www.MegaLab.it

[LegioneFelix17]

Ciao;
da questa mattina ho il Notebook lento, ci metto un sacco di tempo per caricarsi, e ho la connessinone ad internet bloccata.
Poi vado ad attivare il firewall e mi dice: impossibile attivare windows firewall!
Che devo fare?

Questa è la scansione di hijackthis!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.13.47, on 27/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\ANTONE~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\7-Zip\7zFM.exe
C:\Users\ANTONE~1\AppData\Local\Temp\7zOBDB3.tmp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 32 missing)
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6745 bytes

[Amantide]

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

[LegioneFelix17]

Questa è la scansione di Combofix

ComboFix 09-10-26.06 - Antonella 27/10/2009 17.26.15.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3069.1955 [GMT 1:00]
Eseguito da: c:\users\Antonella\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gatherWirelessInfo.vbs

.
((((((((((((((((((((((((( Files Creati Da 2009-09-27 al 2009-10-27 )))))))))))))))))))))))))))))))))))
.

2009-10-27 15:15 . 2009-10-27 15:15 -------- d-----w- c:\users\Antonella\AppData\Roaming\Malwarebytes
2009-10-27 15:14 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-27 15:14 . 2009-10-27 15:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 15:14 . 2009-10-27 15:14 -------- d-----w- c:\programdata\Malwarebytes
2009-10-27 15:14 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-27 08:33 . 2009-10-27 08:33 -------- d-----w- c:\users\Antonella\AppData\Roaming\Acer
2009-10-26 12:01 . 2009-10-26 12:01 680 ----a-w- c:\users\Antonella\AppData\Local\d3d9caps.dat
2009-10-16 09:04 . 2009-10-16 09:04 -------- d-----w- c:\users\Antonella\AppData\Local\Oberon Games
2009-10-16 08:45 . 2009-10-16 08:45 -------- d-----w- c:\programdata\Arcade Lab
2009-10-16 08:30 . 2009-10-16 08:30 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 11:38 . 2009-10-15 11:55 -------- d-----w- c:\users\Antonella\AppData\Local\Microsoft Games
2009-10-15 11:27 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 11:27 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 11:27 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 10:03 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 10:03 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 10:03 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 17:18 . 2009-10-13 17:18 -------- d-----w- c:\users\Antonella\AppData\Roaming\OpenOffice.org
2009-10-13 17:17 . 2009-10-13 17:17 -------- d-----w- c:\program files\JRE
2009-10-13 17:16 . 2009-10-13 17:17 -------- d-----w- c:\program files\OpenOffice.org 3
2009-10-13 17:16 . 2009-10-13 17:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 17:16 . 2009-10-13 17:16 -------- d-----w- c:\program files\Java
2009-10-13 17:04 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-13 17:03 . 2009-10-13 17:03 -------- d-----w- c:\program files\CCleaner
2009-10-13 16:59 . 2009-10-13 16:59 -------- d-----w- c:\programdata\Avira
2009-10-13 16:59 . 2009-10-13 16:59 -------- d-----w- c:\program files\Avira
2009-10-13 16:59 . 2009-07-28 14:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-13 16:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-13 16:19 . 2009-10-13 16:19 -------- d-----w- c:\users\Antonella\AppData\Local\Seven Zip
2009-10-13 16:18 . 2009-10-13 16:18 -------- d-----w- c:\program files\VS Revo Group
2009-10-12 18:06 . 2009-10-12 18:06 -------- d-----w- c:\users\Antonella\AppData\Local\Acer Arcade Deluxe
2009-10-12 18:06 . 2009-10-12 18:06 -------- d-----w- c:\users\Antonella\AppData\Local\PowerCinema
2009-10-07 15:57 . 2009-10-07 15:57 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-07 15:53 . 2009-10-07 15:53 -------- d-----w- c:\users\Antonella\AppData\Local\Microsoft Help
2009-10-07 15:38 . 2009-10-07 15:38 -------- d-----w- C:\HiTRUSTDrive
2009-10-07 15:33 . 2009-10-07 15:33 -------- d-----w- c:\users\Antonella\AppData\Roaming\CyberLink
2009-10-07 15:33 . 2009-10-07 15:33 -------- d-----w- c:\users\Public\CyberLink
2009-10-05 07:25 . 2009-10-05 07:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-09-30 16:30 . 2009-10-06 08:04 -------- d-----w- c:\users\Antonella\AppData\Local\Adobe
2009-09-30 16:30 . 2009-10-21 16:52 -------- d-----w- c:\users\Antonella\AppData\Roaming\vlc
2009-09-30 16:29 . 2009-09-30 16:29 -------- d-----w- c:\program files\VideoLAN
2009-09-30 16:29 . 2009-09-30 16:29 -------- d-----w- c:\program files\7-Zip
2009-09-30 16:23 . 2009-09-30 16:23 -------- d-----w- c:\users\Antonella\AppData\Roaming\VistaCodecs
2009-09-30 16:23 . 2009-09-30 16:23 -------- d-----w- c:\program files\VistaCodecPack
2009-09-30 16:22 . 2009-09-30 16:23 -------- d-----w- c:\programdata\VistaCodecs
2009-09-30 16:22 . 2009-10-24 16:44 -------- d-----w- c:\users\Antonella\Tracing
2009-09-30 16:21 . 2009-09-30 16:21 -------- d-----w- c:\program files\Microsoft
2009-09-30 16:21 . 2009-09-30 16:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-30 16:20 . 2009-09-30 16:21 -------- d-----w- c:\program files\Windows Live
2009-09-30 16:18 . 2009-09-30 16:18 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-30 16:07 . 2009-09-30 16:07 -------- d-----w- c:\windows\system32\ca-ES
2009-09-30 16:07 . 2009-09-30 16:07 -------- d-----w- c:\windows\system32\eu-ES
2009-09-30 16:07 . 2009-09-30 16:07 -------- d-----w- c:\windows\system32\vi-VN
2009-09-30 15:54 . 2009-09-30 15:54 -------- d-----w- c:\windows\system32\EventProviders
2009-09-30 15:51 . 2009-04-11 06:28 223744 ----a-w- c:\windows\system32\wscntfy.dll
2009-09-30 15:50 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-30 15:27 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-09-30 15:10 . 2009-09-30 15:10 -------- d-----w- C:\PerfLogs
2009-09-30 14:49 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll
2009-09-30 14:49 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2009-09-30 14:49 . 2008-01-19 07:36 175104 ----a-w- c:\windows\system32\winrscmd.dll
2009-09-30 14:49 . 2008-01-19 07:37 1675264 ----a-w- c:\windows\system32\xpssvcs.dll
2009-09-30 14:47 . 2008-01-19 07:41 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2009-09-30 14:46 . 2008-01-19 07:34 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2009-09-30 14:46 . 2008-01-19 07:36 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2009-09-30 14:46 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll
2009-09-30 14:46 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2009-09-30 14:44 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2009-09-30 14:44 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll
2009-09-30 14:44 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll
2009-09-30 14:43 . 2006-11-02 09:39 6656 ----a-w- c:\windows\system32\kbd106.dll
2009-09-30 13:18 . 2009-09-30 13:18 37888 ----a-w- c:\windows\system32\printcom.dll
2009-09-30 13:18 . 2009-09-30 13:18 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-09-30 13:17 . 2009-09-30 13:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-09-30 13:17 . 2009-09-30 13:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-30 13:17 . 2009-09-30 13:17 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-30 13:17 . 2009-09-30 13:17 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-30 11:30 . 2009-09-30 11:30 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-30 11:29 . 2009-09-30 11:29 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-30 11:29 . 2009-09-30 11:29 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-30 11:27 . 2009-09-30 11:27 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-30 11:27 . 2009-09-30 11:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-30 11:27 . 2009-09-30 11:27 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-30 11:27 . 2009-09-30 11:27 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-30 11:27 . 2009-09-30 11:27 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-30 11:27 . 2009-09-30 11:27 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-30 11:27 . 2009-09-30 11:27 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-30 11:27 . 2009-09-30 11:27 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-30 11:27 . 2009-09-30 11:27 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-30 11:27 . 2009-09-30 11:27 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-30 11:27 . 2009-09-30 11:27 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-30 11:26 . 2009-09-30 11:26 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-30 11:26 . 2009-09-30 11:26 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-30 11:26 . 2009-09-30 11:26 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-30 11:26 . 2009-09-30 11:26 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-30 11:26 . 2009-09-30 11:26 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-30 11:26 . 2009-09-30 11:26 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-30 11:25 . 2009-09-30 11:25 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-09-30 11:25 . 2009-09-30 11:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-30 11:25 . 2009-09-30 11:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-30 11:25 . 2009-09-30 11:25 23552 ----a-w- c:\windows\system32\lpk.dll
2009-09-30 11:25 . 2009-09-30 11:25 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-09-30 11:25 . 2009-09-30 11:25 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-30 11:25 . 2009-09-30 11:25 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-30 11:24 . 2009-09-30 11:24 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-30 11:24 . 2009-09-30 11:24 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-30 11:24 . 2009-09-30 11:24 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-30 11:24 . 2009-09-30 11:24 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-30 11:24 . 2009-09-30 11:24 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-30 11:23 . 2009-09-30 11:23 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-30 11:19 . 2009-09-30 11:19 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-30 11:18 . 2009-09-30 11:18 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-30 11:18 . 2009-09-30 11:18 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-30 11:18 . 2009-09-30 11:18 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-09-30 11:17 . 2009-09-30 11:17 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-09-30 11:16 . 2009-09-30 11:16 623616 ----a-w- c:\windows\system32\localspl.dll
2009-09-30 11:15 . 2009-09-30 11:15 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-30 11:15 . 2009-09-30 11:15 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-09-30 11:15 . 2009-09-30 11:15 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-09-30 11:15 . 2009-09-30 11:15 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-09-30 11:15 . 2009-09-30 11:15 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-09-30 11:15 . 2009-09-30 11:15 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-09-30 11:13 . 2009-09-30 11:13 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-30 11:13 . 2009-09-30 11:13 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-30 11:13 . 2009-09-30 11:13 72704 ----a-w- c:\windows\system32\secur32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 15:17 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-10-27 15:17 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-10-27 14:40 . 2007-12-20 23:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 14:38 . 2007-12-21 00:50 -------- d-----w- c:\program files\Acer GameZone
2009-10-22 11:30 . 2009-10-08 14:34 28219 ----a-w- c:\users\Antonella\AppData\Roaming\nvModes.dat
2009-10-16 08:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-13 17:30 . 2009-09-11 11:21 73448 ----a-w- c:\users\Antonella\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-13 16:55 . 2007-12-21 01:30 -------- d-----w- c:\programdata\Symantec
2009-10-13 16:45 . 2007-12-21 01:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-13 16:31 . 2007-12-21 01:21 -------- d-----w- c:\programdata\Microsoft Help
2009-10-07 15:33 . 2007-12-21 01:05 -------- d-----w- c:\programdata\CyberLink
2009-09-30 17:14 . 2009-09-11 11:19 -------- d-----w- c:\program files\Yahoo!
2009-09-30 16:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-30 16:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-30 16:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-30 16:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-30 16:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-30 16:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-30 16:05 . 2009-09-30 16:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-30 15:21 . 2007-12-20 23:41 -------- d-----w- c:\programdata\NVIDIA
2009-09-30 14:57 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-30 14:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-09-30 11:10 . 2009-09-30 11:10 3104768 ----a-w- c:\windows\system32\NlsData004a.dll
2009-09-11 21:07 . 2009-09-11 21:07 3 ----a-w- c:\windows\AFirst.cmd
2009-09-11 12:11 . 2009-09-11 12:11 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-09-11 12:11 . 2009-09-11 12:11 -------- d-----w- c:\program files\Realtek
2009-09-11 12:11 . 2009-09-11 12:11 315392 ----a-w- c:\windows\HideWin.exe
2009-09-11 11:53 . 2009-09-11 11:53 -------- d-----w- c:\users\Antonella\AppData\Roaming\Intel
2009-09-11 11:53 . 2009-09-11 11:53 -------- d-----w- c:\programdata\Roaming
2009-09-11 11:52 . 2009-09-11 11:52 -------- d-----w- c:\program files\Cisco
2009-09-11 11:52 . 2009-09-11 11:52 -------- d-----w- c:\program files\Common Files\Intel
2009-09-11 11:52 . 2009-09-11 11:52 -------- d-----w- c:\programdata\Intel
2009-09-11 11:52 . 2009-09-11 11:18 -------- d-----w- c:\program files\Intel
2009-09-11 11:37 . 2009-09-11 11:19 -------- d-----w- c:\program files\Acer Inc
2009-09-11 11:36 . 2009-09-11 11:36 -------- d-----w- c:\users\Antonella\AppData\Roaming\InstallShield
2009-09-11 11:32 . 2009-09-11 11:32 -------- d-----w- c:\program files\SUYIN
2009-09-11 11:32 . 2009-09-11 11:32 -------- d-----w- c:\program files\ACER CrystalEye webcam
2009-09-11 11:30 . 2009-09-11 11:30 -------- d-----w- c:\program files\Common Files\snp2uvc
2009-09-11 11:24 . 2007-12-21 01:04 -------- d-----w- c:\program files\Acer Arcade Deluxe
2009-09-11 11:23 . 2009-09-11 11:23 -------- d-----w- c:\program files\Launch Manager
2009-09-11 11:18 . 2009-09-11 21:07 1345 ----a-w- c:\windows\CLEANUP.CMD
2009-09-11 11:15 . 2009-09-11 11:15 -------- d-sh--we c:\programdata\Preferiti
2009-09-11 11:15 . 2009-09-11 11:15 -------- d-sh--we c:\programdata\Modelli
2009-09-11 11:15 . 2009-09-11 11:15 -------- d-sh--we c:\programdata\Menu Avvio
2009-09-11 11:15 . 2009-09-11 11:15 -------- d-sh--we c:\programdata\Documenti
2009-09-11 11:15 . 2009-09-11 11:15 -------- d-sh--we c:\programdata\Dati applicazioni
2009-09-11 11:15 . 2009-09-11 11:15 -------- d-sh--we c:\program files\File comuni
2009-08-27 05:22 . 2009-10-15 10:07 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 10:07 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 10:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 10:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-13 149280]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 200704]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8501792]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 174616]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-12-14 1826816]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-12-14 4702208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]

c:\users\Antonella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,ab,88,05,e9,41,ca,01

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [11/09/2009 12.24.25 41456]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [21/12/2007 8.18.06 43008]
S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [21/12/2007 8.18.01 26368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/12/2007 8.18.07 179712]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [21/12/2007 8.18.01 42240]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28/05/2009 21.41.28 4233728]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 17:31
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-10-27 17.32.19
ComboFix-quarantined-files.txt 2009-10-27 16:32

Pre-Run: 70.755.811.328 byte disponibili
Post-Run: 70.692.442.112 byte disponibili

- - End Of File - - 9E30A7D93DA4337A41902B29682A8C01

perché la connessione ad internt non si attiva??

[Amantide]

Nel log non si vede nulla di anomalo Forse si tratta di qualche aggiornamento windows non andato a buon fine
Se ieri il notebook funzionava alla perfezione, potresti provare ad effettuare il ripristino di sistema.

[LegioneFelix17]

come si fa il ripristino?

io ho anche i cd di ripristino

[Amantide]

come si fa il ripristino?

io ho anche i cd di ripristino

Fermo! Non intendevo il ripristino così drastico

Vai su Start>> Tutti i programmi>> Accessori>> Utilità di sistema>> Ripristino configurazione di sistema e scegli un punto di ripristino con la data antecedente al problema, magari quella di ieri.