icone che lampeggiano

Saluti a tutti . Da mesi ho questo problema che è più un fastidio che altro , le icone mi spariscono e ricompaiono in un tempo che varia da pochi decimi di secondo a circa un secondo / due .
Clam win mi trovava un troyan agent in una cartella di office ma anche se mettevo in quarantena si riattivava , ho eliminato la cartella intera e ho risolto . Allego i log che ho fatto , grazie .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.46.56, on 06/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\soundman.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 3471 bytes


Avira AntiVir Personal
Data del file di report: domenica 6 febbraio 2011 16:49

Ricerca di 2995020 virus e programmi indesiderati.

Concesso in licenza a : Avira AntiVir Personal - FREE Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : CASA

Informazioni sulla versione:
BUILD.DAT : 9.0.0.24 21699 Bytes 10/06/2010 09:34:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:40
AVSCAN.DLL : 9.0.3.0 47873 Bytes 03/03/2009 10:14:29
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:56
LUKERES.DLL : 9.0.2.0 12545 Bytes 03/03/2009 10:15:14
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 14:44:22
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 14:44:28
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 14:44:31
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 14:44:34
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 14:44:40
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 14:44:45
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 16:56:50
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 16:25:25
VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 16:25:25
VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 16:25:26
VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 16:25:26
VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 16:25:26
VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 16:20:52
VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 16:21:14
VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 16:22:43
VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 16:22:44
VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 16:24:16
VBASE018.VDF : 7.10.12.64 133120 Bytes 29/09/2010 16:24:31
VBASE019.VDF : 7.10.12.99 134144 Bytes 01/10/2010 16:25:01
VBASE020.VDF : 7.10.12.122 131584 Bytes 05/10/2010 17:55:18
VBASE021.VDF : 7.10.12.148 119296 Bytes 07/10/2010 17:55:05
VBASE022.VDF : 7.10.12.175 142848 Bytes 11/10/2010 17:55:45
VBASE023.VDF : 7.10.12.198 131584 Bytes 13/10/2010 17:56:42
VBASE024.VDF : 7.10.12.216 133120 Bytes 14/10/2010 17:56:30
VBASE025.VDF : 7.10.12.238 137728 Bytes 18/10/2010 04:09:58
VBASE026.VDF : 7.10.12.254 129536 Bytes 20/10/2010 04:09:58
VBASE027.VDF : 7.10.13.22 137728 Bytes 22/10/2010 04:09:59
VBASE028.VDF : 7.10.13.39 124416 Bytes 26/10/2010 04:10:22
VBASE029.VDF : 7.10.13.62 141312 Bytes 28/10/2010 04:10:22
VBASE030.VDF : 7.10.13.73 137216 Bytes 29/10/2010 04:10:21
VBASE031.VDF : 7.10.13.77 66560 Bytes 01/11/2010 04:11:08
Motore : 8.2.4.86
AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 08:02:18
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 17/09/2010 16:24:18
AESCN.DLL : 8.1.6.1 127347 Bytes 11/07/2010 14:45:00
AESBX.DLL : 8.1.3.1 254324 Bytes 11/07/2010 14:45:02
AERDL.DLL : 8.1.9.2 635252 Bytes 24/09/2010 16:23:06
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/10/2010 17:56:34
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 25/07/2010 16:57:01
AEHEUR.DLL : 8.1.2.37 2974072 Bytes 29/10/2010 04:10:26
AEHELP.DLL : 8.1.14.0 246134 Bytes 11/10/2010 17:55:53
AEGEN.DLL : 8.1.3.23 401779 Bytes 01/10/2010 16:24:41
AEEMU.DLL : 8.1.2.0 393588 Bytes 11/07/2010 14:44:54
AECORE.DLL : 8.1.17.0 196982 Bytes 24/09/2010 16:22:52
AEBB.DLL : 8.1.1.0 53618 Bytes 11/07/2010 14:44:53
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:02
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:06
AVREP.DLL : 8.0.0.7 159784 Bytes 11/07/2010 14:45:02
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:25:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:45
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:12
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:38
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:41:28
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 13:11:50
RCTEXT.DLL : 9.0.73.0 87809 Bytes 03/11/2009 07:16:42

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, E:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio
Categorie irregolari delle minacce..........: +APPL,+JOKE,+PFS,+SPR,

Avvio della scansione: domenica 6 febbraio 2011 16:49

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
Sono stati esaminati '46945' oggetti, sono stati rilevati '0' oggetti nascosti.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'notepad.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'plugin-container.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'firefox.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'taskmgr.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'notepad.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'HijackThis.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'alg.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ctfmon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'FirewallGUI.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'soundman.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TUProgSt.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'FWService.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'jqs.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avguard.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'spoolsv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'explorer.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'lsass.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'services.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'winlogon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'smss.exe' - '1' modulo(i) scansionato(i)
31 processi scansionati con '31' Moduli

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!
Record master di avvio dell'Hard Disk 1
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!
Record di avvio 'E:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 44 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\hiberfil.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\pagefile.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
Inizia con la scansione di 'E:\'


Fine della scansione: domenica 6 febbraio 2011 19:49
Tempo impiegato: 3:00:18 Ora(e)

La scansione è stata completamente eseguita.

10845 Directory scansionate
798519 I file sono stati scansionati
0 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
2 Impossibile scansionare i file
798517 File non infetti
3349 Archivi scansionati
2 Avvisi
2 Note
46945 Oggetti scansionati durante la scansione dei rootkit
0 Sono stati rilevati oggetti nascosti

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Versione database: 5017

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/02/2011 13.35.51
mbam-log-2011-02-06 (13-35-51).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 185567
Tempo trascorso: 1 ore, 47 minuti, 39 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Per curiosità ho appena fatto una scansione on line ma anche con questa niente virus , allego il log , saluti .

QuickScan Beta 32-bit v0.9.9.67
-------------------------------
Data Scansione: Thu Feb 10 08:42:35 2011
ID del PC: D81CA300



Nessuna infezione trovata.
--------------------------



Processi
--------
(non contrassegnato) Avance Sound Effect Manager v.4.1 1168 C:\WINDOWS\soundman.exe

(verificato) Adobe Reader 2120 C:\Programmi\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
(verificato) Adobe Reader and Acrobat Manager 1380 C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
(verificato) AntiVir Desktop 976 C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
(verificato) AntiVir Desktop 1152 C:\Programmi\Avira\AntiVir Desktop\avguard.exe
(verificato) AntiVir Desktop 1480 C:\Programmi\Avira\AntiVir Desktop\sched.exe
(verificato) Firefox 536 C:\Programmi\Mozilla Firefox\firefox.exe
(verificato) Firefox 3560 C:\Programmi\Mozilla Firefox\plugin-container.exe
(verificato) Java(TM) Platform SE 6 U20 1476 C:\Programmi\Java\jre6\bin\jqs.exe
(verificato) Microsoft® Windows® Operating System 2636 C:\WINDOWS\system32\alg.exe
(verificato) Microsoft® Windows® Operating System 1124 C:\WINDOWS\system32\csrss.exe
(verificato) Microsoft® Windows® Operating System 1064 C:\WINDOWS\system32\ctfmon.exe
(verificato) Microsoft® Windows® Operating System 1636 C:\WINDOWS\system32\lsass.exe
(verificato) Microsoft® Windows® Operating System 1400 C:\WINDOWS\system32\spoolsv.exe
(verificato) Microsoft® Windows® Operating System 356 C:\WINDOWS\system32\svchost.exe
(verificato) Microsoft® Windows® Operating System 540 C:\WINDOWS\system32\svchost.exe
(verificato) Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\svchost.exe
(verificato) Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\svchost.exe
(verificato) Microsoft® Windows® Operating System 1340 C:\WINDOWS\system32\svchost.exe
(verificato) Microsoft® Windows® Operating System 2012 C:\WINDOWS\system32\svchost.exe
(verificato) PC Tools Firewall Plus 944 C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
(verificato) PC Tools Firewall Plus 132 C:\Programmi\PC Tools Firewall Plus\FWService.exe
(verificato) Sistema operativo Microsoft® Windows® 1128 C:\WINDOWS\explorer.exe
(verificato) Sistema operativo Microsoft® Windows® 1624 C:\WINDOWS\system32\services.exe
(verificato) Sistema operativo Microsoft® Windows® 692 C:\WINDOWS\system32\smss.exe
(verificato) Sistema operativo Microsoft® Windows® 1292 C:\WINDOWS\system32\winlogon.exe
(verificato) TuneUp Utilities 2009 1608 C:\WINDOWS\system32\TUProgSt.exe


Attività rete
-------------
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 74.125.232.137
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 79.140.81.97
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 199.7.71.190
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 2.17.101.115
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 209.85.229.95
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 209.85.229.95
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 217.118.135.100
Processi firefox.exe (536) connesso alla porta 443 (HTTP over SSL) --> 63.131.144.203
Processi firefox.exe (536) connesso alla porta 443 (HTTP over SSL) --> 63.131.144.203
Processi firefox.exe (536) connesso alla porta 443 (HTTP over SSL) --> 63.131.144.203
Processi firefox.exe (536) connesso alla porta 443 (HTTP over SSL) --> 63.131.144.203
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 209.85.229.142
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 199.7.48.190
Processi firefox.exe (536) connesso alla porta 80 (HTTP) --> 195.22.200.194

Processi svchost.exe (356) Ascolti alle porte: 135 (RPC)


Autoruns e files critici
------------------------
(non contrassegnato) ATI Multimedia Center C:\Programmi\ATI Multimedia\main\launchpd.exe
(non contrassegnato) Avance Sound Effect Manager v.4.1 C:\WINDOWS\soundman.exe

(verificato) Adobe Reader and Acrobat Manager C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
(verificato) AntiVir Desktop C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
(verificato) Apple Software Update C:\Programmi\Apple Software Update\SoftwareUpdate.exe
(verificato) Google Update C:\Programmi\Google\Update\GoogleUpdate.exe
(verificato) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verificato) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verificato) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verificato) PC Tools Firewall Plus C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
(verificato) Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\browseui.dll
(verificato) Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll
(verificato) Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll
(verificato) Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\logonui.exe
(verificato) Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll
(verificato) Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\shell32.dll
(verificato) Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\stobject.dll
(verificato) Sistema operativo Microsoft® Windows® c:\windows\system32\userinit.exe
(verificato) Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll
(verificato) TuneUp Utilities C:\Documents and Settings\claudio\Desktop\Installazioni Software\TuneUp Utilities 2009\OneClickStarter.exe
(verificato) TuneUp Utilities C:\Programmi\TuneUp Utilities 2009\OneClickStarter.exe
(verificato) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
(non contrassegnato) Google Earth Plugin C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll
(non contrassegnato) IE Tab Plug-in C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\f011y73a.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
(non contrassegnato) PrinterHelpEtcActiveX ActiveX Control M C:\WINDOWS\Downloaded Program Files\PrinterHelpEtcActiveX.ocx
(non contrassegnato) QuickTime Plug-in 7.6.9 C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
(non contrassegnato) QuickTime Plug-in 7.6.9 C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
(non contrassegnato) QuickTime Plug-in 7.6.9 C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
(non contrassegnato) QuickTime Plug-in 7.6.9 C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
(non contrassegnato) QuickTime Plug-in 7.6.9 C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
(non contrassegnato) QuickTime Plug-in 7.6.9 C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll
(non contrassegnato) QuickTime Plug-in 7.6.9 C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll

(verificato) AcroIEHelperShim Library c:\programmi\file comuni\adobe\acrobat\activex\acroiehelpershim.dll
(verificato) Adobe Acrobat C:\Programmi\Internet Explorer\plugins\nppdf32.dll
(verificato) Adobe Acrobat C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll
(verificato) BitDefender QuickScan C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\f011y73a.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verificato) Bonjour C:\Programmi\Bonjour\mdnsNSP.dll
(verificato) FFExternalAlert.dll C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\f011y73a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
(verificato) Google Update C:\Programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
(verificato) i-drop control C:\WINDOWS\Downloaded Program Files\IDrop.ocx
(verificato) i-drop control C:\WINDOWS\Downloaded Program Files\IDropENU.dll
(verificato) i-drop control C:\WINDOWS\Downloaded Program Files\IDropITA.dll
(verificato) ipsupd.dll C:\WINDOWS\Downloaded Program Files\ipsupd.dll
(verificato) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verificato) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verificato) Mozilla Default Plug-in C:\Programmi\Mozilla Firefox\plugins\npnul32.dll
(verificato) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verificato) qscanff.dll C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\f011y73a.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
(verificato) RadioWMPCore.dll C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\f011y73a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
(verificato) Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll
(verificato) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Files persi
-----------
File non trovato: C:\WINDOWS\System32\Drivers\SSPORT.sys
--> HKLM\System\ControlSet001\services\SSPORT\"ImagePath"

File non trovato: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File non trovato: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"

File non trovato: System32\DRIVERS\atimtag.sys
--> HKLM\System\ControlSet001\services\atimtag\"ImagePath"


Scansione
---------
(non contrassegnato) MD5: df0d2b51162e96b066f0bb92a9f1993c C:\Documents and Settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\f011y73a.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
(non contrassegnato) MD5: 35e638a15146a06298bf3d5499ed8027 C:\Programmi\ATI Multimedia\main\launchpd.exe
(non contrassegnato) MD5: 5be2ef8d6c828179e174c54ba7eadfdf C:\Programmi\Avira\AntiVir Desktop\aecore.dll
(non contrassegnato) MD5: ab32b30a6f7365e4c63fd7bbe4779ab8 C:\Programmi\Avira\AntiVir Desktop\aegen.dll
(non contrassegnato) MD5: ff7cb3a316f6c9fd07355cb4c87f2e58 C:\Programmi\Avira\AntiVir Desktop\aehelp.dll
(non contrassegnato) MD5: 7bbafdefb2348a4811c28bca66a4cf36 C:\Programmi\Avira\AntiVir Desktop\aeheur.dll
(non contrassegnato) MD5: 76ae96973eecfa76a88264fd873e5b26 C:\Programmi\Avira\AntiVir Desktop\aeoffice.dll
(non contrassegnato) MD5: e108b31ccde7911bd44972e2f1e494b9 C:\Programmi\Avira\AntiVir Desktop\aepack.dll
(non contrassegnato) MD5: d3e64adeecdd041171d9bd09f54cff04 C:\Programmi\Avira\AntiVir Desktop\aerdl.dll
(non contrassegnato) MD5: e9552848434908b34d7c79b30d191e14 C:\Programmi\Avira\AntiVir Desktop\aescript.dll
(non contrassegnato) MD5: 100caaf3542fb51feca9c09db1cb940d C:\Programmi\Avira\AntiVir Desktop\aevdf.dll
(non contrassegnato) MD5: 93921564eca16325b12057edf75580dd C:\Programmi\Avira\AntiVir Desktop\ccgenrc.dll
(non contrassegnato) MD5: abc7c6ae34699ed40c00de2f805f2c74 C:\Programmi\Avira\AntiVir Desktop\ccgrdrc.dll
(non contrassegnato) MD5: c28790e895c678b13b7b43181db2039b C:\Programmi\Avira\AntiVir Desktop\cclicrc.dll
(non contrassegnato) MD5: 3e7de7d84fa08069d39acfceffae9a03 C:\Programmi\Avira\AntiVir Desktop\ccupdrc.dll
(non contrassegnato) MD5: 7863adf5040734df919cc1dd9954e2eb C:\Programmi\Avira\AntiVir Desktop\guardmsg.dll
(non contrassegnato) MD5: 207627541810a63238c007d8cff58ca0 C:\Programmi\Avira\AntiVir Desktop\schedr.dll
(non contrassegnato) MD5: 1562865b44ea686baf8436ddfe83911f C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\pdfshell.ITA
(non contrassegnato) MD5: 28dfb457a392e782baa80e780552a8f7 C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll
(non contrassegnato) MD5: e72b70c57c4229d339fe110951932392 C:\Programmi\Mozilla Firefox\freebl3.dll
(non contrassegnato) MD5: 3d07aceebe516a561767117c43088f2c C:\Programmi\Mozilla Firefox\nssdbm3.dll
(non contrassegnato) MD5: bb5abe0b077395f1f44acea1161a3a90 C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
(non contrassegnato) MD5: bb5abe0b077395f1f44acea1161a3a90 C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
(non contrassegnato) MD5: bb5abe0b077395f1f44acea1161a3a90 C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
(non contrassegnato) MD5: bb5abe0b077395f1f44acea1161a3a90 C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
(non contrassegnato) MD5: bb5abe0b077395f1f44acea1161a3a90 C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
(non contrassegnato) MD5: bb5abe0b077395f1f44acea1161a3a90 C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll
(non contrassegnato) MD5: bb5abe0b077395f1f44acea1161a3a90 C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll
(non contrassegnato) MD5: 2935447938967fdd07dd9118dfb4afb2 C:\Programmi\Mozilla Firefox\softokn3.dll
(non contrassegnato) MD5: 03234e372e3b8ff0e5e2f519a6c1266d C:\WINDOWS\Downloaded Program Files\PrinterHelpEtcActiveX.ocx
(non contrassegnato) MD5: 056e6bfd6314bbb84d5dfb1ca529cd60 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
(non contrassegnato) MD5: e1a1206a4fb19b675e947b29ccd25fba C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
(non contrassegnato) MD5: 56c38b8fcc43ffed6f9f33ae8e6fd190 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
(non contrassegnato) MD5: fffb49ba718eb2d100e58129265d002c C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
(non contrassegnato) MD5: 950c46d68ad83ba1c38d1513b8693b81 C:\WINDOWS\soundman.exe
(non contrassegnato) MD5: 7ee1622a8c253689140658670853498b C:\WINDOWS\system32\custmon32.dll
(non contrassegnato) MD5: ca1af76f2417f4d567a7afeb81f16659 C:\WINDOWS\system32\drivers\ALCXWDM.SYS
(non contrassegnato) MD5: d514b430e2989f846137828c90370c16 C:\WINDOWS\system32\drivers\DGIVECP.sys
(non contrassegnato) MD5: 233e33e63a96c4ac30203103e4805769 C:\WINDOWS\system32\drivers\PQNTDRV.sys
(non contrassegnato) MD5: 0b16ffee9f3607f04769fbb1d8f280a6 C:\WINDOWS\system32\drivers\WBHWDOCT.sys
(non contrassegnato) MD5: f5c5f0af4c363f80f59f3ecd77c554e5 C:\WINDOWS\system32\SamFaxPort.dll
(non contrassegnato) MD5: 549ea830a5d9edd9cd14311126c2849b C:\WINDOWS\system32\SetupNT.sys

I seguenti file(s) devono essere inviati per una scansione da parte del server:
C:\Programmi\ATI Multimedia\main\launchpd.exe

Invio iniziato - 1 file(s)
launchpd.exe (98304)
Velocità invio - 30 KB/s
Invio terminato - 1 inviati, 0 falliti

Il/I file(s) inviato è risultato pulito.

Scan finished - communication took 5 sec
Total traffic - 0.15 MB inviati, 1.93 KB ricevuti
Scanned 954 files and modules - 126 seconds

==============================================================================

Ciao !

Fixa queste 2 voci con Hijackthis:

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"

Fai uno scan disk:

http://www.manuali.it/guide/Informatica ... XP/271.htm

Usa ComboFix come spiegato qui:

informatica-ed-internet-virus/procedura-per-ripulire-un-pc-infetto-t21749.html

e postaci il suo log.

Fai anche una pulizia con CCleaner del registro e del sistema (lo trovi nella guida linkata qui sopra).

Ciao e grazie della risposta , ho fatto tutto posto il log di combofix :
ComboFix 11-02-11.01 - claudio 12/02/2011 15.56.55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1791.1461 [GMT 1:00]
Eseguito da: c:\documents and settings\claudio\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\claudio\Dati applicazioni\OfferBox
c:\documents and settings\claudio\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\claudio\Dati applicazioni\OfferBox\config.xml
c:\programmi\Internet Explorer\SET6.tmp
c:\programmi\Internet Explorer\SET6B4.tmp
c:\programmi\Internet Explorer\SET6B5.tmp
c:\programmi\Internet Explorer\SET7.tmp
c:\programmi\Internet Explorer\SET8.tmp
c:\programmi\Internet Explorer\SET9.tmp
c:\programmi\Internet Explorer\SETE.tmp
c:\programmi\Internet Explorer\SETF.tmp
c:\windows\system32\images
c:\windows\system32\images\accessinghvnoprop.jpg
c:\windows\system32\images\accessingmdesk.jpg
c:\windows\system32\images\ati_logo.jpg
c:\windows\system32\images\hvdm.jpg
c:\windows\system32\images\hvhotkeys.jpg
c:\windows\system32\images\hvsystray.jpg
c:\windows\system32\images\hvsystray2.jpg
c:\windows\system32\index.html

.
((((((((((((((((((((((((( Files Creati Da 2011-01-12 al 2011-02-12 )))))))))))))))))))))))))))))))))))
.

2011-02-10 07:41 . 2011-02-10 07:42 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\QuickScan
2011-02-09 12:39 . 2010-12-20 23:53 66560 -c----w- c:\windows\system32\dllcache\mshtmled.dll
2011-02-09 12:39 . 2010-12-20 23:53 43520 -c----w- c:\windows\system32\dllcache\licmgr10.dll
2011-02-09 12:39 . 2010-12-20 12:55 173568 -c----w- c:\windows\system32\dllcache\ie4uinit.exe
2011-02-09 12:39 . 2010-12-20 23:53 611840 -c----w- c:\windows\system32\dllcache\mstime.dll
2011-02-09 12:39 . 2010-12-20 23:53 25600 -c----w- c:\windows\system32\dllcache\jsproxy.dll
2011-02-09 12:39 . 2010-12-20 23:53 184320 -c----w- c:\windows\system32\dllcache\iepeers.dll
2011-02-09 12:39 . 2010-12-20 23:53 206848 -c----w- c:\windows\system32\dllcache\occache.dll
2011-02-09 12:39 . 2010-12-20 23:53 387584 -c----w- c:\windows\system32\dllcache\iedkcs32.dll
2011-02-09 12:39 . 2010-12-20 23:53 5961216 -c----w- c:\windows\system32\dllcache\mshtml.dll
2011-02-09 12:39 . 2010-12-20 23:53 916480 -c----w- c:\windows\system32\dllcache\wininet.dll
2011-02-09 12:39 . 2010-12-20 23:53 1210880 -c----w- c:\windows\system32\dllcache\urlmon.dll
2011-02-07 18:04 . 2011-02-07 18:04 -------- d-----r- c:\documents and settings\LocalService\Documenti
2011-01-27 17:58 . 2011-01-27 17:58 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Vuze_Remote
2011-01-25 18:36 . 2011-01-25 18:36 -------- d--h--w- c:\windows\PIF
2011-01-23 09:35 . 2011-01-23 09:38 253952 ------w- c:\windows\Setup1.exe
2011-01-23 09:35 . 2011-01-23 09:38 74752 ----a-w- c:\windows\ST6UNST.EXE
2011-01-23 08:59 . 2011-01-23 08:59 -------- d-----w- c:\windows\DESKTOP
2011-01-23 08:17 . 2011-01-23 08:17 -------- d-----w- c:\programmi\Rekenwonder Software
2011-01-22 18:13 . 2011-02-06 10:22 -------- d-----w- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Conduit
2011-01-22 17:50 . 2011-01-25 18:47 -------- d-----w- C:\MDITrussA
2011-01-22 16:55 . 2011-01-25 17:04 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Engineerplant
2011-01-22 16:54 . 2011-01-22 16:54 101888 ----a-w- c:\windows\system32\X_linkerexdsk2.dll
2011-01-22 16:53 . 2011-01-22 16:53 44861 ----a-w- c:\windows\system\knorestantz.dll
2011-01-21 14:44 . 2011-01-21 14:44 440832 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-08-31 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2001-08-31 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-08-31 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2001-08-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2001-08-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:53 . 2001-08-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2001-08-31 12:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2010-02-26 13:46 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2001-08-31 12:00 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2001-08-31 12:00 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2001-08-30 21:33 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2001-08-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-02-26 11:40 86016 ----a-w- c:\windows\system32\isign32.dll
2010-01-16 17:36 . 2010-01-16 17:36 8755648 ----a-w- c:\programmi\Vuze_Installer.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2001-05-29 124416]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2010-05-24 12:10 86016 ----a-w- c:\programmi\ClamWin\bin\ClamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SamsungSM PanelMgr]
2008-07-31 07:09 536576 ----a-w- c:\windows\SamsungSM\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WHITNEY_S2P]
2006-03-27 06:35 229376 ----a-w- c:\programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [24/04/2010 14.37.44 159600]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24/04/2010 14.37.59 73840]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [06/01/2011 12.02.12 136176]
S2 SSPORT;SSPORT;\??\c:\windows\System32\Drivers\SSPORT.sys --> c:\windows\System32\Drivers\SSPORT.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [24/04/2010 14.36.58 95640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2011-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-06 11:01]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-06 11:01]

2011-02-12 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:20]

2011-02-12 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\documents and settings\claudio\Desktop\Installazioni Software\TuneUp Utilities 2009\OneClickStarter.exe [2009-10-30 15:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
FF - ProfilePath - c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\f011y73a.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-12 16:02
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2011-02-12 16:05:24
ComboFix-quarantined-files.txt 2011-02-12 15:05

Pre-Run: 74.946.580.480 byte disponibili
Post-Run: 74.907.451.392 byte disponibili

- - End Of File - - 749713F1DA0E5DDEF756FDC59284797D

Il problema si è risolto ?

Purtroppo no , ho fatto diverse prove anche riavviando ma persiste , però noto un miglioramento perchè è tutto più veloce , quando lampeggiano , tra lo scomparire e riapparire ci sono centesimi di secondo quindi è meglio di prima e poi la ripulita mi ha velocizzato un pò tutto anche l'apertura di pagine web . Pensavo alla scheda video ma l'ho cambiata pochi mesi fa , cos'altro potrei fare ?
Escludendo il lancio del pc ovviamente ................

Secondo me non è un virus... se si tratta di un pc fisso prova a cambiare tastiera, inoltre controlla che la ram non sia occupata del tutto ( apri il task manager e clicca su prestazioni). Ma lampeggiano tutte le icone o qualcuna in particolare?

Ciao.
Prova cosi:

Scarica Kaspersky Virus Removal Tool: http://support.kaspersky.com/viruses/av ... 10?level=2
● al termine della installazione verrà mostrata la schermata principale del tool
● verrà creata una cartella sul Desktop dal nome Virus Removal Tool
● seleziona la partizione da scansionare e clicca su Scan per avviare la Scansione
● terminata la scansione, in caso di rilevazione di infezioni, clicca su Neutralize all
● si apriranno dei popup dove potrai scegliere se Cancellare o Disinfettare l'oggetto
● metti la spunta su Apply to all e clicca su Quarantine
● per salvare il Report che verrà rilasciato, clicca sul tasto Reports: salvalo sul Desktop poi allegalo sul forum

Scarica TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip
● estrai il contenuto del file zippato sul Desktop
● doppio click su TDSSKiller.exe per avviare l'applicazione e successivamente sul pulsante Start Scan

Giunti a questo punto, inizia la scansione del tuo sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure, clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip, clicca quindi su Continua

Una volta terminata la scansione, si presenterà una di queste due opzioni:
● non è necessario il riavvio del sistema: clicca su Report e salva il contenuto in un file di testo
● è necessario riavviare il sistema: clicca su Riavvia ora
● una volta riavviato il sistema, il report del programma da allegare si trova in C:\ in questa forma:
TDSSKiller.[Version]_[Date]_[Time]_log.txt


Al termine, allega i due Log risultanti, qui sul forum.

Ciao e buon lavoro

Ciao e Benvenuto/a nel Forum di Manuali.it !
Ti ringraziamo per esserti iscritto/a ed essere entrato/a a far parte della nostra comunità.

Ti invitiamo a leggere con attenzione il Regolamento del Forum che trovi QUI e a personalizzare il tuo profilo utente inserendo una firma e sopratutto un avatar. Per entrare nel tuo profilo ti basterà cliccare sulla scritta "Profilo" nella parte alta di qualsiasi pagina del Forum.

Per qualsiasi problema, dubbio o richiesta non esitare a contattarci nella sezione Contatti con la Redazione o a contattare un membro dello staff via e-mail o Messaggio Privato.

Ci vediamo sul Forum !
Un saluto.
Lo Staff

Ok allego ma non ha trovato niente . Mambo le icone lampeggiano tutte contemporaneamente (ne ho un centinaio ) . Allego anche una foto del task manager per la memoria :
Scansione automatica: processo completato 18 ore fa (eventi: , oggetti: 227976, ora: 03.49.26)
15/02/2011 0.27.45 Attività completata
14/02/2011 20.38.14 Attività avviata

2011/02/15 18:58:43.0027 1708 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/15 18:58:44.0669 1708 ================================================================================
2011/02/15 18:58:44.0669 1708 SystemInfo:
2011/02/15 18:58:44.0669 1708
2011/02/15 18:58:44.0669 1708 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/15 18:58:44.0669 1708 Product type: Workstation
2011/02/15 18:58:44.0669 1708 ComputerName: CASA
2011/02/15 18:58:44.0669 1708 UserName: claudio
2011/02/15 18:58:44.0669 1708 Windows directory: C:\WINDOWS
2011/02/15 18:58:44.0669 1708 System windows directory: C:\WINDOWS
2011/02/15 18:58:44.0669 1708 Processor architecture: Intel x86
2011/02/15 18:58:44.0669 1708 Number of processors: 1
2011/02/15 18:58:44.0669 1708 Page size: 0x1000
2011/02/15 18:58:44.0669 1708 Boot type: Normal boot
2011/02/15 18:58:44.0669 1708 ================================================================================
2011/02/15 18:58:45.0110 1708 Initialize success
2011/02/15 18:58:52.0941 2916 ================================================================================
2011/02/15 18:58:52.0941 2916 Scan started
2011/02/15 18:58:52.0941 2916 Mode: Manual;
2011/02/15 18:58:52.0941 2916 ================================================================================
2011/02/15 18:58:53.0732 2916 56666901 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\56666901.sys
2011/02/15 18:58:54.0073 2916 56666902 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\56666902.sys
2011/02/15 18:58:54.0874 2916 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/15 18:58:55.0194 2916 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/15 18:58:55.0745 2916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/15 18:58:56.0126 2916 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/15 18:58:57.0207 2916 ALCXWDM (ca1af76f2417f4d567a7afeb81f16659) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/02/15 18:58:58.0760 2916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/15 18:58:59.0070 2916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/15 18:58:59.0721 2916 ati2mtag (e2997b9c5ce3c8038aa61c43c11ab07a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/15 18:59:00.0362 2916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/15 18:59:00.0672 2916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/15 18:59:00.0813 2916 avgio (594d25ef73f381fd508b8ee04883f90f) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
2011/02/15 18:59:01.0103 2916 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/02/15 18:59:01.0423 2916 avipbb (33e08f43071e4a4ff6fcfb6758f85a27) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/02/15 18:59:01.0754 2916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/15 18:59:02.0355 2916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/15 18:59:02.0855 2916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/15 18:59:03.0166 2916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/15 18:59:03.0496 2916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/15 18:59:05.0179 2916 DgiVecp (d514b430e2989f846137828c90370c16) C:\WINDOWS\System32\Drivers\DgiVecp.sys
2011/02/15 18:59:05.0469 2916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/15 18:59:06.0000 2916 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/15 18:59:06.0561 2916 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/15 18:59:06.0871 2916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/15 18:59:07.0142 2916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/15 18:59:07.0662 2916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/15 18:59:07.0983 2916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/15 18:59:08.0283 2916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/15 18:59:08.0554 2916 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/15 18:59:08.0824 2916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/15 18:59:09.0145 2916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/15 18:59:09.0435 2916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/15 18:59:09.0725 2916 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/15 18:59:10.0016 2916 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/15 18:59:10.0276 2916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/15 18:59:10.0587 2916 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/15 18:59:11.0418 2916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/15 18:59:12.0219 2916 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/15 18:59:12.0539 2916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/15 18:59:13.0300 2916 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/15 18:59:13.0561 2916 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/15 18:59:13.0841 2916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/15 18:59:14.0112 2916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/15 18:59:14.0452 2916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/15 18:59:14.0793 2916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/15 18:59:15.0073 2916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/15 18:59:15.0414 2916 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/15 18:59:15.0704 2916 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/15 18:59:16.0014 2916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/15 18:59:16.0365 2916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/15 18:59:16.0916 2916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/15 18:59:17.0186 2916 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/15 18:59:17.0456 2916 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/15 18:59:17.0727 2916 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/15 18:59:18.0047 2916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/15 18:59:18.0598 2916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/15 18:59:19.0109 2916 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/15 18:59:19.0539 2916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/15 18:59:19.0800 2916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/15 18:59:20.0060 2916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/15 18:59:20.0331 2916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/15 18:59:20.0601 2916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/15 18:59:20.0891 2916 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/02/15 18:59:21.0172 2916 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/15 18:59:21.0502 2916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/15 18:59:21.0793 2916 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/15 18:59:22.0043 2916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/15 18:59:22.0323 2916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/15 18:59:22.0624 2916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/15 18:59:22.0874 2916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/15 18:59:23.0195 2916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/15 18:59:23.0545 2916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/15 18:59:24.0006 2916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/15 18:59:24.0527 2916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/15 18:59:25.0428 2916 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/15 18:59:26.0229 2916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/15 18:59:26.0489 2916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/15 18:59:26.0810 2916 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/15 18:59:27.0080 2916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/15 18:59:27.0361 2916 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/15 18:59:27.0641 2916 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/15 18:59:28.0112 2916 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/15 18:59:28.0412 2916 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/15 18:59:28.0753 2916 PCTAppEvent (3379e7a840de135fb7a829e03bc9cc25) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/02/15 18:59:29.0073 2916 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/02/15 18:59:29.0424 2916 pctplfw (0eec24affc5ab0a2bbe4a6a886230aa5) C:\WINDOWS\system32\drivers\pctplfw.sys
2011/02/15 18:59:31.0196 2916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/15 18:59:31.0507 2916 PQNTDrv (233e33e63a96c4ac30203103e4805769) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/02/15 18:59:31.0767 2916 Processor (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/15 18:59:32.0057 2916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/15 18:59:32.0358 2916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/15 18:59:33.0810 2916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/15 18:59:34.0130 2916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/15 18:59:34.0461 2916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/15 18:59:34.0761 2916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/15 18:59:35.0112 2916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/15 18:59:35.0392 2916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/15 18:59:35.0713 2916 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/15 18:59:36.0073 2916 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/15 18:59:36.0424 2916 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/02/15 18:59:36.0714 2916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/15 18:59:36.0985 2916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/15 18:59:37.0265 2916 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/15 18:59:37.0565 2916 SetupNT (549ea830a5d9edd9cd14311126c2849b) C:\WINDOWS\system32\SetupNT.sys
2011/02/15 18:59:37.0956 2916 setup_9.0.0.722_14.02.2011_20-13drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\5666690.sys
2011/02/15 18:59:38.0347 2916 SFilter (975f4e44fd48c36beed30c96a115b2b8) C:\WINDOWS\system32\DRIVERS\pctfw.sys
2011/02/15 18:59:38.0667 2916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/15 18:59:39.0208 2916 sisagp (4d9d684fa830023ed908c7364ea48bcc) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/15 18:59:39.0478 2916 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/02/15 18:59:40.0019 2916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/15 18:59:40.0289 2916 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/15 18:59:40.0680 2916 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/15 18:59:41.0090 2916 ssmdrv (7b69466075b4da427c5ecd10e1eab72a) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/02/15 18:59:41.0621 2916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/15 18:59:41.0882 2916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/15 18:59:43.0143 2916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/15 18:59:43.0604 2916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/15 18:59:43.0975 2916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/15 18:59:44.0235 2916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/15 18:59:44.0515 2916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/15 18:59:45.0176 2916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/15 18:59:45.0897 2916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/15 18:59:46.0488 2916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/15 18:59:46.0779 2916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/15 18:59:47.0059 2916 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/15 18:59:47.0339 2916 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/15 18:59:47.0650 2916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/15 18:59:48.0040 2916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/15 18:59:48.0331 2916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/15 18:59:48.0601 2916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/15 18:59:49.0172 2916 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/15 18:59:49.0473 2916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/15 18:59:49.0883 2916 WBHWDOCT (0b16ffee9f3607f04769fbb1d8f280a6) C:\WINDOWS\system32\drivers\WBHWDOCT.sys
2011/02/15 18:59:50.0774 2916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/15 18:59:52.0968 2916 ================================================================================
2011/02/15 18:59:52.0968 2916 Scan finished
2011/02/15 18:59:52.0968 2916 ================================================================================
http://img834.imageshack.us/i/immaginetaskmanager.png/
[URL=http://img834.imageshack.us/i

Scarica Kaspersky Virus Removal Tool: http://support.kaspersky.com/viruses/av ... 10?level=2
● al termine della installazione verrà mostrata la schermata principale del tool
● verrà creata una cartella sul Desktop dal nome Virus Removal Tool
● seleziona la partizione da scansionare e clicca su Scan per avviare la Scansione
● terminata la scansione, in caso di rilevazione di infezioni, clicca su Neutralize all
● si apriranno dei popup dove potrai scegliere se Cancellare o Disinfettare l'oggetto
● metti la spunta su Apply to all e clicca su Quarantine
● per salvare il Report che verrà rilasciato, clicca sul tasto Reports: salvalo sul Desktop poi allegalo sul forum

Scarica Norman Malware Cleaner: http://normanasa.vo.llnwd.net/o29/publi ... leaner.exe

Posiziona Norman Malware Cleaner sul Desktop ed esegui queste operazioni preliminari:
● disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

Eseguiti i passaggi indicati sopra:
● accedi al sistema in modalità provvisoria con un account con privilegi di Amministratore
● lancia Norman Malware Cleaner ed esegui una scansione completa
● al termine della scansione verrà rilasciato un log: salvalo sul Desktop con il nome Norman1 e riavvia il sistema

Successivamente:
● accedi nuovamente al sistema in modalità provvisoria con un account con privilegi di Amministratore
● rilancia Norman Malware Cleaner ed esegui una seconda scansione completa
● al termine della scansione verrà rilasciato un log: salvalo sul Desktop con il nome Norman2 e riavvia il sistema

Quando Norman Malware Cleaner avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)
● ricollega, fisicamente, il modem/router al Computer
● connettiti a Internet

Io prima di fare altre scansioni ti suggerisco di provare a risolvere il problema con una prova veloce.
Le icone lampeggiano e potrebbe essere colpa del file della loro cash se si è corrotto.
Il file lo trovi in C:\Documents and Settings\<nome utente>\Impostazioni locali\Dati applicazioni
si chiama IconCache.db lo cancelli e riavvii che lo ricrea automaticamente.

Non lo trovo . In documents and settings ci sono tre cartelle , All Users , claudios , CURRENT_USERS e se apro questa ultima c'è una cartella """ Dati applicazioni """, ma è vuota e nelle altre non vedo niente di simile , c'è un'altro percorso ?

Allora devi entrare in C:\Documents and Settings\claudios\Impostazioni locali\Dati applicazioni
.
Hai disabilitato l'opzione che nasconde cartelle e file di sistema?

Sì hai ragione mi ero dimenticato di attivare l'opzione ma anche così non è cambiato nulla , è pazzesco , pensavo fosse un problemino da nulla e non riesco a risolvere . Ho fatto anche gli scan in mod prov come da istruzioni , w combofix ma è sempre come prima con entrambi gli hd , le icone lampeggiano e ciccia . Vorrei far notare agli utenti che gli strumenti di rimozione di kaspersky non funzionano se non sono a pagamento , quindi inutili , molto meglio clamwin che ti becca anche i falsi positivi . A questo punto mi viene il sospetto che in tune up utilites ci sia una opzione che riguarda le icone e che sia corrotta o che sia impostata male , però uso regolarmente anche asc che dovrebbe riparare gli errori . Non so più cosa pensare , il problema è solo " fastidioso " ma a questo punto mi fa impazzire il non risolvere . Una precisazione : nell'ultima scansione combofix mi ha praticamente eliminato antivir e anche clamwin diceva che ................ , troyan e falsi positivi ? Alla fine ho installato il vecchio e sano nod32 e a fine mese lo acquisto regolarmente . Allego i log . Saluti .


Scan Started Thu Mar 31 00:35:02 2011

-------------------------------------------------------------------------------



C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aerdl.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\aerdl.dll.infected'

C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aerdl.dll.gz: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\aerdl.dll.gz.infected'

C:\Documents and Settings\claudio\Desktop\Installazioni Software\TU2009TrialIT.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\TU2009TrialIT.exe.infected'

C:\Documents and Settings\claudio\Desktop\Installazioni Software\TuneUp Utilities 2009\WinStyler.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\WinStyler.exe.infected'

WARNING: Can't open file C:\hiberfil.sys: Permission denied

WARNING: Can't open file C:\pagefile.sys: Permission denied

WARNING: Can't open file C:\System Volume Information\setup_9.0.0.722_14.02.2011_20-13drv.isw: Permission denied

WARNING: Can't open file C:\System Volume Information\setup_9.0.0.722_15.02.2011_22-22drv.isw: Permission denied

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP314\A0052111.rbf: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0052111.rbf.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP338\A0054931.rbf: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0054931.rbf.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP348\A0055387.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055387.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP349\A0055419.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055419.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP350\A0055462.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055462.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP351\A0055492.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055492.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP352\A0055519.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055519.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP353\A0055561.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055561.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP354\A0055589.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055589.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP355\A0055613.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055613.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP356\A0055640.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055640.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP357\A0055667.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055667.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP358\A0055696.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0055696.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP359\A0056462.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0056462.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP362\A0057513.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057513.dll.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP362\A0057514.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057514.exe.infected'

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP362\A0057515.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057515.exe.infected'

C:\System Volume Information\_restoreC0D4ADC2-DC66-4187-B2E7-8AB84EB1ACFD\RP139\A0050397.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0050397.exe.infected'

C:\System Volume Information\_restoreC0D4ADC2-DC66-4187-B2E7-8AB84EB1ACFD\RP139\A0050398.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0050398.exe.infected'

C:\System Volume Information\_restoreC0D4ADC2-DC66-4187-B2E7-8AB84EB1ACFD\RP139\A0050474.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0050474.dll.infected'

C:\System Volume Information\_restoreC0D4ADC2-DC66-4187-B2E7-8AB84EB1ACFD\RP139\A0050573.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0050573.dll.infected'

C:\WINDOWS\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\WinStyler.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\WinStyler.exe.infected.000'

WARNING: Can't open file C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\default: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\SAM: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\SECURITY: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\software: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\system: Permission denied

C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\vcomp90.dll.infected'



C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aerdl.dll: Trojan.Fakesec-310 FOUND

C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aerdl.dll.gz: Trojan.Fakesec-310 FOUND

C:\Documents and Settings\claudio\Desktop\Installazioni Software\TU2009TrialIT.exe: Trojan.Fakesec-310 FOUND

C:\Documents and Settings\claudio\Desktop\Installazioni Software\TuneUp Utilities 2009\WinStyler.exe: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP314\A0052111.rbf: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP338\A0054931.rbf: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP348\A0055387.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP349\A0055419.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP350\A0055462.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP351\A0055492.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP352\A0055519.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP353\A0055561.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP354\A0055589.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP355\A0055613.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP356\A0055640.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP357\A0055667.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP358\A0055696.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP359\A0056462.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP362\A0057513.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP362\A0057514.exe: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restore506B45BE-D1B9-4670-A3CD-373E031D1893\RP362\A0057515.exe: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restoreC0D4ADC2-DC66-4187-B2E7-8AB84EB1ACFD\RP139\A0050397.exe: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restoreC0D4ADC2-DC66-4187-B2E7-8AB84EB1ACFD\RP139\A0050398.exe: Trojan.GenericFF-1 FOUND

C:\System Volume Information\_restoreC0D4ADC2-DC66-4187-B2E7-8AB84EB1ACFD\RP139\A0050474.dll: Trojan.Fakesec-310 FOUND

C:\System Volume Information\_restoreC0D4ADC2-DC66-4187-B2E7-8AB84EB1ACFD\RP139\A0050573.dll: Trojan.Fakesec-310 FOUND

C:\WINDOWS\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\WinStyler.exe: Trojan.Fakesec-310 FOUND

C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll: Trojan.GenericFF-1 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 932016

Engine version: 0.96.1

Scanned directories: 4903

Scanned files: 55721

Infected files: 27



Data scanned: 25868.85 MB

Data read: 43069.25 MB (ratio 0.60:1)

Time: 25771.688 sec (429 m 31 s)



The following files are Digitally Signed by Microsoft and have been incorrectly detected as viruses:

C:\Programmi\Windows Media Player\wmplayer.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\pdh.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\explorer.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\ieakeng.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\imekrcic.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\msident.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\mup.sys: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\pdh.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\snmpapi.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\unimdmat.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\unimdmat.dll.000: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\wmplayer.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\wscript.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtServicePackUninstall$\xrxwiadr.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtUninstallKB951978$\wscript.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\$NtUninstallKB956572$\pdh.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\Driver Cache\i386\sp2.cab: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\Driver Cache\i386\sp3.cab: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ERDNT\cache\explorer.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\explorer.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ie8\ieakeng.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\dhcpmon.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\explorer.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\fxswzrd.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\grpconv.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\ieakeng.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\lang\imekrcic.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\msident.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\msoobe.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\olecli32.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\pdh.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\snmpapi.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\sp2.cab: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\sp3.cab: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\unimdmat.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\wmplayer.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\wscript.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\ServicePackFiles\i386\xrxwiadr.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\dhcpmon.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\dllcache\imekrcic.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\dllcache\pdh.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\dllcache\wmplayer.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\dllcache\wscript.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\drivers\sfloppy.sys: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\grpconv.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\msident.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\olecli32.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\oobe\msoobe.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\pdh.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\SET17.tmp: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\SET57.tmp: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\SET6BD.tmp: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\SETF.tmp: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\snmpapi.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\unimdmat.dll: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

C:\WINDOWS\system32\wscript.exe: [Trojan.GenericFF-1] FALSE POSITIVE FOUND

Please do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at http://www.clamav.net/sendvirus/

--------------------------------------

Completed

--------------------------------------

ComboFix 11-03-30.02 - claudio 31/03/2011 9.42.25.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1791.1351 [GMT 2:00]
Eseguito da: c:\documents and settings\claudio\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-28 al 2011-03-31 )))))))))))))))))))))))))))))))))))
.
.
2011-03-10 18:03 . 2011-03-10 18:03 -------- d-----w- c:\programmi\Bonjour
2011-03-04 19:08 . 2011-03-04 19:08 -------- d-----w- c:\documents and settings\Administrator
2011-03-04 18:46 . 2011-03-04 18:46 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2011-03-04 18:46 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-04 18:46 . 2011-03-04 18:46 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:54 . 2010-02-26 13:47 186880 ------w- c:\windows\system32\encdec.dll
2011-02-09 13:54 . 2010-02-26 13:46 270848 ------w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2010-02-26 11:39 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-02-26 11:39 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-23 09:38 . 2011-01-23 09:35 253952 ------w- c:\windows\Setup1.exe
2011-01-23 09:38 . 2011-01-23 09:35 74752 ----a-w- c:\windows\ST6UNST.EXE
2011-01-22 16:54 . 2011-01-22 16:54 101888 ----a-w- c:\windows\system32\X_linkerexdsk2.dll
2011-01-21 14:44 . 2001-08-31 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2001-08-31 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-01-16 17:36 . 2010-01-16 17:36 8755648 ----a-w- c:\programmi\Vuze_Installer.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-02-12_15.02.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-30 08:15 . 2011-03-30 08:15 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
+ 2001-08-31 12:00 . 2011-03-27 03:28 63180 c:\windows\system32\perfc010.dat
- 2001-08-31 12:00 . 2010-10-31 07:25 63180 c:\windows\system32\perfc010.dat
+ 2001-08-31 12:00 . 2011-03-27 03:28 52764 c:\windows\system32\perfc009.dat
- 2001-08-31 12:00 . 2010-10-31 07:25 52764 c:\windows\system32\perfc009.dat
+ 2011-02-14 19:32 . 2009-10-22 11:54 37392 c:\windows\system32\drivers\56666902.sys
+ 2011-02-15 21:47 . 2009-10-22 11:54 37392 c:\windows\system32\drivers\09829952.sys
+ 2010-10-07 11:23 . 2010-10-07 11:23 91424 c:\windows\system32\dnssd.dll
+ 2008-12-11 12:31 . 2008-12-11 12:31 27904 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\uxtuneupx86.dll
+ 2008-12-12 15:20 . 2008-12-12 15:20 11008 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\tux64thk.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 15104 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\TUMessages.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 68352 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\TUInstallHelper.exe
+ 2008-12-11 12:32 . 2008-12-11 12:32 27392 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SDShelEx86.dll
+ 2008-12-12 15:20 . 2008-12-12 15:20 85760 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegWiz.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 16640 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegistryDefragHelper.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 37632 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\PMLauncher.exe
+ 2008-12-11 12:31 . 2008-12-11 12:31 25856 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\DseShExtx86.dll
+ 2008-12-11 12:31 . 2008-12-11 12:31 17152 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\authuitu_x86.dll
- 2001-08-31 12:00 . 2008-04-13 18:13 135168 c:\windows\system32\shsvcs.dll
+ 2001-08-31 12:00 . 2009-07-27 23:16 135168 c:\windows\system32\shsvcs.dll
- 2001-08-31 12:00 . 2010-10-31 07:25 425432 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2011-03-27 03:28 425432 c:\windows\system32\perfh010.dat
+ 2001-08-31 12:00 . 2011-03-27 03:28 380350 c:\windows\system32\perfh009.dat
- 2001-08-31 12:00 . 2010-10-31 07:25 380350 c:\windows\system32\perfh009.dat
+ 2011-02-14 19:32 . 2009-09-25 15:59 128016 c:\windows\system32\drivers\56666901.sys
+ 2011-02-14 19:32 . 2009-10-09 21:31 315408 c:\windows\system32\drivers\5666690.sys
+ 2011-02-15 21:47 . 2009-09-25 15:59 128016 c:\windows\system32\drivers\09829951.sys
+ 2011-02-15 21:47 . 2009-10-09 21:31 315408 c:\windows\system32\drivers\0982995.sys
+ 2010-10-07 11:23 . 2010-10-07 11:23 197920 c:\windows\system32\dnssdX.dll
+ 2010-10-07 11:23 . 2010-10-07 11:23 107808 c:\windows\system32\dns-sd.exe
+ 2009-07-27 23:16 . 2009-07-27 23:16 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-02-09 13:54 . 2011-02-09 13:54 270848 c:\windows\system32\dllcache\sbe.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2011-02-09 13:54 . 2011-02-09 13:54 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-03-10 18:02 . 2011-03-10 18:02 811520 c:\windows\Installer\c509852.msi
+ 2011-03-10 18:04 . 2011-03-10 18:04 897024 c:\windows\Installer\{C73F2967-062E-48F2-A462-D335B8950183}\SafariIco.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 220416 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\UpdateWizard.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 280832 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\UninstallManager.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 238848 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\Undelete.exe
+ 2008-12-11 12:33 . 2008-12-11 12:33 884992 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\TUDefragService.dll
+ 2008-12-12 15:20 . 2008-12-12 15:20 343808 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SystemInformation.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 129792 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SystemControl.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 355072 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\StartUpManager.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 924928 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SilentUpdater.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 174336 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\Shredder.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 230656 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\ShortcutCleaner.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 199424 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RescueCenter.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 169216 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RepairWizard.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 328960 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegistryEditor.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 161024 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegistryDefrag.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 513792 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegistryCleaner.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 435448 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\ProductInfo.dat
+ 2008-12-12 15:20 . 2008-12-12 15:20 398080 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\ProcessManager.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 980736 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\OneClickStarter.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 600320 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\OneClick.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 156416 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\MemOptimizer.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 222464 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\DriveDefrag.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 461568 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\DiskExplorer.exe
+ 2008-12-12 15:20 . 2008-12-12 15:20 164096 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\DiskDoctor.exe
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2011-03-10 18:04 . 2011-03-10 18:04 3140608 c:\windows\Installer\c509894.msi
+ 2011-03-10 18:03 . 2011-03-10 18:03 1984000 c:\windows\Installer\c509865.msi
+ 2009-04-27 15:49 . 2009-04-27 15:49 8212480 c:\windows\Installer\24e89f8e.msp
+ 2008-12-12 15:20 . 2008-12-12 15:20 1214208 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SpeedOptimizer.exe
+ 2010-02-28 08:07 . 2011-03-10 02:02 37943240 c:\windows\system32\MRT.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2001-05-29 124416]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\claudio\Menu Avvio\Programmi\Esecuzione automatica\
setup_9.0.0.722_14.02.2011_20-13.lnk - c:\documents and settings\claudio\Desktop\Virus Removal Tool1\setup_9.0.0.722_14.02.2011_20-13\startup.exe [2011-2-14 72208]
setup_9.0.0.722_15.02.2011_22-22.lnk - c:\documents and settings\claudio\Desktop\Virus Removal Tool2\setup_9.0.0.722_15.02.2011_22-22\startup.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2010-05-24 12:10 86016 ----a-w- c:\programmi\ClamWin\bin\ClamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SamsungSM PanelMgr]
2008-07-31 07:09 536576 ----a-w- c:\windows\SamsungSM\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WHITNEY_S2P]
2006-03-27 06:35 229376 ----a-w- c:\programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
.
R0 09829952;09829952 Boot Guard Driver;c:\windows\system32\drivers\09829952.sys [15/02/2011 23.47.50 37392]
R0 56666902;56666902 Boot Guard Driver;c:\windows\system32\drivers\56666902.sys [14/02/2011 21.32.03 37392]
R1 09829951;09829951;c:\windows\system32\drivers\09829951.sys [15/02/2011 23.47.50 128016]
R1 56666901;56666901;c:\windows\system32\drivers\56666901.sys [14/02/2011 21.32.03 128016]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [24/04/2010 15.37.44 159600]
R1 setup_9.0.0.722_14.02.2011_20-13drv;setup_9.0.0.722_14.02.2011_20-13drv;c:\windows\system32\drivers\5666690.sys [14/02/2011 21.32.03 315408]
R1 setup_9.0.0.722_15.02.2011_22-22drv;setup_9.0.0.722_15.02.2011_22-22drv;c:\windows\system32\drivers\0982995.sys [15/02/2011 23.47.50 315408]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24/04/2010 15.37.59 73840]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [06/01/2011 13.02.12 136176]
S2 SSPORT;SSPORT;\??\c:\windows\System32\Drivers\SSPORT.sys --> c:\windows\System32\Drivers\SSPORT.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [24/04/2010 15.36.58 95640]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-06 11:01]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-06 11:01]
.
2011-03-31 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:55]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\f011y73a.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-avgnt - c:\programmi\Avira\AntiVir Desktop\avgnt.exe
AddRemove-Avira AntiVir Desktop - c:\programmi\Avira\AntiVir Desktop\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 09:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\programmi\Adobe\Reader 9.0\Reader\viewerps.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2011-03-31 09:54:32
ComboFix-quarantined-files.txt 2011-03-31 07:54
.
Pre-Run: 81.064.263.680 byte disponibili
Post-Run: 81.050.103.808 byte disponibili
.
- - End Of File - - B521797F2D400DB1C4AD4A87DB3F8B15