www.MegaLab.it

[torch]

Salve a tutti,

da ieri ho alcuni problemi con ilmio notebook.
Tutto il sistema risulta più lento in tutto: a caricare i programmi, a spostare le finestre ecc.
Altra cosa strana: la barra del titolo di tutte le finestre che apro (per intenderci, la fasci più alta di ogni finestra attiva, quella che viene evidenziata sempre con il colore blu), è sempre trasparente (vedo le "scritte", ma il resto è trasparente (vedo dietro)).

Utilizzo Avira (che tengo quotidianamente aggiornato), Comodo Firewall, Spywere Blaster e
spybot search &destroy.

Ho fatto una scansione con antimalwarebyte, e mi ha trovato 72 file infetti che ha rimosso (tutti).

Ho riavviato il sistema, ed il problema dei rallentamenti e delle "trasparenze" continua.

Suggerimenti?

Grazie mille,
torch

[stevens]

scarica combofix sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega il rapporto C:\ComboFix.txt nella tua risposta.


come usare correttamente combofix

[torch]

Ecco quì il log di ComboFix, grazie.

ComboFix 10-11-10.02 - TRH 11/11/2010 10:34:41.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2420 [GMT 1:00]
Eseguito da: c:\documents and settings\TRH\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000010-0000-0000-0000-0000D8023D00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000010-0000-0000-0000-0000D8023C00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE84-FFFC-FFFF-0200-00004FBCC4F1}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EF40-0002-0000-8843-927C00F0FF7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {006E0069-0053-0078-5300-5C0000004100}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\TRH\Preferiti\Thumbs.db
c:\windows\Help\nvcpar.hlp-nv26150
c:\windows\Help\nvcpcs.hlp-nv26150
c:\windows\Help\nvcpda.hlp-nv26150
c:\windows\Help\nvcpde.hlp-nv26150
c:\windows\Help\nvcpel.hlp-nv26150
c:\windows\Help\nvcpeng.hlp-nv26150
c:\windows\Help\nvcpes.hlp-nv26150
c:\windows\Help\nvcpesm.hlp-nv26150
c:\windows\Help\nvcpfi.hlp-nv26150
c:\windows\Help\nvcpfr.hlp-nv26150
c:\windows\Help\nvcphe.hlp-nv26150
c:\windows\Help\nvcphu.hlp-nv26150
c:\windows\Help\nvcpit.hlp-nv26150
c:\windows\Help\nvcpja.hlp-nv26150
c:\windows\Help\nvcpko.hlp-nv26150
c:\windows\Help\nvcpl.hlp-nv26150
c:\windows\Help\nvcpnl.hlp-nv26150
c:\windows\Help\nvcpno.hlp-nv26150
c:\windows\Help\nvcppl.hlp-nv26150
c:\windows\Help\nvcppt.hlp-nv26150
c:\windows\Help\nvcpptb.hlp-nv26150
c:\windows\Help\nvcpru.hlp-nv26150
c:\windows\Help\nvcpsk.hlp-nv26150
c:\windows\Help\nvcpsl.hlp-nv26150
c:\windows\Help\nvcpsv.hlp-nv26150
c:\windows\Help\nvcpth.hlp-nv26150
c:\windows\Help\nvcptr.hlp-nv26150
c:\windows\Help\nvcpzhc.hlp-nv26150
c:\windows\Help\nvcpzht.hlp-nv26150
c:\windows\Help\nvwcpar.hlp-nv26150
c:\windows\Help\nvwcpcs.hlp-nv26150
c:\windows\Help\nvwcpda.hlp-nv26150
c:\windows\Help\nvwcpde.hlp-nv26150
c:\windows\Help\nvwcpel.hlp-nv26150
c:\windows\Help\nvwcpeng.hlp-nv26150
c:\windows\Help\nvwcpes.hlp-nv26150
c:\windows\Help\nvwcpesm.hlp-nv26150
c:\windows\Help\nvwcpfi.hlp-nv26150
c:\windows\Help\nvwcpfr.hlp-nv26150
c:\windows\Help\nvwcphe.hlp-nv26150
c:\windows\Help\nvwcphu.hlp-nv26150
c:\windows\Help\nvwcpit.hlp-nv26150
c:\windows\Help\nvwcpja.hlp-nv26150
c:\windows\Help\nvwcpko.hlp-nv26150
c:\windows\Help\nvwcplen.hlp-nv26150
c:\windows\Help\nvwcpnl.hlp-nv26150
c:\windows\Help\nvwcpno.hlp-nv26150
c:\windows\Help\nvwcppl.hlp-nv26150
c:\windows\Help\nvwcppt.hlp-nv26150
c:\windows\Help\nvwcpptb.hlp-nv26150
c:\windows\Help\nvwcpru.hlp-nv26150
c:\windows\Help\nvwcpsk.hlp-nv26150
c:\windows\Help\nvwcpsl.hlp-nv26150
c:\windows\Help\nvwcpsv.hlp-nv26150
c:\windows\Help\nvwcpth.hlp-nv26150
c:\windows\Help\nvwcptr.hlp-nv26150
c:\windows\Help\nvwcpzhc.hlp-nv26150
c:\windows\Help\nvwcpzht.hlp-nv26150
c:\windows\struct~.ini
c:\windows\system32\AVSredirect.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\win.ini

.
((((((((((((((((((((((((( Files Creati Da 2010-10-11 al 2010-11-11 )))))))))))))))))))))))))))))))))))
.

2010-11-10 18:44 . 2010-11-10 18:44 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Avira
2010-11-10 15:01 . 2010-11-10 15:01 -------- d-----w- c:\windows\system32\winrm
2010-11-10 15:01 . 2010-11-10 15:01 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-11-10 14:59 . 2008-07-11 00:29 92184 ----a-w- c:\windows\system32\SQSRVRES.DLL
2010-11-10 11:08 . 2010-11-10 11:08 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\MumboJumbo
2010-11-10 11:08 . 2010-11-10 11:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MumboJumbo
2010-11-10 11:08 . 2010-11-10 11:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2010-11-10 10:29 . 2010-11-10 10:29 -------- d-----w- c:\programmi\Games
2010-11-10 09:53 . 2010-11-10 09:53 -------- d-----w- c:\programmi\Blast From The Past
2010-11-10 09:53 . 1997-01-18 10:40 299520 ----a-w- c:\windows\uninst.exe
2010-11-10 07:46 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-11-10 07:46 . 2010-11-10 07:46 -------- d-----w- c:\programmi\AviSynth 2.5
2010-11-10 07:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-11-10 07:46 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-11-09 23:22 . 2010-11-09 23:22 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\VideoCharge Studio
2010-11-09 23:21 . 2008-09-30 11:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-11-09 23:21 . 2010-11-09 23:21 -------- d-----w- c:\programmi\VideoCharge Software
2010-11-09 21:30 . 2010-11-10 07:49 -------- d-----w- C:\video_output
2010-11-09 21:25 . 2004-01-11 07:02 258048 ----a-w- c:\windows\system32\GplMpgDec.ax
2010-11-09 21:25 . 2010-11-09 21:30 -------- d-----w- c:\programmi\Allok 3GP PSP MP4 iPod Video Converter
2010-11-09 19:15 . 2010-11-09 19:15 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Xilisoft
2010-11-09 19:15 . 2010-11-09 19:15 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Xilisoft
2010-11-09 19:14 . 2010-11-09 19:14 -------- d-----w- c:\programmi\Xilisoft
2010-11-09 19:14 . 2010-11-09 19:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Xilisoft
2010-11-07 08:52 . 2010-11-07 08:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nikon
2010-11-05 23:53 . 2010-11-05 23:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nik Software
2010-11-05 23:50 . 2010-11-05 23:50 -------- d-----w- c:\programmi\Nik Software
2010-11-05 20:54 . 2010-11-05 20:54 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Athentech
2010-11-05 20:51 . 2010-11-05 20:51 -------- d-----w- c:\programmi\Athentech
2010-11-04 17:30 . 2010-11-04 18:05 -------- d-----w- c:\programmi\Nikon
2010-11-04 16:22 . 2010-11-08 22:37 -------- d-----w- c:\programmi\Hard Disk Sentinel
2010-11-03 23:27 . 2010-11-08 07:39 -------- d-----w- c:\programmi\HDD Regenerator
2010-11-02 15:31 . 2010-11-02 15:31 -------- d-----w- c:\programmi\tamasoftware
2010-11-02 11:05 . 2010-11-02 11:05 -------- d-----w- c:\programmi\File comuni\SafeNet Sentinel
2010-11-02 11:05 . 2010-11-02 11:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SafeNet Sentinel
2010-11-02 11:04 . 2010-11-02 11:04 -------- d-----w- c:\programmi\File comuni\Optical Research Associates
2010-11-02 10:59 . 2010-11-02 10:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LightTools
2010-11-01 13:05 . 2010-11-01 13:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logitech
2010-11-01 13:04 . 2010-11-01 13:04 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Logishrd
2010-11-01 13:04 . 2010-11-01 13:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-01 13:04 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-11-01 13:03 . 2010-11-01 13:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logishrd
2010-11-01 12:47 . 2010-11-01 12:47 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Logishrd
2010-10-30 15:27 . 2010-10-30 15:27 -------- d-----w- c:\programmi\File comuni\Skype
2010-10-30 14:55 . 2009-10-19 15:30 23848 ----a-w- c:\windows\system32\libcmmn.dll
2010-10-30 14:55 . 2009-10-19 15:30 42280 ----a-w- c:\windows\system32\WebCamKSProxyPlugin.ax
2010-10-30 14:55 . 2009-10-19 15:30 681256 ----a-w- c:\windows\system32\WebCamPropertyWindow.dll
2010-10-30 14:55 . 2008-12-12 16:34 73728 ----a-w- c:\windows\system32\BurnerApLib.dll
2010-10-30 14:55 . 2008-10-09 09:02 102400 ----a-w- c:\windows\system32\st50220.dll
2010-10-30 14:55 . 2003-02-28 16:26 947472 ----a-w- c:\windows\system32\msjava.dll
2010-10-27 09:25 . 2010-10-27 09:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\explauncher
2010-10-27 09:25 . 2010-10-27 09:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\launcher
2010-10-27 09:24 . 2010-07-13 09:57 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-10-27 09:24 . 2010-10-27 09:24 -------- d-----w- c:\programmi\Paragon Software
2010-10-27 08:59 . 2010-08-26 07:32 98696 ----a-w- c:\windows\system32\setupprwdrv03.exe
2010-10-27 08:59 . 2010-08-25 17:39 13064 ----a-w- c:\windows\system32\prwntdrv.sys
2010-10-27 08:59 . 2010-10-27 08:59 -------- d-----w- c:\programmi\EASEUS
2010-10-25 23:17 . 2010-10-25 23:28 -------- d-----w- C:\5b59075a0b5cf0c871191fe7
2010-10-25 22:45 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-25 22:45 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-25 22:45 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 17:29 . 2009-01-14 20:46 57344 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-10-27 11:31 . 2010-10-27 11:31 79783345 ----a-w- C:\ss.zip
2010-10-16 21:52 . 2010-08-10 08:41 3072 ----a-w- c:\windows\system32\Viveza2FC32.dll
2010-10-04 12:13 . 2010-10-04 12:13 64512 ----a-w- c:\windows\system32\nlssrv32.exe
2010-09-29 08:01 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-29 08:01 . 2010-06-01 17:00 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-29 08:01 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-29 08:01 . 2010-06-04 09:55 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-29 08:01 . 2010-06-01 17:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-25 18:43 . 2010-09-25 18:43 1724416 ----a-w- c:\windows\system32\gdiplus.dll
2010-09-22 16:47 . 2008-06-11 22:43 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2010-09-18 10:23 . 2004-08-19 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-19 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-19 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2004-08-19 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 13:22 . 2010-06-20 08:53 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-01 13:22 . 2009-09-24 09:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-01 11:51 . 2004-08-19 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2004-08-19 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2004-08-19 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-19 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-19 12:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2004-08-19 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\programmi\File comuni\adlmint.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\masterizzazione\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"i8kfangui"="c:\programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Google Update"="c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-09-06 133104]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Gadwin PrintScreen Pro"="c:\programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"Acrobat Assistant 8.0"="e:\adobeacrobatpro\Acrobat\Acrotray.exe" [2010-09-22 640440]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"NVHotkey"="nvHotkey.dll" [2007-08-01 67584]
"QuickTime Task"="e:\players\Quicktime\QTTask.exe" [2010-09-08 421888]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"iTunesHelper"="e:\audio\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"nwiz"="nwiz.exe" [2007-08-01 1626112]
"NvMediaCenter"="NvMCTray.dll" [2007-02-13 86016]
"avgnt"="e:\sicurezza\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"COMODO Internet Security"="e:\sicurezza\Comodo\COMODO\COMODO Internet Security\cfp.exe" [2010-09-29 2500552]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Acrobat Speed Launcher"="e:\adobeacrobatpro\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"Nikon Message Center 2"="c:\programmi\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- e:\sistema\Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- e:\audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- e:\players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- e:\players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 14:49 14940040 ----a-r- e:\internet\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"e:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"e:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"e:\\Internet\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Mirc\\mirc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Internet\\eMule\\emule.exe"=
"e:\\Internet\\Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"e:\\Internet\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Architettura\\Rhinoceros_4\\System\\Rhino4.exe"=
"d:\\3dsMax2010\\3dsmax.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"e:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"e:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Architettura\\3dMax2011\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\Backburner\\monitor.exe"=
"e:\\Architettura\\Backburner\\manager.exe"=
"e:\\Architettura\\Backburner\\server.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Audio\\iTunes\\iTunes.exe"=
"e:\\Internet\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Crazybump\\cb.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"3140:TCP"= 3140:TCP:IP-Clamp Licensing Service
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [27/10/2010 10:24 40560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2008 14:04 685816]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 10:55 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 18:00 25240]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [16/06/2009 23:57 14464]
R2 3d-io License Server v2.0;3d-io License Server v2.0;c:\programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [28/01/2009 17:49 45056]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:\scanner\abbyy\NetworkLicenseServer.exe -service e:\scanner\abbyy\NetworkLicenseServer.exe -service
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 18:06 1431440]
R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\programmi\ArchVision\ArchVision Content Manager" c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\programmi\ArchVision\ArchVision Content Manager
R2 CAMTHWDM;CAMTHWDM;c:\windows\system32\drivers\CAMTHWDM.sys [06/10/2007 09:38 941784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run c:\windows\system32\hasplms.exe -run
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [01/11/2010 14:04 10448]
R2 LTService;LTService 7.0.0.1;c:\programmi\File comuni\Optical Research Associates\LightTools\ltService.exe [08/02/2010 13:55 761856]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [04/10/2010 13:13 64512]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 07:08 3575808]
R2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 08:44 110592]
R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [04/05/2010 13:47 99968]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys c:\windows\system32\drivers\CFRMD.sys
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [16/01/2009 22:52 21824]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/10/2009 14:34 133104]
S2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.;c:\programmi\cebas\ip-clamp\ipclamp.exe [20/11/2007 10:52 45700]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:\architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 17:36 86016]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;e:\architettura\3dMax2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 01:10 86016]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 08:58 20480]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/07/2009 18:14 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\hpx9g2k.sys [06/01/2009 10:24 12658]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys c:\windows\system32\DRIVERS\ivusb.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/01/2010 05:36 20952]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp c:\windows\system32\11.tmp
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/08/2010 18:09 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/08/2010 18:09 8320]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [27/10/2010 09:59 13064]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [17/05/2010 16:30 27064]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/03/2010 18:50 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 01:28 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - SWPRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with - c:\programmi\Xilisoft\Download YouTube Video\upod_link.HTM
TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
FF - ProfilePath - c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.search.selectedEngine - De Mauro - Sinonimi e contrari
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VisuAllViewer@digitalarts.dk\plugins\npvisuall2.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\TVUPlayer\npTVUAx.dll
FF - plugin: c:\programmi\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: e:\audio\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
e:\internet\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
e:\internet\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-AdobeBridge - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-V-Ray for 3dsmax 2010 for x86 - c:\programmi\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\wininstaller.exe-uninstall=c:\programmi\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\install.log



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 10:40
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\11.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\players\PowerDVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\IWPDGINA.DLL
c:\programmi\Intel\WiFi\bin\LangResources\ITA\SsoGnITA.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2010-11-11 10:44:05
ComboFix-quarantined-files.txt 2010-11-11 09:44

Pre-Run: 3.915.137.024 byte disponibili
Post-Run: 3.918.897.152 byte disponibili

Current=2 Default=2 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 3360DDE6CE47330AB7418C5A359F0D0F

[FDAC]

Ciao.
Sei ancora infetto.
Stevens ti farà eseguire uno script, attendi sue istruzioni.

[hashcat]

Ciao.
Sei ancora infetto.
Stevens ti farà eseguire uno script, attendi sue istruzioni.

Nel frattempo posta un log di hijackthis.

[torch]

Ecco il log di Hijackthis, grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:19:48, on 11/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Sicurezza\Avira\AntiVir Desktop\sched.exe
C:\Programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
E:\Scanner\abbyy\NetworkLicenseServer.exe
E:\Sicurezza\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Sicurezza\Avira\AntiVir Desktop\avshadow.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
C:\WINDOWS\system32\astsrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Optical Research Associates\LightTools\ltService.exe
C:\WINDOWS\system32\MNSFramework.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Manutenzione\PerfectDisk\PDAgent.exe
C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Programmi\Intel\WiFi\bin\WLKeeper.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Programmi\Dell\QuickSet\Quickset.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
E:\AdobeAcrobatPro\Acrobat\Acrotray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe
E:\Audio\iTunes\iTunesHelper.exe
E:\Sicurezza\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
E:\Masterizzazione\DAEMON Tools\daemon.exe
C:\Programmi\I8kfanGUI\I8kfanGUI.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TRH\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SICURE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - E:\Architettura\DIALux\DLXShellExtension.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Sistema\Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\IDM\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\AdobeAcrobatPro\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "E:\Players\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Audio\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "E:\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "E:\AdobeAcrobatPro\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Programmi\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Masterizzazione\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [i8kfangui] C:\Programmi\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with - C:\Programmi\Xilisoft\Download YouTube Video\upod_link.HTM
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Sistema\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva LivePass) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Sistema\Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 3d-io License Server v2.0 - 3d-io GmbH - C:\Programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
O23 - Service: ABBYY FineReader 9.0 - Servizio Gestione licenze (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - E:\Scanner\abbyy\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - E:\Sicurezza\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Sicurezza\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: ArchVision Content Manager Service - ArchVision - C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
O23 - Service: AST Service (ASTCC) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc. (IPClampService) - Unknown owner - C:\Programmi\cebas\ip-clamp\ipclamp.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LTService 7.0.0.1 (LTService) - Optical Research Associates - C:\Programmi\File comuni\Optical Research Associates\LightTools\ltService.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - E:\Architettura\3dMax2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - Unknown owner - (no file)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDEngine.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 17763 bytes

[hashcat]

Ecco il log di Hijackthis, grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:19:48, on 11/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Sicurezza\Avira\AntiVir Desktop\sched.exe
C:\Programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
E:\Scanner\abbyy\NetworkLicenseServer.exe
E:\Sicurezza\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Sicurezza\Avira\AntiVir Desktop\avshadow.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
C:\WINDOWS\system32\astsrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Optical Research Associates\LightTools\ltService.exe
C:\WINDOWS\system32\MNSFramework.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Manutenzione\PerfectDisk\PDAgent.exe
C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Programmi\Intel\WiFi\bin\WLKeeper.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Programmi\Dell\QuickSet\Quickset.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
E:\AdobeAcrobatPro\Acrobat\Acrotray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe
E:\Audio\iTunes\iTunesHelper.exe
E:\Sicurezza\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
E:\Masterizzazione\DAEMON Tools\daemon.exe
C:\Programmi\I8kfanGUI\I8kfanGUI.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TRH\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SICURE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - E:\Architettura\DIALux\DLXShellExtension.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Sistema\Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\IDM\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\AdobeAcrobatPro\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "E:\Players\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Audio\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "E:\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "E:\AdobeAcrobatPro\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Programmi\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Masterizzazione\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [i8kfangui] C:\Programmi\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with - C:\Programmi\Xilisoft\Download YouTube Video\upod_link.HTM
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Sistema\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva LivePass) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Sistema\Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 3d-io License Server v2.0 - 3d-io GmbH - C:\Programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
O23 - Service: ABBYY FineReader 9.0 - Servizio Gestione licenze (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - E:\Scanner\abbyy\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - E:\Sicurezza\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Sicurezza\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: ArchVision Content Manager Service - ArchVision - C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
O23 - Service: AST Service (ASTCC) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc. (IPClampService) - Unknown owner - C:\Programmi\cebas\ip-clamp\ipclamp.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LTService 7.0.0.1 (LTService) - Optical Research Associates - C:\Programmi\File comuni\Optical Research Associates\LightTools\ltService.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - E:\Architettura\3dMax2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - Unknown owner - (no file)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDEngine.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 17763 bytes

Il log di hijackthis sembra pulito.

[torch]

Qualche suggerimento?

Grazie

[hashcat]

Qualche suggerimento?

Grazie

Si, nel frattempo puoi fare una scansione completa con Hitman pro, rimuovi tutto quello che trova e posti il log.

Link Hitman pro:

http://software-files-l.cnet.com/s/software/11/64/29/18/HitmanPro35.exe?e=1289528812&h=37d7439dd8111408ce34b2e4787c46f6&lop=link&ptype=1901&ontid=2239&siteId=4&edId=3&spi=1ab9ccbcbe40d6298972f88a7986be63&pid=11642918&psid=10895604&fileName=HitmanPro35.exe

N.B.: Mentre fai la scansione con hitman pro devi essere connesso ad internet.

[stevens]

fai girare prevx e vedi cosa rileva

[torch]

Allora: hitman ha trovato solo 4 falsi-positivi (sono tutte 4 applicazioni "pulite" che uso da una vita).
Prevx mi dice che non riesce a collegarsi ad internet. Internet è collegata e funzionante, ed ho messo prevx come applicazione sicura su Comodo.

[torch]

Ora prevx è partito.

[torch]

Prevx riporta: "Stato sistema: pulito"

Ma il log di combfix riportava qualche anomalia?
Cosa faccio ora?

Grazie

[torch]

Nessuno che riesca a darmi una mano?

Nell'eseguire le scansioni che richiedevano la connessioine ad internet attiva, la situazione è peggiorata.
Il sistema è sempre più lento, il problema delle trasparenze persiste, ho provato a lanciare malwarebytes ma a metà scansione mi da sempre un problema si "inizializzazione". Spybot si blocca anche lui a metà scansione dicendo "Operazione bloccata dall'utente"... e chiaramente io non ho bloccato nulla...

Help!

Grazie

[stevens]

non e' detto che debba essere forzatamente un malware dovresti controllare anche negli eventi cosa riporta


Scarica TDSSKiller

http://support.kaspersky.com/downloads/ ... killer.zip

Apri la cartella TDSSKiller, doppio click sul file TDSSKiller e segui le istruzioni a video.



scarica e installa Kaspersky Virus Removal Tool

1> al termine della installazione verrà mostrata la schermata principale del tool
2> verrà creata una cartella sul Desktop dal nome Virus Removal Tool
3> seleziona la partizione da scansionare e clicca su Scan per avviare la scansione
4> terminata la scansione, in caso di rilevazione di infezioni, clicca su Neutralize all
5> si apriranno dei popup dove potrai scegliere se Cancellare o Disinfettare l'oggetto
6> metti la spunta su Apply to all e clicca su Quarantine
7> per salvare il Report che verrà rilasciato, clicca sul tasto Reports: salvalo sul Desktop poi allegalo sul forum.

[torch]

Grazie Stevens.

Procedo come mi hai indicato e poi posto i risultati.

[torch]

Tdsskiller ha trovato

1 suspicious object:

c:\windows\system32\drivers\sptd.sys


Di default il programma è impostato su "Skip"

Lascio così, oppure lo metto in quarantena (o lo cancello)?

Leggendo in giro sembra sia un file di daemontools (che è installato nel mio sistema)

[torch]

Per ora ho skippato l'unica segnalazione di tdsskiller.

Kaspersky virus removal stà lavorando. Appena finisce posto il log.
Grazie

[stevens]

c:\windows\system32\drivers\sptd.sys non rimuoverlo lo riconosce come minaccia che ovviamente non lo e'

[torch]

Perfetto.

Ora virusremovaltool stà scansionando la partizione col sistema operativo c:\