Mi si apre in automatico una pagina cinese

[Pompeo_3]

Ciao,
ho un piccolo problema:
mi si apre in automatico, di volta in volta, una pagina in cinese.
Il mio antivirus, avast, non rileva nulla.
Come posso eliminarla?
Vi posto qui il logfile di Hijackthis.
Vi ringrazio in anticipo.
Pompeo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.21.51, on 23/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\052D6C\0EAB9A.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DivX Video Duplicator OLR] C:\PROGRA~1\DIVXVI~1\BVRPOlr.exe /DivX Video Duplicator
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: 0EAB9A.lnk = C:\WINDOWS\system32\052D6C\0EAB9A.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4D8D902-51FF-45F5-A636-06B4591AF5AE}: NameServer = 85.255.116.135 85.255.112.9
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 10936 bytes

[gahan]

Ciao,
apri hijackthis, clica su "do a system scan only", seleziona e fixa le seguenti voci:

C:\WINDOWS\system32\052D6C\0EAB9A.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4D8D902-51FF-45F5-A636-06B4591AF5AE}: NameServer = 85.255.116.135 85.255.112.9

in seguito scarica Malwarebytes:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Installa il software
Aggiornalo, disattiva il tuo antivirus ed esegui una "scansione completa"
Al termine della scansione metti in quarantena i file infetti trovati col relativo pulsante e infine posta il rapporto.

[gahan]

Scusami....per il momento elimina solo la prima voce...
devo vedere bene la seconda.
Esegui invece il resto

[gahan]

Ok, fixa anche la seconda voce

[Pompeo_3]

Non trovo questa voce da cancellare:

C:\WINDOWS\system32\052D6C\0EAB9A.EXE

Me la metyte nel log file ma non tra le voci che posso fixare.

[gahan]

Fixa l'altra ed eseui la scansione con Malwarebytes come sopra

[Pompeo_3]

Mannaggia ora non mi apre più le pagine internet che non ho memorizzate nei preferiti tra cui questa di Malwarebytes.

[Pompeo_3]

Ho riavviato il pc e ora le pagine me le carica.

Dal sito ufficiale non mi scarica Malwarebytes, ma sono riuscito a trovare il programma per vie traverse, l'ho installato, ma non mi scarica gli aggiornamenti.
Intanto sto scansionando lo stesso.

[gahan]

ok...a scansione finita posta il log ed esegui Combofix (scaricalo direttamente sul desktop):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disattiva il tuo antivirus,
disconnettiti da internet,
doppio clic su Combofix.exe
Lascia lavorare il programma senza interferire;
A fine scansione verrà rilasciato un rapporto situato in C:\ComboFix.txt dove sono contenute tutte le operazioni di rimozione effettuate.
Posta il log qui sul forum.

[Pompeo_3]

Ecco qua:

ComboFix 10-01-22.03 - Andrea 23/01/2010 15.17.04.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.234 [GMT 1:00]
Eseguito da: c:\documents and settings\Andrea\Desktop\ComboFix2.exe
AV: avast! antivirus 4.8.1368 [VPS 100123-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Andrea\IMPOST~1\Temp\E_N4
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\cnvpe.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\dp1.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\eAPI.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\HtmlView.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\internet.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\krnln.fnr
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\shell.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\spec.fne
c:\windows\system32\Ijl11.dll
c:\windows\system32\mswins.sys
c:\windows\system32\office.exe
c:\windows\system32\twain_32.dll
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.

2010-01-16 17:52 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-16 17:52 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-16 17:52 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-16 17:52 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-16 17:52 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-16 17:52 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-16 17:52 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-16 17:52 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-16 17:51 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 12:40 . 2009-02-22 01:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-17 16:25 . 2009-06-07 22:32 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\mIRC
2010-01-17 14:19 . 2009-06-07 22:32 -------- d-----w- c:\programmi\mirc2
2010-01-17 13:28 . 2005-09-24 22:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-01-17 03:40 . 2007-04-26 21:52 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-14 19:00 . 2006-03-21 19:30 -------- d-----w- c:\programmi\eMule
2009-12-25 12:02 . 2007-01-06 20:09 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Skype
2009-12-19 15:26 . 2007-09-05 20:52 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Apple Computer
2009-12-19 15:10 . 2009-12-19 15:09 -------- d-----w- c:\programmi\iTunes
2009-12-19 15:10 . 2009-12-19 15:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-19 15:09 . 2009-12-19 15:09 -------- d-----w- c:\programmi\iPod
2009-12-19 15:09 . 2009-12-19 15:02 -------- d-----w- c:\programmi\File comuni\Apple
2009-12-19 15:09 . 2009-12-19 15:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-12-19 15:08 . 2009-12-19 15:08 -------- d-----w- c:\programmi\Bonjour
2009-12-19 15:08 . 2009-12-19 15:06 -------- d-----w- c:\programmi\QuickTime
2009-12-19 15:04 . 2009-12-19 15:04 -------- d-----w- c:\programmi\Apple Software Update
2009-12-18 19:27 . 2005-10-20 18:53 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Canon
2009-11-19 00:52 . 2009-11-18 17:35 502367 --sha-w- c:\windows\system32\mswins.DLL
2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-06 08:18 . 2002-09-10 12:00 70544 ----a-w- c:\windows\system32\perfc010.dat
2009-11-06 08:18 . 2002-09-10 12:00 440128 ----a-w- c:\windows\system32\perfh010.dat
2007-09-09 16:32 . 2007-09-09 16:32 7520 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\programmi\MessengerPlus! 3\MsgPlus.exe" [2006-09-30 190024]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AME_CSA"="amecsa.cpl" [2002-04-29 720896]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DivX Video Duplicator OLR"="c:\progra~1\DIVXVI~1\BVRPOlr.exe" [2003-06-12 49152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\
0EAB9A.lnk - c:\windows\system32\052D6C\0EAB9A.EXE [2009-12-22 1406909]
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2006-3-12 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\XStyle v2\\XStyle.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\mIrc\\mirc.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\mirc2\\mirc.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/01/2010 18.52.04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/01/2010 18.52.04 20560]
R3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [11/06/2005 0.52.35 110839]
S3 AtmElan;LAN ATM emulata;c:\windows\system32\drivers\atmlane.sys [10/09/2002 13.00.00 55808]
S3 AtmLane;Emulazione LAN ATM;c:\windows\system32\drivers\atmlane.sys [10/09/2002 13.00.00 55808]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [15/09/2007 20.30.12 1527900]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\6txvkwq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-AVG Anti-Spyware Driver
AddRemove-MiClaComCod - e:\micla-multimedia\comcod\MiClaComCod.exe
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 15:26
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
N‰[hQ]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1960408961-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
N‰[hQ\OpenWithList]
@Class="Shell"
.
Ora fine scansione: 2010-01-23 15:34:27
ComboFix-quarantined-files.txt 2010-01-23 14:34
ComboFix2.txt 2009-02-14 22:23

Pre-Run: 30.042.849.280 byte disponibili
Post-Run: 30.015.844.352 byte disponibili

- - End Of File - - B8CD2542CC4C739C6734DFC310D3FFB5

[gahan]

Apri un file di testo (blocco note), ed inserisci il seguente script:

Codice: Seleziona tutto

file::
c:\windows\system32\mswins.DLL
c:\windows\system32\052D6C\0EAB9A.EXE


salva il file sul desktop (posizione nella quale hai salvato ComboFix) chiamandolo obbligatoriamente CFScript.txt
quindi con il tasto sinistro del mouse trascina il file sull'icona di combofix.

Il programma effettuerà una nuova scansione....attendi la fine senza fare nulla e al termine riavvia il PC (dovrebbe farlo in automatico).
Infine posta il nuovo log situato sempre in c:\combofix.txt.

[Pompeo_3]

Ecco qua:

ComboFix 10-01-22.03 - Andrea 24/01/2010 14.18.45.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.235 [GMT 1:00]
Eseguito da: c:\documents and settings\Andrea\Desktop\ComboFix2.exe
Opzioni usate :: c:\documents and settings\Andrea\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100123-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\052D6C\0EAB9A.EXE"
"c:\windows\system32\mswins.DLL"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Andrea\IMPOST~1\Temp\E_N4
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\dp1.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\eAPI.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\HtmlView.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\internet.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\krnln.fnr
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\shell.fne
c:\docume~1\Andrea\IMPOST~1\Temp\E_N4\spec.fne
c:\windows\system32\052D6C\0EAB9A.EXE
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\mswins.DLL
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-12-24 al 2010-01-24 )))))))))))))))))))))))))))))))))))
.

2010-01-16 17:52 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-16 17:52 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-16 17:52 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-16 17:52 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-16 17:52 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-16 17:52 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-16 17:52 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-16 17:52 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-16 17:51 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 19:38 . 2009-06-07 22:32 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\mIRC
2010-01-23 16:06 . 2009-06-07 22:32 -------- d-----w- c:\programmi\mirc2
2010-01-23 12:40 . 2009-02-22 01:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-17 13:28 . 2005-09-24 22:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-01-17 03:40 . 2007-04-26 21:52 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-14 19:00 . 2006-03-21 19:30 -------- d-----w- c:\programmi\eMule
2009-12-25 12:02 . 2007-01-06 20:09 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Skype
2009-12-19 15:26 . 2007-09-05 20:52 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Apple Computer
2009-12-19 15:10 . 2009-12-19 15:09 -------- d-----w- c:\programmi\iTunes
2009-12-19 15:10 . 2009-12-19 15:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-19 15:09 . 2009-12-19 15:09 -------- d-----w- c:\programmi\iPod
2009-12-19 15:09 . 2009-12-19 15:02 -------- d-----w- c:\programmi\File comuni\Apple
2009-12-19 15:09 . 2009-12-19 15:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-12-19 15:08 . 2009-12-19 15:08 -------- d-----w- c:\programmi\Bonjour
2009-12-19 15:08 . 2009-12-19 15:06 -------- d-----w- c:\programmi\QuickTime
2009-12-19 15:04 . 2009-12-19 15:04 -------- d-----w- c:\programmi\Apple Software Update
2009-12-18 19:27 . 2005-10-20 18:53 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Canon
2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-06 08:18 . 2002-09-10 12:00 70544 ----a-w- c:\windows\system32\perfc010.dat
2009-11-06 08:18 . 2002-09-10 12:00 440128 ----a-w- c:\windows\system32\perfh010.dat
2007-09-09 16:32 . 2007-09-09 16:32 7520 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-23_14.26.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-24 11:51 . 2010-01-24 11:51 16384 c:\windows\Temp\Perflib_Perfdata_4c4.dat
+ 2010-01-24 11:52 . 2010-01-24 11:52 16384 c:\windows\Temp\Perflib_Perfdata_2a0.dat
+ 2010-01-20 16:04 . 2010-01-24 13:07 22528 c:\windows\system32\CFB8F0\Z-81U7.EXE
- 2010-01-20 16:04 . 2010-01-23 13:43 22528 c:\windows\system32\CFB8F0\Z-81U7.EXE
+ 2010-01-20 16:04 . 2010-01-24 12:06 22528 c:\windows\system32\CFB8F0\U7-1650A.EXE
- 2010-01-20 16:04 . 2010-01-23 12:42 22528 c:\windows\system32\CFB8F0\U7-1650A.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\programmi\MessengerPlus! 3\MsgPlus.exe" [2006-09-30 190024]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AME_CSA"="amecsa.cpl" [2002-04-29 720896]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DivX Video Duplicator OLR"="c:\progra~1\DIVXVI~1\BVRPOlr.exe" [2003-06-12 49152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2006-3-12 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\XStyle v2\\XStyle.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\mIrc\\mirc.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\mirc2\\mirc.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/01/2010 18.52.04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/01/2010 18.52.04 20560]
R3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [11/06/2005 0.52.35 110839]
S3 AtmElan;LAN ATM emulata;c:\windows\system32\drivers\atmlane.sys [10/09/2002 13.00.00 55808]
S3 AtmLane;Emulazione LAN ATM;c:\windows\system32\drivers\atmlane.sys [10/09/2002 13.00.00 55808]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [15/09/2007 20.30.12 1527900]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - VSMON
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\6txvkwq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 14:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
N‰[hQ]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1960408961-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
N‰[hQ\OpenWithList]
@Class="Shell"
.
Ora fine scansione: 2010-01-24 14:35:30
ComboFix-quarantined-files.txt 2010-01-24 13:35
ComboFix2.txt 2010-01-23 14:34
ComboFix3.txt 2009-02-14 22:23

Pre-Run: 30.028.394.496 byte disponibili
Post-Run: 29.989.949.440 byte disponibili

- - End Of File - - 199261E039B3360FCE367833CF9D4EDB

[gahan]

- Disattiva il ripristino configurazione di sistema in questo modo:
Click destro su Risorse del computer --> proprietà --> Ripristino configurazione di sistema --> spunta Disattiva ripristino configurazione di sistema, premi su Applica e successivamente conferma cliccando su ok.

- Scarica CCleaner:

http://www.ccleaner.com/download/downloading

installa il software
avvialo --> vai in opzioni sulla sinistra --> avanzate --> togli la spunta da cancella file in windows temp se più vecchi di 48 ore.
Ritorna in "pulizia" e clicca su "avvia pulizia".

- Riattiva il ripristino configuazione di sistema seguendo il pt.1.

Dopo aver eseguito queste operazioni, naviga su internet e controlla se hai ancora problemi.

[Pompeo_3]

Fatto.
Funziona tutto a meraviglia e la pagina cinese che si apriva è sparita.
Ora riesco anche ad entrare in siti che prima mi davano problemi.
Ti ringrazio tanto Gahan.
Ciao
Pompeo_3