Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

il pc non esegue nessun comando

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

il pc non esegue nessun comando

Postdi Vento_ribelle » 04/08/12 16:28

Salve a tutti,
da qualche giorno capita che il pc improvvisamente smetta di fare quello che gli chiedo, cioè anche se clicco quasiasi cosa, provo ad aprire qualche programma/pagina web/file lui non fa niente, rimane impalato. Se provo ad aprire il task manager lo apre ma non mi fa cliccare su niente nel task manager.
Spero di essere stata chiara.
Attendo risposte, sperando che nel frattempo il pc non smetta di funzionare.

ps: ho fatto un analisi con highjack ma non sapevo come postarvela.
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Sponsor
 

Re: il pc non esegue nessun comando

Postdi gahan » 04/08/12 16:34

Ciao,

Per postare il log di hijackthis, basta fare copia e incolla, utilizzando l'apposito tasto (vedi immagine sottostante):

Immagine
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 04/08/12 16:39

Scusami tanto Gahan m a non ho capito se con copia e incolla intendevi questo. Eventualmente correggo subito.
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.34.23, on 04/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ANIWConnService.exe
C:\Programmi\AVG\AVG2012\avgwdsvc.exe
C:\Programmi\Comodo\Dragon\dragon_updater.exe
C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
C:\Programmi\AVG\AVG2012\avgtray.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVG\AVG2012\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\AVG\AVG2012\avgcsrvx.exe
C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8095
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programmi\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Programmi\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programmi\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Skype4COM.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2012\avgwdsvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Programmi\Comodo\Dragon\dragon_updater.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe

--
End of file - 8804 bytes
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: il pc non esegue nessun comando

Postdi gahan » 04/08/12 16:48

1 - Apri hijackthis e questa volta clicca su Do a system scan only

Metti la spunta (seleziona) sulle seguenti voci e premi su Fix Checked in basso.

Codice: Seleziona tutto
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe



2 - Scarica Malwarebytes

Installa il software, aggiornalo se te lo chiede.
Clicca su Scansione completa.

Al termine della scansione, dovesse trovare eventuali minacce, clicca su Rimuovi selezionati...
Verrà rilasciato un log.
Postalo qui.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 04/08/12 18:17

Fatto tutto, e questo è il log

Codice: Seleziona tutto
Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.08.04.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rita :: RITA-1997E2984C [amministratore]

Protezione: Attivata

04/08/2012 17.58.56
mbam-log-2012-08-04 (17-58-56).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 312006
Tempo impiegato: 1 ore, 20 minuti, 11 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Nessuna azione intrapresa.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Nessuna azione intrapresa.

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 1
C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo.

File rilevati: 11
C:\Documents and Settings\Rita\Desktop\chiavetta exe\PROGRAMMI SETUP\SoftonicDownloader_per_fotomix.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Documents and Settings\Rita\Desktop\chiavetta exe\PROGRAMMI SETUP\SoftonicDownloader_per_microsoft-silverlight.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Documents and Settings\Rita\Desktop\chiavetta exe\PROGRAMMI SETUP\SoftonicDownloader_per_photoscape.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Documents and Settings\Rita\Desktop\chiavetta exe\PROGRAMMI SETUP\SoftonicDownloader_per_rmvb-converter.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Documents and Settings\Rita\Desktop\chiavetta exe\chiavetta exe\WinRar 3.60 Ita\winrar.v3.6x.multi.language-patch.exe (PUP.Hacktool.Patcher) -> Nessuna azione intrapresa.
C:\Documents and Settings\Rita\Documenti\Downloads\SoftonicDownloader_per_samsung-pc-studio.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{3C8D085D-9EF1-49C2-97ED-D688F38BFCE5}\RP369\A0162154.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa.
C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker\an1cAba0g000015MzUzNjZsfDQ1NTg1NTJsYXxSaSAmIFBhIA.gif (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker\an1cCDq0g000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg.gif (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker\an1cCDqFqn-0035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg.gif (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker\an1cCDqVM000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kgMjQgZ29ybmk.gif (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo.

(fine)


Cosa devo fare adesso???
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: il pc non esegue nessun comando

Postdi gahan » 04/08/12 18:40

Scarica CCleaner

- Installa il software ed avvialo.
- a sinistra vai su opzioni -> avanzate -> togli la spunta da cancella file in windows temp se piu vecchi di 24 ore
- ritorna su "Pulizia" e clicca su Avvia Pulizia
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: il pc non esegue nessun comando

Postdi gahan » 04/08/12 18:54

Un'altra cosa...

Ho notato che sul PC hai AVG come antivirus.

Se vuoi un mio consiglio, disinstallalo ed installa Avira AntiVir decisamente piu efficace e leggero.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 04/08/12 20:08

Fatto anche con CCleaner, e messo avira.
Altro??
Ho due domande però : malwarebytes deve essere avviato all'avvio di windows o lo uso ogni tanto? Perchè se deve essere sempre attivo il mio pc si blocca subito, e non carica più. Secondo, io ricordavo che il programma fosse gratuito, invece mi dice che è una versione di prova. Forse ho scaricato una versione premium???
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 04/08/12 21:46

So che sembra strano ma il pc mi sembra un pò più lentino di prima , ma magari è solo una mia impressione. :(
Dimenticavo una cosa : windows firewall va attivato??
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: il pc non esegue nessun comando

Postdi gahan » 04/08/12 22:52

Ciao,

andiamo con ordine.

Malwarebytes che hai scaricato è gratuito, ma ovviamente c'è anche la versione a pagamento che ha maggiori funzioni e funge da vero e proprio antivirus.

La versione gratuita ti consente esclusivamente di effettaure delle scansioni del tuo sistema.

Passiamo invece alle performance del tuo PC.
Il fatto che dopo le varie operazioni effettuate, il tuo PC continui ad essere lento, è molto strano.

Proviamo ad andare piu a fondo eseguendo una scansione anti-malware piu approfondita con un altro strumento.

1 - Scarica il seguente programma sul desktop:
Combofix

2 - Disattiva il firewall e il tuo antivirus dall'icona in basso a destra affianco alla data e ora di windows

3 - Apri ComboFix presente sul desktop con un doppio click

4 - Appena avviato clicca su Accetto: conferma cliccando Ok due volte

5 - Verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca su No)
6 - Durante il processo di scansione non interferire in nessun modo, quindi non aprire altri software o altro.

7 - Quando ComboFix avrà concluso l'operazione di scansione il sistema verrà riavviato automaticamente. In caso contrario, riavvialo tu manualmente

8 - Vai in Disco Locale C: e cerca il file di testo ComboFix.txt ed inseriscilo qui esattamente come hai postato gli altri log.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 05/08/12 10:01

Buona domenica Gahan.
Intanto ti copio e incollo il log di combofix
Codice: Seleziona tutto
ComboFix 12-08-05.02 - Rita 05/08/2012  10.48.25.4.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1406.909 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Rita\Documenti\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5CC9-7C92-0300-000000000000}


(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Dati applicazioni\TEMP
C:\Documents and Settings\Rita\Dati applicazioni\7910.org
C:\Documents and Settings\Rita\Dati applicazioni\inst.exe
C:\Documents and Settings\Rita\Dati applicazioni\vso_ts_preview.xml
C:\Documents and Settings\Rita\WINDOWS
C:\prefs.js
C:\WINDOWS\system32\muzapp.exe
C:\WINDOWS\system32\Thumbs.db


(((((((((((((((((((((((((   Files Creati Da 2012-07-05 al 2012-08-05  )))))))))))))))))))))))))))))))))))


2012-08-04 19:14:05 . 2012-08-04 19:14:05   --------   d-----w-   C:\Documents and Settings\Rita\Dati applicazioni\Avira
2012-08-04 19:04:10 . 2012-08-04 19:04:13   --------   d-----w-   C:\Programmi\CCleaner
2012-08-04 18:55:37 . 2011-07-21 10:26:30   138192   ----a-w-   C:\WINDOWS\system32\drivers\avipbb.sys
2012-08-04 18:55:37 . 2010-06-17 13:28:22   45416   ----a-w-   C:\WINDOWS\system32\drivers\avgntdd.sys
2012-08-04 18:55:37 . 2010-06-17 13:28:22   22360   ----a-w-   C:\WINDOWS\system32\drivers\avgntmgr.sys
2012-08-04 18:55:36 . 2012-08-04 18:55:36   --------   d-----w-   C:\Programmi\Avira
2012-08-04 15:55:41 . 2012-08-04 15:55:44   --------   d-----w-   C:\Programmi\Malwarebytes' Anti-Malware
2012-08-04 15:55:41 . 2012-07-03 11:46:44   22344   ----a-w-   C:\WINDOWS\system32\drivers\mbam.sys
2012-07-21 17:52:09 . 2012-07-05 20:06:30   772544   ----a-w-   C:\WINDOWS\system32\npDeployJava1.dll
2012-07-21 17:49:20 . 2012-07-21 17:49:20   --------   d-----w-   C:\Programmi\Oracle
2012-07-21 17:48:24 . 2012-07-21 17:48:24   --------   d-----w-   C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Sun
2012-07-21 17:48:19 . 2012-07-21 17:48:19   --------   d-----w-   C:\Documents and Settings\Rita\Dati applicazioni\Oracle
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-03 15:29:28 . 2012-04-10 14:07:26   426184   ----a-w-   C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-03 15:29:28 . 2011-10-01 15:19:57   70344   ----a-w-   C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:07:08 . 2008-03-27 20:23:38   143872   ----a-w-   C:\WINDOWS\system32\javacpl.cpl
2012-07-05 20:06:20 . 2010-11-13 19:34:12   687544   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
2012-05-23 12:40:39 . 2012-05-23 12:40:50   716318   ----a-w-   C:\WINDOWS\unins000.exe
2012-05-07 14:50:53 . 2012-05-07 14:50:52   1700352   -c--a-w-   C:\WINDOWS\system32\gdiplus.dll
2012-08-01 18:31:24 . 2012-02-09 12:44:42   136672   ----a-w-   C:\Programmi\mozilla firefox\components\browsercomps.dll


(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 12:59:00 98304]
"D-Link D-Link Wireless N DWA-140"="C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 15:26:12 1683456]
"Malwarebytes' Anti-Malware"="C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 11:46:44 462920]
"PosService"="C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 15:44:48 218624]
"avgnt"="C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 05:56:14 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 17:14:04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Printkey2000.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^KeyText.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk]
path=C:\Documents and Settings\Rita\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk
backup=C:\WINDOWS\pss\My 190.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cAba0g000015MzUzNjZsfDQ1NTg1NTJsYXxSaSAmIFBhIA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDq0g000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqFqn-0035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqVM000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kgMjQgZ29ybmk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUNMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43:00   69632   -c--a-w-   C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25:58   59240   -c--a-w-   C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-04-15 12:35:00   53248   -c----w-   C:\Programmi\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 17:14:04   15360   ----a-w-   C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 18:55:20   133104   ----atw-   C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06:40   421736   -c--a-w-   C:\Programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14:14   1695232   ----a-w-   C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:11:46   3872080   ----a-w-   C:\Programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50:42   155648   -c--a-w-   C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-06-16 13:21:06   1500160   -c--a-w-   C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PosService]
2011-12-16 15:44:48   218624   ----a-w-   C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17:42   421888   -c--a-w-   C:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27:00   16207872   ----a-w-   C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04:00   2879488   -c--a-w-   C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2007-02-05 08:11:10   476728   -c--a-w-   C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07:54   252296   ----a-w-   C:\Programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-01 20:51:12   39408   ----a-w-   C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"TapiSrv"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"TlntSvr"=2 (0x2)
"RasMan"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"IDriverT"=3 (0x3)
"SharedAccess"=2 (0x2)
"AVP"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ServiceLayer"=3 (0x3)
"NanoServiceMain"=2 (0x2)
"MDM"=2 (0x2)
"gupdate"=2 (0x2)
"SSScsiSV"=3 (0x3)
"YahooAUService"=2 (0x2)
"SPTISRV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"gupdatem"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\Rita\\Desktop\\BitTorrent-7.2.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 cpuz134;cpuz134;C:\WINDOWS\system32\drivers\cpuz134_x32.sys [19/01/2011 22.06.21 20328]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [04/08/2012 17.55.41 22344]
R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\drivers\pcouffin.sys [25/01/2011 21.53.55 47360]
S3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys --> C:\WINDOWS\system32\drivers\dgderdrv.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\drivers\motccgp.sys [01/03/2008 23.33.33 17920]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\drivers\motccgpfl.sys [01/03/2008 23.33.33 7680]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\drivers\motodrv.sys [01/03/2008 23.33.33 42112]
S3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;C:\WINDOWS\system32\drivers\ONDA_MW823UP_cdc_acm.sys [27/01/2010 16.43.46 86016]
S3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;C:\WINDOWS\system32\drivers\ONDA_MW823UP_cdc_ecm.sys [27/01/2010 16.43.48 49920]
S3 ONDA_MW823UP_cpo;ONDA MW823UP Install;C:\WINDOWS\system32\drivers\ONDA_MW823UP_cpo.sys [27/01/2010 16.43.46 9728]
S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;C:\WINDOWS\system32\drivers\ONDA_MW823UP_dc_enum.sys [27/01/2010 16.43.48 80000]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;C:\WINDOWS\system32\drivers\Ondausbmdm6k.sys [11/05/2010 15.03.01 103936]
S3 ONDAusbnmea;ONDA NMEA Port;C:\WINDOWS\system32\drivers\Ondausbnmea.sys [11/05/2010 15.03.01 103936]
S3 ONDAusbser6k;ONDA Diagnostic Port;C:\WINDOWS\system32\drivers\Ondausbser6k.sys [11/05/2010 15.03.01 103936]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - SSMDRV

Contenuto della cartella 'Scheduled Tasks'

2012-08-04 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:07:26 . 2012-08-03 15:29:32]

2012-08-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2011-01-01 20:50:25 . 2010-11-09 15:41:07]

2012-08-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2011-01-01 20:50:25 . 2010-11-09 15:41:07]

2012-08-04 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002Core.job
- C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55:24 . 2008-09-03 18:55:20]

2012-08-04 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002UA.job
- C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55:24 . 2008-09-03 18:55:20]


------- Scansione supplementare -------

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = localhost:8095
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: facebook.com\www
Trusted Zone: microsoft.com\office
Trusted Zone: yahoo.com\it.play
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - C:\Documents and Settings\Rita\Dati applicazioni\Mozilla\Firefox\Profiles\2djpk1er.default\
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/

- - - - CHIAVI ORFANE RIMOSSE - - - -

HKU-Default-Run-Nokia.PCSync - C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-eMuleAutoStart - C:\Programmi\eMule\emule.exe
MSConfigStartUp-HP Software Update - C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-KiesHelper - C:\Programmi\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-KiesPDLR - C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesTrayAgent - C:\Programmi\Samsung\Kies\KiesTrayAgent.exe
AddRemove-PrintKey2000 - C:\PROGRA~1\PRINTK~1\UNWISE.EXE




Ieri ho notato che improvvisamente era cambiata nuovamente la pagina iniziale del browser, cosi ho fatto un controllo con highjack e ho notato che una voce che ieri mi avevi fatto fixare era ritornata. Cosi ho preso e ho eliminato l'intera cartella che lo conteneva (che comunque si trova ancora nel cestino). Quella pagina web non è tornata più, ma mi è venuto un dubbio che ci sia un virus che non è stato rimosso del tutto e che sia quella la causa della lentezza del pc. Che ne pensi?? Io ti posto anche il nuovo log di highjack ( la voce in questione è proprio l'ultima).

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.59.50, on 05/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Comodo\Dragon\dragon_updater.exe
C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\trend micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8095
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Skype4COM.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Programmi\Comodo\Dragon\dragon_updater.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - Unknown owner - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe (file missing)

--
End of file - 8435 bytes
.
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: il pc non esegue nessun comando

Postdi gahan » 05/08/12 20:01

Ciao :)

Molto probabilmente è necessario intervenire manualmente sul log di ComboFix per eliminare alcune voci nocive, onde per cui farò spostare, il prima possibile, il tuo topic nella sezione Sicurezza e Privacy.

Un mio collega ti aiuterà senz'altro a risolvere il problema.

Ti invito perciò ad attendere, senza aprire ulteriori topic sullo stesso argomento. :)
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 09/08/12 20:46

Ciao a tutti,
volevo aggiungere due cose che ho notato stasera. Mentre navigavo su internet improvvisamente non riuscivo più a cliccare nulla cosi ho guardato nel task manager se qualcosa rallentava e in processi ho trovato una voce "setup.exe" che utilizzava più memoria di tutto. L'ho chiusa e tutto è tornato a funzionare normalmente. Dopo cinque minuti però stesso problema, cosi ho ricontrollato il task manager e stavolta è uscita fuori un'altra voce strana "plugin-container.exe".
Magari queste voci non sono affatti sospette eppure una volta chiuse tutto ritornava normale.
Che ne pensate voi?
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: il pc non esegue nessun comando

Postdi gahan » 09/08/12 22:23

Ciao,

purtroppo nell'ultimo log diCombofix ho notato delle infezioni che devono essere rimosse manualmente tramite uno script.

Attendi finchè un moderatore della sezione non analizzerà il log e dirti ciò che devi fare.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: il pc non esegue nessun comando

Postdi FrancescoFDAC » 13/08/12 09:09

Intervengo benchè non sia un moderatore della sezione in questione per dare una mano.

Iniziamo:


Taglia e incolla ComboFix da qui: C:\Documents and Settings\Rita\Documenti\Downloads\ComboFix.exe
e posizionalo sul Desktop (ti era stato detto chiaramente, in grassetto, ma tu non hai dato retta alle parole saggie di gahan).

Quindi:

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

Folder::
C:\Documents and Settings\All Users\Documenti\AppData\PoApp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PosService]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

● chiama questo file CFScript.txt, e posizionalo sul Desktop, affianco a ComboFix - se ComboFix non fosse sul Desktop provvedi a spostarlo li-

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Immagine

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
N.B :
● se viene visualizzato l'errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione, dovrai semplicemente riavviare il sistema e ripetere lo Script

Comunica se riscontri ancora gli stessi problemi.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 15/08/12 13:22

Intanto mi scuso per non aver installato subito combofix sul desktop, ho fatto tutto in maniera automatica e non ho fatto caso.
Ho fatto tutto quello che mi è stato detto, e allego il log di combofix.
Codice: Seleziona tutto
ComboFix 12-08-05.02 - Rita 15/08/2012  14.02.08.5.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1406.983 [GMT 2:00]
Eseguito da: c:\documents and settings\Rita\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Rita\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5CC9-7C92-0300-000000000000}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Documenti\AppData\PoApp
c:\documents and settings\All Users\Documenti\AppData\PoApp\7z.dll
c:\documents and settings\All Users\Documenti\AppData\PoApp\AppLib.Zip.dll
c:\documents and settings\All Users\Documenti\AppData\PoApp\kw.sdb
c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\PService.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\RegHandlerDll.dll
c:\documents and settings\All Users\Documenti\AppData\PoApp\settings\settings.ini
.
---- Esecuzione precedente -------
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Rita\Dati applicazioni\7910.org
c:\documents and settings\Rita\Dati applicazioni\inst.exe
c:\documents and settings\Rita\Dati applicazioni\vso_ts_preview.xml
c:\documents and settings\Rita\WINDOWS
C:\prefs.js
c:\windows\system32\muzapp.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-07-15 al 2012-08-15  )))))))))))))))))))))))))))))))))))
.
.
2012-08-04 19:14 . 2012-08-04 19:14   --------   d-----w-   c:\documents and settings\Rita\Dati applicazioni\Avira
2012-08-04 19:04 . 2012-08-04 19:04   --------   d-----w-   c:\programmi\CCleaner
2012-08-04 18:55 . 2011-07-21 10:26   138192   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2012-08-04 18:55 . 2010-06-17 13:28   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2012-08-04 18:55 . 2010-06-17 13:28   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2012-08-04 18:55 . 2012-08-04 18:55   --------   d-----w-   c:\programmi\Avira
2012-08-04 15:55 . 2012-08-04 15:55   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2012-08-04 15:55 . 2012-07-03 11:46   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-21 17:52 . 2012-07-05 20:06   772544   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-07-21 17:49 . 2012-07-21 17:49   --------   d-----w-   c:\programmi\Oracle
2012-07-21 17:48 . 2012-07-21 17:48   --------   d-----w-   c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Sun
2012-07-21 17:48 . 2012-07-21 17:48   --------   d-----w-   c:\documents and settings\Rita\Dati applicazioni\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 15:29 . 2012-04-10 14:07   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-03 15:29 . 2011-10-01 15:19   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:07 . 2008-03-27 20:23   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2010-11-13 19:34   687544   ----a-w-   c:\windows\system32\deployJava1.dll
2012-05-23 12:40 . 2012-05-23 12:40   716318   ----a-w-   c:\windows\unins000.exe
2012-08-01 18:31 . 2012-02-09 12:44   136672   ----a-w-   c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-08-05_08.54.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 11:25 . 2012-08-15 11:25   16384              c:\windows\temp\Perflib_Perfdata_6dc.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
"D-Link D-Link Wireless N DWA-140"="c:\programmi\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Printkey2000.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^KeyText.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk]
path=c:\documents and settings\Rita\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk
backup=c:\windows\pss\My 190.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cAba0g000015MzUzNjZsfDQ1NTg1NTJsYXxSaSAmIFBhIA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDq0g000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqFqn-0035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqVM000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kgMjQgZ29ybmk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUNMain
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43   69632   -c--a-w-   c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25   59240   -c--a-w-   c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-04-15 12:35   53248   -c----w-   c:\programmi\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 17:14   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
c:\programmi\eMule\emule.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 18:55   133104   ----atw-   c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\programmi\HP\HP Software Update\HPWuSchd2.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06   421736   -c--a-w-   c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
c:\programmi\Samsung\Kies\KiesHelper.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
c:\programmi\Samsung\Kies\KiesTrayAgent.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14   1695232   ----a-w-   c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:11   3872080   ----a-w-   c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50   155648   -c--a-w-   c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-06-16 13:21   1500160   -c--a-w-   c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17   421888   -c--a-w-   c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27   16207872   ----a-w-   c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04   2879488   -c--a-w-   c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2007-02-05 08:11   476728   -c--a-w-   c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07   252296   ----a-w-   c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-01 20:51   39408   ----a-w-   c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"TapiSrv"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"TlntSvr"=2 (0x2)
"RasMan"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"IDriverT"=3 (0x3)
"SharedAccess"=2 (0x2)
"AVP"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ServiceLayer"=3 (0x3)
"NanoServiceMain"=2 (0x2)
"MDM"=2 (0x2)
"gupdate"=2 (0x2)
"SSScsiSV"=3 (0x3)
"YahooAUService"=2 (0x2)
"SPTISRV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"gupdatem"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Rita\\Desktop\\BitTorrent-7.2.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [19/01/2011 22.06.21 20328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/08/2012 17.55.41 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25/01/2011 21.53.55 47360]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [01/03/2008 23.33.33 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [01/03/2008 23.33.33 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [01/03/2008 23.33.33 42112]
S3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\drivers\ONDA_MW823UP_cdc_acm.sys [27/01/2010 16.43.46 86016]
S3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\drivers\ONDA_MW823UP_cdc_ecm.sys [27/01/2010 16.43.48 49920]
S3 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\drivers\ONDA_MW823UP_cpo.sys [27/01/2010 16.43.46 9728]
S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\drivers\ONDA_MW823UP_dc_enum.sys [27/01/2010 16.43.48 80000]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\Ondausbmdm6k.sys [11/05/2010 15.03.01 103936]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\Ondausbnmea.sys [11/05/2010 15.03.01 103936]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\Ondausbser6k.sys [11/05/2010 15.03.01 103936]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 15:29]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-01 15:41]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-01 15:41]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002Core.job
- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002UA.job
- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = localhost:8095
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: facebook.com\www
Trusted Zone: microsoft.com\office
Trusted Zone: yahoo.com\it.play
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\Rita\Dati applicazioni\Mozilla\Firefox\Profiles\2djpk1er.default\
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\iphlpapi.dll
.
Ora fine scansione: 2012-08-15  14:09:52
ComboFix-quarantined-files.txt  2012-08-15 12:09
ComboFix2.txt  2010-04-21 17:57
.
Pre-Run: 45.255.696.384 byte disponibili
Post-Run: 45.366.079.488 byte disponibili
.
- - End Of File - - 6D76C68496653659145672AFDFA336DF
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: il pc non esegue nessun comando

Postdi FrancescoFDAC » 15/08/12 15:42

Stessa operazione, con questo file di testo (elimina CFScript.txt presente sul desktop e creane uno nuovo, altrimenti fai confusione.

Il PC ora riesce a funzionare?


Codice: Seleziona tutto
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cAba0g000015MzUzNjZsfDQ1NTg1NTJsYXxSaSAmIFBhIA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDq0g000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqFqn-0035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqVM000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kgMjQgZ29ybmk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

DDS::
uInternet Settings,ProxyServer = localhost:8095
TCP: Interfaces\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25

Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/


Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 16/08/12 16:14

Sono costretta a fare due post perchè dice che uno è troppo lungo.

Questo è il nuovo log di combofix

Codice: Seleziona tutto
ComboFix 12-08-05.02 - Rita 16/08/2012  16.51.03.6.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1406.986 [GMT 2:00]
Eseguito da: c:\documents and settings\Rita\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Rita\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000}
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-07-16 al 2012-08-16  )))))))))))))))))))))))))))))))))))
.
.
2012-08-04 19:14 . 2012-08-04 19:14   --------   d-----w-   c:\documents and settings\Rita\Dati applicazioni\Avira
2012-08-04 19:04 . 2012-08-04 19:04   --------   d-----w-   c:\programmi\CCleaner
2012-08-04 18:55 . 2011-07-21 10:26   138192   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2012-08-04 18:55 . 2010-06-17 13:28   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2012-08-04 18:55 . 2010-06-17 13:28   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2012-08-04 18:55 . 2012-08-04 18:55   --------   d-----w-   c:\programmi\Avira
2012-08-04 15:55 . 2012-08-04 15:55   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2012-08-04 15:55 . 2012-07-03 11:46   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-21 17:52 . 2012-07-05 20:06   772544   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-07-21 17:49 . 2012-07-21 17:49   --------   d-----w-   c:\programmi\Oracle
2012-07-21 17:48 . 2012-07-21 17:48   --------   d-----w-   c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Sun
2012-07-21 17:48 . 2012-07-21 17:48   --------   d-----w-   c:\documents and settings\Rita\Dati applicazioni\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 21:29 . 2012-04-10 14:07   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-15 21:29 . 2011-10-01 15:19   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:07 . 2008-03-27 20:23   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2010-11-13 19:34   687544   ----a-w-   c:\windows\system32\deployJava1.dll
2012-05-23 12:40 . 2012-05-23 12:40   716318   ----a-w-   c:\windows\unins000.exe
2012-08-01 18:31 . 2012-02-09 12:44   136672   ----a-w-   c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-08-05_08.54.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-16 14:07 . 2012-08-16 14:07   16384              c:\windows\temp\Perflib_Perfdata_6f4.dat
+ 2012-08-15 21:29 . 2012-08-15 21:29   686792              c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-15 20:29 . 2012-08-15 20:29   686792              c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 20:29 . 2012-08-15 20:29   466632              c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2012-04-10 14:07 . 2012-08-15 21:29   250056              c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-10 14:07 . 2012-08-03 15:29   250056              c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-15 21:29 . 2012-08-15 21:29   9465032              c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
"D-Link D-Link Wireless N DWA-140"="c:\programmi\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Printkey2000.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^KeyText.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk]
path=c:\documents and settings\Rita\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk
backup=c:\windows\pss\My 190.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43   69632   -c--a-w-   c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25   59240   -c--a-w-   c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-04-15 12:35   53248   -c----w-   c:\programmi\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 17:14   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 18:55   133104   ----atw-   c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\programmi\HP\HP Software Update\HPWuSchd2.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06   421736   -c--a-w-   c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
c:\programmi\Samsung\Kies\KiesHelper.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
c:\programmi\Samsung\Kies\KiesTrayAgent.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14   1695232   ----a-w-   c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:11   3872080   ----a-w-   c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50   155648   -c--a-w-   c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-06-16 13:21   1500160   -c--a-w-   c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17   421888   -c--a-w-   c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27   16207872   ----a-w-   c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04   2879488   -c--a-w-   c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2007-02-05 08:11   476728   -c--a-w-   c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07   252296   ----a-w-   c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-01 20:51   39408   ----a-w-   c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"TapiSrv"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"TlntSvr"=2 (0x2)
"RasMan"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"IDriverT"=3 (0x3)
"SharedAccess"=2 (0x2)
"AVP"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ServiceLayer"=3 (0x3)
"NanoServiceMain"=2 (0x2)
"MDM"=2 (0x2)
"gupdate"=2 (0x2)
"SSScsiSV"=3 (0x3)
"YahooAUService"=2 (0x2)
"SPTISRV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"gupdatem"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Rita\\Desktop\\BitTorrent-7.2.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [19/01/2011 22.06.21 20328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/08/2012 17.55.41 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25/01/2011 21.53.55 47360]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [01/03/2008 23.33.33 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [01/03/2008 23.33.33 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [01/03/2008 23.33.33 42112]
S3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\drivers\ONDA_MW823UP_cdc_acm.sys [27/01/2010 16.43.46 86016]
S3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\drivers\ONDA_MW823UP_cdc_ecm.sys [27/01/2010 16.43.48 49920]
S3 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\drivers\ONDA_MW823UP_cpo.sys [27/01/2010 16.43.46 9728]
S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\drivers\ONDA_MW823UP_dc_enum.sys [27/01/2010 16.43.48 80000]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\Ondausbmdm6k.sys [11/05/2010 15.03.01 103936]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\Ondausbnmea.sys [11/05/2010 15.03.01 103936]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\Ondausbser6k.sys [11/05/2010 15.03.01 103936]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 12646585
*Deregistered* - 12646585
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 21:29]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-01 15:41]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-01 15:41]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002Core.job
- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002UA.job
- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: facebook.com\www
Trusted Zone: microsoft.com\office
Trusted Zone: yahoo.com\it.play
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\Rita\Dati applicazioni\Mozilla\Firefox\Profiles\2djpk1er.default\
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-PosService - c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-16 16:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2012-08-16  16:59:28
ComboFix-quarantined-files.txt  2012-08-16 14:59
ComboFix2.txt  2012-08-15 12:09
ComboFix3.txt  2010-04-21 17:57
.
Pre-Run: 45.649.932.288 byte disponibili
Post-Run: 45.642.964.992 byte disponibili
.
- - End Of File - - 67556E84F69084F1499F7F54A740ED81
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 16/08/12 16:15

Ho fatto la scansione con il kasperski che mi hai detto ma non ha trovato nulla (quindi non riavviato). Qui c'è il log (c'è un problema: ne ho trovati 2 log quindi ti ho allegato il più pesante-l'altro era 3,33 kb).
Codice: Seleziona tutto
17:01:16.0265 2784  TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
17:01:16.0593 2784  ============================================================
17:01:16.0593 2784  Current date / time: 2012/08/16 17:01:16.0593
17:01:16.0593 2784  SystemInfo:
17:01:16.0593 2784 
17:01:16.0593 2784  OS Version: 5.1.2600 ServicePack: 3.0
17:01:16.0593 2784  Product type: Workstation
17:01:16.0593 2784  ComputerName: RITA-1997E2984C
17:01:16.0593 2784  UserName: Rita
17:01:16.0593 2784  Windows directory: C:\WINDOWS
17:01:16.0593 2784  System windows directory: C:\WINDOWS
17:01:16.0593 2784  Processor architecture: Intel x86
17:01:16.0593 2784  Number of processors: 1
17:01:16.0593 2784  Page size: 0x1000
17:01:16.0593 2784  Boot type: Normal boot
17:01:16.0593 2784  ============================================================
17:01:17.0546 2784  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:01:17.0546 2784  ============================================================
17:01:17.0546 2784  \Device\Harddisk0\DR0:
17:01:17.0546 2784  MBR partitions:
17:01:17.0546 2784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0xAEBC5A3
17:01:17.0593 2784  ============================================================
17:01:17.0656 2784  C: <-> \Device\Harddisk0\DR0\Partition1
17:01:17.0656 2784  ============================================================
17:01:17.0656 2784  Initialize success
17:01:17.0656 2784  ============================================================
17:01:19.0843 1200  ============================================================
17:01:19.0843 1200  Scan started
17:01:19.0843 1200  Mode: Manual;
17:01:19.0843 1200  ============================================================
17:01:20.0625 1200  ================ Scan services =============================
17:01:20.0781 1200  [ d766e636187b8f240bbfbabcd51eb2c6 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:01:20.0781 1200  ACPI - ok
17:01:20.0828 1200  [ 49ac5cd87fbdda62f3e25190019e7627 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:01:20.0828 1200  ACPIEC - ok
17:01:20.0906 1200  [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:01:20.0906 1200  AdobeFlashPlayerUpdateSvc - ok
17:01:20.0937 1200  [ 8bed39e3c35d6a489438b8141717a557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:01:20.0937 1200  aec - ok
17:01:20.0984 1200  [ 322d0e36693d6e24a2398bee62a268cd ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:01:20.0984 1200  AFD - ok
17:01:21.0031 1200  [ 14a077ad0cf6116d1102631d8e1edee8 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:01:21.0031 1200  Alerter - ok
17:01:21.0062 1200  [ 79fe2e0d7859738225816658f0bb2a0d ] ALG             C:\WINDOWS\System32\alg.exe
17:01:21.0062 1200  ALG - ok
17:01:21.0109 1200  [ 1d8b20120fd54563d5202cc5199dde10 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:01:21.0109 1200  AmdK8 - ok
17:01:21.0156 1200  [ 2953a157a783bfc06f42f99fefa5eb07 ] ANIO            C:\WINDOWS\system32\ANIO.SYS
17:01:21.0156 1200  ANIO - ok
17:01:21.0203 1200  [ 2d007966bb8a6c89433766e3d682bbec ] ANIWConnService C:\WINDOWS\system32\ANIWConnService.exe
17:01:21.0203 1200  ANIWConnService - ok
17:01:21.0312 1200  [ aa3d68f26b2a27f660afc46039b061a4 ] ANIWZCSdService C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
17:01:21.0312 1200  ANIWZCSdService - ok
17:01:21.0531 1200  [ 349a0e0039141c9b32e1f6bea860560f ] AntiVirScheduler C:\Programmi\Avira\AntiVir Desktop\sched.exe
17:01:21.0531 1200  AntiVirScheduler - ok
17:01:21.0593 1200  [ 445c1a3f7a5a8d0454c8944115e69f18 ] AntiVirService  C:\Programmi\Avira\AntiVir Desktop\avguard.exe
17:01:21.0593 1200  AntiVirService - ok
17:01:21.0718 1200  [ d8e18021f91ad79ca8491cb5a5da22d4 ] Apple Mobile Device C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:01:21.0718 1200  Apple Mobile Device - ok
17:01:21.0796 1200  [ 9062ed05b7519324fd7f0d6afb9d1147 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:01:21.0796 1200  AppMgmt - ok
17:01:21.0875 1200  [ baa6b3cc74a4377d063c5a92dd9c4098 ] AR5211          C:\WINDOWS\system32\DRIVERS\ar5211.sys
17:01:21.0890 1200  AR5211 - ok
17:01:22.0046 1200  [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:01:22.0046 1200  aspnet_state - ok
17:01:22.0078 1200  [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:01:22.0078 1200  AsyncMac - ok
17:01:22.0125 1200  [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:01:22.0125 1200  atapi - ok
17:01:22.0203 1200  [ e9b73d638608b5b20608db28186d3494 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:01:22.0218 1200  Ati HotKey Poller - ok
17:01:22.0328 1200  [ 2922cd8a5d913e737d4e7a634042e154 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:01:22.0343 1200  ati2mtag - ok
17:01:22.0406 1200  [ 9916c1225104ba14794209cfa8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:22.0406 1200  Atmarpc - ok
17:01:22.0437 1200  [ 1b58d118049304e88464be614c6d0014 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:01:22.0437 1200  AudioSrv - ok
17:01:22.0500 1200  [ d9f724aa26c010a217c97606b160ed68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:22.0500 1200  audstub - ok
17:01:22.0531 1200  [ 0b497c79824f8e1bf22fa6aacd3de3a0 ] avgio           C:\Programmi\Avira\AntiVir Desktop\avgio.sys
17:01:22.0531 1200  avgio - ok
17:01:22.0562 1200  [ 1e4114685de1ffa9675e09c6a1fb3f4b ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:01:22.0562 1200  avgntflt - ok
17:01:22.0609 1200  [ 0f78d3dae6dedd99ae54c9491c62adf2 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:01:22.0609 1200  avipbb - ok
17:01:22.0656 1200  [ da1f27d85e0d1525f6621372e7b685e9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:01:22.0656 1200  Beep - ok
17:01:22.0703 1200  [ 48c4763a9c8990fb48b73445beb15d6a ] BITS            C:\WINDOWS\system32\qmgr.dll
17:01:22.0718 1200  BITS - ok
17:01:22.0796 1200  [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Programmi\Bonjour\mDNSResponder.exe
17:01:22.0796 1200  Bonjour Service - ok
17:01:22.0859 1200  [ 4314623fd836e96a51343ce5c74b48a8 ] Browser         C:\WINDOWS\System32\browser.dll
17:01:22.0859 1200  Browser - ok
17:01:22.0921 1200  [ c75927f7bd22f298ada922a946da4586 ] Cam5603D        C:\WINDOWS\system32\Drivers\BisonCam.sys
17:01:22.0937 1200  Cam5603D - ok
17:01:23.0078 1200  catchme - ok
17:01:23.0109 1200  [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:23.0109 1200  cbidf2k - ok
17:01:23.0140 1200  [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:01:23.0140 1200  CCDECODE - ok
17:01:23.0203 1200  [ c1b486a7658353d33a10cc15211a873b ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:23.0203 1200  Cdaudio - ok
17:01:23.0218 1200  [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:23.0218 1200  Cdfs - ok
17:01:23.0250 1200  [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:23.0250 1200  Cdrom - ok
17:01:23.0312 1200  [ d04f2beb5ea63d0766e12e44aef7c38d ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:01:23.0312 1200  CiSvc - ok
17:01:23.0343 1200  [ 48cb1defa1a6506c3cf09e4950f82ef6 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:01:23.0343 1200  ClipSrv - ok
17:01:23.0390 1200  [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:23.0390 1200  clr_optimization_v2.0.50727_32 - ok
17:01:23.0437 1200  [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:01:23.0437 1200  CmBatt - ok
17:01:23.0468 1200  [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:01:23.0468 1200  Compbatt - ok
17:01:23.0484 1200  COMSysApp - ok
17:01:23.0546 1200  [ 75fa19142531cbf490770c2988a7db64 ] cpuz134         C:\WINDOWS\system32\drivers\cpuz134_x32.sys
17:01:23.0546 1200  cpuz134 - ok
17:01:23.0593 1200  [ b6fcbb157e9c8abdca4134c535535a8b ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:01:23.0593 1200  CryptSvc - ok
17:01:23.0656 1200  [ db0c9517c2374d86a18dbfa12b35b129 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:01:23.0687 1200  DcomLaunch - ok
17:01:23.0703 1200  dgderdrv - ok
17:01:23.0765 1200  [ 699ee7f752a25180aeb92c3a0eaee440 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:01:23.0765 1200  Dhcp - ok
17:01:23.0796 1200  [ 044452051f3e02e7963599fc8f4f3e25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:23.0796 1200  Disk - ok
17:01:23.0828 1200  dmadmin - ok
17:01:23.0890 1200  [ 82bc125a8ed33f5f0e75f2aac1065323 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:01:23.0890 1200  dmboot - ok
17:01:23.0953 1200  [ e959ddc0ea7ac11ee5e5602e2a364310 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:01:23.0953 1200  dmio - ok
17:01:24.0000 1200  [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:01:24.0000 1200  dmload - ok
17:01:24.0046 1200  [ a01858c50704b2d2edeebbf6bbbced2a ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:01:24.0046 1200  dmserver - ok
17:01:24.0093 1200  [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:01:24.0093 1200  DMusic - ok
17:01:24.0140 1200  [ 5a4dac2ed68edf6fdd78529d78cb994e ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:01:24.0140 1200  Dnscache - ok
17:01:24.0203 1200  [ d580d77dff316bd8c9d73b38695de8dc ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:01:24.0203 1200  Dot3svc - ok
17:01:24.0468 1200  [ 0bcfa67bba938be9024462af8b9f0a99 ] DragonUpdater   C:\Programmi\Comodo\Dragon\dragon_updater.exe
17:01:24.0500 1200  DragonUpdater - ok
17:01:24.0546 1200  [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:24.0546 1200  drmkaud - ok
17:01:24.0593 1200  [ 86b1f123bacd444e81960b339bae3ff2 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:01:24.0593 1200  EapHost - ok
17:01:24.0671 1200  [ aaa8999a169e39fb8b48ae49cd6ac30a ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:01:24.0671 1200  ElbyCDIO - ok
17:01:24.0703 1200  [ e205c313417da6fa7afe85912a310a65 ] ElbyDelay       C:\WINDOWS\system32\Drivers\ElbyDelay.sys
17:01:24.0703 1200  ElbyDelay - ok
17:01:24.0781 1200  [ 5aee9eedcfbf2b0f9dec53c27ee722a3 ] EMSCR           C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
17:01:24.0781 1200  EMSCR - ok
17:01:24.0828 1200  [ b6599eda9f3ebef064504ee35bbeca1c ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:01:24.0828 1200  ERSvc - ok
17:01:24.0859 1200  [ 8e56ab21d10c368029cea57de47d79c2 ] ESDCR           C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
17:01:24.0859 1200  ESDCR - ok
17:01:24.0875 1200  [ 0a58fade5e12d3a611427292073362cb ] ESMCR           C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
17:01:24.0875 1200  ESMCR - ok
17:01:24.0937 1200  [ dac0440c89b1ea4e35684896d5bf856e ] Eventlog        C:\WINDOWS\system32\services.exe
17:01:24.0937 1200  Eventlog - ok
17:01:24.0984 1200  [ ff8566499e5a781da69342d3d76ff246 ] EventSystem     C:\WINDOWS\system32\es.dll
17:01:25.0000 1200  EventSystem - ok
17:01:25.0046 1200  [ 38d332a6d56af32635675f132548343e ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:01:25.0046 1200  Fastfat - ok
17:01:25.0109 1200  [ a982208204830a213d7963bf2a215e56 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:01:25.0109 1200  FastUserSwitchingCompatibility - ok
17:01:25.0140 1200  [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
17:01:25.0140 1200  Fdc - ok
17:01:25.0171 1200  [ 2cfea3326981a18c6baf2bd9be76225b ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:01:25.0171 1200  Fips - ok
17:01:25.0171 1200  [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
17:01:25.0187 1200  Flpydisk - ok
17:01:25.0234 1200  [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:01:25.0234 1200  FltMgr - ok
17:01:25.0328 1200  [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:01:25.0328 1200  FontCache3.0.0.0 - ok
17:01:25.0343 1200  [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:01:25.0359 1200  Fs_Rec - ok
17:01:25.0375 1200  [ f3269a6ee547ea87b949a1cea4816b38 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:01:25.0375 1200  Ftdisk - ok
17:01:25.0421 1200  [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:01:25.0421 1200  GEARAspiWDM - ok
17:01:25.0484 1200  [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:01:25.0484 1200  Gpc - ok
17:01:25.0781 1200  [ f02a533f517eb38333cb12a9e8963773 ] gupdate         C:\Programmi\Google\Update\GoogleUpdate.exe
17:01:25.0781 1200  gupdate - ok
17:01:25.0796 1200  [ f02a533f517eb38333cb12a9e8963773 ] gupdatem        C:\Programmi\Google\Update\GoogleUpdate.exe
17:01:25.0796 1200  gupdatem - ok
17:01:25.0843 1200  [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc           C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
17:01:25.0843 1200  gusvc - ok
17:01:25.0906 1200  [ 3fcc124b6e08ee0e9351f717dd136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:01:25.0906 1200  HDAudBus - ok
17:01:25.0984 1200  [ 6ce66b51b4eb23d9d073f92698c55c8d ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:01:25.0984 1200  helpsvc - ok
17:01:26.0000 1200  HidServ - ok
17:01:26.0046 1200  [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:26.0046 1200  hidusb - ok
17:01:26.0109 1200  [ 00cad842f48947887a972828aca665f7 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:01:26.0109 1200  hkmsvc - ok
17:01:26.0171 1200  [ 9f1d80908658eb7f1bf70809e0b51470 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:01:26.0171 1200  HPZid412 - ok
17:01:26.0203 1200  [ f7e3e9d50f9cd3de28085a8fdaa0a1c3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:01:26.0203 1200  HPZipr12 - ok
17:01:26.0250 1200  [ cf1b7951b4ec8d13f3c93b74bb2b461b ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:01:26.0250 1200  HPZius12 - ok
17:01:26.0296 1200  [ 6a5c4732d6803f84e2987edd8e4359ce ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:01:26.0296 1200  HSFHWAZL - ok
17:01:26.0343 1200  [ 21c31273c6cc4826e74be8ae3b09d4a8 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:01:26.0359 1200  HSF_DPV - ok
17:01:26.0406 1200  [ f6aacf5bce2893e0c1754afeb672e5c9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:26.0421 1200  HTTP - ok
17:01:26.0468 1200  [ 450091aebfcd08e5858533eab5b9a436 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:01:26.0484 1200  HTTPFilter - ok
17:01:26.0515 1200  [ 200ab8daf659c7324601fcc824d7f910 ] hwdatacard      C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
17:01:26.0515 1200  hwdatacard - ok
17:01:26.0578 1200  [ 610726e28af55b95043c5c35a727e320 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:26.0578 1200  i8042prt - ok
17:01:26.0625 1200  [ daf66902f08796f9c694901660e5a64a ] IDriverT        C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:01:26.0640 1200  IDriverT - ok
17:01:26.0750 1200  [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:01:26.0765 1200  idsvc - ok
17:01:26.0812 1200  [ 25edd75e23c5ef6b33d0fbcce125a601 ] imagedrv        C:\WINDOWS\system32\Drivers\imagedrv.sys
17:01:26.0828 1200  imagedrv - ok
17:01:26.0843 1200  [ 9c4bbacf4e9b9543c3ce23f1fe556941 ] imagesrv        C:\WINDOWS\system32\DRIVERS\imagesrv.sys
17:01:26.0843 1200  imagesrv - ok
17:01:26.0906 1200  [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:26.0906 1200  Imapi - ok
17:01:26.0968 1200  [ db491237445f172fdddf00541de1a51d ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:01:26.0968 1200  ImapiService - ok
17:01:27.0250 1200  [ fa9a9468f982835e99c1ec21257f7e60 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:01:27.0343 1200  IntcAzAudAddService - ok
17:01:27.0390 1200  [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:01:27.0390 1200  Ip6Fw - ok
17:01:27.0406 1200  [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:27.0406 1200  IpFilterDriver - ok
17:01:27.0421 1200  [ b87ab476dcf76e72010632b5550955f5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:27.0437 1200  IpInIp - ok
17:01:27.0468 1200  [ cc748ea12c6effde940ee98098bf96bb ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:27.0468 1200  IpNat - ok
17:01:27.0531 1200  [ 33642c17c232aa272c68e446a2619899 ] iPod Service    C:\Programmi\iPod\bin\iPodService.exe
17:01:27.0546 1200  iPod Service - ok
17:01:27.0578 1200  [ 23c74d75e36e7158768dd63d92789a91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:27.0578 1200  IPSec - ok
17:01:27.0625 1200  [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:27.0625 1200  IRENUM - ok
17:01:27.0656 1200  [ 0953594beb81cc72fcc62d37921b25a6 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:27.0656 1200  isapnp - ok
17:01:27.0765 1200  [ 4f2143570d2250ca4c4a4c98553c82cd ] JavaQuickStarterService C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
17:01:27.0765 1200  JavaQuickStarterService - ok
17:01:27.0781 1200  [ 28b6eace513ca7eaba3b809ad4bc274d ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:27.0781 1200  Kbdclass - ok
17:01:27.0828 1200  [ 692bcf44383d056aed41b045a323d378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:01:27.0828 1200  kmixer - ok
17:01:27.0843 1200  [ 1705745d900dabf2d89f90ebaddc7517 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:27.0843 1200  KSecDD - ok
17:01:27.0890 1200  [ cfcf4aee4f81c6185ee663097f7189d3 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:01:27.0906 1200  lanmanserver - ok
17:01:27.0921 1200  [ 9071a3bedcd40ccb221b98f230fdde9a ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:01:27.0937 1200  lanmanworkstation - ok
17:01:27.0984 1200  [ e01255727d0b158538d7c2b469b533a8 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:01:27.0984 1200  LmHosts - ok
17:01:28.0015 1200  [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
17:01:28.0015 1200  MBAMProtector - ok
17:01:28.0109 1200  [ 43683e970f008c93c9429ef428147a54 ] MBAMService     C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
17:01:28.0125 1200  MBAMService - ok
17:01:28.0234 1200  [ 11f714f85530a2bd134074dc30e99fca ] MDM             C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
17:01:28.0234 1200  MDM - ok
17:01:28.0265 1200  [ 0cea2d0d3fa284b85ed5b68365114f76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:01:28.0265 1200  mdmxsdk - ok
17:01:28.0312 1200  [ 3b32f662c8607e891f325e41f7ee225c ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:01:28.0312 1200  Messenger - ok
17:01:28.0343 1200  [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:01:28.0343 1200  mnmdd - ok
17:01:28.0390 1200  [ 514a299ec926baada3c718b171476aa4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:01:28.0390 1200  mnmsrvc - ok
17:01:28.0406 1200  [ 8cb6636806d76b85fafaee94d75f5129 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:01:28.0406 1200  Modem - ok
17:01:28.0437 1200  [ 69cd0527a73636990967093674a176e2 ] motccgp         C:\WINDOWS\system32\DRIVERS\motccgp.sys
17:01:28.0437 1200  motccgp - ok
17:01:28.0468 1200  [ aad6191a4daa519f04ab12b2af73e356 ] motccgpfl       C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
17:01:28.0468 1200  motccgpfl - ok
17:01:28.0500 1200  [ 20ff89c59b0a50f53822303064988e00 ] MotDev          C:\WINDOWS\system32\DRIVERS\motodrv.sys
17:01:28.0500 1200  MotDev - ok
17:01:28.0546 1200  [ fe80c18ba448ddd76b7bead9eb203d37 ] motmodem        C:\WINDOWS\system32\DRIVERS\motmodem.sys
17:01:28.0546 1200  motmodem - ok
17:01:28.0593 1200  [ e904ebed608055a2bfb824c07f59766c ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:01:28.0593 1200  Mouclass - ok
17:01:28.0625 1200  [ d7662f0cf5b77bbbe3202716f5bd5318 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:01:28.0625 1200  mouhid - ok
17:01:28.0656 1200  [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:01:28.0656 1200  MountMgr - ok
17:01:28.0718 1200  [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
17:01:28.0718 1200  MozillaMaintenance - ok
17:01:28.0734 1200  [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:01:28.0734 1200  MRxDAV - ok
17:01:28.0781 1200  [ 68755f0ff16070178b54674fe5b847b0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:01:28.0796 1200  MRxSmb - ok
17:01:28.0859 1200  [ 8e46a7bac823dd82d4fb2a34c3df4c1d ] MSCSPTISRV      C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
17:01:28.0859 1200  MSCSPTISRV - ok
17:01:28.0890 1200  [ c941ea2454ba8350021d774daf0f1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:01:28.0890 1200  Msfs - ok
17:01:28.0906 1200  MSIServer - ok
17:01:28.0937 1200  [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:01:28.0937 1200  MSKSSRV - ok
17:01:28.0953 1200  [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:01:28.0953 1200  MSPCLOCK - ok
17:01:29.0000 1200  [ bad59648ba099da4a17680b39730cb3d ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:01:29.0000 1200  MSPQM - ok
17:01:29.0031 1200  [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:01:29.0031 1200  mssmbios - ok
17:01:29.0062 1200  [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
17:01:29.0062 1200  MSTEE - ok
17:01:29.0093 1200  [ 2f625d11385b1a94360bfc70aaefdee1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:01:29.0093 1200  Mup - ok
17:01:29.0125 1200  [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:01:29.0125 1200  NABTSFEC - ok
17:01:29.0187 1200  [ 911587fd303c9690a428bb4b04732b61 ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:01:29.0187 1200  napagent - ok
17:01:29.0218 1200  [ 1df7f42665c94b825322fae71721130d ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:01:29.0234 1200  NDIS - ok
17:01:29.0265 1200  [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:01:29.0265 1200  NdisIP - ok
17:01:29.0281 1200  [ 1ab3d00c991ab086e69db84b6c0ed78f ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:01:29.0281 1200  NdisTapi - ok
17:01:29.0312 1200  [ f927a4434c5028758a842943ef1a3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:01:29.0312 1200  Ndisuio - ok
17:01:29.0343 1200  [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:01:29.0343 1200  NdisWan - ok
17:01:29.0359 1200  [ 6215023940cfd3702b46abc304e1d45a ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:01:29.0359 1200  NDProxy - ok
17:01:29.0375 1200  [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:01:29.0375 1200  NetBIOS - ok
17:01:29.0406 1200  [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:01:29.0406 1200  NetBT - ok
17:01:29.0453 1200  [ 1b09227e41f414a93dbc0baf80c4d527 ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:01:29.0453 1200  NetDDE - ok
17:01:29.0468 1200  [ 1b09227e41f414a93dbc0baf80c4d527 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:01:29.0468 1200  NetDDEdsdm - ok
17:01:29.0515 1200  [ 0fba335727905de8e4cb5a2cf438abf5 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:01:29.0515 1200  Netlogon - ok
17:01:29.0546 1200  [ 02815b70fc4ca8611a926176f1c39fc2 ] Netman          C:\WINDOWS\System32\netman.dll
17:01:29.0562 1200  Netman - ok
17:01:29.0593 1200  [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:01:29.0593 1200  NetTcpPortSharing - ok
17:01:29.0640 1200  [ 7e1cee90214fa6def0e601cd7a9fc950 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:01:29.0640 1200  Nla - ok
17:01:29.0687 1200  [ cfe3462a9e94a57dcd9676f6b7fe7f67 ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
17:01:29.0687 1200  nmwcd - ok
17:01:29.0703 1200  [ 8f2a94f991f8c73cec26b4b5620d1edc ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
17:01:29.0703 1200  nmwcdc - ok
17:01:29.0750 1200  [ 3182d64ae053d6fb034f44b6def8034a ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:01:29.0750 1200  Npfs - ok
17:01:29.0796 1200  [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:01:29.0796 1200  Ntfs - ok
17:01:29.0812 1200  [ 0fba335727905de8e4cb5a2cf438abf5 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:01:29.0812 1200  NtLmSsp - ok
17:01:29.0843 1200  [ 89db90b5f35d2795d9fc56d933cc72b8 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:01:29.0843 1200  NtmsSvc - ok
17:01:29.0875 1200  [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:01:29.0875 1200  Null - ok
17:01:29.0906 1200  [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:01:29.0906 1200  NwlnkFlt - ok
17:01:29.0937 1200  [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:01:29.0937 1200  NwlnkFwd - ok
17:01:29.0984 1200  [ 302063cc3bf77eb9402c2cddec5166a8 ] ONDAusbmdm6k    C:\WINDOWS\system32\DRIVERS\ONDAusbmdm6k.sys
17:01:29.0984 1200  ONDAusbmdm6k - ok
17:01:30.0046 1200  [ 302063cc3bf77eb9402c2cddec5166a8 ] ONDAusbnmea     C:\WINDOWS\system32\DRIVERS\ONDAusbnmea.sys
17:01:30.0046 1200  ONDAusbnmea - ok
17:01:30.0062 1200  [ 302063cc3bf77eb9402c2cddec5166a8 ] ONDAusbser6k    C:\WINDOWS\system32\DRIVERS\ONDAusbser6k.sys
17:01:30.0062 1200  ONDAusbser6k - ok
17:01:30.0093 1200  [ 9144d56218dabd1fed42d2e1804a99f0 ] ONDA_MW823UP_cdc_acm C:\WINDOWS\system32\DRIVERS\ONDA_MW823UP_cdc_acm.sys
17:01:30.0109 1200  ONDA_MW823UP_cdc_acm - ok
17:01:30.0140 1200  [ 8fec988f3e2ab0168e843f21a49bfd2b ] ONDA_MW823UP_cdc_ecm C:\WINDOWS\system32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys
17:01:30.0140 1200  ONDA_MW823UP_cdc_ecm - ok
17:01:30.0187 1200  [ e8631963b0857deede6fb48798ada5dc ] ONDA_MW823UP_cpo C:\WINDOWS\system32\DRIVERS\ONDA_MW823UP_cpo.sys
17:01:30.0187 1200  ONDA_MW823UP_cpo - ok
17:01:30.0234 1200  [ c34a5c57af3fabe6dfb0e0d9f6c58c3f ] ONDA_MW823UP_dc_enum C:\WINDOWS\system32\DRIVERS\ONDA_MW823UP_dc_enum.sys
17:01:30.0234 1200  ONDA_MW823UP_dc_enum - ok
17:01:30.0281 1200  [ 5a432a042dae460abe7199b758e8606c ] ose             C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
17:01:30.0281 1200  ose - ok
17:01:30.0296 1200  [ 753a8f339f231d2b857e2ccd51a6e6ca ] PACSPTISVR      C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
17:01:30.0312 1200  PACSPTISVR - ok
17:01:30.0343 1200  [ 4e9408a178b2d955871c2cdd278de3c3 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
17:01:30.0343 1200  Parport - ok
17:01:30.0375 1200  [ beb3ba25197665d82ec7065b724171c6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:01:30.0375 1200  PartMgr - ok
17:01:30.0421 1200  [ 0dabef655a444cb1e193626fb1d24b9f ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:01:30.0421 1200  ParVdm - ok
17:01:30.0468 1200  [ fd2041e9ba03db7764b2248f02475079 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:01:30.0468 1200  pccsmcfd - ok
17:01:30.0500 1200  [ f40a46892afebb0314536b849d57c11e ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:01:30.0500 1200  PCI - ok
17:01:30.0515 1200  PCIDump - ok
17:01:30.0562 1200  [ b2df00d650fd6c4ee781740ed3c8e67f ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:01:30.0562 1200  PCIIde - ok
17:01:30.0578 1200  [ 815c50f2b1d1562800bdce8be895000e ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:01:30.0578 1200  Pcmcia - ok
17:01:30.0625 1200  [ 5b6c11de7e839c05248ced8825470fef ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
17:01:30.0625 1200  pcouffin - ok
17:01:30.0671 1200  [ dac0440c89b1ea4e35684896d5bf856e ] PlugPlay        C:\WINDOWS\system32\services.exe
17:01:30.0671 1200  PlugPlay - ok
17:01:30.0703 1200  [ 9d84376931440f3679beef2a414fa493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
17:01:30.0703 1200  Pml Driver HPZ12 - ok
17:01:30.0734 1200  [ 0fba335727905de8e4cb5a2cf438abf5 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:01:30.0734 1200  PolicyAgent - ok
17:01:30.0843 1200  [ f10c0207890534e92c49f0279f97522d ] PowerOffer Service C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
17:01:30.0843 1200  PowerOffer Service - ok
17:01:30.0890 1200  [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:01:30.0890 1200  PptpMiniport - ok
17:01:30.0906 1200  [ b479f50e883b2297a5f7f212aaee6f6c ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
17:01:30.0906 1200  Processor - ok
17:01:30.0921 1200  [ 0fba335727905de8e4cb5a2cf438abf5 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:01:30.0921 1200  ProtectedStorage - ok
17:01:30.0937 1200  [ 09298ec810b07e5d582cb3a3f9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:01:30.0937 1200  PSched - ok
17:01:30.0984 1200  [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:01:30.0984 1200  Ptilink - ok
17:01:31.0015 1200  [ 1962166e0ceb740704f30fa55ad3d509 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:01:31.0015 1200  PxHelp20 - ok
17:01:31.0046 1200  [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:01:31.0046 1200  RasAcd - ok
17:01:31.0078 1200  [ 9839b418343d6e6e52659bdf3ff1fe67 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:01:31.0078 1200  RasAuto - ok
17:01:31.0109 1200  [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:01:31.0109 1200  Rasl2tp - ok
17:01:31.0156 1200  [ 62ad41548e720db4763b86f95e44f3fa ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:01:31.0156 1200  RasMan - ok
17:01:31.0171 1200  [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:01:31.0171 1200  RasPppoe - ok
17:01:31.0171 1200  [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:01:31.0187 1200  Raspti - ok
17:01:31.0218 1200  [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:01:31.0234 1200  Rdbss - ok
17:01:31.0265 1200  [ 393fc252593323b624b230eca6b85e63 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:01:31.0265 1200  redbook - ok
17:01:31.0312 1200  [ 7ebbf16fbd3e0e34f084fa635c1844e3 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:01:31.0312 1200  RemoteAccess - ok
17:01:31.0359 1200  [ f667a41bced959988e53feecc8bf5da0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:01:31.0375 1200  RemoteRegistry - ok
17:01:31.0421 1200  [ d8b0b4ade32574b2d9c5cc34dc0dbbe7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
17:01:31.0421 1200  ROOTMODEM - ok
17:01:31.0453 1200  [ dc97f6c8a94691834439872b9e8ff2b3 ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:01:31.0468 1200  RpcLocator - ok
17:01:31.0515 1200  [ db0c9517c2374d86a18dbfa12b35b129 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
17:01:31.0531 1200  RpcSs - ok
17:01:31.0578 1200  [ dce0d20f8fb66df41d53734bff9d66f0 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:01:31.0578 1200  RSVP - ok
17:01:31.0671 1200  [ a6886caf9d03dade7144171e471eca6f ] rt2870          C:\WINDOWS\system32\DRIVERS\rt2870.sys
17:01:31.0687 1200  rt2870 - ok
17:01:31.0750 1200  [ 911e07056b865760c0762f6221145999 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:01:31.0750 1200  RTL8023xp - ok
17:01:31.0812 1200  [ d507c1400284176573224903819ffda3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:01:31.0812 1200  rtl8139 - ok
17:01:31.0859 1200  [ 0fba335727905de8e4cb5a2cf438abf5 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:01:31.0859 1200  SamSs - ok
17:01:31.0890 1200  [ 1d456f1cd76a80793c07ba52cf3a7455 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:01:31.0890 1200  SCardSvr - ok
17:01:31.0953 1200  [ 511886e5bd060046cce8373e92e62edf ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:01:31.0968 1200  Schedule - ok
17:01:32.0015 1200  [ 8d04819a3ce51b9eb47e5689b44d43c4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:01:32.0015 1200  sdbus - ok
17:01:32.0078 1200  [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:01:32.0078 1200  Secdrv - ok
17:01:32.0125 1200  [ 17c6354ca08e7c7972e12c67478ae134 ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:01:32.0140 1200  seclogon - ok
17:01:32.0187 1200  [ a0eca1ce0fccb29c5e4e1f416e95e73e ] SENS            C:\WINDOWS\system32\sens.dll
17:01:32.0203 1200  SENS - ok
17:01:32.0265 1200  [ fdbd9d64e2e03270021d424f0dccf79d ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
17:01:32.0265 1200  Serial - ok
17:01:32.0375 1200  [ 8c1f87f5fdd92229d1754b98f073913f ] ServiceLayer    C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
17:01:32.0390 1200  ServiceLayer - ok
17:01:32.0421 1200  ServUpdater - ok
17:01:32.0468 1200  [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:01:32.0468 1200  Sfloppy - ok
17:01:32.0546 1200  [ 152c0555925dfe028e3148fd215146bb ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:01:32.0546 1200  SharedAccess - ok
17:01:32.0578 1200  [ a982208204830a213d7963bf2a215e56 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:01:32.0578 1200  ShellHWDetection - ok
17:01:32.0609 1200  [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:01:32.0609 1200  SLIP - ok
17:01:32.0640 1200  [ 977aaa4398d7d6fa65d973f5b3f54e40 ] SonicStage Back-End Service C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe
17:01:32.0656 1200  SonicStage Back-End Service - ok
17:01:32.0687 1200  [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:01:32.0687 1200  splitter - ok
17:01:32.0734 1200  [ 60977c9bae8f86f9075829325303d0c9 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:01:32.0734 1200  Spooler - ok
17:01:32.0781 1200  [ e3e6c96b0ef4492c3c8fd0deef4e35a1 ] SPTISRV         C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
17:01:32.0781 1200  SPTISRV - ok
17:01:32.0812 1200  [ 618718cae288bf7cbd8fcbab2577d932 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:01:32.0812 1200  sr - ok
17:01:32.0843 1200  [ b3e3da70a7a76e69b872de3d06d32c19 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:01:32.0843 1200  srservice - ok
17:01:32.0859 1200  [ 5252605079810904e31c332e241cd59b ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:01:32.0859 1200  Srv - ok
17:01:32.0906 1200  [ 5215569dd3a8fbc65a85e85f3c12258b ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:01:32.0906 1200  SSDPSRV - ok
17:01:32.0937 1200  [ a36ee93698802cd899f98bfd553d8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:01:32.0937 1200  ssmdrv - ok
17:01:32.0984 1200  [ 756e371b3b86a3d3039926d32eac0e8d ] SSScsiSV        C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
17:01:32.0984 1200  SSScsiSV - ok
17:01:33.0031 1200  [ 306521935042fc0a6988d528643619b3 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
17:01:33.0031 1200  StarOpen - ok
17:01:33.0062 1200  [ 3b9263e137896e4d303494f116e00608 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:01:33.0078 1200  stisvc - ok
17:01:33.0125 1200  [ 77813007ba6265c4b6098187e6ed79d2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:01:33.0125 1200  streamip - ok
17:01:33.0156 1200  [ 3941d127aef12e93addf6fe6ee027e0f ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:01:33.0156 1200  swenum - ok
17:01:33.0187 1200  [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:01:33.0187 1200  swmidi - ok
17:01:33.0203 1200  [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:01:33.0203 1200  sysaudio - ok
17:01:33.0250 1200  [ a34a9a872eec4c026fd542ac7156fe0b ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:01:33.0250 1200  SysmonLog - ok
17:01:33.0296 1200  [ 6b85f1a9dce45d45bffad3222c21f297 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:01:33.0296 1200  TapiSrv - ok
17:01:33.0343 1200  [ 93ea8d04ec73a85db02eb8805988f733 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:01:33.0343 1200  Tcpip - ok
17:01:33.0390 1200  [ a982208204830a213d7963bf2a215e56 ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:01:33.0390 1200  Themes - ok
17:01:33.0437 1200  [ 2fff150ea4396956f10b66211687f335 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:01:33.0437 1200  TlntSvr - ok
17:01:33.0468 1200  [ 690294999df1248faf85d95b31955d0c ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:01:33.0468 1200  TrkWks - ok
17:01:33.0515 1200  [ be45dad1c73a3216edc8c485916f6594 ] truecrypt       C:\WINDOWS\system32\drivers\truecrypt.sys
17:01:33.0515 1200  truecrypt - ok
17:01:33.0578 1200  [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:01:33.0578 1200  Udfs - ok
17:01:33.0640 1200  [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:01:33.0640 1200  Update - ok
17:01:33.0671 1200  [ 8057b0744d9842a090e51d2845861d5f ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:01:33.0671 1200  upnphost - ok
17:01:33.0718 1200  [ ec01da44b090d2651fc032c8b9257232 ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
17:01:33.0718 1200  upperdev - ok
17:01:33.0734 1200  [ f5e8b846ec10e1df8dca64119e2eb709 ] UPS             C:\WINDOWS\System32\ups.exe
17:01:33.0734 1200  UPS - ok
17:01:33.0781 1200  [ 83cafcb53201bbac04d822f32438e244 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
17:01:33.0781 1200  USBAAPL - ok
17:01:33.0796 1200  [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:01:33.0796 1200  usbccgp - ok
17:01:33.0828 1200  [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:01:33.0828 1200  usbehci - ok
17:01:33.0843 1200  [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:01:33.0843 1200  usbhub - ok
17:01:33.0859 1200  [ 0daecce65366ea32b162f85f07c6753b ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:01:33.0859 1200  usbohci - ok
17:01:33.0890 1200  [ a717c8721046828520c9edf31288fc00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:01:33.0890 1200  usbprint - ok
17:01:33.0906 1200  [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:01:33.0906 1200  usbscan - ok
17:01:33.0984 1200  [ 4abd37cfbd710e64f01f9da8710c73f7 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
17:01:33.0984 1200  UsbserFilt - ok
17:01:34.0031 1200  [ af4b8cc5ea40c57208796920068ddcd5 ] usbsermptxp     C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
17:01:34.0031 1200  usbsermptxp - ok
17:01:34.0078 1200  [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:01:34.0078 1200  USBSTOR - ok
17:01:34.0109 1200  [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:01:34.0109 1200  VgaSave - ok
17:01:34.0140 1200  [ e46c1b5a56da7da603d09dfcc79ec59e ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:01:34.0140 1200  VolSnap - ok
17:01:34.0187 1200  [ c2fe17125256102f5b44194d5db0a799 ] VSS             C:\WINDOWS\System32\vssvc.exe
17:01:34.0187 1200  VSS - ok
17:01:34.0234 1200  [ 2969dd84b584a6bb541a5273103957a3 ] W32Time         C:\WINDOWS\system32\w32time.dll
17:01:34.0250 1200  W32Time - ok
17:01:34.0281 1200  [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:01:34.0281 1200  Wanarp - ok
17:01:34.0359 1200  [ d918617b46457b9ac28027722e30f647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:01:34.0375 1200  Wdf01000 - ok
17:01:34.0437 1200  [ 6768acf64b18196494413695f0c3a00f ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:01:34.0437 1200  wdmaud - ok
17:01:34.0484 1200  [ 2ec50ee79b65f60c8e8b4a03bbb3a42f ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:01:34.0500 1200  WebClient - ok
17:01:34.0546 1200  [ 307d248f97835b6879bdd361086924fe ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:01:34.0562 1200  winachsf - ok
17:01:34.0656 1200  [ 40911e98d0f1cbb1015f2101982f1ddf ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:01:34.0656 1200  winmgmt - ok
17:01:34.0750 1200  [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:01:34.0750 1200  WmdmPmSN - ok
17:01:34.0828 1200  [ 069d6bdf23ee96fcde2adf9fab27ae0d ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:01:34.0843 1200  Wmi - ok
17:01:34.0890 1200  [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:01:34.0890 1200  WmiAcpi - ok
17:01:34.0937 1200  [ 81fd02839fdb10acf0ec40b809b9f8cc ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:01:34.0937 1200  WmiApSrv - ok
17:01:35.0000 1200  [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:01:35.0000 1200  WS2IFSL - ok
17:01:35.0078 1200  [ 926d921c93cff1e19ef4de3e4c8368ca ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:01:35.0078 1200  wscsvc - ok
17:01:35.0109 1200  [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:01:35.0125 1200  WSTCODEC - ok
17:01:35.0140 1200  [ cc48415e6c7cbaa441a3d6a6dccbcfa6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:01:35.0156 1200  wuauserv - ok
17:01:35.0203 1200  [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:01:35.0203 1200  WudfPf - ok
17:01:35.0234 1200  [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:01:35.0234 1200  WudfRd - ok
17:01:35.0265 1200  [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:01:35.0281 1200  WudfSvc - ok
17:01:35.0359 1200  [ 053e0307a08cac60793e27e921b46b3e ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:01:35.0375 1200  WZCSVC - ok
17:01:35.0437 1200  [ 5526482dcba6047641b13bf9c75a74e0 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:01:35.0437 1200  xmlprov - ok
17:01:35.0531 1200  [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService  C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:01:35.0546 1200  YahooAUService - ok
17:01:35.0609 1200  ================ Scan global ===============================
17:01:35.0656 1200  (17ddfe6a0b5404c5ef4c03ad996d0562) C:\WINDOWS\system32\basesrv.dll
17:01:35.0703 1200  (5764b5d964e0cf313dacbb69c8aa1b2b) C:\WINDOWS\system32\winsrv.dll
17:01:35.0718 1200  (5764b5d964e0cf313dacbb69c8aa1b2b) C:\WINDOWS\system32\winsrv.dll
17:01:35.0734 1200  (dac0440c89b1ea4e35684896d5bf856e) C:\WINDOWS\system32\services.exe
17:01:35.0750 1200  [Global] - ok
17:01:35.0750 1200  ================ Scan MBR ==================================
17:01:35.0765 1200  MBR (0x1B8)     (10ae9eb13951b8e206480773f877a330) \Device\Harddisk0\DR0
17:01:35.0828 1200  \Device\Harddisk0\DR0 - ok
17:01:35.0828 1200  ================ Scan VBR ==================================
17:01:35.0843 1200  Boot (0x1200)   (b85f90964546078cf9fc779f1efb1dca) \Device\Harddisk0\DR0\Partition1
17:01:35.0843 1200  \Device\Harddisk0\DR0\Partition1 - ok
17:01:35.0843 1200  ============================================================
17:01:35.0843 1200  Scan finished
17:01:35.0843 1200  ============================================================
17:01:35.0859 0508  Detected object count: 0
17:01:35.0859 0508  Actual detected object count: 0
17:01:41.0968 3012  Deinitialize success


Ora passiamo al problema. Dopo che ho postato il problema e fatto le prime scansioni il pc non si era più bloccato. Dopo però aver fatto la scansione di combofix come mi hai detto con il txt che mi hai detto il pc è tornato a bloccarsi. Ho notato però che si blocca quasi esclusivamente quando provo a tenere aperto chrome con qualche altro browser. Ho guardato il task manager quando si blocca il pc e ho notato che c'è sempre qualche voce legata proprio al browser (mozilla o opera) che occupa tutta la memoria. Pensavo fosse una cosa normale che due browser potessero occupare tutta la memoria ma visto che è un problema recente la cosa non mi quadra.
Faccio qualche altra scansione?
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Re: il pc non esegue nessun comando

Postdi Vento_ribelle » 16/08/12 20:34

Volvo aggiungere una cosa. Girando sul forum ho trovato un post di una persona che aveva problemi ad eliminare un'applicazione e gli avete consigliato di controllare e se presenti eliminare le seguenti voci:
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\PosService
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Servupdate
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Poweroffer
Io ne ho trovate due (posservice e poweroffer) e le ho eliminate. Ho però un dubbio : nel post che vi ho detto c'è scritto di cercare anche in installazioni applicazioni poweroffer. Io ho cercato e ho trovato power offer 2.0 perciò volevo chiedervi se è lo stesso e quindi se devo eliminarlo.
Vento_ribelle
Utente Junior
 
Post: 83
Iscritto il: 06/08/07 21:04
Località: palermo

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "il pc non esegue nessun comando":


Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti