 23:38:28
ComboFix2.txt 2008-12-29 23:24:04
ComboFix3.txt 2008-12-27 13:32:45

Pre-Run: 80.005.406.720 byte disponibili
Post-Run: 79,754,747,904 byte disponibili

206 --- E O F --- 2008-12-26 18:15:54

[whiterock]

ciao amantide ecco il post di malawarebytes da cui pero' credo non risulti niente ciao e grazie ancora.

Malwarebytes' Anti-Malware 1.31
Versione del database: 1574
Windows 6.0.6001 Service Pack 1

30/12/2008 11.47.51
mbam-log-2008-12-30 (11-47-51).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 116844
Tempo trascorso: 1 hour(s), 1 minute(s), 0 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[Amantide]

Oltre al file che abbiamo già rimosso non vedo nient'altro di sospetto a livello virale che potrebbe provocarti i problemi con la connessione.
Se non vedi i miglioramenti il problema potrebbe essere di natura hardware.

[whiterock]

ti ringrazio amantide adesso provero'.non potrebbe essere un problema di settaggio connessioni?ciao.

[Amantide]

non potrebbe essere un problema di settaggio connessioni?

Può darsi
Di che ADSL si tratta? Alice?
Hai provato a settare manualmente DNS?

[whiterock]

ho settato i dns come avevi suggerito in un tuo precedente post


85.37.17.46
85.38.28.84

alice 7 mega con modem eb1070

ciao e grazie ancora.

[Amantide]

Da come ho capito ti connetti tramite il cavo ethernet e non USB, è vero?
Il problema persiste ancora?

P.S. Vedo ora nel log che si vedono le tracce di AVG8 e Kaspersky

Codice: Seleziona tutto

c:\programdata\Avg8
c:\programdata\Kaspersky Lab

Per caso ce l'hai installati ancora?

[whiterock]

mi connetto con ethernet per adesso sembra che funzioni ma non capita sempre puo' darsi che il problema si ripresenti.

non ho piu' kaspersky ne avg .devo eliminare le righe con combo?ciao

[Amantide]

per adesso sembra che funzioni ma non capita sempre puo' darsi che il problema si ripresenti.

Tienimi informata sulla situazione.

non ho piu' kaspersky ne avg .devo eliminare le righe con combo?ciao

Se non ce li hai più puoi eliminare quelle cartelle tranquillamente semplicemente spostandole nel cestino.

[whiterock]

ok grazie mille.

[whiterock]

ciao amantide volevo dirti che non ho piu' problemi.
volevo ringraziarti per l'aiuto e augurarti buon anno .
spero di ricambiare un giorno ma purtroppo le mie conoscenze informatiche sono limitate.ciao

[Amantide]