www.MegaLab.it

[Skymon.mars]

Ciao gente! Ho un problema, una amica mi ha appena lasciato un portatile HP Compaq6720s con windows XP, si comporta in maniera strana. Non riesco ad aprire avast, nemmeno a chiuderlo dal task manager, poi anche solo aprire risorse del computer dal menu di avvio è ostico, a volte parte a volte si blocca e mi tocca forzare l'uscita col task.
Google chrome semplicemente non parte, lo vedo nel task che consuma ram ma niente, explorer si avvia ma non si connette ad internet.
Se voglio spegnere il pc.. semplicemente rimane alla schermata di" salvataggio delle impostazioni in corso" ma in realtà non avviene mai lo spegnimento e così mi tocca tenere premuto il relativo bottone. Non vengono riconosciute chiavette usb.
Insomma.. tante cose.. io pensavo di procedere così, installare ccleaner e togliere programmi inutili, deframmentare l'ho già fatto, poi pensavo di sostituire avast con avg o avira.. mi muoverei bene in questo modo? Secondo il vostro parere potrebbe essere qualcos'altro? Io ho pensato ai virus ma in realtà non saprei.
Il problema è che dovrò capire se sta sera dopo il lavoro almeno si connetta in wireless ad internet per poter scaricare i suddetti programmi.
Vi ringrazio, spero in qualche risposta!

Simone

[Uomo_Senza_Sonno]

Prova a fare una verifica preliminare utilizzando un rescue disk, di modo che al successivo riavvio hai un pc più o meno utilizzabile.

[Skymon.mars]

Quindi consigli di metterlo su cd?
Che in effetti sembra tutt'ora l'unico modo per comunicare dall'esterno al pc..

[Skymon.mars]

L'ho appena fatto partire in modalità provvisoria, sembra andare tutto tranne che durante la scansione di avast ha dato schermata blu :(
Detto ciò, l'ho fatto scansionare con Combo Fix, ecco il log, potete darci una occhiata per favore? Cosa devo fare?

ComboFix 12-03-09.03 - Administrator 09/03/2012 11.24.11.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1661 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Documenti\~WRL0224.tmp
c:\documents and settings\Administrator\Documenti\~WRL0428.tmp
c:\documents and settings\Administrator\Documenti\~WRL0797.tmp
c:\documents and settings\Administrator\Documenti\~WRL1003.tmp
c:\documents and settings\Administrator\Documenti\~WRL1280.tmp
c:\documents and settings\Administrator\Documenti\~WRL2105.tmp
c:\documents and settings\Administrator\Documenti\~WRL2326.tmp
c:\documents and settings\Administrator\Documenti\~WRL2684.tmp
c:\documents and settings\Administrator\Documenti\~WRL2900.tmp
c:\documents and settings\Administrator\Documenti\~WRL3035.tmp
c:\documents and settings\Administrator\Documenti\~WRL3377.tmp
c:\documents and settings\Administrator\Documenti\~WRL3382.tmp
c:\documents and settings\Administrator\Documenti\~WRL3476.tmp
c:\documents and settings\Administrator\Documenti\~WRL3751.tmp
c:\windows\IsUn0410.exe
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-09 al 2012-03-09 )))))))))))))))))))))))))))))))))))
.
.
2012-03-09 09:52 . 2012-03-09 09:52 -------- d-----w- c:\programmi\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 12:59 . 2009-03-25 12:59 1878888 ----a-w- c:\programmi\install_flash_player.exe
2009-03-24 22:03 . 2009-03-24 21:34 148664512 ----a-w- c:\programmi\OOo_3.0.1_Win32Intel_install_wJRE_it.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programmi\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-20 39408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"PDF Complete"="c:\programmi\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]
"WatchDog"="c:\programmi\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"OODefragTray"="c:\programmi\OO Software\Defrag\oodtray.exe" [2011-01-25 2729800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\programmi\InterVideo\DVD Check\DVDCheck.exe [2008-11-6 192512]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\IHMC CmapTools\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/09/2011 13.57.16 442200]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/11/2008 18.34.41 320856]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [08/09/2011 19.05.17 28184]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys c:\windows\system32\Drivers\CSN5PDTS82x64.sys
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/11/2008 18.34.41 20568]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [09/12/2010 20.08.13 135168]
S2 gupdate1c9d931de9913ee;Servizio di Google Update (gupdate1c9d931de9913ee);c:\programmi\Google\Update\GoogleUpdate.exe [20/05/2009 11.00.55 133104]
S2 OODefragAgent;O&O Defrag Agent;c:\programmi\OO Software\Defrag\oodag.exe [25/01/2011 10.41.48 2336072]
S2 pdfcDispatcher;PDF Document Manager;c:\programmi\PDF Complete\pdfsvc.exe [02/02/2008 2.18.17 540448]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [09/12/2010 20.08.14 103424]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [02/02/2008 2.39.26 30008]
S3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [08/06/2007 9.06.42 172131]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [20/05/2009 11.00.55 133104]
S3 onda_mx83xup_cpo;ONDA Mx83xUP Mass Storage Device;c:\windows\system32\drivers\onda_mx83xup_cpo.sys [19/03/2010 17.10.48 9856]
S3 onda_mx83xup_ppo;ONDA Mx83xUP Serial ACM Driver;c:\windows\system32\drivers\onda_mx83xup_ppo.sys [19/03/2010 17.10.48 18560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-09 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 15:05]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-20 10:00]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-20 10:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: &Winamp Search - c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-09 11:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe? ??????????H??????????????|?M?|?????M?|??@
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(256)
c:\windows\system32\DeviceNP.dll
.
Ora fine scansione: 2012-03-09 11:28:21
ComboFix-quarantined-files.txt 2012-03-09 10:28
.
Pre-Run: 3.975.335.936 byte disponibili
Post-Run: 4.304.633.856 byte disponibili
.
- - End Of File - - A863A2CCA31B3D7DB9C6837A4C3A63DB

[The Doctor]

[!!!] Allegare contenuti alle discussioni - nuovo tag MEMO

[Skymon.mars]

L'ho appena fatto partire in modalità provvisoria, sembra andare tutto tranne che durante la scansione di avast ha dato schermata blu :(
Detto ciò, l'ho fatto scansionare con Combo Fix, ecco il log, potete darci una occhiata per favore? Cosa devo fare?

ComboFix 12-03-09.03 - Administrator 09/03/2012 11.24.11.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1661 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Documenti\~WRL0224.tmp
c:\documents and settings\Administrator\Documenti\~WRL0428.tmp
c:\documents and settings\Administrator\Documenti\~WRL0797.tmp
c:\documents and settings\Administrator\Documenti\~WRL1003.tmp
c:\documents and settings\Administrator\Documenti\~WRL1280.tmp
c:\documents and settings\Administrator\Documenti\~WRL2105.tmp
c:\documents and settings\Administrator\Documenti\~WRL2326.tmp
c:\documents and settings\Administrator\Documenti\~WRL2684.tmp
c:\documents and settings\Administrator\Documenti\~WRL2900.tmp
c:\documents and settings\Administrator\Documenti\~WRL3035.tmp
c:\documents and settings\Administrator\Documenti\~WRL3377.tmp
c:\documents and settings\Administrator\Documenti\~WRL3382.tmp
c:\documents and settings\Administrator\Documenti\~WRL3476.tmp
c:\documents and settings\Administrator\Documenti\~WRL3751.tmp
c:\windows\IsUn0410.exe
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-09 al 2012-03-09 )))))))))))))))))))))))))))))))))))
.
.
2012-03-09 09:52 . 2012-03-09 09:52 -------- d-----w- c:\programmi\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 12:59 . 2009-03-25 12:59 1878888 ----a-w- c:\programmi\install_flash_player.exe
2009-03-24 22:03 . 2009-03-24 21:34 148664512 ----a-w- c:\programmi\OOo_3.0.1_Win32Intel_install_wJRE_it.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programmi\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-20 39408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"PDF Complete"="c:\programmi\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]
"WatchDog"="c:\programmi\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"OODefragTray"="c:\programmi\OO Software\Defrag\oodtray.exe" [2011-01-25 2729800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\programmi\InterVideo\DVD Check\DVDCheck.exe [2008-11-6 192512]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\IHMC CmapTools\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/09/2011 13.57.16 442200]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/11/2008 18.34.41 320856]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [08/09/2011 19.05.17 28184]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys c:\windows\system32\Drivers\CSN5PDTS82x64.sys
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/11/2008 18.34.41 20568]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [09/12/2010 20.08.13 135168]
S2 gupdate1c9d931de9913ee;Servizio di Google Update (gupdate1c9d931de9913ee);c:\programmi\Google\Update\GoogleUpdate.exe [20/05/2009 11.00.55 133104]
S2 OODefragAgent;O&O Defrag Agent;c:\programmi\OO Software\Defrag\oodag.exe [25/01/2011 10.41.48 2336072]
S2 pdfcDispatcher;PDF Document Manager;c:\programmi\PDF Complete\pdfsvc.exe [02/02/2008 2.18.17 540448]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [09/12/2010 20.08.14 103424]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [02/02/2008 2.39.26 30008]
S3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [08/06/2007 9.06.42 172131]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [20/05/2009 11.00.55 133104]
S3 onda_mx83xup_cpo;ONDA Mx83xUP Mass Storage Device;c:\windows\system32\drivers\onda_mx83xup_cpo.sys [19/03/2010 17.10.48 9856]
S3 onda_mx83xup_ppo;ONDA Mx83xUP Serial ACM Driver;c:\windows\system32\drivers\onda_mx83xup_ppo.sys [19/03/2010 17.10.48 18560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-09 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 15:05]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-20 10:00]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-20 10:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: &Winamp Search - c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-09 11:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe? ??????????H??????????????|?M?|?????M?|??@
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(256)
c:\windows\system32\DeviceNP.dll
.
Ora fine scansione: 2012-03-09 11:28:21
ComboFix-quarantined-files.txt 2012-03-09 10:28
.
Pre-Run: 3.975.335.936 byte disponibili
Post-Run: 4.304.633.856 byte disponibili
.
- - End Of File - - A863A2CCA31B3D7DB9C6837A4C3A63DB

[Skymon.mars]

aggiungo che ora mi sto connettendo con chrome dal pc malato in modalita provvisoria, mentre in avvio normale chrome neanche parte..

[Uomo_Senza_Sonno]

Quindi consigli di metterlo su cd?
Che in effetti sembra tutt'ora l'unico modo per comunicare dall'esterno al pc..

Quello che volevo dirti è di fare una scansione con il rescue disk, di modo che se rileva qualcosa lo elimina e al successivo riavvio puoi utilizzare in maniera più o meno stabile il pc