www.MegaLab.it

[poppiski]

Ho tra le mani un mio vecchio PC dato ad un amico.
A me è andato sempre benissimo, adesso invece sembra una lumaca.
Ho provato di tutto ma senza grandi risultati.

ecco il log di combofix

ComboFix 09-08-18.03 - Rita 19/08/2009 14.33.29.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.255.120 [GMT 2:00]
Eseguito da: c:\documents and settings\Rita\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-3C24-9E7C08000A00}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\d68f9.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-07-19 al 2009-08-19 )))))))))))))))))))))))))))))))))))
.

2009-08-16 13:46 . 2009-08-16 13:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-15 14:03 . 2009-08-15 14:30 -------- d-----w- c:\programmi\PeerGuardian2
2009-08-15 13:39 . 2009-08-15 13:39 371349 ----a-w- c:\windows\system32\drivers\BT848.sys
2009-08-15 13:00 . 2009-08-15 13:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-08-15 13:00 . 2009-08-15 13:00 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-08-15 12:59 . 2009-08-15 13:00 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-08-15 12:54 . 2009-08-15 12:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-15 12:54 . 2009-08-15 13:03 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\DAEMON Tools Lite
2009-08-15 11:44 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-08-15 11:42 . 2009-08-15 11:42 -------- d-----w- c:\windows\Logs
2009-08-14 14:48 . 2009-08-15 09:27 117760 ----a-w- c:\documents and settings\Rita\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-14 14:46 . 2009-08-14 14:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-08-14 14:45 . 2009-08-14 14:45 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-08-14 14:45 . 2009-08-14 14:45 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\SUPERAntiSpyware.com
2009-08-14 14:24 . 2009-08-14 14:24 -------- d-----w- c:\windows\Sun
2009-08-14 14:20 . 2009-08-14 14:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-14 14:19 . 2009-08-14 14:19 -------- d-----w- c:\programmi\Java
2009-08-14 14:19 . 2009-08-14 14:19 152576 ----a-w- c:\documents and settings\Rita\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-13 22:07 . 2009-08-13 22:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2009-08-13 15:33 . 2009-08-13 15:33 -------- d-----w- c:\programmi\vanBasco's Karaoke Player
2009-08-13 09:08 . 2009-08-13 09:09 -------- d-----w- c:\programmi\File comuni\Adobe
2009-08-13 09:04 . 2009-08-15 13:19 -------- d-----w- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Adobe
2009-08-12 15:37 . 2009-08-12 15:37 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 16:55 . 2009-08-11 17:09 -------- d-----w- c:\windows\nview
2009-08-11 16:55 . 2006-10-22 10:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-11 16:54 . 2006-10-22 13:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-10 21:24 . 2009-08-14 08:54 -------- d-----w- c:\windows\system32\Adobe
2009-08-10 21:12 . 2009-08-06 20:49 455033 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-08-10 21:12 . 2009-07-22 15:43 127348 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-08-10 21:12 . 2009-07-14 16:08 430452 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-08-10 21:12 . 2009-04-30 13:33 106868 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-08-10 21:12 . 2009-06-17 13:32 196987 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-08-10 21:12 . 2009-05-27 16:10 401783 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-08-10 21:12 . 2009-08-07 13:57 1917302 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-08-10 21:12 . 2009-08-06 20:49 356723 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-08-10 21:12 . 2009-07-22 15:43 233846 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-08-10 21:12 . 2009-07-22 15:43 184694 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-08-10 21:12 . 2008-10-15 09:49 393588 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-08-10 21:12 . 2008-10-15 09:49 53618 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\CONFIG\AVWIN.INIaebb.dll
2009-08-10 20:58 . 2009-08-10 20:58 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\PCToolsFirewallPlus
2009-08-10 20:56 . 2009-03-06 14:45 130424 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-10 20:56 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-10 20:56 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-10 20:55 . 2009-08-10 20:56 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-08-10 20:55 . 2008-09-22 09:29 97408 ----a-w- c:\windows\system32\drivers\pctfw.sys
2009-08-10 20:55 . 2009-01-21 07:38 95640 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-08-10 20:55 . 2009-08-11 17:47 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-08-10 20:35 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 20:35 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-10 20:35 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-10 20:35 . 2009-08-10 20:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-08-10 19:35 . 2009-08-10 19:36 -------- d-----w- c:\programmi\eMule
2009-08-10 15:44 . 2009-08-13 10:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-20 17:46 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-20 17:46 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 12:17 . 2009-01-04 21:13 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-19 11:05 . 2009-05-02 20:17 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-15 19:29 . 2009-01-05 16:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-15 13:12 . 2009-01-05 21:08 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-15 13:11 . 2009-01-05 21:08 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-08-15 12:37 . 2009-01-05 21:08 -------- d-----w- c:\programmi\sisagp
2009-08-15 11:47 . 2009-08-15 11:47 1621 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml92.tmp
2009-08-15 11:47 . 2009-08-15 11:47 13592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml91.tmp
2009-08-15 11:47 . 2009-08-15 11:47 8023 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml90.tmp
2009-08-14 14:43 . 2002-10-28 23:21 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-08-12 09:37 . 2009-05-03 08:13 -------- d-----w- c:\programmi\YouTube Downloader
2009-08-10 17:16 . 2009-01-05 16:38 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-10 17:14 . 2009-01-04 21:13 -------- d-----w- c:\programmi\SpywareBlaster
2009-08-10 15:53 . 2001-08-31 11:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2009-08-10 15:53 . 2001-08-31 11:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2009-08-05 09:05 . 2004-08-19 13:39 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-20 17:43 . 2009-01-05 20:35 -------- d-----w- c:\programmi\Google
2009-07-17 18:56 . 2004-08-19 13:39 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2004-08-19 13:39 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:55 . 2004-08-19 13:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 18:34 . 2004-08-19 13:39 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:34 . 2004-08-19 13:39 519168 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:34 . 2004-08-19 13:39 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:34 . 2004-08-19 13:39 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:34 . 2004-08-19 13:39 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:34 . 2004-08-19 13:39 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:34 . 2004-08-19 13:39 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:34 . 2004-08-19 13:39 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:34 . 2004-08-19 13:39 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:34 . 2004-08-19 13:39 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:34 . 2004-08-19 13:39 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:34 . 2004-08-19 13:39 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 08:44 . 2004-08-19 13:39 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-19 13:39 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-19 13:39 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-19 13:39 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-19 13:39 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-19 13:39 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2004-08-19 13:39 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-19 13:39 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-19 13:39 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 20:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 20:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:53 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2001-08-31 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 11:32 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:32 . 2004-08-19 13:39 82432 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:23 . 2004-08-19 13:39 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:30 . 2004-08-19 13:39 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2002-10-29 00:41 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:25 . 2004-08-19 13:39 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 21:22 . 2003-07-18 08:58 36992 ----a-w- c:\windows\system32\drivers\SISAGPX.SYS
2009-06-01 21:18 . 2009-06-01 21:19 9472 ----a-w- c:\windows\system32\drivers\sisperf.sys
2009-06-01 21:18 . 2009-06-01 21:19 49024 ----a-w- c:\windows\system32\drivers\sisidex.sys
2009-06-01 21:18 . 2003-03-25 15:50 4096 ----a-w- c:\windows\system32\drivers\siside.sys
2009-06-01 21:18 . 2009-06-01 21:19 139264 ----a-w- c:\windows\system32\IDEproperty.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"SharedAccess"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"nwiz"=nwiz.exe /install
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\ADSL Seat-Tin.it\\ADSL Tin.it\\app\\EnterNetFolder.exe"=
"c:\\Programmi\\Avira\\AntiVir Desktop\\update.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10/08/2009 22.56.43 159600]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16.06.28 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16.06.28 74480]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [15/08/2009 15.39.12 371349]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [10/08/2009 22.56.50 73840]
R2 PPPoEService;PPPoE Service;c:\progra~1\ADSLSE~1.IT\ADSLTI~1.IT\app\pppoeservice.exe [06/01/2009 1.10.53 49152]
R3 DCamUSBNW802;Mustek Wcam 300;c:\windows\system32\drivers\pcam.sys [01/06/2009 21.55.17 265904]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [06/01/2009 1.10.52 161640]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10/08/2009 22.55.21 95640]
S3 NTSTPL1;NTSTPL1;c:\progra~1\ADSLSE~1.IT\ADSLTI~1.IT\app\NTSTPL1.SYS [06/01/2009 1.10.53 16096]
S3 RAWESR;RAWESR;c:\progra~1\ADSLSE~1.IT\ADSLTI~1.IT\app\RAWESR.SYS [06/01/2009 1.10.53 12924]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys c:\windows\system32\DRIVERS\wg111v2.sys
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16.06.30 7408]
S3 TAPBIND;TAPBIND;c:\progra~1\ADSLSE~1.IT\ADSLTI~1.IT\app\TAPBIND1.SYS [06/01/2009 1.10.53 44544]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:27]

2009-08-19 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Rita\Dati applicazioni\Mozilla\Firefox\Profiles\t8i3686j.default\
FF - prefs.js: browser.startup.homepage - http://www.google.it

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 14:40
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2009-08-19 14.44.27
ComboFix-quarantined-files.txt 2009-08-19 12:44

Pre-Run: 13.145.903.104 byte disponibili
Post-Run: 13.141.520.384 byte disponibili

294 --- E O F --- 2009-08-12 15:41

e quello di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.53.37, on 19/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\ADSLSE~1.IT\ADSLTI~1.IT\app\pppoeservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\ADSLSE~1.IT\ADSLTI~1.IT\app\pppoeservice.exe

--
End of file - 4504 bytes

magari trovate qualcosa che io non vedo

grazie a chi volesse aiutarmi

[ste_95]

Neanche io ci vedo nulla. Immagino tu abbia già effettuato queste operazioni:
http://www.MegaLab.it/3502/computer-len ... ei-malware

[poppiski]

fatto già tutto

- ccleaner
- deframmentato almemo una volta ad ogni riavvio per decine di volte
- disattivato tutti i programmi al avvio, lasciando solo antivir e firewall

scansioni
- superantispyware
- antivir
- spybot
- hijackthis
- kaspersi online scan si blocca purtroppo

premetto che non e un PC dalle caratteristiche eccelse, ma tutt' altro.
[ MB k7s5a , duron 1300, 256mb ddr400 ( funzionante a 266 causa mobo ), nvidia 400MX ]

però ho disattivato lo sfondo del desktop e tutte le opzioni grafiche di XP, non cambia.
quindi non penso dipenda dal hardware,
anche perche io lo utilizzavo con questa configurazione con le sudette attive ed andava bene.

forse puo essrti d'aiuto sapere che al avvio c'è un servizio svchost che va a 100% per un paio di minuti.

confido in te Ste

grazie

[ste_95]

Prova a vedere cosa si avvia sfruttando svchost
http://www.MegaLab.it/4172/svchost-exe- ... olivalente

[poppiski]

svchost viewer non mi parte.

mi da un errore " applicazione non corettamente inizializzata"

[ste_95]

mi da un errore " applicazione non corettamente inizializzata"

Sicuro di aver installato il .NET FrameWork 3.5?

[poppiski]

Sicuro di aver installato il .NET FrameWork 3.5?

ho toppato
effettivamente mi sono dimenticato, adesso va,
Però non c'è più nulla di disattivabile, poiche avevo già disattivato tutto il possibile da strumenti di aministratore - servizi.

Ho notato che svchost - servizio di rete porta la cpu al 100% anche quando apro firefox.

[ste_95]

Probabilmente sono tutti comportamenti legittimi, se poi si tratta di rallentamenti che durano appena un paio di secondi non saprei proprio aiutarti.

[poppiski]

Probabilmente sono tutti comportamenti legittimi, se poi si tratta di rallentamenti che durano appena un paio di secondi non saprei proprio aiutarti.

non si trattava di 2-3 sec. ma di 20-25 anche oltre

la cosa è migliorata nettamente disinstallando spybotS&D 1.6.0 e installando la 1.6.2 .
sembra propio che spybot avesse qualche problema.

ti ringrazio per il tempo dedicatomi