Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Pc lentissimo in ogni caso, ma scansione pulita

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: -> EleKtrA <-, antoo69

Pc lentissimo in ogni caso, ma scansione pulita

Postdi Vento_ribelle » 12/10/12 17:56

Salve a tutti.
Innanzi tutto dico che ho fatto le dovute ricerche sul forum prima di scrivere il topic e infatti : ho fatto scansione con antimalwarebyte , ma è risultata pulita. Ho fatto scansione con avira ma tutto pulito. Ho scaricato CCleaner e utilizzato, scaricato adwcleaner e tds killer di kaspersky (tutte le scansioni non hanno trovato nulla). Ma il problema è rimasto invariato. In pratica il pc è lentissimo a fare qualsiasi cosa, anche aprire una semplice cartella senza che ci siano altri programmi aperti o pagine web. Per non parlare di internet che in pratica ci mette anni a caricare (solo stamattina mezz'ora prima che potessi utilizzare la pagina web).
Ho guardato il task manager ma non mi pare ci sia nulla che occupi troppa memoria, e infatti in prestazioni l'utilizzo della cpu risulta al 4%. Ho provato a svuotare un pò l hard disk e adesso è vuoto per più del 50%.
Non so più cosa provare.
Vi copio e incollo (spero di ricordare come si fa il copia incolla) il log di hijack , se vi può essere utile.

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.55.01, on 12/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\My 190\My 190.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] C:\Programmi\D-Link\DWA-140 revB\WZCSLDR2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7201 bytes
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Sponsor
 

Re: Pc lentissimo in ogni caso, ma scansione pulita

Postdi FrancescoFDAC » 13/10/12 18:46

ComboFix: rimuovere le infezioni presenti nel sistema

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● clicca due volte sul file ComboFix per avviare l'applicazione
● clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"


● nel caso di Windows XP, verrà richiesta l' installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
● se non trovi il Report del programma, clicca Start, Esegui e inserisci questa stringa (infine clicca il pulsante Invio):
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Note - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, prima di avviarlo, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette USB, Hard Disk Esterni, Lettori MP3, Schedine SD..) per prevenire future minacce: quando inserisci un dispositivo esterno, dovrai avviarla "manualmente" dalle Risorse del computer

P.S. alleghi il log di Adwcleaner? si trova nel disco C:
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc lentissimo in ogni caso, ma scansione pulita

Postdi Vento_ribelle » 14/10/12 10:00

Intanto buona domenica e grazie per la risposta.
Ho avuto dei problemoni enormi con combofix ed ora ti spiego.
Ho scaricato combofix,messo sul desktop .Ho accettato ed è partita l'estrazione dei file (la schermata nera) a quel punto mi dice che l'antivirus è ancora in funzione ma io lo avevo disattivato. Cosi ho ricontrollato avira ed era veramente disattivato. Ho provato a chiudere del tutto avira ma si è blocatto il pc. Allora ho disinstallato avira e riavviato il pc. Al riavvio ho rieseguito il download di combofix e provato a riavviarlo.Ho accettato di nuovo ma stavolta oltre la schermata nera non succede più nulla.
Finalmente al quinto tentativo parte combofix ma ancora mi dice che avira è in funzione,in ogni caso fa questa benedetta scansione.

Codice: Seleziona tutto
ComboFix 12-10-14.02 - cristina 14/10/2012  10.37.45.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.511.223 [GMT 2:00]
Eseguito da: c:\documents and settings\cristina\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {7C926B08-FFFF-FFFF-00D0-FD7FB0F21200}
AV: AntiVir Desktop *Enabled/Updated* {7C926B08-FFFF-FFFF-00E0-FD7FB0F21200}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\AUTORUN.INF
c:\windows\WindowsUpdate.log . . . . Eliminazione Fallita
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-09-14 al 2012-10-14  )))))))))))))))))))))))))))))))))))
.
.
2012-10-12 16:54 . 2012-10-12 16:54   --------   d-----w-   c:\programmi\Trend Micro
2012-10-01 12:10 . 2012-10-01 12:10   --------   dc----w-   C:\TDSSKiller_Quarantine
2012-10-01 10:13 . 2012-10-01 10:13   --------   dc----w-   c:\documents and settings\cristina\Dati applicazioni\Malwarebytes
2012-10-01 10:13 . 2012-10-01 10:13   --------   dc----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-10-01 10:13 . 2012-09-07 15:04   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-10-01 10:13 . 2012-10-01 10:13   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2012-09-28 13:07 . 2012-09-28 13:07   --------   d-----w-   c:\programmi\File comuni\Java
2012-09-28 13:07 . 2012-09-28 13:06   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-28 13:06 . 2012-08-16 18:55   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-09-28 13:06 . 2011-10-17 19:47   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-09-28 13:06 . 2011-10-17 19:47   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-07-30 09:04 . 2012-07-30 09:04   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-07-30 09:04 . 2011-10-09 13:48   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link Wireless N DWA-140"="c:\programmi\D-Link\DWA-140 revB\AirNCFG.exe" [2009-09-18 1708032]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^cristina^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk]
path=c:\documents and settings\cristina\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk
backup=c:\windows\pss\My 190.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^cristina^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]
path=c:\documents and settings\cristina\Menu Avvio\Programmi\Esecuzione automatica\Widget vodafone.lnk
backup=c:\windows\pss\Widget vodafone.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37   843712   ----a-w-   c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28   59240   ----a-w-   c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 17:14   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 05:05   138096   ----atw-   c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-09 13:51   136176   ----atw-   c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 17:05   421736   ----a-w-   c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 02:25   6595928   ----a-w-   c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 14:55   323584   -c--a-w-   c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14   1695232   ------w-   c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11   3872080   ----a-w-   c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 14:55   323584   -c--a-w-   c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09   413696   -c--a-w-   c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33   17418928   ----a-r-   c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-06-21 03:42   577536   ------r-   c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04   252848   ----a-w-   c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"wuauserv"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ose"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\cristina\\Desktop\\BitTorrent-7.2.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\cristina\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [30/06/2011 9.38.14 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [30/06/2011 9.38.14 29400]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [09/10/2011 20.40.47 151552]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [01/10/2012 12.13.29 399432]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [01/10/2012 12.13.29 676936]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13.33.30 3064000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/10/2012 12.13.21 22856]
R3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [13/12/2011 11.55.55 618112]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 13.28.36 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/07/2012 11.04.27 257696]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 09:04]
.
2012-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job
- c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-01-22 05:05]
.
2012-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job
- c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-01-22 05:05]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job
- c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-10-09 13:51]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job
- c:\documents and settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-10-09 13:51]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-WZCSLDR2 - c:\programmi\D-Link\DWA-140 revB\WZCSLDR2.exe
SafeBoot-90988135.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-14 10:46
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\guard32.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Ora fine scansione: 2012-10-14  10:50:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-10-14 08:50
.
Pre-Run: 39.704.494.080 byte disponibili
Post-Run: 40.299.118.592 byte disponibili
.
- - End Of File - - 00AF633EC38E8C32FCE799116487A7DB


Ti allego il log di adw cleaner (l'ho rifatto stamattina)

Codice: Seleziona tutto
# AdwCleaner v1.801 - Logfile created 10/14/2012 at 10:54:18
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : cristina - FILIPPA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\cristina\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [732 octets] - [14/10/2012 10:24:30]
AdwCleaner[R2].txt - [664 octets] - [14/10/2012 10:54:18]

########## EOF - C:\AdwCleaner[R2].txt - [791 octets] ##########


E questo è tutto.
Spero che ci capisci qualcosa tu :cry:

ps: ho letto nel log di combofix che risultava in funzione antimalwarebyte ma io lo avevo chiuso!! :?:
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: Pc lentissimo in ogni caso, ma scansione pulita

Postdi FrancescoFDAC » 14/10/12 12:08

Non vedo granchè.
Scarica OTL By OldTimer: http://oldtimer.geekstogo.com/OTL.exe
● posiziona il tool scaricato sul Desktop
● doppio click sull'icona del programma per avviarlo
● metti il segno di spunta a Scan All Users
● clicca sul bottone Quick Scan
● attendi pazientemente la fine della scansione
● alla fine della scansione, verranno generati 2 logs: allegali
OTListIt.txt (aperto)
Extra.txt (minimizzato)
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc lentissimo in ogni caso, ma scansione pulita

Postdi Vento_ribelle » 16/10/12 12:12

Il problema continua :(
Codice: Seleziona tutto
OTL logfile created on: 16/10/2012 12.29.53 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Documents and Settings\cristina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
511,48 Mb Total Physical Memory | 100,99 Mb Available Physical Memory | 19,74% Memory free
1,23 Gb Paging File | 0,54 Gb Available in Paging File | 43,88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 48,83 Gb Total Space | 37,45 Gb Free Space | 76,71% Space Free | Partition Type: NTFS
Drive D: | 25,69 Gb Total Space | 24,93 Gb Free Space | 97,03% Space Free | Partition Type: NTFS
Drive F: | 7,84 Gb Total Space | 5,11 Gb Free Space | 65,17% Space Free | Partition Type: FAT32
Drive G: | 144,80 Gb Total Space | 112,65 Gb Free Space | 77,79% Space Free | Partition Type: NTFS
 
Computer Name: FILIPPA | User Name: cristina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/10/10 12.06.17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
PRC - [2012/09/28 15.06.35 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programmi\Java\jre7\bin\jqs.exe
PRC - [2012/09/07 17.04.46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17.04.46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17.04.44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/26 16.06.10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cristina\Desktop\OTL.exe
PRC - [2012/08/13 13.33.30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/03 09.04.54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2011/06/30 09.37.28 | 001,793,712 | ---- | M] (COMODO) -- C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/30 09.37.06 | 002,554,696 | ---- | M] (COMODO) -- C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/09/18 18.41.14 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2009/08/21 09.27.24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/07/07 20.10.14 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
PRC - [2008/11/09 22.48.14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/10/10 12.06.15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 12.06.13 | 012,435,992 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 12.06.12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 12.04.44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 12.04.43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 12.04.42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/08/17 07.02.26 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\SwiftShader\1.0.1.3\libGLESv2.dll
MOD - [2012/08/17 07.02.26 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\SwiftShader\1.0.1.3\libEGL.dll
MOD - [2011/06/06 12.55.32 | 000,301,056 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
MOD - [2009/07/07 20.10.14 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
MOD - [2009/07/07 18.50.04 | 000,258,048 | ---- | M] () -- C:\WINDOWS\system32\wlanapp.dll
MOD - [2009/06/01 14.23.24 | 000,315,392 | ---- | M] () -- C:\WINDOWS\system32\ANIOApi.dll
MOD - [2009/06/01 14.23.24 | 000,315,392 | ---- | M] () -- C:\Programmi\D-Link\DWA-140 revB\ANIOApi.dll
MOD - [2008/04/13 19.13.44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/28 15.06.35 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/07 17.04.46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17.04.46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/13 13.33.30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/30 11.04.27 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13.28.36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/27 00.15.42 | 000,055,144 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/06/30 09.37.28 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/08/21 09.27.24 | 000,102,400 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2009/07/07 20.10.14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2008/11/09 22.48.14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/07/28 20.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\cristina\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/07 17.04.46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/30 09.38.16 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2011/06/30 09.38.14 | 000,242,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/06/30 09.38.14 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/08/03 10.57.38 | 000,724,736 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2009/02/09 18.10.04 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2008/04/13 11.56.08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11.45.30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/13 14.17.26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/09/18 08.59.00 | 000,250,240 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/06/27 17.42.14 | 003,972,672 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2004/08/19 17.23.40 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/31 13.00.00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/31 13.00.00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-220523388-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programmi\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
 
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: Cruciverba = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\cnlkponnfbmdpjlafjmmecmfklmbiaej\1.1_1\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
 
O1 HOSTS File: ([2012/10/14 10.46.50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Programmi\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91C5C5BC-2196-408D-AE20-DD259AA4E7FF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/09 12.19.50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/14 15.55.14 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/10/14 10.32.52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/14 10.32.52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/14 10.32.52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/14 10.32.52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/14 10.19.51 | 004,979,246 | R--- | C] (Swearware) -- C:\Documents and Settings\cristina\Desktop\ComboFix.exe
[2012/10/14 10.08.39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/14 10.06.29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\cristina\Documenti\Video
[2012/10/14 10.03.05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/12 18.54.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\HijackThis
[2012/10/12 18.54.41 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2012/10/01 14.14.17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\cristina\Menu Avvio\Programmi\Strumenti di amministrazione
[2012/10/01 14.10.36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/01 13.15.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dati applicazioni\Adobe
[2012/10/01 12.13.48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cristina\Dati applicazioni\Malwarebytes
[2012/10/01 12.13.33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2012/10/01 12.13.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2012/10/01 12.13.21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/01 12.13.19 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2012/10/01 12.09.10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\cristina\Desktop\HJTInstall.exe
[2012/10/01 12.08.44 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cristina\Desktop\OTL.exe
[2012/10/01 12.08.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cristina\Desktop\pulire il pc
[2012/09/28 15.07.42 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/10/16 12.26.02 | 000,001,254 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job
[2012/10/16 11.52.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/16 10.10.03 | 000,001,272 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job
[2012/10/16 07.26.02 | 000,001,202 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job
[2012/10/16 07.10.06 | 000,001,250 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job
[2012/10/16 07.04.48 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{91C5C5BC-2196-408D-AE20-DD259AA4E7FF}
[2012/10/16 07.04.40 | 000,000,009 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{91C5C5BC-2196-408D-AE20-DD259AA4E7FF}
[2012/10/16 06.30.23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/16 06.30.22 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/14 10.46.50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/14 10.21.34 | 004,979,246 | R--- | M] (Swearware) -- C:\Documents and Settings\cristina\Desktop\ComboFix.exe
[2012/10/12 18.54.42 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\cristina\Desktop\HijackThis.lnk
[2012/10/12 18.19.40 | 002,180,953 | ---- | M] () -- C:\Documents and Settings\cristina\Documenti\S5031905.JPG
[2012/10/12 18.11.49 | 000,821,987 | ---- | M] () -- C:\Documents and Settings\cristina\Documenti\L'uccello in chiesa.mp3
[2012/10/11 07.34.54 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\cristina\Desktop\Google Chrome.lnk
[2012/10/01 14.11.44 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/10/01 12.13.36 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/23 20.25.40 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/23 12.49.37 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/09/22 06.56.24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/10/14 10.32.52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/14 10.32.52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/14 10.32.52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/14 10.32.52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/14 10.32.52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/12 18.54.42 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\cristina\Desktop\HijackThis.lnk
[2012/10/12 18.12.18 | 002,180,953 | ---- | C] () -- C:\Documents and Settings\cristina\Documenti\S5031905.JPG
[2012/10/12 18.08.40 | 000,821,987 | ---- | C] () -- C:\Documents and Settings\cristina\Documenti\L'uccello in chiesa.mp3
[2012/10/01 12.13.36 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/01 12.08.40 | 000,618,227 | ---- | C] () -- C:\Documents and Settings\cristina\Desktop\adwcleaner.exe
[2012/10/01 12.01.29 | 068,460,264 | ---- | C] () -- C:\Documents and Settings\cristina\Desktop\avira_antivir_personal_it.exe
[2012/07/30 22.51.45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/14 15.32.32 | 000,031,120 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/01 17.24.41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/04/08 14.28.14 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 11.55.55 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2011/12/13 11.55.54 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2011/10/14 09.26.06 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/10/09 20.42.22 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\cristina\Dati applicazioni\ANICONFIG_{91C5C5BC-2196-408D-AE20-DD259AA4E7FF}.ini
[2011/10/09 20.40.47 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe
[2011/10/09 20.40.38 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll
[2011/10/09 20.40.38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll
[2011/10/09 20.40.38 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll
[2011/10/09 20.40.37 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2011/10/09 20.40.20 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll
[2011/10/09 20.40.20 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys
[2011/10/09 20.40.20 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys
[2011/10/09 20.39.47 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2011/10/09 20.39.47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe
[2011/10/09 20.38.51 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/10/09 14.07.32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/09 14.05.48 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/09 12.32.53 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/10/09 12.32.34 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/10/09 12.32.26 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2011/10/09 12.22.19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/09 12.16.24 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/09 12.15.08 | 001,267,200 | ---- | C] () -- C:\WINDOWS\System32\comsvcs.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/04/20 11.25.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/10 12.55.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cristina\Dati applicazioni\BitTorrent
[2012/03/10 11.27.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cristina\Dati applicazioni\it.vodafone.desktopwidget
[2011/10/22 14.48.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cristina\Dati applicazioni\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
[2012/08/16 20.55.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cristina\Dati applicazioni\Oracle
[2012/10/16 07.10.06 | 000,001,250 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003Core.job
[2012/10/16 10.10.03 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-1770027372-839522115-1003UA.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >


Codice: Seleziona tutto
OTL Extras logfile created on: 16/10/2012 12.29.53 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Documents and Settings\cristina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
511,48 Mb Total Physical Memory | 100,99 Mb Available Physical Memory | 19,74% Memory free
1,23 Gb Paging File | 0,54 Gb Available in Paging File | 43,88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 48,83 Gb Total Space | 37,45 Gb Free Space | 76,71% Space Free | Partition Type: NTFS
Drive D: | 25,69 Gb Total Space | 24,93 Gb Free Space | 97,03% Space Free | Partition Type: NTFS
Drive F: | 7,84 Gb Total Space | 5,11 Gb Free Space | 65,17% Space Free | Partition Type: FAT32
Drive G: | 144,80 Gb Total Space | 112,65 Gb Free Space | 77,79% Space Free | Partition Type: NTFS
 
Computer Name: FILIPPA | User Name: cristina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\BitTorrent\BitTorrent.exe" = C:\Programmi\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\cristina\Desktop\BitTorrent-7.2.exe" = C:\Documents and Settings\cristina\Desktop\BitTorrent-7.2.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\cristina\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26A9CDB0-9827-91E4-550F-71569256A3BD}" = My 190
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Italiano
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust 100K Series Webcam
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link Wireless N DWA-140
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BitTorrent" = BitTorrent
"HijackThis" = HijackThis 2.0.2
"it.vodafone.desktopwidget" = My 190
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.65.0.1400
"NVIDIA Drivers" = NVIDIA Drivers
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 12/10/2012 10.19.00 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in
 stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 12/10/2012 23.19.49 | Computer Name = FILIPPA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18,
 modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo
 errore 0x00037256.
 
Error - 13/10/2012 7.40.36 | Computer Name = FILIPPA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18,
 modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo
 errore 0x00037256.
 
Error - 13/10/2012 12.40.45 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in
 stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 13/10/2012 12.41.32 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in
 stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 13/10/2012 12.42.02 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in
 stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 13/10/2012 12.42.42 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo chrome.exe, versione 22.0.1229.94, modulo in
 stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 14/10/2012 1.35.21 | Computer Name = FILIPPA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18,
 modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo
 errore 0x00037256.
 
Error - 14/10/2012 4.12.41 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo avcenter.exe, versione 10.0.12.31, modulo in
 stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 14/10/2012 4.12.42 | Computer Name = FILIPPA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo avcenter.exe, versione 10.0.12.31, modulo in
 stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
[ System Events ]
Error - 11/10/2012 7.38.24 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.2 dell'indirizzo IP della scheda di rete con indirizzo
 1CAFF766C8CF è stato  negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
 un messaggio DHCPNACK.
 
Error - 12/10/2012 0.46.16 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.3 dell'indirizzo IP della scheda di rete con indirizzo
 1CAFF766C8CF è stato  negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
 un messaggio DHCPNACK.
 
Error - 12/10/2012 8.16.38 | Computer Name = FILIPPA | Source = Service Control Manager | ID = 7011
Description = Timout (30000 millisecondi) durante l'attesa della risposta alla transazione
 dal servizio ANIWZCSdService.
 
Error - 12/10/2012 8.17.08 | Computer Name = FILIPPA | Source = Service Control Manager | ID = 7011
Description = Timout (30000 millisecondi) durante l'attesa della risposta alla transazione
 dal servizio .
 
Error - 12/10/2012 23.19.01 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.3 dell'indirizzo IP della scheda di rete con indirizzo
 1CAFF766C8CF è stato  negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
 un messaggio DHCPNACK.
 
Error - 14/10/2012 1.33.13 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.2 dell'indirizzo IP della scheda di rete con indirizzo
 1CAFF766C8CF è stato  negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
 un messaggio DHCPNACK.
 
Error - 14/10/2012 4.06.20 | Computer Name = FILIPPA | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Skype C2C Service. Questo evento
 si è già verificato 1 volta(e).
 
Error - 14/10/2012 4.14.07 | Computer Name = FILIPPA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 14/10/2012 4.22.41 | Computer Name = FILIPPA | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Skype C2C Service. Questo evento
 si è già verificato 1 volta(e).
 
Error - 15/10/2012 0.57.16 | Computer Name = FILIPPA | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.2 dell'indirizzo IP della scheda di rete con indirizzo
 1CAFF766C8CF è stato  negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
 un messaggio DHCPNACK.
 
 
< End of report >


Cosa può essere se non è un virus??
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: Pc lentissimo in ogni caso, ma scansione pulita

Postdi FrancescoFDAC » 16/10/12 13:14

Metti OTL.exe sul desktop. Avvialo e copia/incolla il codice sottostante nel Custom Scans/Fixes.

:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\cristina\IMPOST~1\Temp\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Clicca su Run Fix e dai Ok. Potrebbe essere richiesto un riavvio, accetta.
Si aprirà un report salvalo ed allegalo.


Infine, allega un log aggiornato di Hijackthis.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53


Torna a Sistemi Operativi Windows


Topic correlati a "Pc lentissimo in ogni caso, ma scansione pulita":


Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti