virus e problemi audio

[uliawitch]

Ciao a tutti!
lavoro su windows xp, e uso antivirus avast.
ieri mi ha segnalato la presenza di alcuni virus e mi ha consigliato di cancellarli e così ho fatto.
risultato: non funzionano più audio e video,internet va lentissimo e non so che altri problemi potrebbero saltare fuori.
Vi posto qui il log di hijackthis sperando che possiate essermi di aiuto.
grazie
Laura

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.54.31, on 18/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Power Manager\PM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Documents and Settings\lallina\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {065FCDE7-493B-47B1-B20A-BE760B03BE66} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Programmi\Power Manager\PM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lallina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: monxga32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 7681 bytes

[menatwork]

ciao

scarica combofix sul desktop e avvialo (non installare la recovery console)

Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

[uliawitch]

intanto grazie per la risposta:
ho eseguito un po' di pulitura con ccleaner,malwarebyte e advanced system care.
mi domando: una volta ripulito il tutto come faccio per i driver audio che ormai sono andati persi? avevo provato a reinstallarli dal cd originale del pc,ma non funziona.
grazie.
con combofix questo è il risultato:



Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 4004

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18/04/2010 21.05.58
mbam-log-2010-04-18 (21-05-58).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 191625
Tempo trascorso: 1 ore, 41 minuti, 10 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 17

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\secdrv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbaapl (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\pid_0928 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\pac207 (Rootkit.Agent) -> No action taken.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Documents and Settings\lallina\Desktop\to_do\D'Amico\Flash\myliq uidsivler crack key\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{55B13951-FD72-4043-BE9A-31E44AB1E7DC}\RP365\A0433073.sys (Rootkit.Agent.BO) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP235\A0163793.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP235\A0163794.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP236\A0164089.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP236\A0164098.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP236\A0164100.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP236\A0164102.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP237\A0164307.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP237\A0164316.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP237\A0164318.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{8C039A11-10CD-432C-A09C-BAB35E1E8CAD}\RP237\A0164320.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\secdrv.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\usbaapl.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\lv561av.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\lvusbsta.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\pfc027.sys (Rootkit.Agent) -> No action taken.

[menatwork]

scusa ma ti risulta che quella scansione appartenga a combofix?

[uliawitch]

ops, scusami.in effetti ho fatto scansioni e log con una serie infinita di programmi e ne l'ho scambiato con quello di malwarebytes.
ti copincollo quello di combofix, in due parti perchè tutto insieme non riesco:

ComboFix 10-04-17.07 - lallina 18/04/2010 18.52.10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.502.152 [GMT 2:00]
Eseguito da: c:\documents and settings\lallina\Documenti\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100417-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\documents and settings\lallina\Dati applicazioni\avdrn.dat
c:\documents and settings\lallina\Menu Avvio\Programmi\Esecuzione automatica\monxga32.exe
c:\windows\system32\drivers\dcyqxjea.sys

.
((((((((((((((((((((((((( Files Creati Da 2010-03-18 al 2010-04-18 )))))))))))))))))))))))))))))))))))
.

2010-04-18 16:42 . 2010-04-18 16:42 -------- d-----w- c:\documents and settings\lallina\Dati applicazioni\IObit
2010-04-18 16:42 . 2010-04-18 16:42 -------- d-----w- c:\programmi\IObit
2010-04-18 16:37 . 2010-04-18 16:37 -------- d-----w- c:\documents and settings\lallina\Dati applicazioni\Malwarebytes
2010-04-18 16:37 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 16:37 . 2010-04-18 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-18 16:37 . 2010-04-18 16:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-18 16:37 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 12:34 . 2010-04-18 12:34 -------- d-----w- c:\programmi\Realtek AC97
2010-04-17 13:01 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-17 13:01 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-17 12:59 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-17 12:59 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-17 12:58 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-07 19:16 . 2010-04-07 19:16 -------- d-----w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-04-18 16:59 . 2007-10-12 01:00 859648 ----a-w- c:\windows\system32\drivers\lvusbsta.sys
2010-04-18 16:50 . 2010-02-05 11:06 -------- d-----w- c:\programmi\File comuni\Akamai
2010-04-18 13:07 . 2009-01-10 09:06 -------- d-----w- c:\documents and settings\lallina\Dati applicazioni\Skype
2010-04-18 12:03 . 2009-01-09 22:47 -------- d-----w- c:\programmi\AvRack
2010-04-18 11:15 . 2009-01-10 09:07 -------- d-----w- c:\documents and settings\lallina\Dati applicazioni\skypePM
2010-04-17 13:01 . 2009-01-10 09:18 859648 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 13:01 . 2007-10-12 00:56 859648 ----a-w- c:\windows\system32\drivers\lv561av.sys
2010-04-17 13:01 . 2004-08-19 12:00 859648 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-04-17 13:01 . 2009-10-13 15:35 859648 ----a-w- c:\windows\system32\drivers\pfc027.sys
2010-04-17 12:40 . 2010-04-17 12:40 12 ----a-w- c:\documents and settings\NetworkService\Dati applicazioni\kcmdte.dat
2010-04-07 19:15 . 2009-01-19 17:33 -------- d-----w- c:\programmi\Google
2010-03-28 02:51 . 2004-08-19 12:00 84354 ----a-w- c:\windows\system32\perfc010.dat
2010-03-28 02:51 . 2004-08-19 12:00 489648 ----a-w- c:\windows\system32\perfh010.dat
2010-03-09 11:09 . 2004-08-19 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:41 . 2004-09-29 18:48 669696 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:41 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2004-10-28 01:14 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2004-08-19 12:00 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 15:34 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-05 22:01 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-19 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-19 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\documents and settings\lallina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-09-19 133104]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-11-27 149280]
"PowerManager"="c:\programmi\Power Manager\PM.exe" [2005-03-30 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-12-05 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor .exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2007-12-10 323584]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-1-10 25214]
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12 483328 ----a-w- c:\programmi\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.e xe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-19 18:09 133104 ----atw- c:\documents and settings\lallina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-08-20 19:08 2000120 ----a-w- c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[uliawitch]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManage r.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\lallina\\temp\\TeamViewer\\Version5\\Tea mViewer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/08/2009 10.15.16 114768]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [19/08/2004 14.00.00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [10/08/2009 10.15.16 20560]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [10/01/2009 0.45.54 5504]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/03/2009 9.00.17 639224]
S0 tyuztvfb;tyuztvfb;c:\windows\system32\drivers\tyuz tvfb.sys --> c:\windows\system32\drivers\tyuztvfb.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate. exe [29/11/2009 18.56.43 135664]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\pfc027.sys [13/10/2009 17.35.00 859648]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - LVUSBSta

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-29 08:14]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-29 08:14]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1957994488-839522115-1005Core.job
- c:\documents and settings\lallina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-19 18:09]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1957994488-839522115-1005UA.job
- c:\documents and settings\lallina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-19 18:09]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\lallina\Dati applicazioni\Mozilla\Firefox\Profiles\vn2cqrlp.def ault\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\lallina\Dati applicazioni\Mozilla\Firefox\Profiles\vn2cqrlp.def ault\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\lallina\Dati applicazioni\Mozilla\Firefox\Profiles\vn2cqrlp.def ault\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\lallina\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\programmi\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.d ll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{065FCDE7-493B-47B1-B20A-BE760B03BE66} - (no file)
HKCU-Run-AdobeBridge - (no file)



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 18:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\L VUSBSta]
"ImagePath"="system32\DRIVERS\LVUSBSta.sys"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\�•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2010-04-18 19:00:36
ComboFix-quarantined-files.txt 2010-04-18 17:00

Pre-Run: 30.064.041.984 byte disponibili
Post-Run: 30.297.894.912 byte disponibili

- - End Of File - - 51F9ABC67EC185D9F142FD3A2730EA1A

[uliawitch]

con i virus credo di aver risolto,grazie.
ora resta il problema driver,ma ho già scritto nell'altra sezione del forum.
grazie ancora.