Logfile X Pagine Indesiderate

[tj.navajo]

Ho bisogno del vostro aiuto: ho effettuato le scansioni, così come consigliate, perché continuamente mi si aprivano pagine web.

Devo dire che dopo queste scansioni non ne sono apparse più, comunque per una eventuale verifica allego il Logfile.

Resto in attesa e intanto saluti.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 0.30.33, on 09/04/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\Programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\Programmi\Launch Manager\dsiwmis.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe

C:\Programmi\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe

C:\VEXPLite\viritsvc.exe

C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\CNAB4RPK.EXE

C:\Programmi\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programmi\Launch Manager\LManager.exe

C:\WINDOWS\snuvcdsm.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\Programmi\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe

C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

C:\Programmi\File comuni\Java\Java Update\jusched.exe

C:\Programmi\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Programmi\IObit\Advanced SystemCare 5\ASC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\Drivers\AzMixerSel.exe

O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe

O4 - HKLM\..\Run: [sNUVCDSM] C:\WINDOWS\snuvcdsm.exe

O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS

O4 - HKLM\..\Run: [OMEA] "C:\Programmi\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Programmi\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.protocollofacile.com

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Programmi\Launch Manager\dsiwmis.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe

O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe

O23 - Service: Updater Service - Acer - C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--

End of file - 10124 bytes

[*FDAC*]

Ciao.

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

● posiziona il file scaricato sul Desktop

● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:

● lancia ComboFix con un doppio click

● segui le istruzioni che verranno rilasciate per eseguire la scansione

● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare

● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:

● potrebbero comparire alcuni file sul Desktop, e poi eliminati

● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi

● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio

● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti

● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:

● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te

● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:

● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore

● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.

Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto

● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.

[tj.navajo]

ComboFix 12-04-07.02 - comus 09/04/2012 23.49.53.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1013.466 [GMT 2:00]

Eseguito da: c:\documents and settings\comus\Documenti\Downloads\Combofix\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {00000000-0715-0000-08F2-12003094807C}

AV: Avira Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000}

.

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

.

.

((((((((((((((((((((((((( Files Creati Da 2012-03-09 al 2012-04-09 )))))))))))))))))))))))))))))))))))

.

.

2012-04-09 07:18 . 2012-04-09 07:18 -------- d-----w- c:\documents and settings\comus\Dati applicazioni\IObit

2012-04-08 22:29 . 2012-04-08 22:29 388096 ----a-r- c:\documents and settings\comus\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-08 18:24 . 2012-04-08 18:24 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\IObit

2012-04-07 20:46 . 2012-04-07 20:46 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater

2012-04-07 20:45 . 2012-04-07 20:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit

2012-04-07 20:45 . 2012-04-07 20:45 -------- d-----w- c:\programmi\IObit

2012-04-07 20:42 . 2012-04-07 20:42 -------- d-----w- c:\documents and settings\comus\Dati applicazioni\Malwarebytes

2012-04-07 20:42 . 2012-04-07 20:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes

2012-04-07 20:42 . 2012-04-07 20:42 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

2012-04-07 20:42 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-07 20:22 . 2012-04-07 20:22 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-04-07 08:33 . 2012-04-07 08:33 -------- d-----w- c:\programmi\Trend Micro

2012-04-06 09:27 . 2012-04-06 09:27 -------- d-----w- c:\documents and settings\comus\Impostazioni locali\Dati applicazioni\Tuto4PC

2012-04-06 09:27 . 2012-04-06 09:27 -------- d-----w- c:\documents and settings\comus\Dati applicazioni\Tuto4pc

2012-04-06 09:27 . 2012-04-08 21:11 -------- d-----w- c:\programmi\Tuto4pc

2012-04-04 15:11 . 2012-04-04 15:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-30 23:08 . 2012-04-05 17:36 -------- d-----w- c:\programmi\JDownloader

2012-03-30 15:02 . 2012-03-30 15:02 -------- d-----w- C:\Users

2012-03-30 14:44 . 2012-03-30 14:44 -------- d-----w- c:\windows\Sun

2012-03-30 14:44 . 2012-03-30 14:44 -------- d-----w- c:\programmi\File comuni\Java

2012-03-30 14:44 . 2012-03-30 14:43 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-30 14:44 . 2012-03-30 14:43 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-30 14:43 . 2012-03-30 14:43 -------- d-----w- c:\programmi\Java

2012-03-26 10:48 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll

2012-03-26 10:47 . 2003-02-21 16:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-03-26 10:47 . 2012-03-26 11:16 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers

2012-03-26 10:04 . 2012-03-26 10:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Samsung

2012-03-26 10:03 . 2010-07-04 17:07 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe

2012-03-26 10:03 . 2010-06-14 07:32 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys

2012-03-26 10:03 . 2010-06-14 07:32 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll

2012-03-26 10:03 . 2012-03-26 11:09 -------- d-----w- c:\documents and settings\comus\Dati applicazioni\Samsung

2012-03-26 10:01 . 2012-03-26 11:09 -------- d-----w- c:\programmi\Samsung

2012-03-23 11:16 . 2012-03-23 11:16 -------- d-----w- c:\windows\system32\NtmsData

2012-03-19 11:24 . 2012-03-19 11:24 592824 ----a-w- c:\programmi\Mozilla Firefox\gkmedias.dll

2012-03-19 11:24 . 2012-03-19 11:24 44472 ----a-w- c:\programmi\Mozilla Firefox\mozglue.dll

2012-03-16 17:03 . 2012-03-16 17:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink

2012-03-16 17:03 . 2012-03-16 17:48 -------- d-----w- c:\documents and settings\comus\Dati applicazioni\CyberLink

2012-03-16 17:03 . 2012-03-16 17:57 -------- d-----w- c:\documents and settings\comus\Impostazioni locali\Dati applicazioni\Cyberlink

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 15:11 . 2011-10-11 07:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-25 17:05 . 2011-12-29 17:38 82424 ----a-w- c:\windows\system32\drivers\VIRAGTLT.sys

2012-02-03 14:26 . 2012-02-27 19:49 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-02-03 14:26 . 2012-02-27 19:49 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-02-03 14:26 . 2012-02-27 19:49 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-02-03 09:57 . 2010-04-28 18:13 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-14 18:53 3072 ------w- c:\windows\system32\iacenc.dll

2012-03-19 11:24 . 2012-02-11 11:01 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-08_19.35.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-09 21:39 . 2012-04-09 21:39 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat

+ 2010-04-28 18:13 . 2012-04-09 21:43 86494 c:\windows\system32\perfc010.dat

+ 2010-04-28 18:13 . 2012-04-09 21:43 73358 c:\windows\system32\perfc009.dat

+ 2010-04-28 18:13 . 2012-04-09 21:43 494202 c:\windows\system32\perfh010.dat

+ 2010-04-28 18:13 . 2012-04-09 21:43 446152 c:\windows\system32\perfh009.dat

+ 2012-04-08 22:29 . 2012-04-08 22:29 1094656 c:\windows\Installer\455b58.msi

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-28 141336]

"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]

"AzMixerSel"="c:\programmi\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]

"LManager"="c:\programmi\Launch Manager\LManager.exe" [2009-11-19 1159248]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PLFSetL"="c:\windows\PLFSetL.exe" [2010-01-13 99712]

"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2010-01-13 30080]

"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-01-13 202112]

"OMEA"="c:\programmi\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe" [2009-06-04 184320]

"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]

"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^comus^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

path=c:\documents and settings\comus\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk

backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-04 06:51 37296 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-04-28 11:18 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakRAM]

2011-08-27 15:28 997888 ----a-w- c:\programmi\TweakRAM\TweakRAM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoWebCamera]

2010-01-15 09:49 1541504 ----a-w- c:\programmi\VideoWebCamera\VideoWebCamera.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]

2012-02-25 17:05 303104 ----a-w- c:\vexplite\MONLITE.EXE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=

"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=

.

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [29/12/2011 19.38.26 82424]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27/02/2012 21.49.06 36000]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [08/12/2008 16.16.56 169312]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\programmi\IObit\Advanced SystemCare 5\ASCService.exe [07/04/2012 22.45.10 913752]

R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/02/2012 21.49.08 86224]

R2 DsiWMIService;Dritek WMI Service;c:\programmi\Launch Manager\dsiwmis.exe [28/04/2010 20.14.20 109648]

R2 Updater Service;Updater Service;c:\programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe [28/04/2010 13.16.55 240160]

R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [14/03/2011 13.54.14 86016]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2010 20.14.17 45056]

S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [18/11/2010 19.28.14 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/04/2012 17.11.44 253600]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/04/2010 12.46.42 1691480]

S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [28/04/2010 12.52.08 108752]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26/03/2012 12.03.52 36608]

S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [18/11/2010 19.28.14 135664]

S3 onda_mx83xup_cpo;ONDA Mx83xUP Mass Storage Device;c:\windows\system32\drivers\onda_mx83xup_cpo.sys [19/03/2010 18.10.48 9856]

S3 onda_mx83xup_ppo;ONDA Mx83xUP Serial ACM Driver;c:\windows\system32\drivers\onda_mx83xup_ppo.sys [19/03/2010 18.10.48 18560]

.

Contenuto della cartella 'Scheduled Tasks'

.

2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:11]

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-18 17:28]

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-18 17:28]

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.facebook.com/

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: protocollofacile.com\www

FF - ProfilePath - c:\documents and settings\comus\Dati applicazioni\Mozilla\Firefox\Profiles\l5jtoqv9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-09 23:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scansione processi nascosti ...

.

scansione entrate autostart nascoste ...

.

Scansione files nascosti ...

.

Scansione completata con successo

Files nascosti: 0

.

**************************************************************************

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

.

- - - - - - - > 'explorer.exe'(2776)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

Ora fine scansione: 2012-04-10 00:02:22

ComboFix-quarantined-files.txt 2012-04-09 22:02

ComboFix2.txt 2012-04-08 19:43

.

Pre-Run: 109.430.169.600 byte disponibili

Post-Run: 109.425.205.248 byte disponibili

.

- - End Of File - - A7A58004F2BA976F6B2C2B5760540161

[*FDAC*]

Elimina questa cartella:

c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater

Cos'è questo programma? Tuto4pc

[tj.navajo]

Ho provveduto ad eliminare la cartella indicatami.

Per quanto riguarda Tuto4pc non ho idea di cosa sia e tantomeno averlo installato

e la ricerca mi ha dato 2 cartelle di file.

RevoUninstaller e CCleaner mi visualizzano:

1 - Tuto Avast 1.0.0.0

2 - Tuto Firefox 1.0.0.0

Credo che siano da disinstallare, ma nel dubbio aspetto tuo consiglio.

[*FDAC*]

DIsinstallali pure.

Dal log di combofix non si evince granchè.

sempre le solite pagine pubblicitarie?

[tj.navajo]

Ciao, devo dirti che le pagine web non si aprivano più dopo le scansioni che mi hai consigliato,

quindi credo che Tuto4pc non sia stato il responsabile di ciò.

Comunque ho provveduto adesso ad eliminarli tutti e due.

Spero il problema sia stato risolto, e non si ripeta nei prossimi giorni.

Ringrazio te per la disponibilità. *_°

[*FDAC*]

Di nulla.

Alla prossima!

Francesco