avast disattivato

[francois87]

salve a tutti,qualche girono fa,mentre lavoravo su internet,all'icona del mio avast è comparsa una sbarra rossa e poi è scomparso...il problema sicuramente è scaturito dal fatto che ho scaricato alcune keygen e aprendone una..ha provocato tutto questo!...ho tentato di disinstallarlo ma niente...non si toglie...mi dice solo che "avast è inattivo".Non so se può esservi di aiuto,ma ho avviato Combofix(dopo averlo rinominato in abc.exe) e qui di seguito vi mostro il suo report:

ComboFix 09-03-28.06 - User 2009-03-29 22:10:33.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.111 [GMT 2:00]
Eseguito da: c:\documents and settings\User\desktop\abc.exe
Opzioni usate :: /killall
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Dati applicazioni\drivers\downld
c:\documents and settings\User\Dati applicazioni\drivers\downld\153187.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\156625.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\170921.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\172046.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\172703.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\233140.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\236968.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\237953.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\347671.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\358296.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\359140.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\359203.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\377046.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\379593.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\380281.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\455718.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\470546.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\474625.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\620484.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\730796.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\731187.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\731281.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\749703.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\758640.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\759234.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\760171.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\761890.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\762859.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\895156.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\903234.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\906906.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\972343.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\973187.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\973328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\976593.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\977359.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\977500.exe
c:\documents and settings\User\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys
c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe
c:\documents and settings\User\Dati applicazioni\m
c:\documents and settings\User\Dati applicazioni\m\data.oct
c:\documents and settings\User\Dati applicazioni\m\flec006.exe
c:\documents and settings\User\Dati applicazioni\m\list.oct
c:\documents and settings\User\Dati applicazioni\m\shared\1D Barcode Encode SDK ActiveX 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\1Z0-026 - Network Administration Practice Test Questions 1.0 Key.zip
c:\documents and settings\User\Dati applicazioni\m\shared\3D New Years Old and New 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\A-one iPod Video Convertor 4.32.zip
c:\documents and settings\User\Dati applicazioni\m\shared\ABC Amber Photoshop Converter 1.05 [Serial].zip
c:\documents and settings\User\Dati applicazioni\m\shared\Access Password Recovery Genie 2.70.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Aces Omaha - No Limit 1.3.12.zip
c:\documents and settings\User\Dati applicazioni\m\shared\AcQuest 941 Solution 2008 1.00.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Addressbooks Synchronizer 0.8.1a2.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Advanced AWT Pop-Up Menu Bar Applet 2.6 [Patch].zip
c:\documents and settings\User\Dati applicazioni\m\shared\AntiKeylog Home 2.0 KeyGen.zip
c:\documents and settings\User\Dati applicazioni\m\shared\ApHeMo 1.5.0.8 [With Crack].zip
c:\documents and settings\User\Dati applicazioni\m\shared\AppLaunch 1.2.0 [With Crack].zip
c:\documents and settings\User\Dati applicazioni\m\shared\Articulate Presenter Professional Edition 5.02.zip
c:\documents and settings\User\Dati applicazioni\m\shared\ASPMaker 6.0.1 (With Crack).zip
c:\documents and settings\User\Dati applicazioni\m\shared\Aspose.BarCode for Java 1.2.0.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Audio Catalog 3.5.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Auto Reboot Remover 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\AutoExtract 3.0.071006.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Avast.Professional.v4.7.817.Incl.Keymaker-CORE.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Avg.Professional.Edition.7.5.Keygen.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Battlecruiser 3000 A.D. 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Battlefield Vietnam Bonez mod.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Bayesweep 1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Best Keyword Investigator 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\BlueHarvest 1.1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Budget 2005.zip
c:\documents and settings\User\Dati applicazioni\m\shared\CafeTime 5.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\CastleKeep 3.1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Check Favorites 1.7.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Chilkat Perl MHT Library 7.8.0 [With Crack].zip
c:\documents and settings\User\Dati applicazioni\m\shared\Classic Menu for PowerPoint 2007 3.5.zip
c:\documents and settings\User\Dati applicazioni\m\shared\College Scientific Calculator 27 1.0.0.3.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Computer Screen Saver 8.10.09.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Corporate Network Security 2.1 [With Crack].zip
c:\documents and settings\User\Dati applicazioni\m\shared\CPUInfo 2.1.3.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Crysnet Bandwidth Manager 1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Customer Invoicing 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Customize Start Menu 2.0 (Key).zip
c:\documents and settings\User\Dati applicazioni\m\shared\CycleAtlas 2.0 Pre2.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Datasqueeze 2.1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Defragmenter Lite Plus 6.1.0.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\DictaMail 499.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Discus 4.0L [Key+Serial].zip
c:\documents and settings\User\Dati applicazioni\m\shared\Diskeeper Server Standard Edition 2009 13.0.835.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Download Toolbar for Microsoft Internet Explorer 2.4.05.zip
c:\documents and settings\User\Dati applicazioni\m\shared\DriveSentry GoAnywhere 1.0.2.11.zip
c:\documents and settings\User\Dati applicazioni\m\shared\E-Mail Password Recovery 1.02.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Earth 3D Space Survey Screensaver 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Ease DVD To Audio Ripper 1.70 With Crack.zip
c:\documents and settings\User\Dati applicazioni\m\shared\EClean 1.4.2.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Embird Alphabet 26 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\English Quran Browser Widget 0.4.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Evolution 1.5.zip
c:\documents and settings\User\Dati applicazioni\m\shared\F-Prot.Antivirus.315.zip
c:\documents and settings\User\Dati applicazioni\m\shared\FAT Drive Recovery 2.0.1.5.zip
c:\documents and settings\User\Dati applicazioni\m\shared\FlashReminders Outlook Sync plug-in 1.2.1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\foo dsp ssrc 0.5.7.zip
c:\documents and settings\User\Dati applicazioni\m\shared\FreeOTFE 3.00.00.2226.zip
c:\documents and settings\User\Dati applicazioni\m\shared\From Space to Earth - Canada Screen Saver 1.0 (Key).zip
c:\documents and settings\User\Dati applicazioni\m\shared\Full Fullscreen 2.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Game Accelerator 5.9.95.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Game Sentinel 1.1 KeyGen.zip
c:\documents and settings\User\Dati applicazioni\m\shared\GetBoo 0.2.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\GoldfishHD DVD to iPod Video Ripper 1.11.1 (Serial).zip
c:\documents and settings\User\Dati applicazioni\m\shared\HashPass 1.6 Patch.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Hudson Build Monitor 0.9.zip
c:\documents and settings\User\Dati applicazioni\m\shared\ID3Tag InfoTip 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\IT Business Tools Data Edition 3.45.zip
c:\documents and settings\User\Dati applicazioni\m\shared\James Spader Screensaver.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Konvertor bmp2xxx 1.03 With Crack.zip
c:\documents and settings\User\Dati applicazioni\m\shared\LS Archiver 2.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\MB6-283 Practice Exam Testing Engine Software 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Movie + Image MI Thumbnail ActiveX Control 1.2.zip
c:\documents and settings\User\Dati applicazioni\m\shared\MS Access Extract Images Software 7.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Mu Online Philippines 1b.zip
c:\documents and settings\User\Dati applicazioni\m\shared\MZL & Novatech TrafficStatistic 1.2.0.1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\No Problemo Website Downloader 2.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\NoScript 1.1.4.5.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Obfusc PHP 2.1.0 [With Crack].zip
c:\documents and settings\User\Dati applicazioni\m\shared\Onwijs Piggybank 1.3.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Open Simp-X 2002.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Oracle 1Z0-101 Exam Patch.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Oxygen Phone Manager for Nokia and Samsung Phones 2.10.5.zip
c:\documents and settings\User\Dati applicazioni\m\shared\PANDA.ANTIVIRUS.2007.zip
c:\documents and settings\User\Dati applicazioni\m\shared\PDF-Forms 2 (Key).zip
c:\documents and settings\User\Dati applicazioni\m\shared\PDF Merger 2.50.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Phil Taylors Power Darts 08 Nokia N73.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Pimero Free Edition 1.11.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Pitchwheel 1.00.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Pixel 3D 1.10 Crack.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Point System 4.1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Pokeplushies Gadget 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Portfolio Sleuth 1.2D.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Power OS Commander 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Power Print 3.16.1.420.zip
c:\documents and settings\User\Dati applicazioni\m\shared\R-U-ON Track 1.0.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Registrar Registry Manager Lite 6.01 Build 600.31121.zip
c:\documents and settings\User\Dati applicazioni\m\shared\RLPack Basic Edition 1.17.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Rune Hatchet Match map 1.5.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Sendmail 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Space Invaders 1978 2.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\SpaceCheck for Netware 1.3.zip
c:\documents and settings\User\Dati applicazioni\m\shared\St Patrick Teddy Bears Demo Screensaver 1.0 (Patch).zip
c:\documents and settings\User\Dati applicazioni\m\shared\Stunt DVD to iPod Ripper 2.3.zip
c:\documents and settings\User\Dati applicazioni\m\shared\SuperDesktop 1.00 [KeyGen].zip
c:\documents and settings\User\Dati applicazioni\m\shared\Teaching Templates Quiz Maker 5.2.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\TEAMeeting Method & Software 1.1.01.zip
c:\documents and settings\User\Dati applicazioni\m\shared\ThumbsPlus Digicam Raw Plug-in 3.6.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Tinderstatus 0.2.4.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Title Save 0.1d.zip
c:\documents and settings\User\Dati applicazioni\m\shared\TXTEditor+ 1.1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\UltraManager 2.3.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Unexplained Mysteries 1.0.0.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Video Constructor 1.4.0.13.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Virtual Intelligence Matrix 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Voice Shaper 0.93.zip
c:\documents and settings\User\Dati applicazioni\m\shared\WallpaperMobile 3.1.1 Beta.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Warcraft III - Human Level map 4.zip
c:\documents and settings\User\Dati applicazioni\m\shared\WDumpEvt 2.2 (Cracked).zip
c:\documents and settings\User\Dati applicazioni\m\shared\Web Confidential for Palm (Mac Installer) 1.4.zip
c:\documents and settings\User\Dati applicazioni\m\shared\WebTide for Windows 3.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\WebWhacker EE (Education Edition) 1.0.zip
c:\documents and settings\User\Dati applicazioni\m\shared\WinHex 14.3 SR-3.zip
c:\documents and settings\User\Dati applicazioni\m\shared\wxMusik 0.4.2.2.zip
c:\documents and settings\User\Dati applicazioni\m\shared\X-Fonter 6.4.zip
c:\documents and settings\User\Dati applicazioni\m\shared\XMLPad 3.0.1.zip
c:\documents and settings\User\Dati applicazioni\m\shared\Zipboard 2.0.zip
c:\documents and settings\User\Dati applicazioni\m\srvlist.oct
c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
c:\windows\system32\drivers\down
c:\windows\system32\drivers\down\757796.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Creati Da 2009-02-28 al 2009-03-29 )))))))))))))))))))))))))))))))))))
.

2009-03-29 18:47 . 2009-03-29 22:11 <DIR> d--h----- c:\documents and settings\User\Dati applicazioni\drivers
2009-03-29 18:22 . 2004-08-30 21:00 366,080 --a------ c:\windows\system32\doskeys.exe
2009-03-29 18:22 . 2009-03-29 18:22 52,224 --a------ c:\windows\system32\dllhosts.exe
2009-03-29 18:22 . 2009-03-29 18:22 37,888 --a------ c:\windows\system32\rar.exe
2009-03-29 18:22 . 2009-03-29 22:04 106 --a------ c:\windows\system32\jpg.dat
2009-03-29 18:13 . 2009-03-29 18:13 37,473 --a------ c:\windows\system32\muzika.xm
2009-03-26 13:23 . 2009-03-26 13:23 <DIR> d-------- c:\windows\system32\KB905474
2009-03-26 13:23 . 2009-03-10 23:26 1,437,568 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-03-26 13:23 . 2009-03-10 23:18 454,016 --a------ c:\windows\system32\KB905474\wgasetup.exe
2009-03-26 13:23 . 2009-02-09 19:51 17,140 --a------ c:\windows\system32\KB905474\wga_eula.txt
2009-03-19 12:45 . 2009-03-19 12:45 54,032 --a------ c:\windows\_BB6627C.TTF
2009-03-19 12:45 . 2009-03-19 12:45 34,100 --a------ c:\windows\_4855C99.TTF
2009-03-19 12:45 . 2009-03-19 12:45 33,796 --a------ c:\windows\_46C793B.TTF
2009-03-19 12:45 . 2009-03-19 12:45 33,300 --a------ c:\windows\_6A2F5AB.TTF
2009-03-19 12:43 . 1993-05-27 18:02 182,773 --a------ c:\windows\system\AAPLAY.DLL
2009-03-19 12:43 . 1992-06-29 15:47 16,912 --a------ c:\windows\system\MCIAAP.DRV
2009-03-19 12:43 . 1992-06-29 17:33 13,840 --a------ c:\windows\system\AAVGA.DLL
2009-03-19 12:42 . 2009-03-19 12:42 <DIR> d-------- C:\DEAMM
2009-03-04 12:57 . 2009-03-04 12:57 <DIR> d-------- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-03-04 12:56 . 2009-03-04 12:56 <DIR> d-------- c:\programmi\MSXML 6.0
2009-03-03 12:30 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-03 12:30 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-03 12:30 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-01 16:24 . 2009-03-01 16:24 <DIR> d-------- c:\documents and settings\User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 16:42 --------- d-----w c:\programmi\eMule
2009-02-23 16:51 --------- d-----w c:\documents and settings\User\Dati applicazioni\CyberInstaller Studio 2008
2009-02-21 14:23 --------- d-----w c:\documents and settings\User\Dati applicazioni\Camfrog
2009-02-14 11:27 --------- d-----w c:\documents and settings\User\Dati applicazioni\Canon
2009-02-13 14:56 --------- d-----w c:\documents and settings\User\Dati applicazioni\DivX
2009-02-13 10:30 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-02-13 10:30 --------- d-----w c:\documents and settings\User\Dati applicazioni\Malwarebytes
2009-02-13 10:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 17:43 --------- d-----w c:\programmi\Sophos
2009-02-06 16:45 --------- d-----w c:\documents and settings\User\Dati applicazioni\Ahead
2009-02-05 10:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-04 15:56 --------- d-----w c:\documents and settings\User\Dati applicazioni\ArcSoft
2009-02-04 15:41 --------- d-----w c:\programmi\MSN Messenger
2009-02-03 18:22 --------- d-----w c:\programmi\File comuni\logishrd
2009-02-03 18:17 --------- d-----w c:\programmi\Camfrog
2009-02-03 18:14 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2009-02-03 16:50 --------- d-----w c:\documents and settings\User\Dati applicazioni\vlc
2009-02-03 15:41 --------- d-----w c:\programmi\Alwil Software
2009-02-02 21:48 --------- d-----w c:\programmi\ArcSoft
2009-02-02 21:45 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-02 21:38 --------- d-----w c:\programmi\VideoLAN
2009-02-02 20:40 --------- d-----w c:\programmi\Pirelli
2009-02-02 20:40 --------- d-----w c:\programmi\Motive
2009-02-02 20:40 --------- d-----w c:\programmi\Common Files
2009-02-02 20:40 --------- d-----w c:\programmi\Alice ti aiuta
2009-02-02 20:39 155,995 ----a-w c:\windows\java\Packages\7ZFHRFTJ.ZIP
2009-02-02 20:38 --------- d-----w c:\programmi\Telecom Italia
2009-02-02 20:38 --------- d-----w c:\programmi\File comuni\InstallShield
2009-02-02 16:12 --------- d-----w c:\programmi\DivX
2009-02-02 16:03 --------- d-----w c:\programmi\Windows Media Connect 2
2009-02-02 15:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-01-31 11:44 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-31 11:40 --------- d-----w c:\documents and settings\User\Dati applicazioni\CyberLink
2009-01-31 11:32 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-31 11:29 --------- d-----w c:\programmi\Nero
2009-01-31 10:52 47,360 ----a-w c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-01-31 10:52 --------- d-----w c:\documents and settings\User\Dati applicazioni\Vso
2009-01-31 10:51 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-31 10:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-31 10:18 --------- d-----w c:\programmi\Microsoft Works
2009-01-31 10:17 --------- d-----w c:\programmi\MSBuild
2009-01-31 10:16 --------- d-----w c:\programmi\Microsoft.NET
2009-01-31 10:06 --------- d-----w c:\programmi\Microsoft Visual Studio 8
2009-01-30 18:57 --------- d-----w c:\programmi\microsoft frontpage
2009-01-30 18:54 --------- d-----w c:\programmi\Servizi in linea
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_17.09.19.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2004-08-19 13:39:26 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 07:12:04 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
- 2008-09-15 15:38:29 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:56:50 1,846,272 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2007-06-11 22:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2009-02-13 18:48:19 293,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-19 21:11:45 297,256 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-21 12:25:23 58,732 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-29 15:23:18 58,732 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-21 12:25:23 69,790 ----a-w c:\windows\system32\perfc010.dat
+ 2009-03-29 15:23:18 69,790 ----a-w c:\windows\system32\perfc010.dat
- 2009-02-21 12:25:23 392,432 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-29 15:23:18 392,432 ----a-w c:\windows\system32\perfh009.dat
- 2009-02-21 12:25:23 437,644 ----a-w c:\windows\system32\perfh010.dat
+ 2009-03-29 15:23:18 437,644 ----a-w c:\windows\system32\perfh010.dat
- 2004-08-19 13:39:26 144,896 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 07:12:04 144,896 ----a-w c:\windows\system32\schannel.dll
- 2006-09-25 16:58:48 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 08:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-09-15 15:38:29 1,846,016 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 14:56:50 1,846,272 ----a-w c:\windows\system32\win32k.sys
- 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-03-29 78008]
"C-Media Mixer"="Mixer.exe" [2002-06-13 c:\windows\mixer.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Services6"="dllhosts.exe" [2009-03-29 c:\windows\system32\dllhosts.exe]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-02-02 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1914a2c-f369-11dd-a298-000827dd3010}]
\Shell\AutoRun\command - G:\1utbfd.bat
\Shell\open\Command - G:\1utbfd.bat
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 23:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 22:15:21
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-29 22:19:00 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-29 20:18:56
ComboFix2.txt 2009-03-04 16:10:37
ComboFix3.txt 2009-02-16 13:52:24

Pre-Run: 45,021,749,248 byte disponibili
Post-Run: 45,442,355,200 byte disponibili

391 --- E O F --- 2009-03-26 11:23:59

[shel]

hai appena tolto una brutta infezione del bagle

controlla se c'e' ancora qualche traccia

scarica http://dc108.4shared.com/download/75022 ... 1-de3379fb


Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
usa solamente il tasto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.

[shel]

ciao francois 87

quando avrai terminato la scansione con findkill, esegui anche il restante

scarica Avenger da qui

http://swandog46.geekstogo.com/avenger.zip

lo installi e lo lanci

Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:

files to delete:
G:\1utbfd.bat
c:\windows\system32\5.tmp
c:\windows\system32\muzika.xm
c:\windows\system32\doskeys.exe
c:\windows\system32\dllhosts.exe
c:\windows\_4855C99.TTF
c:\windows\_46C793B.TTF
c:\windows\_6A2F5AB.TTF
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc010.dat
c:\windows\system32\perfh009.dat
c:\windows\system32\perfh010.dat



Registry keys to delete:
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]


Spunta "Automatically disable any rootkits found"

clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

posta il log di avenger che trovi in c:\



Apri il blocco note e incolla il testo in verde cosi' come l'ho scritto, con ; inclusa,( il punto e virgola piccolino in verde alla fine del testo)

salva sul desktop come fix.reg - doppio click sul file e accetta le modifiche al registro

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1914a2c-f369-11dd-a298-000827dd3010}]
;

[francois87]

ecco i risultati dei due programmi che mi hai consigliato:



----------------- FindyKill V4.707 ------------------

* User : User - ID-631854CF5E6F
* executed from : C:\Programmi\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 14:14:32 the 2010-04-04
* Windows XP - Internet Explorer 6.0.2900.2180


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\620484.EXE-0C67D974.pf
Deleted ! - C:\WINDOWS\prefetch\742343.EXE-09E8DFCD.pf
Deleted ! - C:\WINDOWS\prefetch\757796.EXE-2925F68D.pf
Deleted ! - C:\WINDOWS\prefetch\DOSKEYS.EXE-0E5ADF6A.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-2509DB66.pf
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-01870C87.pf
Deleted ! - C:\WINDOWS\prefetch\KEYMAKER.EXE-2E64F752.pf
Deleted ! - C:\WINDOWS\prefetch\KEY_GENERATOR.EXE-38AC403C.pf
Deleted ! - C:\WINDOWS\prefetch\SETUP+PATCH.EXE-0F7B781E.pf

»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\User\Dati applicazioni


»»»» Supression files in C:\DOCUME~1\User\IMPOST~1\Temp


»»»» Supression files in C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------


--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\User\Cookies\user@www.keygen[2].txt
C:\Documents and Settings\User\Desktop\Avast Antivirus Pro Edition 4.8 Keygen.rar
C:\Documents and Settings\User\Documenti\[ITA] Avast! Antivirus 4.6.691 Professional Edition + Crack.zip
C:\Documents and Settings\User\Documenti\ciccio\Windows.Genuine.Advantage.Validation.v1.7.18.5.CRACKED-ETH0
C:\Documents and Settings\User\Documenti\ciccio\abbonamento\Nuova cartella\winzip 11 + crack(1).rar
C:\Documents and Settings\User\Documenti\ciccio\Windows.Genuine.Advantage.Validation.v1.7.18.5.CRACKED-ETH0\eth0.nfo
C:\Documents and Settings\User\Documenti\ciccio\Windows.Genuine.Advantage.Validation.v1.7.18.5.CRACKED-ETH0\file_id.diz
C:\Documents and Settings\User\Documenti\ciccio\Windows.Genuine.Advantage.Validation.v1.7.18.5.CRACKED-ETH0\installer.bat
C:\Documents and Settings\User\Documenti\ciccio\Windows.Genuine.Advantage.Validation.v1.7.18.5.CRACKED-ETH0\LegitCheckControl.dll
C:\Documents and Settings\User\Documenti\ciccio\Windows.Genuine.Advantage.Validation.v1.7.18.5.CRACKED-ETH0\WgaLogon.dll
C:\Documents and Settings\User\Documenti\ciccio\Windows.Genuine.Advantage.Validation.v1.7.18.5.CRACKED-ETH0\WgaTray.exe
C:\Documents and Settings\User\Recent\AntiVirus Avast Professional 4.7.936 (2007) ITALIANO Inc.KeyGen by Controller Programmi.lnk
C:\Documents and Settings\User\Recent\Avast 4.7 Home Edition Crack - Codice Licenza - Funziona NY.lnk
C:\Documents and Settings\User\Recent\Avast Antivirus Pro Edition 4.8 Keygen.lnk
C:\Documents and Settings\User\Recent\Avast! Antivirus 4.6.691 Professional Edition + keygenerator.lnk
C:\Documents and Settings\User\Recent\Crack.lnk
C:\Documents and Settings\User\Recent\winzip 11 + crack(1).lnk
C:\Documents and Settings\User\Recent\[ITA] Avast! Antivirus 4.6.691 Professional Edition + Crack.lnk


---------------- ! End of report ! ------------------






//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 04 14:53:02 2010

14:52:57: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "G:\1utbfd.bat"
Deletion of file "G:\1utbfd.bat" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "c:\windows\system32\5.tmp" not found!
Deletion of file "c:\windows\system32\5.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\muzika.xm" deleted successfully.
File "c:\windows\system32\doskeys.exe" deleted successfully.
File "c:\windows\system32\dllhosts.exe" deleted successfully.
File "c:\windows\_4855C99.TTF" deleted successfully.
File "c:\windows\_46C793B.TTF" deleted successfully.
File "c:\windows\_6A2F5AB.TTF" deleted successfully.
File "c:\windows\system32\perfc009.dat" deleted successfully.
File "c:\windows\system32\perfc010.dat" deleted successfully.
File "c:\windows\system32\perfh009.dat" deleted successfully.
File "c:\windows\system32\perfh010.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[shel]

i programmi hanno eliminato un bel po' di innfezioni

apri il blocco note e incolla questo

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Services6"="-
;


salvalo sul desktop come fix.reg - doppio click e accetta le modifiche al registro



fai la solita pulizia


scarica Ccleaner

http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

poi

scarica Atfcleaner

http://www.atribune.org/ccount/click.php?id=1

Avvia ATFCleaner.exe con un doppio click

1) seleziona la casella Select All
2) clicca sul pulsante Empty selected
3) aspetta l'avviso Done Cleaning.



vedi il pc se va bene e continuiamo per riattivare i servizi

[francois87]

ciao shel ho fatto come tu mi hai detto ed il computer è andato bene e non mi ha fatto problemi di nessun genere.aspetto tue notizie...

[shel]

elimina combofix in questo modo

Da Start >> Esegui, scrivi ( o copia e incolla) la stringa ComboFix /u
cancella la cartella C\qoobox
cancella la cartella ComboFix del desktop



Scarica ed installa CCleaner: clicca qui per il download

http://www.filehippo.com/download_ccleaner/

Una volta installato configuralo in questo modo:
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi clicca su:
Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
alla voce Pulizia, nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori aggiornamenti di WinUpdate
nel menu a sinistra, clicca sulla voce Pulizia
clicca su tasto Avvia pulizia per eseguire la scansione
finita la scansione, sempre nel menu a sinistra, clicca sulla voce Registro e spunta tutte le voci comprese nella sezione meno la voce estensioni file non usate
clicca sul tasto Trova problemi ed avvia una scansione
Accetta la copia del registro e conservala in documenti
al termine della scansione clicca sulla voce Ripara selezionati e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)

[francois87]

ciao shel ho completato le operazione richieste...c'è solo un problema:quando vado a riparare i file "dll" me ne rimangono alla fine sempre 875 da 1000 e passa che ne avevo...l'ho ripetuto questo passaggio circa una decina di volte ma si ferma sempre a 875.