www.MegaLab.it

da **kegia20** » mer apr 15, 2009 9:51 am

Ciao a tutti, ho un pc con win xp sp3, centrino core 2 duo 2ghz, 2gb ram.
Provato la pulizia con ccleaner, ho dato un'occhiata al task manager, ho fatto scansione completa con avira e il log con hijack.
questi sono i due log:

Avira AntiVir Personal
Report file date: mercoledì 15 aprile 2009 09:57

Scanning for 1352575 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MAPLE

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 10:08:09
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:42:23
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 15:49:57
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 18:14:39
ANTIVIR3.VDF : 7.1.3.52 243200 Bytes 15/04/2009 07:56:55
Engineversion : 8.2.0.143
AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 16:49:45
AESCRIPT.DLL : 8.1.1.75 373113 Bytes 15/04/2009 07:57:00
AESCN.DLL : 8.1.1.10 127348 Bytes 03/04/2009 18:49:14
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 23:43:46
AEPACK.DLL : 8.1.3.12 397687 Bytes 03/04/2009 18:49:12
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 12:47:09
AEHEUR.DLL : 8.1.0.116 1708407 Bytes 15/04/2009 07:56:59
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 12:47:08
AEGEN.DLL : 8.1.1.34 340340 Bytes 15/04/2009 07:56:57
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.6.9 176500 Bytes 15/04/2009 07:56:56
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/11/2008 18:42:26
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercoledì 15 aprile 2009 09:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Smc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '65' files ).

Starting the file scan:

Begin scan in 'C:\' <Small>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Dami\Impostazioni locali\Temp\_ISTMP1.DIR\_WUTL951.DLL
[WARNING] The file could not be opened!
C:\Documents and Settings\Dami\Impostazioni locali\Temp\_MEI2312\python24.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\Dami\Impostazioni locali\Temp\_MEI2568\MSVCR71.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Big>

End of the scan: mercoledì 15 aprile 2009 10:39
Used time: 42:15 Minute(s)

The scan has been done completely.

8580 Scanning directories
306258 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
6 Files cannot be scanned
306252 Files not concerned
3741 Archives were scanned
6 Warnings
0 Notes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.48.00, on 15/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Dami\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
D:\Programmi\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.polimi.it/wpad.dat
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

--
End of file - 8144 bytes

Vi ringrazio anticipatamente.
Saluti

D.

da **crazy.cat** » mer apr 15, 2009 10:34 am

dai log non si vede niente di pericoloso, hai provato a fare una scansione con combofix, ormai è diventato quasi un must per le pulizie di tutto quello che non si vede.

Hai mai pensato di sostituire sygate con un firewall più moderno e sicuro?

da **kegia20** » mer apr 15, 2009 10:44 am

tipo?

ComboFix 09-04-15.08 - Dami 15/04/2009 11.49.22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1409 [GMT 2:00]
Eseguito da: c:\documents and settings\Dami\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-03-15 al 2009-04-15 )))))))))))))))))))))))))))))))))))
.

2009-04-07 22:23 . 2009-04-07 22:23 253952 ------w c:\windows\Setup1.exe
2009-04-07 22:23 . 2009-04-07 22:23 74752 ----a-w c:\windows\ST6UNST.EXE
2009-04-07 13:11 . 2009-04-09 09:03 -------- d-----w C:\Grafo_ecologico_inquadramento
2009-04-07 12:41 . 1997-04-08 19:08 299520 ----a-w c:\windows\uninst.exe
2009-03-24 13:10 . 2008-04-13 18:54 22016 ----a-w c:\windows\system32\drivers\MSIRCOMM.sys
2009-03-24 13:10 . 2008-04-13 18:54 22016 ----a-w c:\windows\system32\dllcache\msircomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 12:50 . 2009-02-14 12:14 -------- d-----w c:\programmi\Microsoft Silverlight
2009-04-09 08:51 . 2008-11-01 14:58 59304 ----a-w c:\documents and settings\Dami\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-09 08:22 . 2008-11-06 11:06 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-04-09 08:13 . 2008-11-07 10:39 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Autodesk
2009-04-09 08:13 . 2008-11-07 10:38 -------- d-----w c:\programmi\File comuni\Autodesk Shared
2009-04-07 18:50 . 2008-11-01 18:49 -------- d-----w c:\documents and settings\Dami\Dati applicazioni\Skype
2009-04-07 18:18 . 2008-11-01 18:50 -------- d-----w c:\documents and settings\Dami\Dati applicazioni\skypePM
2009-04-07 12:45 . 2009-04-07 12:45 -------- d-----w c:\programmi\File comuni\ESRI
2009-04-06 17:47 . 2008-11-01 19:01 -------- d-----w c:\programmi\File comuni\Adobe
2009-03-31 13:38 . 2008-11-02 13:17 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\pdf995
2009-03-11 17:55 . 2009-03-11 17:55 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-03-03 14:02 . 2009-03-03 14:02 -------- d-----w c:\programmi\Microsoft
2009-03-03 14:02 . 2009-03-03 14:02 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-03-03 14:01 . 2008-11-01 18:37 -------- d-----w c:\programmi\Windows Live
2009-03-03 13:57 . 2008-11-19 14:14 -------- d-----w c:\documents and settings\Dami\Dati applicazioni\Abvent_Artlantis2
2009-03-03 13:50 . 2009-03-03 13:50 -------- d-----w c:\programmi\File comuni\Windows Live
2009-02-25 10:18 . 2009-02-25 10:18 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-02-25 09:54 . 2009-02-25 09:54 -------- d-----w c:\programmi\File comuni\Macrovision Shared
2009-02-23 11:23 . 2009-02-23 11:23 488 ----a-w C:\hpfr3420.xml
2009-02-23 11:23 . 2009-02-23 11:23 271 ----a-w C:\hpfr3420.log
2009-02-16 22:04 . 2008-11-03 11:13 -------- d-----w c:\documents and settings\Dami\Dati applicazioni\dvdcss
2009-02-11 21:36 . 2009-02-11 21:33 19554 ----a-w c:\windows\hpoins01.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-17 19:59 . 2008-11-01 14:23 98304 ----a-w c:\windows\DUMP54c7.tmp
2009-01-16 20:15 . 2008-08-27 13:27 3594752 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-20 14:32 . 2008-12-20 14:32 133 ----a-w c:\documents and settings\Dami\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-11-04 23:09 . 2008-11-04 18:01 98512 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-06-30 2376928]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 3080192]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-16 16248320]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-21 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Watch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
2006-11-28 17:43 754712 ----a-w c:\programmi\Acer\OrbiCam10\OrbiCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w d:\programmi\Adobe\Acrobat\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 15:14 147456 ----a-w c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:39 1289000 ----a-w d:\programmi\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-11-28 17:38 244512 ----a-w c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w d:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-09-23 13:17 21755688 ----a-r c:\programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 12:48 286720 ----a-w c:\windows\vsnpstd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Giochi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Programmi\\uusee\\UUSeePlayer.exe"=
"d:\\Programmi\\VoipBuster\\VoipBuster.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]

.
Contenuto della cartella 'Scheduled Tasks'

2009-03-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1100 series272A572217594EBCF1CEE215E352B92AD073FDE4234388305.job
- d:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dami\Dati applicazioni\Mozilla\Firefox\Profiles\vmul9m0z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 2
FF - component: d:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Dami\Dati applicazioni\Mozilla\Firefox\Profiles\vmul9m0z.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: d:\programmi\Adobe\Acrobat\Reader\browser\nppdf32.dll
FF - plugin: d:\programmi\Firefox\plugins\np-mswmp.dll
FF - plugin: d:\programmi\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 11:50
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-04-15 11.51.48
ComboFix-quarantined-files.txt 2009-04-15 09:51

Pre-Run: 22.998.781.952 byte disponibili
Post-Run: 23.862.472.704 byte disponibili

156 --- E O F --- 2009-02-26 02:00

da **crazy.cat** » mer apr 15, 2009 12:12 pm

kegia20 ha scritto:tipo?

ci sono pctools firewall e online armor tutti e due gratis e in italiano.
Combofix ha rimosso qualcosa, adesso come va il pc?

da **kegia20** » mer apr 15, 2009 1:36 pm

guardando il primo post d questa sezione ho installato comodo firewall (free)

ho allegato il log nel messaggio precedente, non ci ho capito molto della scansione che ha fatto... [std]

da **crazy.cat** » mer apr 15, 2009 2:05 pm

kegia20 ha scritto:ho allegato il log nel messaggio precedente, non ci ho capito molto della scansione che ha fatto...

Ti avevo detto che combofix avevo rimosso qualcosa
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll

Per quello ti chiedevo se il pc andava meglio.

da **kegia20** » mer apr 15, 2009 3:40 pm

ah giusto, scusa ma avevo letto male...il pc ora sembra andare bene, nessun rallentamento! [^]

grazie mille!!

www.MegaLab.it

Pc rallentato, mozilla si pianta

Pc rallentato, mozilla si pianta

Re: Pc rallentato, mozilla si pianta

Re: Pc rallentato, mozilla si pianta

Re: Pc rallentato, mozilla si pianta

Re: Pc rallentato, mozilla si pianta

Re: Pc rallentato, mozilla si pianta

Re: Pc rallentato, mozilla si pianta

Chi c’è in linea