www.MegaLab.it

[stevens]

quanto tempo e' passato dalla scansione? puoi recuperare il log?

[Diavolo60]

quanto tempo e' passato dalla scansione? puoi recuperare il log?

Non so se lo hai letto nei post precedenti ma nei giorni scorsi, ho portato il pc in assistenza perché a forza di installare e disinstallare programmi anti spyware e malware si era rallentato notevolmente il pc.
E' vero che adesso il pc si è "rinvigorito" di nuovo ma l'assistenza ha fatto pulizia...........

[stevens]

va bene

esegui combofix vediamo cosa trova

[Diavolo60]

ecco il log senza console di ripristino

ComboFix 12-09-23.02 - user 23/09/2012 21.02.24.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.425 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\user\IMPOST~1\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\documents and settings\user\Impostazioni locali\temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\programmi\QUAD Utilities
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-23 al 2012-09-23 )))))))))))))))))))))))))))))))))))
.
.
2012-09-23 09:07 . 2012-09-23 09:07 -------- d-----w- C:\_OTL
2012-09-17 16:36 . 2012-09-17 16:36 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Apple
2012-09-16 14:02 . 2012-09-16 14:02 388096 ----a-r- c:\documents and settings\user\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-14 19:21 . 2012-06-27 13:18 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-09-14 19:21 . 2012-09-14 19:21 -------- d-----w- c:\programmi\PC Connectivity Solution
2012-09-13 16:15 . 2012-09-13 16:15 -------- d-----w- c:\documents and settings\Administrator.USER-04AD2B2B3C
2012-09-04 18:11 . 2001-08-30 21:07 123392 -c--a-w- c:\windows\system32\dllcache\hpgt21tk.dll
2012-09-04 18:10 . 2001-08-30 21:07 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-09-04 18:10 . 2001-08-17 18:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2012-09-04 18:10 . 2001-08-17 18:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-09-04 18:10 . 2001-08-17 18:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2012-09-04 18:10 . 2001-08-17 18:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2012-09-04 18:10 . 2001-08-17 18:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2012-09-04 18:10 . 2004-08-03 20:31 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2012-09-04 18:10 . 2001-08-30 21:07 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2012-09-04 18:08 . 2001-08-30 19:54 348062 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2012-09-04 18:07 . 2001-08-17 18:10 24653 -c--a-w- c:\windows\system32\dllcache\el574nd4.sys
2012-09-04 18:07 . 2001-08-17 18:10 55999 -c--a-w- c:\windows\system32\dllcache\el556nd5.sys
2012-09-04 18:07 . 2001-08-30 19:33 44615 -c--a-w- c:\windows\system32\dllcache\el515.sys
2012-09-04 18:07 . 2001-08-17 18:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2012-09-04 18:07 . 2001-08-30 19:29 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2012-09-04 18:07 . 2001-08-30 19:29 51743 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
2012-09-04 18:07 . 2001-08-17 18:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2012-09-04 18:07 . 2001-08-17 20:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2012-09-04 18:07 . 2001-08-17 18:12 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2012-09-04 18:07 . 2001-08-30 19:20 23936 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2012-09-04 18:07 . 2001-08-17 19:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2012-09-04 18:07 . 2008-04-13 18:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2012-09-04 18:07 . 2001-08-17 19:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2012-09-04 18:05 . 2001-08-17 18:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2012-09-04 18:04 . 2008-04-13 18:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2012-09-04 18:03 . 2001-08-30 21:07 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2012-09-04 18:03 . 2001-08-17 18:13 164923 -c--a-w- c:\windows\system32\dllcache\diapi2.sys
2012-09-04 18:03 . 2008-04-14 02:13 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2012-09-04 18:03 . 2001-08-30 21:07 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2012-09-04 18:03 . 2001-08-30 21:07 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2012-09-04 18:03 . 2001-08-17 20:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2012-09-04 18:03 . 2001-08-17 20:04 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2012-09-04 18:03 . 2001-08-17 20:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2012-09-04 17:58 . 2008-04-13 18:36 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2012-09-04 17:57 . 2001-08-30 21:07 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2012-09-02 16:04 . 2012-07-23 13:59 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-08-28 17:49 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-08-28 17:49 . 2001-08-17 18:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2012-08-28 17:49 . 2004-08-03 20:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2012-08-28 17:48 . 2001-08-17 18:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2012-08-28 17:48 . 2001-08-17 18:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2012-08-28 17:48 . 2001-08-17 18:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2012-08-28 17:48 . 2001-08-17 18:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2012-08-28 17:48 . 2001-08-17 19:53 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2012-08-28 17:48 . 2001-08-30 21:07 61952 -c--a-w- c:\windows\system32\dllcache\acerscad.dll
2012-08-28 17:48 . 2004-08-03 20:32 84480 -c--a-w- c:\windows\system32\dllcache\ac97via.sys
2012-08-28 17:48 . 2001-08-17 18:20 297728 -c--a-w- c:\windows\system32\dllcache\ac97sis.sys
2012-08-28 17:48 . 2001-08-17 18:20 96256 -c--a-w- c:\windows\system32\dllcache\ac97intc.sys
2012-08-28 17:48 . 2004-08-03 20:32 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2012-08-28 17:48 . 2001-08-17 19:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2012-08-28 17:35 . 2001-08-30 21:07 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2012-08-28 17:35 . 2001-08-30 21:07 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2012-08-28 17:35 . 2001-08-30 21:07 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2012-08-28 17:35 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2012-08-28 17:35 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2012-08-28 17:35 . 2001-08-17 18:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2012-08-28 17:35 . 2001-08-30 21:07 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2012-08-28 17:35 . 2001-08-17 19:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2012-08-28 17:35 . 2008-04-13 18:46 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2012-08-28 17:35 . 2001-08-17 20:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2012-08-28 17:34 . 2001-08-30 21:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-08-28 16:23 . 2012-08-28 16:23 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\IObit
2012-08-28 15:38 . 2012-08-28 15:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit
2012-08-28 15:38 . 2012-08-28 15:38 -------- d-----w- c:\documents and settings\user\Dati applicazioni\IObit
2012-08-28 15:37 . 2012-08-28 15:37 -------- d-----w- c:\programmi\IObit
2012-08-27 16:11 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-27 16:11 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-27 16:11 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-27 16:11 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-27 16:11 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-27 16:11 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-27 16:11 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-27 16:11 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-27 16:09 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-08-27 16:09 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 16:09 . 2008-02-16 16:37 2560 -c--a-w- c:\windows\_MSRSTRT.EXE
2012-08-28 16:31 . 2012-04-13 18:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 16:31 . 2011-05-14 07:52 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:05 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-21 09:27 . 2012-08-05 12:08 663701 ----a-w- c:\windows\WINDOWSUPDATE.LOG.TMP
2012-08-21 09:27 . 2012-08-04 12:29 32482 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2012-08-16 17:51 . 2012-08-16 17:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-15 15:11 . 2012-08-15 15:11 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-05 17:13 . 2012-08-05 13:56 184536 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-06 13:59 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-07-19 22:33 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:26 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2001-05-24 11:59 . 2010-02-04 18:02 162304 ----a-w- c:\programmi\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\lorenzo\EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"KiesPDLR"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-08-07 05:25 21432 ----a-w- c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-07 05:25 960440 ----a-w- c:\programmi\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-07 05:25 3524536 ----a-w- c:\programmi\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-07-26 19:26 32768 ----a-w- c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-07-26 12:16 247768 ----a-w- c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOMERunner]
2012-07-26 12:16 247768 ----a-w- c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/08/2012 18.11.03 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/08/2012 18.11.09 355632]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [15/08/2012 17.11.55 27496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/08/2012 18.11.10 21256]
R2 LSM;Login Session Manager;c:\programmi\lsm\lsm.exe [28/07/2012 17.52.24 289280]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [26/07/2012 14.16.14 92632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [14/04/2012 10.39.21 100368]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [04/07/2010 17.19.00 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13/04/2012 20.57.20 250568]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [05/06/2012 11.45.07 80824]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [05/06/2012 14.14.11 20032]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [04/07/2010 17.19.00 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [16/08/2012 19.50.39 40776]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [05/06/2012 11.45.06 181432]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 16:31]
.
2012-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-09-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-27 09:12]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-04 15:18]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-07-04 15:18]
.
2012-08-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2012-09-23 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Advanced SystemCare 5 - c:\programmi\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-QUAD Scheduler - c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
MSConfigStartUp-QUAD Windows service - c:\programmi\quad utilities\quad registry cleaner\quad registry cleaner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-23 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3428)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\msdtc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\snmp.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2012-09-23 21:19:43 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-09-23 19:19
.
Pre-Run: 50.455.523.328 byte disponibili
Post-Run: 50.595.512.320 byte disponibili
.
- - End Of File - - 01884EC837B29EEAFEBD68AA8F1A1F58

[stevens]

hai aperto tu questa porta? la conosci?

5985:TCP

[Diavolo60]

mi fa venire in mente il mulo per avere l'ID alto .
però sono andato a controllare ora in opzioni/connessione ed il numero della porta non corrisponde..........
Tieni comunque presente che queste modifiche sono state fatte molto prima dell'avvento del difetto........
Per tua info, tutto è cominciato da circa metà luglio e, dopo svariate scansioni con anti spyware e anti malware, ho scoperto l'esitenza del programma poweroffer che ho disinstallato come indicato da alcuni di voi ma a me non ha funzionato..................

[stevens]

se non riconosci quella porta vai su start esegui e scrivi cmd e d ai ok si aprira' una finestra dos nella quale dovrai incollare questo comando

netsh firewall delete portopening TCP 5985

dai ok

chiudi e riavvia

[Diavolo60]

Fatto e....................il risultato non cambia

[stevens]

ti sei fissato con poweroffer

adesso sempre da quella riga di comando copia incolla questo = > netsh firewall show state

fai copia incolla del risultato

[Diavolo60]

ti sei fissato con poweroffer

adesso sempre da quella riga di comando copia incolla questo = > netsh firewall show state

fai copia incolla del risultato

sono ignorante in materia,,,,, come faccio a fare copia e incolla di una pagina dos??

[stevens]

ma che ignorante ne sai piu' di me

quando hai la schermata vai col tasto destro fai seleziona tutto apri blocco note e sempre col destro scegli incolla


controlla anche se hai queste cartelle se le vedi eliminale

PosService

PowerOffer

ServUpdater

[Diavolo60]

scusa se ti ho fatto aspettare ma stavo cercando di disinstallare combofix da "start" ma mi è ripartito........
L'ultima volta per disinstallarlo ho dovuto scaricare un programma di cui non mi ricordo il nome.....
ecco il log........nel frattempo ricontrollo le cartelle da te segnalat........ ma sono convinto che non ci sono perché questo controllo lo avevo già fatto.......
Comunque le cartelle che mi fai cercare fanno parte di power offer..........ppoi sono io il "fissato"

Microsoft Windows XP [Versione 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\user>netsh firewall show state

Stato firewall:
-------------------------------------------------------------------
Profilo = Standard
Modalità operativa = Enable
Modalità eccezioni = Enable
Modalità risposta multicast/broadcast = Enable
Modalità notifiche = Enable
Versione criterio di gruppo = Windows Firewall
Modalità amministrazione remota = Disable

Porte attualmente aperte su tutte le interfacce di rete:
Porta Prot. Versione Programma
-------------------------------------------------------------------
1035 TCP IPv4 C:\WINDOWS\system32\mqsvc.exe
1034 UDP IPv4 C:\WINDOWS\system32\mqsvc.exe
2103 TCP IPv4 C:\WINDOWS\system32\mqsvc.exe
2105 TCP IPv4 C:\WINDOWS\system32\mqsvc.exe
2107 TCP IPv4 C:\WINDOWS\system32\mqsvc.exe
135 TCP IPv4 C:\WINDOWS\system32\inetsrv\inetinfo.exe
3527 UDP IPv4 C:\WINDOWS\system32\mqsvc.exe
1801 TCP IPv4 C:\WINDOWS\system32\mqsvc.exe
2869 TCP IPv4 (null)
1900 UDP IPv4 C:\WINDOWS\system32\svchost.exe


C:\Documents and Settings\user>

[Diavolo60]

Pc impallato....

[Diavolo60]

controlla anche se hai queste cartelle se le vedi eliminale

PosService

PowerOffer

ServUpdater

Come già detto nessuna delle tre cartelle sono state trovate dalla funzione "cerca".....

[stevens]

Comunque le cartelle che mi fai cercare fanno parte di power offer..........ppoi sono io il "fissato"

ma se sei tu che mi stai chiedendo come si rimuove

vai nei servizi >>> start esegui scrivi services.msc dimmi quali servizi vedi se c'e' Pos Service mettilo su disabilitato

per rimuovere combofix apri otl e clicca su clean up

Pc impallato....

tutte a te

[Diavolo60]

il comando non lo prende comunque sono andato sulla gestione computer e quel servizio non c'è

[Diavolo60]

per rimuovere combofix apri otl e clicca su clean up

lo vedi che sei più bravo di me....

[Diavolo60]

Stevens si è fatto tardi.........vista l'ora ci aggiorniamo in giornata

[stevens]

prova con virit

http://www.tgsoft.it/italy/startup_scheda.asp?num=9699

[Diavolo60]

prova con virit

http://www.tgsoft.it/italy/startup_scheda.asp?num=9699

è inutile.....l'ho installato i primi di agosto e l'ho tenuto per circa une mese.
Ogni santo giorno una scansione e ogni volta trovava qualcosa.....alla fine visto il risultato, che non c'è stato, l'ho disinstallato