Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Pc lento e non so più cosa fare

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Pc lento e non so più cosa fare

Postdi vairouge84 » 01/02/10 23:58

Ciao, ho bisogno di un aiuto. Siete l'ultima spiaggia prima di riformattare tutto.
Ho il pc che ha da qualche settimana dei comportamenti strani.
E' lentissimo all'avvio, spesso si blocca quando navigo su internet e magari ho qualche software in funzione (o semplicemente sposto e copio cartelle). Sento che lavora, che gira in continuazione anche quando non faccio nulla, sembra quasi che un programma invisibile a mia insaputa inizi a lavorare ma non riesco a capire cosa!
Vi elenco tutte (o quasi) le operazioni che ho eseguito prima di chiedere aiuto a voi.
Scansione con Avg e Spyware Terminator, i due software che utilizzo da tempo per proteggermi e che hanno sempre funzionato. Non mi hanno trovato nessuna minaccia.
Ho pulito i file di registro e per sfizio ho fatto anche la deframmentazione del disco utilizzando le funzioni del software Advanced System Care e non è cambiato nulla.
Ho lanciato Hijackthis e non mi ha trovato voci sospette, ho fatto anche analizzare il log sul sito da voi consigliato nella netiquette e mi ha dato esito positivo.
Ho controllato i programmi che vengono eseguiti all'avvio andando su START-ESEGUI e digitando msconfig, ho provato tutti settaggi possibili (avvio selettivo, normale...) e nulla, sempre lento allo stesso modo.
Attualmente i file all'avvio sono l'eseguibile di Zone allarm (il mio firewell da una vita), ForceField (dovrebbe aver a che fare con Zone allarm) e jusched.exe . In passato ne avevo molti di più in esecuzione e non ci ha mai messo così tanto ad avviarsi.
Ho anche cercato informazione su internet sui vari eseguibili che ci sono in processo sul task manager proprio mentre il pc rallenta e si blocca, nulla, tutti file eseguibili normali.
Ragazzi, non so più cosa fare :-(
Ho anche pensato che il virus provenisse dal windows live ed ho scaricato Msn Removal ma nulla :-(
Avete qualcosa da consigliarmi per evitare la riformattazione? L'ho effettuata già un mese fa dopo 2 anni di sopravvivenza e purtroppo vorrei evitare di perdere una giornata nuovamente a reinstallare tutto.
Il sistema operativo è un Windows XP + SP3.
Vi posto anche l'ultimo log di Hijackthis, magari può essere utile.
Grazie mille in anticipo.
Salvo.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.38.56, on 01/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CheckPoint\ZAForceField\ForceField.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISW] "C:\Programmi\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5694 bytes
vairouge84
Utente Senior
 
Post: 120
Iscritto il: 10/10/04 14:24

Sponsor
 

Re: Pc lento e non so più cosa fare

Postdi vairouge84 » 02/02/10 00:04

Dimenticavo...
Ho anche attivo Xp-antispy con i settaggi base suggeriti dal programma...
vairouge84
Utente Senior
 
Post: 120
Iscritto il: 10/10/04 14:24

Re: Pc lento e non so più cosa fare

Postdi shel » 02/02/10 01:27

ciao

Disattiva l'antivirus e i programmi anti-spyware
Disconnetti il pc da internet

scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Se hai delle icone di collegamento a programmi sul desktop, crea una cartella apposita e copiale al suo interno

Doppio click su combofix.exe e segui le istruzioni passo a passo, ricordati di dare invio dopo i vari passaggi

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Pc lento e non so più cosa fare

Postdi vairouge84 » 02/02/10 20:27

Ciao, ho fatto tutto quello che hai scritto.
AVG Antivirus e Spyware Terminator di solito non li tengo attivati costantemente perchè temo che mi rallentino il pc e poi sono protetto da Zone Allarm.
Il primo l'ho disinstallato. Il secondo non era ativo. Zone allarm l'ho scollegato.
Ecco il log.

ComboFix 10-02-01.03 - UNIVERSAL 02/02/2010 20.11.16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.256 [GMT 1:00]
Eseguito da: c:\documents and settings\UNIVERSAL\Documenti\Download\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-01-02 al 2010-02-02 )))))))))))))))))))))))))))))))))))
.

2010-02-01 21:37 . 2006-05-03 10:57 520192 ------w- c:\windows\system32\ati2sgag.exe
2010-02-01 20:57 . 2008-04-13 18:14 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-01 20:57 . 2008-04-13 18:14 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-01 20:57 . 2001-08-30 22:08 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-01 20:57 . 2001-08-30 22:08 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-01 20:57 . 2001-08-30 22:08 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-01 20:57 . 2001-08-30 22:08 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-01 20:57 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-01 20:57 . 2008-04-13 08:34 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-01 20:57 . 2008-04-13 08:34 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-01 20:57 . 2008-04-13 18:13 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-02-01 20:57 . 2008-04-13 10:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-02-01 20:55 . 2001-08-30 22:08 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-02-01 20:54 . 2001-08-30 22:08 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-02-01 20:53 . 2001-08-30 21:25 17536 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2010-02-01 20:52 . 2008-04-13 10:40 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2010-02-01 20:51 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-02-01 20:50 . 2008-04-13 10:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-01 20:49 . 2001-08-30 22:07 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-02-01 20:48 . 2001-08-30 22:07 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-02-01 20:47 . 2001-08-30 22:07 89088 -c--a-w- c:\windows\system32\dllcache\hpgt33.dll
2010-02-01 20:46 . 2001-08-30 22:07 46080 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-02-01 20:45 . 2001-08-30 22:08 236060 -c--a-w- c:\windows\system32\dllcache\ditrace.exe
2010-02-01 20:44 . 2001-08-30 22:07 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2010-02-01 20:43 . 2001-08-30 19:19 13952 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-02-01 20:42 . 2001-08-17 19:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-02-01 20:41 . 2001-08-30 22:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-01 20:41 . 2008-04-13 17:54 2148864 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-30 12:16 . 2008-04-13 18:13 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2010-01-30 12:16 . 2008-04-13 18:13 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2010-01-30 12:16 . 2008-04-13 18:13 377984 -c--a-w- c:\windows\system32\dllcache\ati2dvaa.dll
2010-01-30 12:16 . 2008-04-13 18:13 377984 ----a-w- c:\windows\system32\ati2dvaa.dll
2010-01-28 18:08 . 2010-01-28 18:08 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2010-01-28 18:08 . 2010-01-28 18:08 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2010-01-28 18:07 . 2010-01-28 18:07 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-28 18:07 . 2010-02-02 12:31 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Spyware Terminator
2010-01-28 18:07 . 2010-02-02 14:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-01-28 18:07 . 2010-02-02 12:31 -------- d-----w- c:\programmi\Spyware Terminator
2010-01-27 17:46 . 2009-12-04 15:35 46472 ----a-w- c:\windows\system32\vsutil_loc0410.dll
2010-01-27 17:46 . 2009-12-04 15:34 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-27 17:46 . 2009-12-04 15:34 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-27 17:45 . 2009-12-04 15:34 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-27 17:45 . 2010-01-27 17:46 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-27 17:45 . 2010-01-27 17:45 -------- d-----w- c:\programmi\Zone Labs
2010-01-27 17:38 . 2010-02-02 19:05 -------- d-----w- c:\windows\Internet Logs
2010-01-27 17:31 . 2010-01-27 17:31 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\CheckPoint
2010-01-27 17:30 . 2010-01-27 17:47 -------- d-----w- c:\programmi\CheckPoint
2010-01-27 17:30 . 2010-01-27 17:47 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-24 22:42 . 2003-11-12 22:38 510976 ----a-w- c:\windows\system32\synsoacc.dll
2010-01-24 16:51 . 2010-01-24 16:51 -------- d-----w- c:\programmi\SampleTank 2
2010-01-24 16:45 . 2010-01-24 16:45 -------- d-----w- c:\programmi\SAMPLE~1
2010-01-18 20:43 . 2010-02-02 10:20 1 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-18 20:41 . 2010-01-18 20:41 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\OpenOffice.org
2010-01-18 20:34 . 2010-01-18 20:34 -------- d-----w- c:\programmi\JRE
2010-01-18 20:33 . 2010-01-18 20:34 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-01-18 09:48 . 2010-01-18 09:47 1260800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-01-09 17:27 . 2010-01-09 17:27 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\JAlbum
2010-01-09 17:20 . 2010-01-09 17:21 -------- d-----w- c:\programmi\Jalbum
2010-01-07 20:48 . 2010-01-07 20:48 -------- d-----w- c:\programmi\Trend Micro
2010-01-07 19:13 . 2010-01-08 01:16 304182 ----a-w- C:\StiImg.dat
2010-01-06 21:01 . 2010-01-06 21:01 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\ZoomBrowser EX
2010-01-06 20:52 . 2010-01-06 20:52 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Canon
2010-01-06 20:51 . 2010-01-06 20:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PhotoStitch
2010-01-06 20:45 . 2010-01-06 20:45 -------- d-----w- c:\programmi\File comuni\Canon
2010-01-06 20:38 . 2010-01-06 20:38 -------- d-----w- c:\windows\PAC207
2010-01-06 20:37 . 2004-06-17 02:05 136832 ----a-r- c:\windows\system32\drivers\pfc027.sys
2010-01-06 19:31 . 2010-01-30 11:59 -------- d-----w- c:\documents and settings\UNIVERSAL\Impostazioni locali\Dati applicazioni\ATI
2010-01-06 19:31 . 2010-01-30 11:59 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\ATI
2010-01-06 19:11 . 2010-01-06 19:11 -------- d-----w- c:\programmi\Lavalys
2010-01-06 18:29 . 2008-04-13 08:44 2560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\USMT\iconlib.dll
2010-01-06 18:23 . 2010-01-06 18:23 -------- d-----w- c:\programmi\AMD
2010-01-06 18:12 . 2003-07-02 03:42 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-01-06 17:49 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-06 17:46 . 2010-01-24 17:08 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
2010-01-06 12:53 . 2010-01-17 14:55 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\U3
2010-01-06 11:34 . 2010-01-06 11:34 152576 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-06 11:32 . 2010-01-06 11:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-06 11:32 . 2010-01-29 19:32 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\skypePM
2010-01-05 16:34 . 2007-01-11 03:02 113664 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-01-05 01:31 . 2010-01-05 01:31 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Nokia Multimedia Player
2010-01-04 21:22 . 2003-10-21 00:31 815104 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll
2010-01-04 21:22 . 2003-10-21 00:31 757760 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll
2010-01-04 21:22 . 2010-01-04 21:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrovision
2010-01-04 21:19 . 2010-01-04 21:19 -------- d-----w- c:\programmi\File comuni\Macromedia Shared
2010-01-04 21:19 . 2003-09-17 11:57 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-04 21:19 . 2003-09-17 11:57 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-04 21:19 . 2003-09-17 11:57 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-04 21:18 . 2010-01-04 21:19 -------- d-----w- c:\programmi\File comuni\Macromedia
2010-01-04 21:17 . 2010-01-04 21:19 -------- d-----w- c:\programmi\Macromedia
2010-01-04 14:26 . 2010-01-04 14:26 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Datalayer
2010-01-04 14:24 . 2010-01-04 14:51 -------- d-----w- c:\documents and settings\UNIVERSAL\Phone Browser
2010-01-04 13:42 . 2010-01-04 13:42 -------- d-----w- c:\programmi\DIFX
2010-01-04 13:40 . 2010-01-04 13:40 -------- d-----w- c:\programmi\File comuni\Nokia
2010-01-04 13:40 . 2010-01-04 13:40 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\PC Suite
2010-01-04 13:40 . 2010-01-04 13:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-01-04 13:39 . 2010-01-04 13:40 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-01-04 13:39 . 2006-05-29 07:26 13312 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys
2010-01-04 13:39 . 2006-05-29 07:26 13312 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2010-01-04 13:39 . 2006-05-29 07:26 8704 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2010-01-04 13:39 . 2006-05-29 07:26 30720 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-01-04 13:39 . 2006-05-29 07:26 4608 ----a-w- c:\windows\system32\nmwcdlog.dll
2010-01-04 13:39 . 2006-05-29 07:26 127488 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2010-01-04 13:39 . 2006-05-29 07:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-01-04 13:39 . 2010-01-04 13:45 -------- d-----w- c:\programmi\Nokia
2010-01-04 13:39 . 2010-01-04 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 19:04 . 2010-01-28 09:23 3713986 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-02 12:28 . 2010-02-02 12:29 35840 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-02-02 12:27 . 2009-12-29 21:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-01 23:17 . 2010-02-02 09:05 43520 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-02-01 21:28 . 2009-12-08 00:13 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\vlc
2010-02-01 21:05 . 2010-02-01 21:08 35840 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-02-01 17:49 . 2010-02-01 17:54 22528 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-02-01 12:50 . 2010-02-01 15:26 74240 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-31 15:57 . 2010-01-31 18:02 1634816 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-31 08:37 . 2010-01-31 09:15 1632768 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-30 12:55 . 2010-01-30 13:46 197120 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-30 12:11 . 2009-12-24 14:51 -------- d-----w- c:\programmi\ATI Technologies
2010-01-29 19:35 . 2009-12-08 22:04 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Skype
2010-01-29 12:37 . 2009-12-07 21:07 72944 ----a-w- c:\documents and settings\UNIVERSAL\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-28 22:37 . 2010-01-28 22:38 1613824 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-18 20:32 . 2009-12-07 23:44 -------- d-----w- c:\programmi\Java
2010-01-18 19:54 . 2009-12-22 20:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-01-18 09:47 . 2009-12-29 23:06 3777280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-01-06 20:15 . 2009-12-07 21:04 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-06 17:42 . 2001-08-31 12:00 70544 ----a-w- c:\windows\system32\perfc010.dat
2010-01-06 17:42 . 2001-08-31 12:00 440128 ----a-w- c:\windows\system32\perfh010.dat
2010-01-06 11:34 . 2009-12-08 06:33 79488 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-05 16:31 . 2009-12-07 21:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2010-01-04 20:41 . 2009-12-07 23:46 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\IObit
2010-01-04 16:32 . 2009-12-20 14:04 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\dvdcss
2009-12-30 13:03 . 2009-12-30 13:03 -------- d-----w- c:\programmi\Realtek AC97
2009-12-30 12:46 . 2009-12-30 12:06 -------- d-----w- c:\programmi\ATI
2009-12-29 21:58 . 2009-12-29 21:58 -------- d-----w- c:\programmi\AVG
2009-12-29 21:40 . 2009-12-07 22:57 -------- d-----w- c:\programmi\COMODO
2009-12-29 21:39 . 2009-12-07 23:00 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-12-29 17:57 . 2009-12-07 16:45 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-24 18:57 . 2009-12-24 18:57 7406 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_bb32ea6.exe
2009-12-24 18:57 . 2009-12-24 18:57 1078 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_5af141bb.exe
2009-12-24 18:57 . 2009-12-24 18:57 1078 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_26e91eb.exe
2009-12-24 18:57 . 2009-12-24 18:57 -------- d-----w- c:\programmi\MP3 Player Utilities
2009-12-24 18:53 . 2009-12-24 18:53 1518 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_16C27C506C6504B2C13D39.exe
2009-12-24 18:53 . 2009-12-24 18:53 1078 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_1CAA5BC01F3C5DF97FB6C0.exe
2009-12-24 18:53 . 2009-12-24 18:53 10134 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_B54DE3512C6A1D235E523E.exe
2009-12-24 18:53 . 2009-12-24 18:53 16262 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_D2742AA478A741C95A085A.exe
2009-12-24 18:53 . 2009-12-24 18:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-24 18:53 . 2009-12-24 18:53 -------- d-----w- c:\programmi\Media Player Utilities 5.15
2009-12-24 15:09 . 2009-12-24 15:07 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\ArcSoft
2009-12-24 15:06 . 2009-12-24 15:06 -------- d-----w- c:\programmi\File comuni\ArcSoft
2009-12-24 15:03 . 2009-12-24 15:03 -------- d-----w- c:\programmi\ArcSoft
2009-12-24 14:26 . 2009-12-24 14:25 -------- d-----w- c:\programmi\VIA
2009-12-24 13:56 . 2009-12-24 13:55 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\GetRightToGo
2009-12-24 13:11 . 2009-12-24 13:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2009-12-20 23:00 . 2009-12-10 19:53 -------- d-----w- c:\programmi\QuickTime
2009-12-20 22:38 . 2009-12-07 20:37 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-20 19:39 . 2009-12-20 00:08 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\DAEMON Tools Lite
2009-12-20 00:18 . 2009-12-19 23:40 -------- d-----w- c:\programmi\Steinberg
2009-12-20 00:09 . 2009-12-20 00:09 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-12-20 00:09 . 2009-12-20 00:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-20 00:08 . 2009-12-20 00:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-12-19 23:55 . 2009-12-19 23:55 -------- d-----w- c:\programmi\ASIO4ALL v2
2009-12-19 23:42 . 2009-12-19 23:42 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Steinberg
2009-12-19 20:15 . 2009-12-19 20:15 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Ahead
2009-12-16 12:42 . 2009-12-07 23:24 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-12 12:24 . 2009-12-12 12:24 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Apple Computer
2009-12-09 21:14 . 2009-12-08 21:51 -------- d-----w- c:\programmi\File comuni\LightScribe
2009-12-08 22:03 . 2009-12-08 22:03 -------- d-----w- c:\programmi\Skype
2009-12-08 22:03 . 2009-12-08 22:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-12-08 22:03 . 2009-12-08 22:03 -------- d-----w- c:\programmi\File comuni\Skype
2009-12-08 21:53 . 2009-12-08 21:48 -------- d-----w- c:\programmi\Ahead
2009-12-08 21:52 . 2009-12-08 21:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-12-08 21:51 . 2009-12-08 21:51 -------- d-----w- c:\programmi\File comuni\Nero
2009-12-08 21:48 . 2009-12-08 21:48 -------- d-----w- c:\programmi\File comuni\Ahead
2009-12-07 23:46 . 2009-12-07 23:46 -------- d-----w- c:\programmi\IObit
2009-12-07 23:42 . 2009-12-07 23:42 152576 ------w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Sun\Java\jre1.6.0_11\lzma.dll
2009-12-07 23:25 . 2009-12-07 23:25 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\AdobeUM
2009-12-07 22:50 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Microsoft
2009-12-07 22:50 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Windows Live
2009-12-07 22:50 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-07 22:47 . 2009-12-07 22:47 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-07 22:41 . 2009-12-07 22:41 -------- d-----w- c:\programmi\Netropa
2009-12-07 22:32 . 2009-12-07 22:32 -------- d-----w- c:\programmi\xp-AntiSpy
2009-12-07 22:03 . 2009-12-07 22:03 0 ----a-w- c:\windows\nsreg.dat
2009-12-07 21:27 . 2009-12-07 21:26 -------- d-----w- c:\programmi\epson
2009-12-07 21:04 . 2009-12-07 21:04 -------- d-----w- c:\programmi\Analog Devices
2009-12-07 16:46 . 2009-12-07 16:46 -------- d-----w- c:\programmi\microsoft frontpage
2009-12-07 16:44 . 2009-12-07 16:44 -------- d-----w- c:\programmi\Servizi in linea
2009-12-07 16:43 . 2009-12-07 16:43 21840 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-02-02_12.47.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-02 19:04 . 2010-02-02 19:04 16384 c:\windows\Temp\Perflib_Perfdata_748.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-28 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2009-12-04 1037192]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ISW"="c:\programmi\CheckPoint\ZAForceField\ForceField.exe" [2009-10-27 730480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^UNIVERSAL^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\UNIVERSAL\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 12:51 2335880 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 18:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\programmi\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
2002-07-23 00:55 167936 ----a-w- c:\programmi\Netropa\Multimedia Keyboard\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21 1449984 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\programmi\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 07:57 143360 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-01-28 18:08 3037696 ----a-w- c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [07/12/2009 23.41.03 6656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28/01/2010 19.07.57 142592]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programmi\CheckPoint\ZAForceField\ISWKL.sys [27/10/2009 16.58.32 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programmi\CheckPoint\ZAForceField\ISWSVC.exe [27/10/2009 16.58.58 476528]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/12/2009 1.09.43 691696]
S2 nhksrv;Netropa NHK Server;c:\programmi\Netropa\Multimedia Keyboard\nhksrv.exe [07/12/2009 23.41.03 28672]
S3 SQTECH930B;NX VEGA 300;c:\windows\system32\Drivers\Capt930b.sys --> c:\windows\system32\Drivers\Capt930b.sys [?]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [24/12/2009 15.24.16 9728]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\UNIVERSAL\Dati applicazioni\Mozilla\Firefox\Profiles\d5dh5kvx.default\
FF - prefs.js: browser.startup.homepage - www.google.it

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 20:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(500)
c:\windows\system32\Ati2evxx.dll
c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(556)
c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Ora fine scansione: 2010-02-02 20:20:33
ComboFix-quarantined-files.txt 2010-02-02 19:20
ComboFix2.txt 2010-02-02 12:50

Pre-Run: 57.743.171.584 byte disponibili
Post-Run: 57.710.747.648 byte disponibili

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8BD70D41BC80204FCF1A1C4E0FA07F5B
vairouge84
Utente Senior
 
Post: 120
Iscritto il: 10/10/04 14:24

Re: Pc lento e non so più cosa fare

Postdi shel » 03/02/10 10:19

apri una pagina del blocco note e copia incolla quanto segue

file::
c:\windows\Internet Logs\xDB7.tmp
c:\windows\Internet Logs\xDB6.tmp
c:\windows\Internet Logs\xDB5.tmp
c:\windows\Internet Logs\xDB4.tmp
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB2.tmp
c:\windows\Internet Logs\xDB1.tmp


salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...


vai sul sito virus total e analizza questo file

c:\windows\system32\Drivers\Capt930b.sys
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Pc lento e non so più cosa fare

Postdi vairouge84 » 03/02/10 13:48

ok... il tutto sempre disttivando la connessione ad internet e disabilitando gli antivirus?
Sono andato sul sito virustotal, ho inserito il percorso ma non mi trova il file... ho provato anche visualizzando i file nascosti.
vairouge84
Utente Senior
 
Post: 120
Iscritto il: 10/10/04 14:24

Re: Pc lento e non so più cosa fare

Postdi vairouge84 » 03/02/10 18:56

Ecco il log. Ho seguito sempre la stessa procedura.

ComboFix 10-02-01.03 - UNIVERSAL 03/02/2010 13.53.55.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.266 [GMT 1:00]
Eseguito da: c:\documents and settings\UNIVERSAL\Documenti\Download\ComboFix.exe
Opzioni usate :: c:\documents and settings\UNIVERSAL\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\Internet Logs\xDB1.tmp"
"c:\windows\Internet Logs\xDB2.tmp"
"c:\windows\Internet Logs\xDB3.tmp"
"c:\windows\Internet Logs\xDB4.tmp"
"c:\windows\Internet Logs\xDB5.tmp"
"c:\windows\Internet Logs\xDB6.tmp"
"c:\windows\Internet Logs\xDB7.tmp"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB2.tmp
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB4.tmp
c:\windows\Internet Logs\xDB5.tmp
c:\windows\Internet Logs\xDB6.tmp
c:\windows\Internet Logs\xDB7.tmp

.
((((((((((((((((((((((((( Files Creati Da 2010-01-03 al 2010-02-03 )))))))))))))))))))))))))))))))))))
.

2010-02-01 21:37 . 2006-05-03 10:57 520192 ------w- c:\windows\system32\ati2sgag.exe
2010-02-01 20:57 . 2008-04-13 18:14 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-01 20:57 . 2008-04-13 18:14 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-01 20:57 . 2001-08-30 22:08 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-01 20:57 . 2001-08-30 22:08 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-01 20:57 . 2001-08-30 22:08 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-01 20:57 . 2001-08-30 22:08 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-01 20:57 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-01 20:57 . 2008-04-13 08:34 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-01 20:57 . 2008-04-13 08:34 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-01 20:57 . 2008-04-13 18:13 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-02-01 20:57 . 2008-04-13 10:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-02-01 20:55 . 2001-08-30 22:08 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-02-01 20:54 . 2001-08-30 22:08 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-02-01 20:53 . 2001-08-30 21:25 17536 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2010-02-01 20:52 . 2008-04-13 10:40 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2010-02-01 20:51 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-02-01 20:50 . 2008-04-13 10:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-01 20:49 . 2001-08-30 22:07 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-02-01 20:48 . 2001-08-30 22:07 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-02-01 20:47 . 2001-08-30 22:07 89088 -c--a-w- c:\windows\system32\dllcache\hpgt33.dll
2010-02-01 20:46 . 2001-08-30 22:07 46080 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-02-01 20:45 . 2001-08-30 22:08 236060 -c--a-w- c:\windows\system32\dllcache\ditrace.exe
2010-02-01 20:44 . 2001-08-30 22:07 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2010-02-01 20:43 . 2001-08-30 19:19 13952 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-02-01 20:42 . 2001-08-17 19:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-02-01 20:41 . 2001-08-30 22:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-01 20:41 . 2008-04-13 17:54 2148864 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-30 12:16 . 2008-04-13 18:13 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2010-01-30 12:16 . 2008-04-13 18:13 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2010-01-30 12:16 . 2008-04-13 18:13 377984 -c--a-w- c:\windows\system32\dllcache\ati2dvaa.dll
2010-01-30 12:16 . 2008-04-13 18:13 377984 ----a-w- c:\windows\system32\ati2dvaa.dll
2010-01-28 18:08 . 2010-01-28 18:08 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2010-01-28 18:08 . 2010-01-28 18:08 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2010-01-28 18:07 . 2010-01-28 18:07 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-28 18:07 . 2010-02-02 12:31 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Spyware Terminator
2010-01-28 18:07 . 2010-02-02 14:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-01-28 18:07 . 2010-02-02 21:23 -------- d-----w- c:\programmi\Spyware Terminator
2010-01-27 17:46 . 2009-12-04 15:35 46472 ----a-w- c:\windows\system32\vsutil_loc0410.dll
2010-01-27 17:46 . 2009-12-04 15:34 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-27 17:46 . 2009-12-04 15:34 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-27 17:45 . 2009-12-04 15:34 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-27 17:45 . 2010-01-27 17:46 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-27 17:45 . 2010-01-27 17:45 -------- d-----w- c:\programmi\Zone Labs
2010-01-27 17:38 . 2010-02-03 12:59 -------- d-----w- c:\windows\Internet Logs
2010-01-27 17:31 . 2010-01-27 17:31 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\CheckPoint
2010-01-27 17:30 . 2010-01-27 17:47 -------- d-----w- c:\programmi\CheckPoint
2010-01-27 17:30 . 2010-01-27 17:47 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-24 22:42 . 2003-11-12 22:38 510976 ----a-w- c:\windows\system32\synsoacc.dll
2010-01-24 16:51 . 2010-01-24 16:51 -------- d-----w- c:\programmi\SampleTank 2
2010-01-24 16:45 . 2010-01-24 16:45 -------- d-----w- c:\programmi\SAMPLE~1
2010-01-18 20:43 . 2010-02-02 10:20 1 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-18 20:41 . 2010-01-18 20:41 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\OpenOffice.org
2010-01-18 20:34 . 2010-01-18 20:34 -------- d-----w- c:\programmi\JRE
2010-01-18 20:33 . 2010-01-18 20:34 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-01-18 09:48 . 2010-01-18 09:47 1260800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-01-09 17:27 . 2010-01-09 17:27 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\JAlbum
2010-01-09 17:20 . 2010-01-09 17:21 -------- d-----w- c:\programmi\Jalbum
2010-01-07 20:48 . 2010-01-07 20:48 -------- d-----w- c:\programmi\Trend Micro
2010-01-07 19:13 . 2010-02-02 22:16 230454 ----a-w- C:\StiImg.dat
2010-01-06 21:01 . 2010-01-06 21:01 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\ZoomBrowser EX
2010-01-06 20:52 . 2010-01-06 20:52 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Canon
2010-01-06 20:51 . 2010-01-06 20:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PhotoStitch
2010-01-06 20:45 . 2010-01-06 20:45 -------- d-----w- c:\programmi\File comuni\Canon
2010-01-06 20:38 . 2010-01-06 20:38 -------- d-----w- c:\windows\PAC207
2010-01-06 20:37 . 2004-06-17 02:05 136832 ----a-r- c:\windows\system32\drivers\pfc027.sys
2010-01-06 19:31 . 2010-01-30 11:59 -------- d-----w- c:\documents and settings\UNIVERSAL\Impostazioni locali\Dati applicazioni\ATI
2010-01-06 19:31 . 2010-01-30 11:59 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\ATI
2010-01-06 19:11 . 2010-01-06 19:11 -------- d-----w- c:\programmi\Lavalys
2010-01-06 18:29 . 2008-04-13 08:44 2560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\USMT\iconlib.dll
2010-01-06 18:23 . 2010-01-06 18:23 -------- d-----w- c:\programmi\AMD
2010-01-06 18:12 . 2003-07-02 03:42 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-01-06 17:49 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-06 17:46 . 2010-01-24 17:08 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
2010-01-06 12:53 . 2010-01-17 14:55 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\U3
2010-01-06 11:34 . 2010-01-06 11:34 152576 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-06 11:32 . 2010-01-06 11:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-06 11:32 . 2010-01-29 19:32 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\skypePM
2010-01-05 16:34 . 2007-01-11 03:02 113664 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-01-05 01:31 . 2010-01-05 01:31 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Nokia Multimedia Player
2010-01-04 21:22 . 2003-10-21 00:31 815104 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll
2010-01-04 21:22 . 2003-10-21 00:31 757760 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll
2010-01-04 21:22 . 2010-01-04 21:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrovision
2010-01-04 21:19 . 2010-01-04 21:19 -------- d-----w- c:\programmi\File comuni\Macromedia Shared
2010-01-04 21:19 . 2003-09-17 11:57 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-04 21:19 . 2003-09-17 11:57 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-04 21:19 . 2003-09-17 11:57 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-04 21:18 . 2010-01-04 21:19 -------- d-----w- c:\programmi\File comuni\Macromedia
2010-01-04 21:17 . 2010-01-04 21:19 -------- d-----w- c:\programmi\Macromedia
2010-01-04 14:26 . 2010-01-04 14:26 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Datalayer
2010-01-04 14:24 . 2010-01-04 14:51 -------- d-----w- c:\documents and settings\UNIVERSAL\Phone Browser
2010-01-04 13:42 . 2010-01-04 13:42 -------- d-----w- c:\programmi\DIFX
2010-01-04 13:40 . 2010-01-04 13:40 -------- d-----w- c:\programmi\File comuni\Nokia
2010-01-04 13:40 . 2010-01-04 13:40 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\PC Suite
2010-01-04 13:40 . 2010-01-04 13:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-01-04 13:39 . 2010-01-04 13:40 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-01-04 13:39 . 2006-05-29 07:26 13312 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys
2010-01-04 13:39 . 2006-05-29 07:26 13312 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2010-01-04 13:39 . 2006-05-29 07:26 8704 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2010-01-04 13:39 . 2006-05-29 07:26 30720 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-01-04 13:39 . 2006-05-29 07:26 4608 ----a-w- c:\windows\system32\nmwcdlog.dll
2010-01-04 13:39 . 2006-05-29 07:26 127488 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2010-01-04 13:39 . 2006-05-29 07:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-01-04 13:39 . 2010-01-04 13:45 -------- d-----w- c:\programmi\Nokia
2010-01-04 13:39 . 2010-01-04 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 12:50 . 2010-01-28 09:23 4690076 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-02 23:12 . 2009-12-08 00:13 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\vlc
2010-02-02 12:28 . 2010-02-02 12:29 35840 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-02-02 12:27 . 2009-12-29 21:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-01 23:17 . 2010-02-02 09:05 43520 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-30 12:11 . 2009-12-24 14:51 -------- d-----w- c:\programmi\ATI Technologies
2010-01-29 19:35 . 2009-12-08 22:04 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Skype
2010-01-29 12:37 . 2009-12-07 21:07 72944 ----a-w- c:\documents and settings\UNIVERSAL\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-18 20:32 . 2009-12-07 23:44 -------- d-----w- c:\programmi\Java
2010-01-18 19:54 . 2009-12-22 20:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-01-18 09:47 . 2009-12-29 23:06 3777280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-01-06 20:15 . 2009-12-07 21:04 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-06 17:42 . 2001-08-31 12:00 70544 ----a-w- c:\windows\system32\perfc010.dat
2010-01-06 17:42 . 2001-08-31 12:00 440128 ----a-w- c:\windows\system32\perfh010.dat
2010-01-06 11:34 . 2009-12-08 06:33 79488 ----a-w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-05 16:31 . 2009-12-07 21:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2010-01-04 20:41 . 2009-12-07 23:46 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\IObit
2010-01-04 16:32 . 2009-12-20 14:04 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\dvdcss
2009-12-30 13:03 . 2009-12-30 13:03 -------- d-----w- c:\programmi\Realtek AC97
2009-12-30 12:46 . 2009-12-30 12:06 -------- d-----w- c:\programmi\ATI
2009-12-29 21:58 . 2009-12-29 21:58 -------- d-----w- c:\programmi\AVG
2009-12-29 21:40 . 2009-12-07 22:57 -------- d-----w- c:\programmi\COMODO
2009-12-29 21:39 . 2009-12-07 23:00 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-12-29 17:57 . 2009-12-07 16:45 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-24 18:57 . 2009-12-24 18:57 7406 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_bb32ea6.exe
2009-12-24 18:57 . 2009-12-24 18:57 1078 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_5af141bb.exe
2009-12-24 18:57 . 2009-12-24 18:57 1078 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_26e91eb.exe
2009-12-24 18:57 . 2009-12-24 18:57 -------- d-----w- c:\programmi\MP3 Player Utilities
2009-12-24 18:53 . 2009-12-24 18:53 1518 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_16C27C506C6504B2C13D39.exe
2009-12-24 18:53 . 2009-12-24 18:53 1078 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_1CAA5BC01F3C5DF97FB6C0.exe
2009-12-24 18:53 . 2009-12-24 18:53 10134 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_B54DE3512C6A1D235E523E.exe
2009-12-24 18:53 . 2009-12-24 18:53 16262 ------r- c:\documents and settings\UNIVERSAL\Dati applicazioni\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_D2742AA478A741C95A085A.exe
2009-12-24 18:53 . 2009-12-24 18:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-24 18:53 . 2009-12-24 18:53 -------- d-----w- c:\programmi\Media Player Utilities 5.15
2009-12-24 15:09 . 2009-12-24 15:07 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\ArcSoft
2009-12-24 15:06 . 2009-12-24 15:06 -------- d-----w- c:\programmi\File comuni\ArcSoft
2009-12-24 15:03 . 2009-12-24 15:03 -------- d-----w- c:\programmi\ArcSoft
2009-12-24 14:26 . 2009-12-24 14:25 -------- d-----w- c:\programmi\VIA
2009-12-24 13:56 . 2009-12-24 13:55 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\GetRightToGo
2009-12-24 13:11 . 2009-12-24 13:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2009-12-20 23:00 . 2009-12-10 19:53 -------- d-----w- c:\programmi\QuickTime
2009-12-20 22:38 . 2009-12-07 20:37 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-20 19:39 . 2009-12-20 00:08 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\DAEMON Tools Lite
2009-12-20 00:18 . 2009-12-19 23:40 -------- d-----w- c:\programmi\Steinberg
2009-12-20 00:09 . 2009-12-20 00:09 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-12-20 00:09 . 2009-12-20 00:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-20 00:08 . 2009-12-20 00:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-12-19 23:55 . 2009-12-19 23:55 -------- d-----w- c:\programmi\ASIO4ALL v2
2009-12-19 23:42 . 2009-12-19 23:42 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Steinberg
2009-12-19 20:15 . 2009-12-19 20:15 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Ahead
2009-12-16 12:42 . 2009-12-07 23:24 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-12 12:24 . 2009-12-12 12:24 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Apple Computer
2009-12-09 21:14 . 2009-12-08 21:51 -------- d-----w- c:\programmi\File comuni\LightScribe
2009-12-08 22:03 . 2009-12-08 22:03 -------- d-----w- c:\programmi\Skype
2009-12-08 22:03 . 2009-12-08 22:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-12-08 22:03 . 2009-12-08 22:03 -------- d-----w- c:\programmi\File comuni\Skype
2009-12-08 21:53 . 2009-12-08 21:48 -------- d-----w- c:\programmi\Ahead
2009-12-08 21:52 . 2009-12-08 21:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-12-08 21:51 . 2009-12-08 21:51 -------- d-----w- c:\programmi\File comuni\Nero
2009-12-08 21:48 . 2009-12-08 21:48 -------- d-----w- c:\programmi\File comuni\Ahead
2009-12-07 23:46 . 2009-12-07 23:46 -------- d-----w- c:\programmi\IObit
2009-12-07 23:42 . 2009-12-07 23:42 152576 ------w- c:\documents and settings\UNIVERSAL\Dati applicazioni\Sun\Java\jre1.6.0_11\lzma.dll
2009-12-07 23:25 . 2009-12-07 23:25 -------- d-----w- c:\documents and settings\UNIVERSAL\Dati applicazioni\AdobeUM
2009-12-07 22:50 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Microsoft
2009-12-07 22:50 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Windows Live
2009-12-07 22:50 . 2009-12-07 22:50 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-07 22:47 . 2009-12-07 22:47 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-07 22:41 . 2009-12-07 22:41 -------- d-----w- c:\programmi\Netropa
2009-12-07 22:32 . 2009-12-07 22:32 -------- d-----w- c:\programmi\xp-AntiSpy
2009-12-07 22:03 . 2009-12-07 22:03 0 ----a-w- c:\windows\nsreg.dat
2009-12-07 21:27 . 2009-12-07 21:26 -------- d-----w- c:\programmi\epson
2009-12-07 21:04 . 2009-12-07 21:04 -------- d-----w- c:\programmi\Analog Devices
2009-12-07 16:46 . 2009-12-07 16:46 -------- d-----w- c:\programmi\microsoft frontpage
2009-12-07 16:44 . 2009-12-07 16:44 -------- d-----w- c:\programmi\Servizi in linea
2009-12-07 16:43 . 2009-12-07 16:43 21840 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-02-02_12.47.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 12:51 . 2010-02-03 12:51 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2009-12-04 1037192]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ISW"="c:\programmi\CheckPoint\ZAForceField\ForceField.exe" [2009-10-27 730480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^UNIVERSAL^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\UNIVERSAL\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 12:51 2335880 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 18:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\programmi\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
2002-07-23 00:55 167936 ----a-w- c:\programmi\Netropa\Multimedia Keyboard\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21 1449984 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\programmi\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 07:57 143360 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-01-28 18:08 3037696 ----a-w- c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [07/12/2009 23.41.03 6656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28/01/2010 19.07.57 142592]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programmi\CheckPoint\ZAForceField\ISWKL.sys [27/10/2009 16.58.32 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programmi\CheckPoint\ZAForceField\ISWSVC.exe [27/10/2009 16.58.58 476528]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/12/2009 1.09.43 691696]
S2 nhksrv;Netropa NHK Server;c:\programmi\Netropa\Multimedia Keyboard\nhksrv.exe [07/12/2009 23.41.03 28672]
S3 SQTECH930B;NX VEGA 300;c:\windows\system32\Drivers\Capt930b.sys --> c:\windows\system32\Drivers\Capt930b.sys [?]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [24/12/2009 15.24.16 9728]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\UNIVERSAL\Dati applicazioni\Mozilla\Firefox\Profiles\d5dh5kvx.default\
FF - prefs.js: browser.startup.homepage - www.google.it

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 14:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(732)
c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Ora fine scansione: 2010-02-03 14:03:07
ComboFix-quarantined-files.txt 2010-02-03 13:03
ComboFix2.txt 2010-02-02 19:20
ComboFix3.txt 2010-02-02 12:50

Pre-Run: 57.608.568.832 byte disponibili
Post-Run: 57.589.014.528 byte disponibili

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E0FD23F36D81B46561C596B3262BC3CD
vairouge84
Utente Senior
 
Post: 120
Iscritto il: 10/10/04 14:24

Re: Pc lento e non so più cosa fare

Postdi vairouge84 » 06/02/10 13:44

Scusate, negli ultimi due giorni sono stato via per lavoro.
Sembrerebbe che il pc sia migliorato, per lo meno non si blocca all'improvviso quando lavoro con i software.
Rimangono dei dubbi sull'avvio, ci mette veramente molto. E' una cosa che non nuoce molto però mi insospettisce un pò...
vairouge84
Utente Senior
 
Post: 120
Iscritto il: 10/10/04 14:24

Re: Pc lento e non so più cosa fare

Postdi shel » 06/02/10 18:59

controlla questo file

c:\windows\system32\ezsidmv.dat

analizzalo su questi due siti

http://www.virustotal.com/it/

http://virscan.org/report/ecea4eed1b6f3 ... 82577.html
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Pc lento e non so più cosa fare

Postdi vairouge84 » 08/02/10 13:48

Posto il risultato.

VirSCAN.org Scanned Report :
Scanned time : 2010/02/08 13:26:24 (CET)
Scanner results: Gli scanner non hanno trovato dei malware!
File Name : ezsidmv.dat
File Size : 56 byte
File Type : Non-ISO extended-ASCII text, with no line terminators
MD5 : 1d05a38bb5d38bfaa373e82a1ff80a32
SHA1 : 6249ea2c22857cbdf5d52c26f49d5364df281e63
Online report : http://virscan.org/report/d24aa9741ac49 ... 201bd.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100206001945 2010-02-06 40.13 -
AhnLab V3 2010.02.08.00 2010.02.08 2010-02-08 40.12 -
AntiVir 8.2.1.160 7.10.3.236 2010-02-08 0.11 -
Antiy 2.0.18 20100201.3785967 2010-02-01 0.02 -
Arcavir 2009 201002080201 2010-02-08 0.01 -
Authentium 5.1.1 201002071801 2010-02-07 1.25 -
AVAST! 4.7.4 100208-0 2010-02-08 0.00 -
AVG 8.5.720 271.1.1/2660 2010-02-01 5.17 -
BitDefender 7.81008.5034475 7.30279 2010-02-08 5.15 -
ClamAV 0.95.3 10363 2010-02-07 0.00 -
Comodo 3.13.579 3409 2010-02-08 40.13 -
CP Secure 1.3.0.5 2010.02.08 2010-02-08 0.01 -
Dr.Web 5.0.1.12222 2010.02.08 2010-02-08 5.29 -
F-Prot 4.4.4.56 20100207 2010-02-07 1.27 -
F-Secure 7.02.73807 2010.02.08.06 2010-02-08 0.08 -
Fortinet 11.472- 11.472 2010-02-08 40.13 -
GData 19.10381/19.738 20100208 2010-02-08 40.13 -
ViRobot 20100208 2010.02.08 2010-02-08 40.12 -
Ikarus T3.1.01.80 2010.02.08.75136 2010-02-08 4.67 -
JiangMin 13.0.900 2010.02.08 2010-02-08 40.12 -
Kaspersky 5.5.10 2010.02.08 2010-02-08 0.03 -
KingSoft 2009.2.5.15 2010.2.8.15 2010-02-08 40.13 -
McAfee 5.3.00 5885 2010-02-07 3.48 -
Microsoft 1.5406 2010.02.08 2010-02-08 40.12 -
Norman 6.01.09 6.01.00 2010-01-16 4.00 -
Panda 9.05.01 2010.02.05 2010-02-05 40.13 -
Trend Micro 9.120-1004 6.834.04 2010-02-07 0.02 -
Quick Heal 10.00 2010.02.08 2010-02-08 40.12 -
Rising 20.0 22.34.00.04 2010-02-08 40.13 -
Sophos 3.04.1 4.50 2010-02-08 3.09 -
Sunbelt 3.9.2400.2 5663 2010-02-07 40.13 -
Symantec 1.3.0.24 20100201.009 2010-02-01 0.39 -
nProtect 20100207.01 7182772 2010-02-07 40.13 -
The Hacker 6.5.1.1 v00183 2010-02-08 40.13 -
VBA32 3.12.12.1 20100207.2056 2010-02-07 2.50 -
VirusBuster 4.5.11.10 10.119.43/2022066 2010-02-08 2.36 -

PS: ho come il sospetto che se ci sia un virus o qualcosa che mi ha rovinato il pc, questo possa essere dovuto a delle applicazioni del famoso social network facebook. Solitamente, per vari motivi ne resto alla larga quando non mi convincono, ma non essendo unico utente del pc ho il sospetto che magari qualcuno abbia fatto qualche passo che non doveva fare... è possibile che accada qualcosa del genere?
In particolare c'è una'applicazione che si è diffusa ultimamente della quale non ho trovato nessuna informazione particolare su google, quella della notifica di qualche tuo amico che ha commentato una tua foto ma che in realtà ti rimanda ad una pagina in cui ti chiede di dare il consenso a visitare il tuo profilo.
Io non consento mai , qualcun altro invee si.
Il mio è solo un dubbio, magari è un'applicazione innoqua...
vairouge84
Utente Senior
 
Post: 120
Iscritto il: 10/10/04 14:24

Re: Pc lento e non so più cosa fare

Postdi shel » 08/02/10 16:02

sai di applicazione si tratta? conosci il nome?
per ora esegui questi passaggi

scarica Ccleaner

http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati. Riavvia il computer

Scarica e installa http://www.malwarebytes.org/mbam/program/mbam-setup.exe Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Pc lento e non so più cosa fare

Postdi vairouge84 » 12/02/10 13:50

Eccomi. Fatto tutto.
Ho pulito il pc con cc cleaner (ma la stessa funzione non la fa anche advanced system care?).
Ho riavviato, ho scaricato Malwarebytes e mi ha trovato 6 infezioni. Posto il log:

Malwarebytes' Anti-Malware 1.44
Versione del database: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/02/2010 13.43.09
mbam-log-2010-02-12 (13-42-59).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 108534
Tempo trascorso: 4 minute(s), 5 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 1
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\UNIVERSAL\Impostazioni locali\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\UNIVERSAL\Impostazioni locali\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\UNIVERSAL\Impostazioni locali\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.

Le applicazioni su facebook dovrebbero essere "Addict" e "Friends Fact".
Poi... c'è chi gioca a Farville e altri giochi che non è che mi convincano molto, però... non sono l'unico che li usa.
Dal primo messaggio che ho inserito la situazione è migliorata, rimane solo il problema all'avvio.
Al momento gli eseguibili che sono attivi all'avvio sono:
zlclient .exe
jusched.exe
ForceField.exe
Herss.exe (?)
Ma apparte ZoneAllarm, sono necessari gli altri? ...
vairouge84
Utente Senior
 
Post: 120
Iscritto il: 10/10/04 14:24

Re: Pc lento e non so più cosa fare

Postdi Luke57 » 12/02/10 15:39

Ciao, riapri malwarebytes, seleziona le infezioni trovate e premi "Rimuovi elementi selezionati".
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Pc lento e non so più cosa fare":

pc lento
Autore: caiazza.rocco
Forum: Sistemi Operativi Windows
Risposte: 8
Pc lento e Hijackthis
Autore: Flopez
Forum: Assistenza Hardware
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti