Olimpo Informatico

[alex7720]

Salve a tutti,
è ormai da un paio di mesi che noto che la connessione con alice 7 mega risulta abbastanza lenta (non arriva neanche a 2 mega - speedtest su www.helpadsl.it). Ho amici in zone limitrofe alla mia, che invece raggiungono tranquillamente i 5,5 mega, nei momenti di traffico intenso. Ho sentito una volta il 187 dove mi hanno risposto che il problema è sicuramente nel pc e che per loro è tutto a posto dal punto di vista della connessione. Capisco che probabilmente mi hanno liquidato troppo facilmente, ma prima di richiamarli più in.....to di prima, vorrei davvero accertarmi che il mio pc sia pulito da malware d'ogni tipo. Utilizzo abitualmente spybot S&D e Adware che non hanno rilevato nulla. Ho inoltre effettuato un defrag del disco fisso, che effettivamente era un pò frammentato, ma la velocità di connessione non è assolutamente migliorata. Ho effettuato una scansione antivirus con avast, che peraltro è sempre attivo, e mi ha trovato un virus(ptuDA_tmp.exe) che ho riposto nel cestino come da "Azione consigliata". Ora, quindi, di seguito posterò i risultati della scansione effettuata con i due programmi indicati nell'oggetto. Se qualche anima pia potesse aiutarmi.....Grazie in anticipo!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.55.56, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programmi\HPQ\One-Touch\OneTouch.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Alwil Software\Avast4\ashSimpl.exe
C:\Programmi\Alwil Software\Avast4\ashChest.exe
C:\Documents and Settings\Ale&Isa\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Programmi\HPQ\Desktop Zoom\hpwinadj.exe -s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Programmi\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Programmi\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Programmi\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172262483967
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172262470587
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29FB29D5-C338-4780-935A-21B4F66F3FC4}: NameServer = 85.37.17.49 85.38.28.91
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8726 bytes


ComboFix 08-01-09.2 - Ale&Isa 2008-01-17 19.57.03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.138 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Ale&Isa\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ale&Isa\Dati applicazioni\ShoppingReport
C:\Documents and Settings\Ale&Isa\Dati applicazioni\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Ale&Isa\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Ale&Isa\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Ale&Isa\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Ale&Isa\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Ale&Isa\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Ale&Isa\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs
C:\Programmi\ShoppingReport
C:\Programmi\ShoppingReport\Uninst.exe

.
((((((((((((((((((((((((( Files Creati Da 2007-12-17 al 2008-01-17 )))))))))))))))))))))))))))))))))))
.

2008-01-17 19:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 23:13 . 2008-01-13 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
2008-01-13 23:03 . 2008-01-13 23:03 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys
2008-01-06 23:19 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-01-06 23:19 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-01-06 22:58 . 2006-03-31 15:57 430,080 --a------ C:\WINDOWS\system32\MXRestore.exe
2008-01-06 22:58 . 2006-07-18 01:03 49,152 --a------ C:\WINDOWS\system32\mgxasio2.dll
2008-01-03 12:21 . 2008-01-03 12:21 <DIR> d-------- C:\Documents and Settings\Ale&Isa\Dati applicazioni\MAGIX
2008-01-01 17:34 . 2008-01-01 17:34 <DIR> d-------- C:\Programmi\Alcohol Soft
2007-12-30 19:17 . 2007-12-30 19:19 <DIR> d-------- C:\Programmi\vanBasco's Karaoke Player
2007-12-30 17:24 . 2007-12-30 17:25 316 --a------ C:\WINDOWS\Sampler.INI
2007-12-30 17:24 . 2007-12-30 17:25 316 --a------ C:\WINDOWS\BeatBox.INI
2007-12-30 17:24 . 2007-12-30 17:24 28 --a------ C:\WINDOWS\Robota.INI
2007-12-29 18:39 . 2007-12-29 18:39 0 --a------ C:\WINDOWS\musiceditor.INI
2007-12-29 18:22 . 2007-12-29 18:22 0 --a------ C:\WINDOWS\musicmaker.INI
2007-12-29 18:21 . 2007-12-29 18:21 97,792 --a------ C:\WINDOWS\system32\drivers\ACEDRV05.sys
2007-12-29 17:45 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-12-29 17:45 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-29 17:44 . 2008-01-13 23:02 <DIR> d-------- C:\Programmi\File comuni\MAGIX Shared
2007-12-29 17:39 . 2008-01-12 18:30 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-12-29 17:39 . 2008-01-06 23:09 <DIR> d-------- C:\MAGIX
2007-12-29 17:39 . 2002-09-21 00:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-12-29 17:39 . 1998-10-15 17:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-12-29 17:39 . 1999-01-28 14:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-12-29 17:37 . 2006-08-17 10:01 643,072 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-12-29 17:37 . 2008-01-12 18:30 6,099 --a------ C:\WINDOWS\mgxoschk.ini
2007-12-26 00:14 . 2007-12-26 00:14 <DIR> d-------- C:\Programmi\Mio Technology
2007-12-26 00:05 . 2006-03-09 09:17 37,768 -ra------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-12-26 00:00 . 2007-12-26 00:00 <DIR> d-------- C:\Programmi\MiTAC Research (Shanghai) Ltd
2007-12-25 09:46 . 2004-08-19 23:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-25 09:46 . 2004-08-19 23:39 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-25 09:46 . 2007-12-25 09:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-25 09:46 . 2007-12-25 09:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-25 09:45 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-25 09:45 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-25 09:44 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-25 09:44 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-25 09:41 . 2007-12-25 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\LogiShrd
2007-12-25 09:40 . 2007-12-25 09:40 <DIR> d-------- C:\Documents and Settings\Ale&Isa\Dati applicazioni\Logitech
2007-12-25 09:39 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2007-12-25 09:39 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2007-12-25 09:39 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-12-25 09:39 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-12-25 09:39 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2007-12-25 09:38 . 2007-12-25 09:38 <DIR> d-------- C:\Programmi\Logitech
2007-12-25 09:38 . 2007-12-25 09:39 <DIR> d-------- C:\Programmi\File comuni\Logishrd
2007-12-25 09:38 . 2007-12-25 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Logitech
2007-12-25 09:38 . 2007-12-25 09:38 <DIR> d-------- C:\Documents and Settings\Ale&Isa\Dati applicazioni\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 16:43 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-15 21:27 --------- d-----w C:\Programmi\SpeedFan
2008-01-12 17:07 --------- d-----w C:\Programmi\eMule
2007-12-25 23:00 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-16 14:33 --------- d-----w C:\Programmi\Windows Defender
2007-12-15 10:30 --------- d-----w C:\Documents and Settings\Ale&Isa\Dati applicazioni\MailFrontier
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:27 727,552 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:42 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:42 8,489,472 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2005-09-23 22:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 23:18 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe" [2003-02-26 15:25 180316]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 16:29 290816]
"Desktop Zoom"="C:\Programmi\HPQ\Desktop Zoom\hpwinadj.exe" [2002-10-09 09:18 249856]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 06:05 36864]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 22:34 36864]
"TV Now"="C:\Programmi\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 09:34 282624]
"Display Settings"="C:\Programmi\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 05:26 45056]
"QT4HPOT"="C:\Programmi\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 16:14 102400]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2003-04-18 23:03 110592]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2003-04-18 22:57 610304]
"UpdateManager"="C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34 406016]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 17:39 40960]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-23 23:08 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"RegistryMechanic"="" []
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 23:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-09-24 00:39:30]
HP Digital Imaging Monitor.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-23 23:28:44]
hp psc 2000 Series.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10]
hpoddt01.exe.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2007-12-25 09:39:04]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2001-12-17 12:54]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 16:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 16:04]
S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2002-08-29 01:00]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys [2003-03-05 02:00]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\89.tmp []

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-17 16:50:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 20:01:16
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\HPQ\Default Settings\cpqset.exe???????????????????|?????? ??3B?????????????T?B????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-17 20.02.29
ComboFix-quarantined-files.txt 2008-01-17 19:02:10
.
2008-01-11 16:34:32 --- E O F ---

[bdoriano]

Ciao alex7720,

Hijackthis non evidenzia voci pericolose.
Combofix ha eliminato alcune voci appartenenti a ShoppingReport (adware).

Per sicurezza, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

PS: se vuoi, puoi presentarti qui

[alex7720]

[alex7720]

Ok, ecco il risultato della scansione di Kapersky. Credo che qualcosina ci sia...Grazie ancora per l'aiuto che vorrai darmi!

http://www.freefilehosting.net/download/3ai1j

[Orange]

ciao

Direi niente di preoccupante, fai questi due semplici passaggi e dovresti essere a posto:

* disattiva il ripristino di configurazione

* scarica ATF Cleaner
avvialo, metti la spunta su Select all (se usi Firefox o Opera spunta anche le loro opzioni)
clicca Empty selected e aspetta il messaggio Done cleaning!
eventualmente ripeti per FF e/o Opera

* riattiva il ripristino di configurazione

[alex7720]

Bene, tutto fatto. Il pc si è leggermente velocizzato nell'apertura delle applicazioni varie. La velocità di alice però......E' SEMPRE QUELLA!!!!