Problema

[alex76]

ciao a tutti volevo sapere se ci sono anomalie nel mio pc dato che ultimamente sto notando dei rallentamenti e delle voci a me sconosciute nel task manager...vi posto il log di hijackthis....grazie mille

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26, on 2009-08-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOCUME~1\HP_PRO~1\IMPOST~1\Temp\Rar$EX00.187\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva LivePass) -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

--
End of file - 8342 bytes

[shel]

ciao

non sono molto sicuro di un processo, per questo ti consiglio di fare questa scansione

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!

[nikita75]

Ciao!!
dal log di Hijack non hai processi critici nei registri di sistema !!

Per sicurezza scansiona con Combofix e facci sapera cosa riscontra !!Non toccare niente !! e posta tutto nel forum !!

[alex76]

ciao vi allego il file di combofix.... grazie!!

ComboFix 09-08-29.01 - HP_Proprietario 2009-08-30 10:29.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.959.540 [GMT 2:00]
Eseguito da: c:\documents and settings\HP_Proprietario\Desktop\ComboFix2.exe
AV: avast! antivirus 4.8.1351 [VPS 090829-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Proprietario\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\avast! Antivirus.lnk

.
((((((((((((((((((((((((( Files Creati Da 2009-07-28 al 2009-08-30 )))))))))))))))))))))))))))))))))))
.

2009-08-29 14:52 . 2009-08-29 14:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-08-29 14:52 . 2009-08-29 14:52 -------- d-----w- c:\documents and settings\HP_Proprietario\LocalLow
2009-08-29 14:52 . 2009-08-29 14:52 -------- d-----w- c:\programmi\TVUPlayer
2009-08-29 14:48 . 2001-08-30 21:07 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-29 14:48 . 2001-08-30 21:07 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-29 14:48 . 2001-08-30 21:07 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-29 14:48 . 2001-08-30 21:07 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-29 14:48 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-29 14:48 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-29 14:48 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-29 14:48 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-29 14:48 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-29 14:48 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-29 14:48 . 2008-04-14 01:12 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-29 14:48 . 2008-04-14 01:12 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-29 09:22 . 2009-08-29 09:22 -------- d-----w- c:\programmi\iPod
2009-08-29 09:22 . 2009-08-29 09:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-29 09:22 . 2009-08-29 09:22 -------- d-----w- c:\programmi\iTunes
2009-08-29 09:20 . 2009-08-29 09:21 -------- d-----w- c:\programmi\QuickTime
2009-08-29 09:12 . 2009-08-29 09:12 75040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-06 21:27 . 2009-08-06 21:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-05 07:51 . 2009-08-05 07:51 152576 ----a-w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 14:52 . 2009-02-16 22:33 67816 ----a-w- c:\documents and settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-29 09:44 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\vlc
2009-08-29 09:22 . 2009-02-16 23:51 -------- d-----w- c:\programmi\File comuni\Apple
2009-08-25 09:20 . 2009-07-30 13:41 -------- d-----w- c:\programmi\C6 Messenger
2009-08-22 09:49 . 2009-02-21 09:53 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\uTorrent
2009-08-17 16:10 . 2009-02-16 23:01 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-16 23:01 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-16 23:01 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-16 23:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-16 23:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-16 23:02 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-16 23:02 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-16 23:02 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-16 23:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-06 15:40 . 2009-04-24 14:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-06 15:22 . 2009-03-26 12:09 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-08-06 14:51 . 2009-04-24 14:37 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-05 07:52 . 2006-08-24 07:49 -------- d-----w- c:\programmi\Java
2009-07-30 13:41 . 2009-07-30 13:41 737280 ----a-w- c:\windows\iun6002.exe
2009-07-28 07:40 . 2004-12-10 14:24 64872 ----a-w- c:\windows\system32\perfc010.dat
2009-07-28 07:40 . 2004-12-10 14:24 429538 ----a-w- c:\windows\system32\perfh010.dat
2009-07-28 07:35 . 2009-02-16 22:43 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-07-25 03:23 . 2009-02-17 22:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 13:49 . 2009-02-17 09:01 -------- d-----w- c:\programmi\eMule
2009-07-14 17:04 . 2009-02-18 21:32 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\dvdcss
2009-07-03 16:55 . 2004-08-19 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-19 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-19 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-19 04:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2006-11-08 01:38 . 2009-02-17 05:01 22 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

c:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-24 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\MsgPlusLoader.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Proprietario^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
path=c:\documents and settings\HP_Proprietario\Menu Avvio\Programmi\Esecuzione automatica\C6 Messenger.lnk
backup=c:\windows\pss\C6 Messenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Spooler"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-17 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-17 20560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-05-29 12672]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE: &Cerca con Google - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Traduci parola in italiano - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Link a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} - hxxp://c6.community.virgilio.it/downloa ... ctiveX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 10:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-08-30 10:34
ComboFix-quarantined-files.txt 2009-08-30 08:34
ComboFix2.txt 2009-08-30 08:22
ComboFix3.txt 2009-03-28 13:33

Pre-Run: 128,429,486,080 byte disponibili
Post-Run: 128,394,186,752 byte disponibili

174 --- E O F --- 2009-04-16 12:44

[nikita75]

Ciao Alex !!
Hai risolto il problema di malware con Combofix ?

http://www.bleepingcomputer.com/combofi ... e-combofix

[alex76]

ciao....ho postato sopra il log di combifix....però non so se ci siano problemi o meno.....vorrei che qualcuno mi dicesse qualcosa in proposito o se vedesse qualcosa di anomalo!! grazie

[Luke57]

Ciao, il report pare a posto.

[nikita75]

Ciao Alex !!

Hai provato a usare MALWAREBytes ? potresti avere malware !!