apertura pagine porno

[CarloBaz]

Buongiorno a tutti
Dal pc di mio figlio (utilizza Vista) si aprono in continuazione pagine di siti porno. L'ultima è "cam girl e ragazze in webcam" ma cambiano ogni volta. Ho visto che in installazioni c'è favorit però non so se è in relazione; mi sembrava che favorit facesse aprire solo pagine pubblicitarie normali. Grazie dell'eventuale aiuto

[Conetti]

Disinstalla Favorit da Installazione Applicazioni ed esegui una scansione con HiJackThis: posta il log ottenuto a fine scansione.
Bisogna capire se il virus ha attaccato anche il registro di sistema oppure si è limitato solo a installare il software.
Fammi sapere

[CarloBaz]

Forse ho risolto il problema. Dopo aver disinstallato Favorit ho utilizzato ATF Cleaner e da stamattina va tutto ok. Grazie per l'interessamento, saluti.

[Conetti]

Prego
Se hai problemi non esitare a contattarci

[CarloBaz]

Problema risolto un bel niente purtroppo. Sono tornate. Ho eseguito la scansione però non mi ricordo come si fa a postarla. Scusa l'ignoranza. saluti

[Conetti]

Hosta il file .log generato su MegaUpload e scrivi, nel tuo prossimo post, il link da cui effettuare il download

[CarloBaz]

Sono riusciuto con questo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.52.13, on 20/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\utente\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Users\utente\AppData\Local\Temp\Temp4_HiJackThi s.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5536
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5536
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5536
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\s wg.dll
O2 - BHO: IE BHO Helper - {b879dc47-7f5a-4973-a570-1e03a60c7c02} - C:\Program Files\ToolbarPorno\adxloader.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {cba0ec77-dd2c-4d2a-8853-94e4a8092822} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {9e26c99f-6954-4e1e-80d4-de6dc4777ab3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB8FC7B8-0F99-430A-8FD0-6A863DD7EB99}: NameServer = 192.168.251.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate1c9f28fd61892b4) (gupdate1c9f28fd61892b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 9985 bytes

[CarloBaz]

Sempre peggio... ora mi si è disattivato anche Avast e non riesco ad attivarlo Chiedo lumi.

[CarloBaz]

Allego parte iniziale rapporto ComboFix.
ComboFix 09-10-19.01 - utente 20/10/2009 17.34.42.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.39.1040.18.2941.2074 [GMT 2:00]
Eseguito da: c:\users\utente\Desktop\ComboFix.exe
Opzioni usate :: c:\users\utente\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1201 [VPS 090520-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1201 [VPS 090520-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\program files\ToolbarPorno
c:\program files\ToolbarPorno\AddinExpress.IE.dll
c:\program files\ToolbarPorno\adxloader.dll
c:\program files\ToolbarPorno\adxloader.dll.manifest
c:\program files\ToolbarPorno\adxloader.exe
c:\program files\ToolbarPorno\adxregext.exe
c:\program files\ToolbarPorno\IE BHO Helper.dll
c:\program files\ToolbarPorno\Interop.SHDocVw.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-09-20 al 2009-10-20 )))))))))))))))))))))))))))))))))))
.

2009-10-20 15:41 . 2009-10-20 15:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-20 15:41 . 2009-10-20 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-20 12:32 . 2009-10-20 12:32 -------- d-----w- c:\users\utente\AppData\Local\assembly
2009-10-20 12:06 . 2009-10-20 12:06 -------- d-----w- c:\users\utente\AppData\Local\ATI
2009-10-20 12:06 . 2009-10-20 12:06 -------- d-----w- c:\users\utente\AppData\Local\Acer ePower Management V4
2009-10-20 11:44 . 2009-10-20 11:44 -------- d-----w- c:\users\utente\AppData\Local\Microsoft Help
2009-10-19 17:01 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 16:48 . 2009-10-20 13:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-17 16:48 . 2009-10-20 13:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-17 13:15 . 2009-10-17 13:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-15 15:31 . 2009-10-15 15:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-15 15:31 . 2009-10-15 15:31 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-14 17:52 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:52 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:39 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:39 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:39 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2009-10-20 15:37 . 2009-03-24 13:57 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-10-20 15:37 . 2009-03-24 13:57 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-10-20 15:30 . 2009-09-20 08:15 1356 ----a-w- c:\users\utente\AppData\Local\d3d9caps.dat
2009-10-20 14:23 . 2009-06-01 10:46 -------- d-----w- c:\users\utente\AppData\Roaming\dvdcss
2009-10-20 12:05 . 2009-05-21 11:01 70176 ----a-w- c:\users\utente\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-20 11:44 . 2009-03-24 06:40 -------- d-----w- c:\programdata\Microsoft Help
2009-10-19 16:48 . 2009-03-24 07:01 -------- d-----w- c:\program files\Windows Live
2009-10-18 06:00 . 2009-03-24 06:42 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 15:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-07 11:54 . 2009-05-23 15:56 -------- d-----w- c:\users\utente\AppData\Roaming\vlc
2009-09-10 17:30 . 2009-10-14 17:58 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 10:01 . 2009-08-22 20:05 -------- d-----w- c:\programdata\Norton
2009-09-08 10:01 . 2009-08-22 20:05 -------- d-----w- c:\programdata\Symantec
2009-09-06 16:35 . 2009-09-06 16:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-28 12:39 . 2009-09-03 11:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 11:47 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-14 17:58 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-14 17:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:08 . 2009-08-27 13:08 -------- d-----w- c:\programdata\Tarma Installer
2009-08-27 13:08 . 2009-08-27 13:08 -------- d-----w- c:\program files\Data Design Interactive
2009-08-27 10:58 . 2009-10-14 17:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-22 20:05 . 2009-08-22 20:05 -------- d-----w- c:\programdata\NortonInstaller
2009-08-19 19:20 . 2009-08-19 19:20 29687296 ----a-w- C:\Jurassic Park Operation Genesis.msi
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2009-05-21 18:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-05-21 18:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-21 18:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-05-21 18:51 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-05-21 18:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-21 18:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-05-21 18:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 17:07 . 2009-09-09 08:32 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 08:32 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 08:32 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 08:32 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 08:32 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 08:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 08:32 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 08:32 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 08:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 08:32 10240 ----a-w- c:\windows\system32\finger.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-20_12.26.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-20 15:31 50068 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:02 . 2009-10-20 15:31 80670 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-05-21 10:59 . 2009-10-20 15:31 10270 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1740609431-3112825975-3734759770-1000_UserData.bin
+ 2009-05-21 10:55 . 2009-10-20 15:31 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-21 10:55 . 2009-10-20 12:13 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-21 10:55 . 2009-10-20 12:13 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-21 10:55 . 2009-10-20 15:31 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-21 10:55 . 2009-10-20 15:31 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-05-21 10:55 . 2009-10-20 12:13 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-06-02 09:41 . 2009-10-20 12:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2009-06-02 09:41 . 2009-06-02 09:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2009-06-02 09:41 . 2009-06-02 09:41 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-02 09:41 . 2009-10-20 12:33 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-02 09:41 . 2009-06-02 09:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2009-06-02 09:41 . 2009-10-20 12:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2009-10-20 12:03 . 2009-10-20 12:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-10-20 15:29 . 2009-10-20 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-10-20 12:03 . 2009-10-20 12:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-10-20 15:29 . 2009-10-20 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-20 15:37 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-20 12:08 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-20 15:37 101250 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-20 12:08 101250 c:\windows\System32\perfc009.dat

[CarloBaz]

E rapporto completo scaturito dalla scansione con Malwarebytes.

Ecco il risultato della scansione con Malwarebytes:
http://Malwarebytes' Anti-Malware 1....volo rilevato)

Purtroppo non so se è in relazione con l'utilizzo di ComboFix non riesco più a connettermi ad internet.
Sto scrivendo sul mio fisso; invece il pc in questione usa rete wireless con Router Sweex_MO251. Situazione diventata improvvisamente critica.