Pc lentissimo in ogni caso, ma scansione pulita

di **Vento_ribelle** » 12/10/12 17:56

Salve a tutti.
Innanzi tutto dico che ho fatto le dovute ricerche sul forum prima di scrivere il topic e infatti : ho fatto scansione con antimalwarebyte , ma è risultata pulita. Ho fatto scansione con avira ma tutto pulito. Ho scaricato CCleaner e utilizzato, scaricato adwcleaner e tds killer di kaspersky (tutte le scansioni non hanno trovato nulla). Ma il problema è rimasto invariato. In pratica il pc è lentissimo a fare qualsiasi cosa, anche aprire una semplice cartella senza che ci siano altri programmi aperti o pagine web. Per non parlare di internet che in pratica ci mette anni a caricare (solo stamattina mezz'ora prima che potessi utilizzare la pagina web).
Ho guardato il task manager ma non mi pare ci sia nulla che occupi troppa memoria, e infatti in prestazioni l'utilizzo della cpu risulta al 4%. Ho provato a svuotare un pò l hard disk e adesso è vuoto per più del 50%.
Non so più cosa provare.
Vi copio e incollo (spero di ricordare come si fa il copia incolla) il log di hijack , se vi può essere utile.

Codice: Seleziona tutto: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18.55.01, on 12/10/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ANIWConnService.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\Java\jre7\bin\jqs.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Programmi\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe C:\Programmi\COMODO\COMODO Internet Security\cfp.exe C:\Programmi\File comuni\Java\Java Update\jusched.exe C:\Programmi\My 190\My 190.exe C:\Programmi\iPod\bin\iPodService.exe C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\taskmgr.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe O4 - HKLM\..\Run: [WZCSLDR2] C:\Programmi\D-Link\DWA-140 revB\WZCSLDR2.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 7201 bytes

di **FrancescoFDAC** » 13/10/12 18:46

ComboFix: rimuovere le infezioni presenti nel sistema

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● clicca due volte sul file ComboFix per avviare l'applicazione
● clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"

● nel caso di Windows XP, verrà richiesta l' installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
● se non trovi il Report del programma, clicca Start, Esegui e inserisci questa stringa (infine clicca il pulsante Invio):
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Note - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, prima di avviarlo, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso
● Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette USB, Hard Disk Esterni, Lettori MP3, Schedine SD..) per prevenire future minacce: quando inserisci un dispositivo esterno, dovrai avviarla "manualmente" dalle Risorse del computer

P.S. alleghi il log di Adwcleaner? si trova nel disco C:

di **Vento_ribelle** » 14/10/12 10:00

Intanto buona domenica e grazie per la risposta.
Ho avuto dei problemoni enormi con combofix ed ora ti spiego.
Ho scaricato combofix,messo sul desktop .Ho accettato ed è partita l'estrazione dei file (la schermata nera) a quel punto mi dice che l'antivirus è ancora in funzione ma io lo avevo disattivato. Cosi ho ricontrollato avira ed era veramente disattivato. Ho provato a chiudere del tutto avira ma si è blocatto il pc. Allora ho disinstallato avira e riavviato il pc. Al riavvio ho rieseguito il download di combofix e provato a riavviarlo.Ho accettato di nuovo ma stavolta oltre la schermata nera non succede più nulla.
Finalmente al quinto tentativo parte combofix ma ancora mi dice che avira è in funzione,in ogni caso fa questa benedetta scansione.

Codice: Seleziona tutto: ComboFix 12-10-14.02 - cristina 14/10/2012 10.37.45.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.223 [GMT 2:00] Eseguito da: c:\documents and settings\cristina\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000} AV: AntiVir Desktop *Enabled/Updated* {7C926B08-FFFF-FFFF-00D0-FD7FB0F21200} AV: AntiVir Desktop *Enabled/Updated* {7C926B08-FFFF-FFFF-00E0-FD7FB0F21200} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . D:\AUTORUN.INF c:\windows\WindowsUpdate.log . . . . Eliminazione Fallita . . ((((((((((((((((((((((((( Files Creati Da 2012-09-14 al 2012-10-14 ))))))))))))))))))))))))))))))))))) . . 2012-10-12 16:54 . 2012-10-12 16:54 -------- d-----w- c:\programmi\Trend Micro 2012-10-01 12:10 . 2012-10-01 12:10 -------- dc----w- C:\TDSSKiller_Quarantine 2012-10-01 10:13 . 2012-10-01 10:13 -------- dc----w- c:\documents and settings\cristina\Dati applicazioni\Malwarebytes 2012-10-01 10:13 . 2012-10-01 10:13 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2012-10-01 10:13 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-01 10:13 . 2012-10-01 10:13 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2012-09-28 13:07 . 2012-09-28 13:07 -------- d-----w- c:\programmi\File comuni\Java 2012-09-28 13:07 . 2012-09-28 13:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-28 13:06 . 2012-08-16 18:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-28 13:06 . 2011-10-17 19:47 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-28 13:06 . 2011-10-17 19:47 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-30 09:04 . 2012-07-30 09:04 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-30 09:04 . 2011-10-09 13:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304] "D-Link D-Link Wireless N DWA-140"="c:\programmi\D-Link\DWA-140 revB\AirNCFG.exe" [2009-09-18 1708032] "COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696] "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKLM\~\startupfolder\C:^Documents and Settings^cristina^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk] path=c:\documents and settings\cristina\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk backup=c:\windows\pss\My 190.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^cristina^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk] path=c:\documents and settings\cristina\Menu Avvio\Programmi\Esecuzione automatica\Widget vodafone.lnk backup=c:\windows\pss\Widget vodafone.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 19:28 59240 ----a-w- c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-13 17:14 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2012-07-12 05:05 138096 ----atw- c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-10-09 13:51 136176 ----atw- c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-06 17:05 421736 ----a-w- c:\programmi\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2012-05-25 02:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2007-12-10 14:55 323584 -c--a-w- c:\windows\PixArt\PAC207\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor] 2007-12-10 14:55 323584 -c--a-w- c:\windows\PixArt\PAC207\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 13:09 413696 -c--a-w- c:\programmi\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 11:33 17418928 ----a-r- c:\programmi\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-06-21 03:42 577536 ------r- c:\windows\soundman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 07:04 252848 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2) "wuauserv"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) "ose"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\BitTorrent\\BitTorrent.exe"= "c:\\Documents and Settings\\cristina\\Desktop\\BitTorrent-7.2.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\cristina\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= "c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programmi\\Bonjour\\mDNSResponder.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= . R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [30/06/2011 9.38.14 242600] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [30/06/2011 9.38.14 29400] R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [09/10/2011 20.40.47 151552] R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [01/10/2012 12.13.29 399432] R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [01/10/2012 12.13.29 676936] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13.33.30 3064000] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/10/2012 12.13.21 22856] R3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [13/12/2011 11.55.55 618112] S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 13.28.36 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/07/2012 11.04.27 257696] . Contenuto della cartella 'Scheduled Tasks' . 2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 09:04] . 2012-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job - c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-01-22 05:05] . 2012-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job - c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-01-22 05:05] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job - c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-10-09 13:51] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job - c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-10-09 13:51] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - CHIAVI ORFANE RIMOSSE - - - - . HKLM-Run-WZCSLDR2 - c:\programmi\D-Link\DWA-140 revB\WZCSLDR2.exe SafeBoot-90988135.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-14 10:46 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'lsass.exe'(940) c:\windows\system32\guard32.dll . - - - - - - - > 'explorer.exe'(2104) c:\windows\system32\guard32.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\programmi\Java\jre7\bin\jqs.exe c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Ora fine scansione: 2012-10-14 10:50:24 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-10-14 08:50 . Pre-Run: 39.704.494.080 byte disponibili Post-Run: 40.299.118.592 byte disponibili . - - End Of File - - 00AF633EC38E8C32FCE799116487A7DB

Ti allego il log di adw cleaner (l'ho rifatto stamattina)

Codice: Seleziona tutto: # AdwCleaner v1.801 - Logfile created 10/14/2012 at 10:54:18 # Updated 14/08/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : cristina - FILIPPA # Boot Mode : Normal # Running from : C:\Documents and Settings\cristina\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Software ***** [Registre - GUID] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [732 octets] - [14/10/2012 10:24:30] AdwCleaner[R2].txt - [664 octets] - [14/10/2012 10:54:18] ########## EOF - C:\AdwCleaner[R2].txt - [791 octets] ##########

E questo è tutto.
Spero che ci capisci qualcosa tu :cry:

ps: ho letto nel log di combofix che risultava in funzione antimalwarebyte ma io lo avevo chiuso!! :?:

di **FrancescoFDAC** » 14/10/12 12:08

Non vedo granchè.
Scarica OTL By OldTimer: http://oldtimer.geekstogo.com/OTL.exe
● posiziona il tool scaricato sul Desktop
● doppio click sull'icona del programma per avviarlo
● metti il segno di spunta a Scan All Users
● clicca sul bottone Quick Scan
● attendi pazientemente la fine della scansione
● alla fine della scansione, verranno generati 2 logs: allegali
OTListIt.txt (aperto)
Extra.txt (minimizzato)

di **Vento_ribelle** » 16/10/12 12:12

Il problema continua

Codice: Seleziona tutto: OTL logfile created on: 16/10/2012 12.29.53 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\cristina\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 511,48 Mb Total Physical Memory | 100,99 Mb Available Physical Memory | 19,74% Memory free 1,23 Gb Paging File | 0,54 Gb Available in Paging File | 43,88% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi Drive C: | 48,83 Gb Total Space | 37,45 Gb Free Space | 76,71% Space Free | Partition Type: NTFS Drive D: | 25,69 Gb Total Space | 24,93 Gb Free Space | 97,03% Space Free | Partition Type: NTFS Drive F: | 7,84 Gb Total Space | 5,11 Gb Free Space | 65,17% Space Free | Partition Type: FAT32 Drive G: | 144,80 Gb Total Space | 112,65 Gb Free Space | 77,79% Space Free | Partition Type: NTFS Computer Name: FILIPPA | User Name: cristina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/10/10 12.06.17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe PRC - [2012/09/28 15.06.35 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programmi\Java\jre7\bin\jqs.exe PRC - [2012/09/07 17.04.46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17.04.46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17.04.44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/08/26 16.06.10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cristina\Desktop\OTL.exe PRC - [2012/08/13 13.33.30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/07/03 09.04.54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe PRC - [2011/06/30 09.37.28 | 001,793,712 | ---- | M] (COMODO) -- C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2011/06/30 09.37.06 | 002,554,696 | ---- | M] (COMODO) -- C:\Programmi\COMODO\COMODO Internet Security\cfp.exe PRC - [2009/09/18 18.41.14 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe PRC - [2009/08/21 09.27.24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2009/07/07 20.10.14 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe PRC - [2008/11/09 22.48.14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/10/10 12.06.15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll MOD - [2012/10/10 12.06.13 | 012,435,992 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll MOD - [2012/10/10 12.06.12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\pdf.dll MOD - [2012/10/10 12.04.44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\avutil-51.dll MOD - [2012/10/10 12.04.43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\avformat-54.dll MOD - [2012/10/10 12.04.42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll MOD - [2012/08/17 07.02.26 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\SwiftShader\1.0.1.3\libGLESv2.dll MOD - [2012/08/17 07.02.26 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\SwiftShader\1.0.1.3\libEGL.dll MOD - [2011/06/06 12.55.32 | 000,301,056 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA MOD - [2009/07/07 20.10.14 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe MOD - [2009/07/07 18.50.04 | 000,258,048 | ---- | M] () -- C:\WINDOWS\system32\wlanapp.dll MOD - [2009/06/01 14.23.24 | 000,315,392 | ---- | M] () -- C:\WINDOWS\system32\ANIOApi.dll MOD - [2009/06/01 14.23.24 | 000,315,392 | ---- | M] () -- C:\Programmi\D-Link\DWA-140 revB\ANIOApi.dll MOD - [2008/04/13 19.13.44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012/09/28 15.06.35 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/09/07 17.04.46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17.04.46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/13 13.33.30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/30 11.04.27 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 13.28.36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/27 00.15.42 | 000,055,144 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011/06/30 09.37.28 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2009/08/21 09.27.24 | 000,102,400 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2009/07/07 20.10.14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService) SRV - [2008/11/09 22.48.14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2003/07/28 20.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\cristina\IMPOST~1\Temp\catchme.sys -- (catchme) DRV - [2012/09/07 17.04.46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/06/30 09.38.16 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) DRV - [2011/06/30 09.38.14 | 000,242,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2011/06/30 09.38.14 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2009/08/03 10.57.38 | 000,724,736 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870) DRV - [2009/02/09 18.10.04 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2008/04/13 11.56.08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/13 11.45.30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008/02/13 14.17.26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207) DRV - [2006/09/18 08.59.00 | 000,250,240 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006/06/27 17.42.14 | 003,972,672 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) DRV - [2004/08/19 17.23.40 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2001/08/31 13.00.00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001/08/31 13.00.00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ IE - HKU\S-1-5-21-220523388-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-220523388-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programmi\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - Extension: Cruciverba = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\cnlkponnfbmdpjlafjmmecmfklmbiaej\1.1_1\ CHR - Extension: Skype Click to Call = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ O1 HOSTS File: ([2012/10/14 10.46.50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [COMODO Internet Security] C:\Programmi\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91C5C5BC-2196-408D-AE20-DD259AA4E7FF}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/10/09 12.19.50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/09/14 15.55.14 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/10/14 10.32.52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/10/14 10.32.52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/10/14 10.32.52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/10/14 10.32.52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/10/14 10.19.51 | 004,979,246 | R--- | C] (Swearware) -- C:\Documents and Settings\cristina\Desktop\ComboFix.exe [2012/10/14 10.08.39 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/14 10.06.29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\cristina\Documenti\Video [2012/10/14 10.03.05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/10/12 18.54.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis [2012/10/12 18.54.41 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro [2012/10/01 14.14.17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\cristina\Menu Avvio\Programmi\Strumenti di amministrazione [2012/10/01 14.10.36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/10/01 13.15.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dati applicazioni\Adobe [2012/10/01 12.13.48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cristina\Dati applicazioni\Malwarebytes [2012/10/01 12.13.33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware [2012/10/01 12.13.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes [2012/10/01 12.13.21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/10/01 12.13.19 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware [2012/10/01 12.09.10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\cristina\Desktop\HJTInstall.exe [2012/10/01 12.08.44 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cristina\Desktop\OTL.exe [2012/10/01 12.08.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cristina\Desktop\pulire il pc [2012/09/28 15.07.42 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/10/16 12.26.02 | 000,001,254 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job [2012/10/16 11.52.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/16 10.10.03 | 000,001,272 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job [2012/10/16 07.26.02 | 000,001,202 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job [2012/10/16 07.10.06 | 000,001,250 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job [2012/10/16 07.04.48 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{91C5C5BC-2196-408D-AE20-DD259AA4E7FF} [2012/10/16 07.04.40 | 000,000,009 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{91C5C5BC-2196-408D-AE20-DD259AA4E7FF} [2012/10/16 06.30.23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/10/16 06.30.22 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2012/10/14 10.46.50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/10/14 10.21.34 | 004,979,246 | R--- | M] (Swearware) -- C:\Documents and Settings\cristina\Desktop\ComboFix.exe [2012/10/12 18.54.42 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\cristina\Desktop\HijackThis.lnk [2012/10/12 18.19.40 | 002,180,953 | ---- | M] () -- C:\Documents and Settings\cristina\Documenti\S5031905.JPG [2012/10/12 18.11.49 | 000,821,987 | ---- | M] () -- C:\Documents and Settings\cristina\Documenti\L'uccello in chiesa.mp3 [2012/10/11 07.34.54 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\cristina\Desktop\Google Chrome.lnk [2012/10/01 14.11.44 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2012/10/01 12.13.36 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/23 20.25.40 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/09/23 12.49.37 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/09/22 06.56.24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/10/14 10.32.52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/10/14 10.32.52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/10/14 10.32.52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/10/14 10.32.52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/10/14 10.32.52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/10/12 18.54.42 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\cristina\Desktop\HijackThis.lnk [2012/10/12 18.12.18 | 002,180,953 | ---- | C] () -- C:\Documents and Settings\cristina\Documenti\S5031905.JPG [2012/10/12 18.08.40 | 000,821,987 | ---- | C] () -- C:\Documents and Settings\cristina\Documenti\L'uccello in chiesa.mp3 [2012/10/01 12.13.36 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/01 12.08.40 | 000,618,227 | ---- | C] () -- C:\Documents and Settings\cristina\Desktop\adwcleaner.exe [2012/10/01 12.01.29 | 068,460,264 | ---- | C] () -- C:\Documents and Settings\cristina\Desktop\avira_antivir_personal_it.exe [2012/07/30 22.51.45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/05/14 15.32.32 | 000,031,120 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/05/01 17.24.41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2012/04/08 14.28.14 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/13 11.55.55 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2011/12/13 11.55.54 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini [2011/10/14 09.26.06 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/10/09 20.42.22 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\cristina\Dati applicazioni\ANICONFIG_{91C5C5BC-2196-408D-AE20-DD259AA4E7FF}.ini [2011/10/09 20.40.47 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe [2011/10/09 20.40.38 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll [2011/10/09 20.40.38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll [2011/10/09 20.40.38 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll [2011/10/09 20.40.37 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll [2011/10/09 20.40.20 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll [2011/10/09 20.40.20 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys [2011/10/09 20.40.20 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys [2011/10/09 20.39.47 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll [2011/10/09 20.39.47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe [2011/10/09 20.38.51 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2011/10/09 14.07.32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/10/09 14.05.48 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/10/09 12.32.53 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011/10/09 12.32.34 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2011/10/09 12.32.26 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2011/10/09 12.22.19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/10/09 12.16.24 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/10/09 12.15.08 | 001,267,200 | ---- | C] () -- C:\WINDOWS\System32\comsvcs.dll [color=#E56717]========== LOP Check ==========[/color] [2012/04/20 11.25.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/10/10 12.55.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cristina\Dati applicazioni\BitTorrent [2012/03/10 11.27.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cristina\Dati applicazioni\it.vodafone.desktopwidget [2011/10/22 14.48.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cristina\Dati applicazioni\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1 [2012/08/16 20.55.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cristina\Dati applicazioni\Oracle [2012/10/16 07.10.06 | 000,001,250 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job [2012/10/16 10.10.03 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

Codice: Seleziona tutto: OTL Extras logfile created on: 16/10/2012 12.29.53 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\cristina\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 511,48 Mb Total Physical Memory | 100,99 Mb Available Physical Memory | 19,74% Memory free 1,23 Gb Paging File | 0,54 Gb Available in Paging File | 43,88% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi Drive C: | 48,83 Gb Total Space | 37,45 Gb Free Space | 76,71% Space Free | Partition Type: NTFS Drive D: | 25,69 Gb Total Space | 24,93 Gb Free Space | 97,03% Space Free | Partition Type: NTFS Drive F: | 7,84 Gb Total Space | 5,11 Gb Free Space | 65,17% Space Free | Partition Type: FAT32 Drive G: | 144,80 Gb Total Space | 112,65 Gb Free Space | 77,79% Space Free | Partition Type: NTFS Computer Name: FILIPPA | User Name: cristina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programmi\BitTorrent\BitTorrent.exe" = C:\Programmi\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Documents and Settings\cristina\Desktop\BitTorrent-7.2.exe" = C:\Documents and Settings\cristina\Desktop\BitTorrent-7.2.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited) "C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{26A9CDB0-9827-91E4-550F-71569256A3BD}" = My 190 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Italiano "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust 100K Series Webcam "{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link Wireless N DWA-140 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "BitTorrent" = BitTorrent "HijackThis" = HijackThis 2.0.2 "it.vodafone.desktopwidget" = My 190 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.65.0.1400 "NVIDIA Drivers" = NVIDIA Drivers "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 12/10/2012 10.19.00 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002 Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000. Error - 12/10/2012 23.19.49 | Computer Name = FILIPPA | Source = Application Error | ID = 1000 Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18, modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo errore 0x00037256. Error - 13/10/2012 7.40.36 | Computer Name = FILIPPA | Source = Application Error | ID = 1000 Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18, modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo errore 0x00037256. Error - 13/10/2012 12.40.45 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002 Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000. Error - 13/10/2012 12.41.32 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002 Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000. Error - 13/10/2012 12.42.02 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002 Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000. Error - 13/10/2012 12.42.42 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002 Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000. Error - 14/10/2012 1.35.21 | Computer Name = FILIPPA | Source = Application Error | ID = 1000 Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18, modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo errore 0x00037256. Error - 14/10/2012 4.12.41 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002 Description = Applicazione in stallo avcenter.exe, versione 10.0.12.31, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000. Error - 14/10/2012 4.12.42 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002 Description = Applicazione in stallo avcenter.exe, versione 10.0.12.31, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000. [ System Events ] Error - 11/10/2012 7.38.24 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002 Description = Il lease 192.168.1.2 dell'indirizzo IP della scheda di rete con indirizzo 1CAFF766C8CF è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato un messaggio DHCPNACK. Error - 12/10/2012 0.46.16 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002 Description = Il lease 192.168.1.3 dell'indirizzo IP della scheda di rete con indirizzo 1CAFF766C8CF è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato un messaggio DHCPNACK. Error - 12/10/2012 8.16.38 | Computer Name = FILIPPA | Source = Service Control Manager | ID = 7011 Description = Timout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio ANIWZCSdService. Error - 12/10/2012 8.17.08 | Computer Name = FILIPPA | Source = Service Control Manager | ID = 7011 Description = Timout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio . Error - 12/10/2012 23.19.01 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002 Description = Il lease 192.168.1.3 dell'indirizzo IP della scheda di rete con indirizzo 1CAFF766C8CF è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato un messaggio DHCPNACK. Error - 14/10/2012 1.33.13 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002 Description = Il lease 192.168.1.2 dell'indirizzo IP della scheda di rete con indirizzo 1CAFF766C8CF è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato un messaggio DHCPNACK. Error - 14/10/2012 4.06.20 | Computer Name = FILIPPA | Source = Service Control Manager | ID = 7034 Description = Interruzione imprevista del servizio Skype C2C Service. Questo evento si è già verificato 1 volta(e). Error - 14/10/2012 4.14.07 | Computer Name = FILIPPA | Source = DCOM | ID = 10005 Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti "" per eseguire il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 14/10/2012 4.22.41 | Computer Name = FILIPPA | Source = Service Control Manager | ID = 7034 Description = Interruzione imprevista del servizio Skype C2C Service. Questo evento si è già verificato 1 volta(e). Error - 15/10/2012 0.57.16 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002 Description = Il lease 192.168.1.2 dell'indirizzo IP della scheda di rete con indirizzo 1CAFF766C8CF è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato un messaggio DHCPNACK. < End of report >

Cosa può essere se non è un virus??

di **FrancescoFDAC** » 16/10/12 13:14

Metti OTL.exe sul desktop. Avvialo e copia/incolla il codice sottostante nel Custom Scans/Fixes.

:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\cristina\IMPOST~1\Temp\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Clicca su Run Fix e dai Ok. Potrebbe essere richiesto un riavvio, accetta.
Si aprirà un report salvalo ed allegalo.

Infine, allega un log aggiornato di Hijackthis.

Pc lentissimo in ogni caso, ma scansione pulita

Pc lentissimo in ogni caso, ma scansione pulita

Re: Pc lentissimo in ogni caso, ma scansione pulita

Re: Pc lentissimo in ogni caso, ma scansione pulita

Re: Pc lentissimo in ogni caso, ma scansione pulita

Re: Pc lentissimo in ogni caso, ma scansione pulita

Re: Pc lentissimo in ogni caso, ma scansione pulita

Topic correlati a "Pc lentissimo in ogni caso, ma scansione pulita":

Chi c’è in linea