il pc non esegue nessun comando

di **Vento_ribelle** » 04/08/12 16:28

Salve a tutti,
da qualche giorno capita che il pc improvvisamente smetta di fare quello che gli chiedo, cioè anche se clicco quasiasi cosa, provo ad aprire qualche programma/pagina web/file lui non fa niente, rimane impalato. Se provo ad aprire il task manager lo apre ma non mi fa cliccare su niente nel task manager.
Spero di essere stata chiara.
Attendo risposte, sperando che nel frattempo il pc non smetta di funzionare.

ps: ho fatto un analisi con highjack ma non sapevo come postarvela.

di **gahan** » 04/08/12 16:34

Ciao,

Per postare il log di hijackthis, basta fare copia e incolla, utilizzando l'apposito tasto (vedi immagine sottostante):

di **Vento_ribelle** » 04/08/12 16:39

Scusami tanto Gahan m a non ho capito se con copia e incolla intendevi questo. Eventualmente correggo subito.

Codice: Seleziona tutto: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17.34.23, on 04/08/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ANIWConnService.exe C:\Programmi\AVG\AVG2012\avgwdsvc.exe C:\Programmi\Comodo\Dragon\dragon_updater.exe C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programmi\AVG\AVG2012\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe C:\Programmi\AVG\AVG2012\avgtray.exe C:\Programmi\File comuni\Java\Java Update\jusched.exe C:\Programmi\AVG\AVG2012\avgrsx.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\AVG\AVG2012\avgcsrvx.exe C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8095 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programmi\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG2012\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Programmi\AVG\AVG2012\avgtray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programmi\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.facebook.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Skype4COM.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2012\avgwdsvc.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Programmi\Comodo\Dragon\dragon_updater.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\PosService\Pos.exe O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe -- End of file - 8804 bytes

di **gahan** » 04/08/12 16:48

1 - Apri hijackthis e questa volta clicca su Do a system scan only

Metti la spunta (seleziona) sulle seguenti voci e premi su Fix Checked in basso.

Codice: Seleziona tutto: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe

2 - Scarica Malwarebytes

Installa il software, aggiornalo se te lo chiede.
Clicca su Scansione completa.

Al termine della scansione, dovesse trovare eventuali minacce, clicca su Rimuovi selezionati...
Verrà rilasciato un log.
Postalo qui.

di **Vento_ribelle** » 04/08/12 18:17

Fatto tutto, e questo è il log

Codice: Seleziona tutto: Malwarebytes Anti-Malware (Prova) 1.62.0.1300 www.malwarebytes.org Versione database: v2012.08.04.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Rita :: RITA-1997E2984C [amministratore] Protezione: Attivata 04/08/2012 17.58.56 mbam-log-2012-08-04 (17-58-56).txt Tipo di scansione: Scansione completa (C:\|) Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM Opzioni di scansione disattivate: P2P Elementi esaminati: 312006 Tempo impiegato: 1 ore, 20 minuti, 11 secondi Processi rilevati in memoria: 0 (non sono stati rilevati elementi nocivi) Moduli di memoria rilevati: 0 (non sono stati rilevati elementi nocivi) Chiavi di registro rilevate: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Nessuna azione intrapresa. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Nessuna azione intrapresa. Valori di registro rilevati: 0 (non sono stati rilevati elementi nocivi) Voci rilevate nei dati di registro: 0 (non sono stati rilevati elementi nocivi) Cartelle rilevate: 1 C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo. File rilevati: 11 C:\Documents and Settings\Rita\Desktop\chiavetta exe\PROGRAMMI SETUP\SoftonicDownloader_per_fotomix.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa. C:\Documents and Settings\Rita\Desktop\chiavetta exe\PROGRAMMI SETUP\SoftonicDownloader_per_microsoft-silverlight.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa. C:\Documents and Settings\Rita\Desktop\chiavetta exe\PROGRAMMI SETUP\SoftonicDownloader_per_photoscape.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa. C:\Documents and Settings\Rita\Desktop\chiavetta exe\PROGRAMMI SETUP\SoftonicDownloader_per_rmvb-converter.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa. C:\Documents and Settings\Rita\Desktop\chiavetta exe\chiavetta exe\WinRar 3.60 Ita\winrar.v3.6x.multi.language-patch.exe (PUP.Hacktool.Patcher) -> Nessuna azione intrapresa. C:\Documents and Settings\Rita\Documenti\Downloads\SoftonicDownloader_per_samsung-pc-studio.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa. C:\System Volume Information\_restore{3C8D085D-9EF1-49C2-97ED-D688F38BFCE5}\RP369\A0162154.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa. C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker\an1cAba0g000015MzUzNjZsfDQ1NTg1NTJsYXxSaSAmIFBhIA.gif (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo. C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker\an1cCDq0g000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg.gif (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo. C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker\an1cCDqFqn-0035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg.gif (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo. C:\Documents and Settings\Rita\Dati applicazioni\7910.org\Ticker\an1cCDqVM000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kgMjQgZ29ybmk.gif (Trojan.DDOS) -> Spostato in quarantena ed eliminato con successo. (fine)

Cosa devo fare adesso???

di **gahan** » 04/08/12 18:40

Scarica CCleaner

- Installa il software ed avvialo.
- a sinistra vai su opzioni -> avanzate -> togli la spunta da cancella file in windows temp se piu vecchi di 24 ore
- ritorna su "Pulizia" e clicca su Avvia Pulizia

di **gahan** » 04/08/12 18:54

Un'altra cosa...

Ho notato che sul PC hai AVG come antivirus.

Se vuoi un mio consiglio, disinstallalo ed installa Avira AntiVir decisamente piu efficace e leggero.

di **Vento_ribelle** » 04/08/12 20:08

Fatto anche con CCleaner, e messo avira.
Altro??
Ho due domande però : malwarebytes deve essere avviato all'avvio di windows o lo uso ogni tanto? Perchè se deve essere sempre attivo il mio pc si blocca subito, e non carica più. Secondo, io ricordavo che il programma fosse gratuito, invece mi dice che è una versione di prova. Forse ho scaricato una versione premium???

di **Vento_ribelle** » 04/08/12 21:46

So che sembra strano ma il pc mi sembra un pò più lentino di prima , ma magari è solo una mia impressione.

Dimenticavo una cosa : windows firewall va attivato??

di **gahan** » 04/08/12 22:52

Ciao,

andiamo con ordine.

Malwarebytes che hai scaricato è gratuito, ma ovviamente c'è anche la versione a pagamento che ha maggiori funzioni e funge da vero e proprio antivirus.

La versione gratuita ti consente esclusivamente di effettaure delle scansioni del tuo sistema.

Passiamo invece alle performance del tuo PC.
Il fatto che dopo le varie operazioni effettuate, il tuo PC continui ad essere lento, è molto strano.

Proviamo ad andare piu a fondo eseguendo una scansione anti-malware piu approfondita con un altro strumento.

1 - Scarica il seguente programma sul desktop:
Combofix

2 - Disattiva il firewall e il tuo antivirus dall'icona in basso a destra affianco alla data e ora di windows

3 - Apri ComboFix presente sul desktop con un doppio click

4 - Appena avviato clicca su Accetto: conferma cliccando Ok due volte

5 - Verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca su No)
6 - Durante il processo di scansione non interferire in nessun modo, quindi non aprire altri software o altro.

7 - Quando ComboFix avrà concluso l'operazione di scansione il sistema verrà riavviato automaticamente. In caso contrario, riavvialo tu manualmente

8 - Vai in Disco Locale C: e cerca il file di testo ComboFix.txt ed inseriscilo qui esattamente come hai postato gli altri log.

di **Vento_ribelle** » 05/08/12 10:01

Buona domenica Gahan.
Intanto ti copio e incollo il log di combofix

Codice: Seleziona tutto: ComboFix 12-08-05.02 - Rita 05/08/2012 10.48.25.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1406.909 [GMT 2:00] Eseguito da: C:\Documents and Settings\Rita\Documenti\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5CC9-7C92-0300-000000000000} ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\All Users\Dati applicazioni\TEMP C:\Documents and Settings\Rita\Dati applicazioni\7910.org C:\Documents and Settings\Rita\Dati applicazioni\inst.exe C:\Documents and Settings\Rita\Dati applicazioni\vso_ts_preview.xml C:\Documents and Settings\Rita\WINDOWS C:\prefs.js C:\WINDOWS\system32\muzapp.exe C:\WINDOWS\system32\Thumbs.db ((((((((((((((((((((((((( Files Creati Da 2012-07-05 al 2012-08-05 ))))))))))))))))))))))))))))))))))) 2012-08-04 19:14:05 . 2012-08-04 19:14:05 -------- d-----w- C:\Documents and Settings\Rita\Dati applicazioni\Avira 2012-08-04 19:04:10 . 2012-08-04 19:04:13 -------- d-----w- C:\Programmi\CCleaner 2012-08-04 18:55:37 . 2011-07-21 10:26:30 138192 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys 2012-08-04 18:55:37 . 2010-06-17 13:28:22 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys 2012-08-04 18:55:37 . 2010-06-17 13:28:22 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys 2012-08-04 18:55:36 . 2012-08-04 18:55:36 -------- d-----w- C:\Programmi\Avira 2012-08-04 15:55:41 . 2012-08-04 15:55:44 -------- d-----w- C:\Programmi\Malwarebytes' Anti-Malware 2012-08-04 15:55:41 . 2012-07-03 11:46:44 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2012-07-21 17:52:09 . 2012-07-05 20:06:30 772544 ----a-w- C:\WINDOWS\system32\npDeployJava1.dll 2012-07-21 17:49:20 . 2012-07-21 17:49:20 -------- d-----w- C:\Programmi\Oracle 2012-07-21 17:48:24 . 2012-07-21 17:48:24 -------- d-----w- C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Sun 2012-07-21 17:48:19 . 2012-07-21 17:48:19 -------- d-----w- C:\Documents and Settings\Rita\Dati applicazioni\Oracle . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-08-03 15:29:28 . 2012-04-10 14:07:26 426184 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe 2012-08-03 15:29:28 . 2011-10-01 15:19:57 70344 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2012-07-05 20:07:08 . 2008-03-27 20:23:38 143872 ----a-w- C:\WINDOWS\system32\javacpl.cpl 2012-07-05 20:06:20 . 2010-11-13 19:34:12 687544 ----a-w- C:\WINDOWS\system32\deployJava1.dll 2012-05-23 12:40:39 . 2012-05-23 12:40:50 716318 ----a-w- C:\WINDOWS\unins000.exe 2012-05-07 14:50:53 . 2012-05-07 14:50:52 1700352 -c--a-w- C:\WINDOWS\system32\gdiplus.dll 2012-08-01 18:31:24 . 2012-02-09 12:44:42 136672 ----a-w- C:\Programmi\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 12:59:00 98304] "D-Link D-Link Wireless N DWA-140"="C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 15:26:12 1683456] "Malwarebytes' Anti-Malware"="C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 11:46:44 462920] "PosService"="C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 15:44:48 218624] "avgnt"="C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 05:56:14 281768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 17:14:04 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Printkey2000.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^KeyText.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk] path=C:\Documents and Settings\Rita\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk backup=C:\WINDOWS\pss\My 190.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cAba0g000015MzUzNjZsfDQ1NTg1NTJsYXxSaSAmIFBhIA HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDq0g000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqFqn-0035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqVM000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kgMjQgZ29ybmk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUNMain [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 17:43:00 69632 -c--a-w- C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25:58 59240 -c--a-w- C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] 2006-04-15 12:35:00 53248 -c----w- C:\Programmi\Realtek\InstallShield\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-13 17:14:04 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-09-03 18:55:20 133104 ----atw- C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-10-09 16:06:40 421736 -c--a-w- C:\Programmi\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 17:14:14 1695232 ----a-w- C:\Programmi\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 21:11:46 3872080 ----a-w- C:\Programmi\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50:42 155648 -c--a-w- C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2011-06-16 13:21:06 1500160 -c--a-w- C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PosService] 2011-12-16 15:44:48 218624 ----a-w- C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 10:17:42 421888 -c--a-w- C:\Programmi\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-05-18 13:27:00 16207872 ----a-w- C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 17:04:00 2879488 -c--a-w- C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2007-02-05 08:11:10 476728 -c--a-w- C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 09:07:54 252296 ----a-w- C:\Programmi\File comuni\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-01-01 20:51:12 39408 ----a-w- C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "PACSPTISVR"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Apple Mobile Device"=2 (0x2) "TapiSrv"=3 (0x3) "MSCSPTISRV"=3 (0x3) "TlntSvr"=2 (0x2) "RasMan"=3 (0x3) "Netlogon"=3 (0x3) "mnmsrvc"=3 (0x3) "helpsvc"=2 (0x2) "IDriverT"=3 (0x3) "SharedAccess"=2 (0x2) "AVP"=2 (0x2) "Bonjour Service"=2 (0x2) "ServiceLayer"=3 (0x3) "NanoServiceMain"=2 (0x2) "MDM"=2 (0x2) "gupdate"=2 (0x2) "SSScsiSV"=3 (0x3) "YahooAUService"=2 (0x2) "SPTISRV"=3 (0x3) "SonicStage Back-End Service"=3 (0x3) "gupdatem"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programmi\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Programmi\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Documents and Settings\\Rita\\Desktop\\BitTorrent-7.2.exe"= "C:\\Programmi\\Skype\\Phone\\Skype.exe"= R2 cpuz134;cpuz134;C:\WINDOWS\system32\drivers\cpuz134_x32.sys [19/01/2011 22.06.21 20328] R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [04/08/2012 17.55.41 22344] R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\drivers\pcouffin.sys [25/01/2011 21.53.55 47360] S3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys --> C:\WINDOWS\system32\drivers\dgderdrv.sys [?] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\drivers\motccgp.sys [01/03/2008 23.33.33 17920] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\drivers\motccgpfl.sys [01/03/2008 23.33.33 7680] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\drivers\motodrv.sys [01/03/2008 23.33.33 42112] S3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;C:\WINDOWS\system32\drivers\ONDA_MW823UP_cdc_acm.sys [27/01/2010 16.43.46 86016] S3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;C:\WINDOWS\system32\drivers\ONDA_MW823UP_cdc_ecm.sys [27/01/2010 16.43.48 49920] S3 ONDA_MW823UP_cpo;ONDA MW823UP Install;C:\WINDOWS\system32\drivers\ONDA_MW823UP_cpo.sys [27/01/2010 16.43.46 9728] S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;C:\WINDOWS\system32\drivers\ONDA_MW823UP_dc_enum.sys [27/01/2010 16.43.48 80000] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;C:\WINDOWS\system32\drivers\Ondausbmdm6k.sys [11/05/2010 15.03.01 103936] S3 ONDAusbnmea;ONDA NMEA Port;C:\WINDOWS\system32\drivers\Ondausbnmea.sys [11/05/2010 15.03.01 103936] S3 ONDAusbser6k;ONDA Diagnostic Port;C:\WINDOWS\system32\drivers\Ondausbser6k.sys [11/05/2010 15.03.01 103936] --- Altri Servizi/Drivers In Memoria --- *NewlyCreated* - SSMDRV Contenuto della cartella 'Scheduled Tasks' 2012-08-04 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:07:26 . 2012-08-03 15:29:32] 2012-08-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - C:\Programmi\Google\Update\GoogleUpdate.exe [2011-01-01 20:50:25 . 2010-11-09 15:41:07] 2012-08-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - C:\Programmi\Google\Update\GoogleUpdate.exe [2011-01-01 20:50:25 . 2010-11-09 15:41:07] 2012-08-04 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002Core.job - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55:24 . 2008-09-03 18:55:20] 2012-08-04 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002UA.job - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55:24 . 2008-09-03 18:55:20] ------- Scansione supplementare ------- uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = localhost:8095 uInternet Settings,ProxyOverride = *.local IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: facebook.com\www Trusted Zone: microsoft.com\office Trusted Zone: yahoo.com\it.play TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25 FF - ProfilePath - C:\Documents and Settings\Rita\Dati applicazioni\Mozilla\Firefox\Profiles\2djpk1er.default\ FF - prefs.js: browser.search.selectedEngine - Cerca... FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/ - - - - CHIAVI ORFANE RIMOSSE - - - - HKU-Default-Run-Nokia.PCSync - C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe MSConfigStartUp-eMuleAutoStart - C:\Programmi\eMule\emule.exe MSConfigStartUp-HP Software Update - C:\Programmi\HP\HP Software Update\HPWuSchd2.exe MSConfigStartUp-KiesHelper - C:\Programmi\Samsung\Kies\KiesHelper.exe MSConfigStartUp-KiesPDLR - C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSConfigStartUp-KiesTrayAgent - C:\Programmi\Samsung\Kies\KiesTrayAgent.exe AddRemove-PrintKey2000 - C:\PROGRA~1\PRINTK~1\UNWISE.EXE

Ieri ho notato che improvvisamente era cambiata nuovamente la pagina iniziale del browser, cosi ho fatto un controllo con highjack e ho notato che una voce che ieri mi avevi fatto fixare era ritornata. Cosi ho preso e ho eliminato l'intera cartella che lo conteneva (che comunque si trova ancora nel cestino). Quella pagina web non è tornata più, ma mi è venuto un dubbio che ci sia un virus che non è stato rimosso del tutto e che sia quella la causa della lentezza del pc. Che ne pensi?? Io ti posto anche il nuovo log di highjack ( la voce in questione è proprio l'ultima).

Codice: Seleziona tutto: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10.59.50, on 05/08/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ANIWConnService.exe C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\Comodo\Dragon\dragon_updater.exe C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Avira\AntiVir Desktop\avshadow.exe C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programmi\trend micro\HijackThis\HijackThis.exe C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8095 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.facebook.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Skype4COM.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Programmi\Comodo\Dragon\dragon_updater.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\PosService\Pos.exe O23 - Service: Serv Updater (ServUpdater) - Unknown owner - C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe (file missing) -- End of file - 8435 bytes

.

di **gahan** » 05/08/12 20:01

Ciao

Molto probabilmente è necessario intervenire manualmente sul log di ComboFix per eliminare alcune voci nocive, onde per cui farò spostare, il prima possibile, il tuo topic nella sezione Sicurezza e Privacy.

Un mio collega ti aiuterà senz'altro a risolvere il problema.

Ti invito perciò ad attendere, senza aprire ulteriori topic sullo stesso argomento.

di **Vento_ribelle** » 09/08/12 20:46

Ciao a tutti,
volevo aggiungere due cose che ho notato stasera. Mentre navigavo su internet improvvisamente non riuscivo più a cliccare nulla cosi ho guardato nel task manager se qualcosa rallentava e in processi ho trovato una voce "setup.exe" che utilizzava più memoria di tutto. L'ho chiusa e tutto è tornato a funzionare normalmente. Dopo cinque minuti però stesso problema, cosi ho ricontrollato il task manager e stavolta è uscita fuori un'altra voce strana "plugin-container.exe".
Magari queste voci non sono affatti sospette eppure una volta chiuse tutto ritornava normale.
Che ne pensate voi?

di **gahan** » 09/08/12 22:23

Ciao,

purtroppo nell'ultimo log diCombofix ho notato delle infezioni che devono essere rimosse manualmente tramite uno script.

Attendi finchè un moderatore della sezione non analizzerà il log e dirti ciò che devi fare.

di **FrancescoFDAC** » 13/08/12 09:09

Intervengo benchè non sia un moderatore della sezione in questione per dare una mano.

Iniziamo:

Taglia e incolla ComboFix da qui: C:\Documents and Settings\Rita\Documenti\Downloads\ComboFix.exe
e posizionalo sul Desktop (ti era stato detto chiaramente, in grassetto, ma tu non hai dato retta alle parole saggie di gahan).

Quindi:

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

Folder::
C:\Documents and Settings\All Users\Documenti\AppData\PoApp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PosService]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

● chiama questo file CFScript.txt, e posizionalo sul Desktop, affianco a ComboFix - se ComboFix non fosse sul Desktop provvedi a spostarlo li-

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
N.B :
● se viene visualizzato l'errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione, dovrai semplicemente riavviare il sistema e ripetere lo Script

Comunica se riscontri ancora gli stessi problemi.

di **Vento_ribelle** » 15/08/12 13:22

Intanto mi scuso per non aver installato subito combofix sul desktop, ho fatto tutto in maniera automatica e non ho fatto caso.
Ho fatto tutto quello che mi è stato detto, e allego il log di combofix.

Codice: Seleziona tutto: ComboFix 12-08-05.02 - Rita 15/08/2012 14.02.08.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1406.983 [GMT 2:00] Eseguito da: c:\documents and settings\Rita\Desktop\ComboFix.exe Opzioni usate :: c:\documents and settings\Rita\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5CC9-7C92-0300-000000000000} * Creato nuovo punto di ripristino . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Documenti\AppData\PoApp c:\documents and settings\All Users\Documenti\AppData\PoApp\7z.dll c:\documents and settings\All Users\Documenti\AppData\PoApp\AppLib.Zip.dll c:\documents and settings\All Users\Documenti\AppData\PoApp\kw.sdb c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe c:\documents and settings\All Users\Documenti\AppData\PoApp\PService.exe c:\documents and settings\All Users\Documenti\AppData\PoApp\RegHandlerDll.dll c:\documents and settings\All Users\Documenti\AppData\PoApp\settings\settings.ini . ---- Esecuzione precedente ------- . c:\documents and settings\All Users\Dati applicazioni\TEMP c:\documents and settings\Rita\Dati applicazioni\7910.org c:\documents and settings\Rita\Dati applicazioni\inst.exe c:\documents and settings\Rita\Dati applicazioni\vso_ts_preview.xml c:\documents and settings\Rita\WINDOWS C:\prefs.js c:\windows\system32\muzapp.exe c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((( Files Creati Da 2012-07-15 al 2012-08-15 ))))))))))))))))))))))))))))))))))) . . 2012-08-04 19:14 . 2012-08-04 19:14 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\Avira 2012-08-04 19:04 . 2012-08-04 19:04 -------- d-----w- c:\programmi\CCleaner 2012-08-04 18:55 . 2011-07-21 10:26 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-08-04 18:55 . 2010-06-17 13:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2012-08-04 18:55 . 2010-06-17 13:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2012-08-04 18:55 . 2012-08-04 18:55 -------- d-----w- c:\programmi\Avira 2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2012-08-04 15:55 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-21 17:52 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-21 17:49 . 2012-07-21 17:49 -------- d-----w- c:\programmi\Oracle 2012-07-21 17:48 . 2012-07-21 17:48 -------- d-----w- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Sun 2012-07-21 17:48 . 2012-07-21 17:48 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\Oracle . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 15:29 . 2012-04-10 14:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-03 15:29 . 2011-10-01 15:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-05 20:07 . 2008-03-27 20:23 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-05 20:06 . 2010-11-13 19:34 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-23 12:40 . 2012-05-23 12:40 716318 ----a-w- c:\windows\unins000.exe 2012-08-01 18:31 . 2012-02-09 12:44 136672 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-05_08.54.15 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-15 11:25 . 2012-08-15 11:25 16384 c:\windows\temp\Perflib_Perfdata_6dc.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-01 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304] "D-Link D-Link Wireless N DWA-140"="c:\programmi\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456] "Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Printkey2000.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^KeyText.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk] path=c:\documents and settings\Rita\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk backup=c:\windows\pss\My 190.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cAba0g000015MzUzNjZsfDQ1NTg1NTJsYXxSaSAmIFBhIA HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDq0g000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqFqn-0035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqVM000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kgMjQgZ29ybmk . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUNMain . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 17:43 69632 -c--a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25 59240 -c--a-w- c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] 2006-04-15 12:35 53248 -c----w- c:\programmi\Realtek\InstallShield\AzMixerSel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-13 17:14 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] c:\programmi\eMule\emule.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-09-03 18:55 133104 ----atw- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] c:\programmi\HP\HP Software Update\HPWuSchd2.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-10-09 16:06 421736 -c--a-w- c:\programmi\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper] c:\programmi\Samsung\Kies\KiesHelper.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] c:\programmi\Samsung\Kies\KiesTrayAgent.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 17:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 21:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2011-06-16 13:21 1500160 -c--a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 10:17 421888 -c--a-w- c:\programmi\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 17:04 2879488 -c--a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2007-02-05 08:11 476728 -c--a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 09:07 252296 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-01-01 20:51 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "PACSPTISVR"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Apple Mobile Device"=2 (0x2) "TapiSrv"=3 (0x3) "MSCSPTISRV"=3 (0x3) "TlntSvr"=2 (0x2) "RasMan"=3 (0x3) "Netlogon"=3 (0x3) "mnmsrvc"=3 (0x3) "helpsvc"=2 (0x2) "IDriverT"=3 (0x3) "SharedAccess"=2 (0x2) "AVP"=2 (0x2) "Bonjour Service"=2 (0x2) "ServiceLayer"=3 (0x3) "NanoServiceMain"=2 (0x2) "MDM"=2 (0x2) "gupdate"=2 (0x2) "SSScsiSV"=3 (0x3) "YahooAUService"=2 (0x2) "SPTISRV"=3 (0x3) "SonicStage Back-End Service"=3 (0x3) "gupdatem"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Rita\\Desktop\\BitTorrent-7.2.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= . R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [19/01/2011 22.06.21 20328] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/08/2012 17.55.41 22344] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25/01/2011 21.53.55 47360] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [01/03/2008 23.33.33 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [01/03/2008 23.33.33 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [01/03/2008 23.33.33 42112] S3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\drivers\ONDA_MW823UP_cdc_acm.sys [27/01/2010 16.43.46 86016] S3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\drivers\ONDA_MW823UP_cdc_ecm.sys [27/01/2010 16.43.48 49920] S3 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\drivers\ONDA_MW823UP_cpo.sys [27/01/2010 16.43.46 9728] S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\drivers\ONDA_MW823UP_dc_enum.sys [27/01/2010 16.43.48 80000] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\Ondausbmdm6k.sys [11/05/2010 15.03.01 103936] S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\Ondausbnmea.sys [11/05/2010 15.03.01 103936] S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\Ondausbser6k.sys [11/05/2010 15.03.01 103936] . Contenuto della cartella 'Scheduled Tasks' . 2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 15:29] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-01 15:41] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-01 15:41] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002Core.job - c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002UA.job - c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55] . . ------- Scansione supplementare ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = localhost:8095 uInternet Settings,ProxyOverride = *.local IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: facebook.com\www Trusted Zone: microsoft.com\office Trusted Zone: yahoo.com\it.play TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25 FF - ProfilePath - c:\documents and settings\Rita\Dati applicazioni\Mozilla\Firefox\Profiles\2djpk1er.default\ FF - prefs.js: browser.search.selectedEngine - Cerca... FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-15 14:07 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'winlogon.exe'(612) c:\windows\system32\Ati2evxx.dll c:\windows\system32\iphlpapi.dll . Ora fine scansione: 2012-08-15 14:09:52 ComboFix-quarantined-files.txt 2012-08-15 12:09 ComboFix2.txt 2010-04-21 17:57 . Pre-Run: 45.255.696.384 byte disponibili Post-Run: 45.366.079.488 byte disponibili . - - End Of File - - 6D76C68496653659145672AFDFA336DF

di **FrancescoFDAC** » 15/08/12 15:42

Stessa operazione, con questo file di testo (elimina CFScript.txt presente sul desktop e creane uno nuovo, altrimenti fai confusione.

Il PC ora riesce a funzionare?

Codice: Seleziona tutto: Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cAba0g000015MzUzNjZsfDQ1NTg1NTJsYXxSaSAmIFBhIA] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDq0g000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqFqn-0035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kg] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\http://ticker.7910.org/an1cCDqVM000035MzUzNjZsfDAwMDAxMTFkYXxSaSAmIFBhIDEgYW5ubyA2IG1lc2kgMjQgZ29ybmk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] DDS:: uInternet Settings,ProxyServer = localhost:8095 TCP: Interfaces\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25 Firefox:: FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
● non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')

di **Vento_ribelle** » 16/08/12 16:14

Sono costretta a fare due post perchè dice che uno è troppo lungo.

Questo è il nuovo log di combofix

Codice: Seleziona tutto: ComboFix 12-08-05.02 - Rita 16/08/2012 16.51.03.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1406.986 [GMT 2:00] Eseguito da: c:\documents and settings\Rita\Desktop\ComboFix.exe Opzioni usate :: c:\documents and settings\Rita\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000} . . ((((((((((((((((((((((((( Files Creati Da 2012-07-16 al 2012-08-16 ))))))))))))))))))))))))))))))))))) . . 2012-08-04 19:14 . 2012-08-04 19:14 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\Avira 2012-08-04 19:04 . 2012-08-04 19:04 -------- d-----w- c:\programmi\CCleaner 2012-08-04 18:55 . 2011-07-21 10:26 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-08-04 18:55 . 2010-06-17 13:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2012-08-04 18:55 . 2010-06-17 13:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2012-08-04 18:55 . 2012-08-04 18:55 -------- d-----w- c:\programmi\Avira 2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2012-08-04 15:55 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-21 17:52 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-21 17:49 . 2012-07-21 17:49 -------- d-----w- c:\programmi\Oracle 2012-07-21 17:48 . 2012-07-21 17:48 -------- d-----w- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Sun 2012-07-21 17:48 . 2012-07-21 17:48 -------- d-----w- c:\documents and settings\Rita\Dati applicazioni\Oracle . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 21:29 . 2012-04-10 14:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 21:29 . 2011-10-01 15:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-05 20:07 . 2008-03-27 20:23 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-05 20:06 . 2010-11-13 19:34 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-23 12:40 . 2012-05-23 12:40 716318 ----a-w- c:\windows\unins000.exe 2012-08-01 18:31 . 2012-02-09 12:44 136672 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-05_08.54.15 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-16 14:07 . 2012-08-16 14:07 16384 c:\windows\temp\Perflib_Perfdata_6f4.dat + 2012-08-15 21:29 . 2012-08-15 21:29 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe + 2012-08-15 20:29 . 2012-08-15 20:29 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe + 2012-08-15 20:29 . 2012-08-15 20:29 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll + 2012-04-10 14:07 . 2012-08-15 21:29 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe - 2012-04-10 14:07 . 2012-08-03 15:29 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe + 2012-08-15 21:29 . 2012-08-15 21:29 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-01 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304] "D-Link D-Link Wireless N DWA-140"="c:\programmi\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456] "Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Printkey2000.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^KeyText.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Rita^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk] path=c:\documents and settings\Rita\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk backup=c:\windows\pss\My 190.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 17:43 69632 -c--a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25 59240 -c--a-w- c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] 2006-04-15 12:35 53248 -c----w- c:\programmi\Realtek\InstallShield\AzMixerSel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-13 17:14 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-09-03 18:55 133104 ----atw- c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] c:\programmi\HP\HP Software Update\HPWuSchd2.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-10-09 16:06 421736 -c--a-w- c:\programmi\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper] c:\programmi\Samsung\Kies\KiesHelper.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] c:\programmi\Samsung\Kies\KiesTrayAgent.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 17:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 21:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2011-06-16 13:21 1500160 -c--a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 10:17 421888 -c--a-w- c:\programmi\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 17:04 2879488 -c--a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2007-02-05 08:11 476728 -c--a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 09:07 252296 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-01-01 20:51 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "PACSPTISVR"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Apple Mobile Device"=2 (0x2) "TapiSrv"=3 (0x3) "MSCSPTISRV"=3 (0x3) "TlntSvr"=2 (0x2) "RasMan"=3 (0x3) "Netlogon"=3 (0x3) "mnmsrvc"=3 (0x3) "helpsvc"=2 (0x2) "IDriverT"=3 (0x3) "SharedAccess"=2 (0x2) "AVP"=2 (0x2) "Bonjour Service"=2 (0x2) "ServiceLayer"=3 (0x3) "NanoServiceMain"=2 (0x2) "MDM"=2 (0x2) "gupdate"=2 (0x2) "SSScsiSV"=3 (0x3) "YahooAUService"=2 (0x2) "SPTISRV"=3 (0x3) "SonicStage Back-End Service"=3 (0x3) "gupdatem"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Rita\\Desktop\\BitTorrent-7.2.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= . R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [19/01/2011 22.06.21 20328] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/08/2012 17.55.41 22344] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25/01/2011 21.53.55 47360] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [01/03/2008 23.33.33 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [01/03/2008 23.33.33 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [01/03/2008 23.33.33 42112] S3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\drivers\ONDA_MW823UP_cdc_acm.sys [27/01/2010 16.43.46 86016] S3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\drivers\ONDA_MW823UP_cdc_ecm.sys [27/01/2010 16.43.48 49920] S3 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\drivers\ONDA_MW823UP_cpo.sys [27/01/2010 16.43.46 9728] S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\drivers\ONDA_MW823UP_dc_enum.sys [27/01/2010 16.43.48 80000] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\Ondausbmdm6k.sys [11/05/2010 15.03.01 103936] S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\Ondausbnmea.sys [11/05/2010 15.03.01 103936] S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\Ondausbser6k.sys [11/05/2010 15.03.01 103936] . --- Altri Servizi/Drivers In Memoria --- . *NewlyCreated* - 12646585 *Deregistered* - 12646585 . Contenuto della cartella 'Scheduled Tasks' . 2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 21:29] . 2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-01 15:41] . 2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2011-01-01 15:41] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002Core.job - c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55] . 2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-2000478354-839522115-1002UA.job - c:\documents and settings\Rita\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 18:55] . . ------- Scansione supplementare ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: facebook.com\www Trusted Zone: microsoft.com\office Trusted Zone: yahoo.com\it.play TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{05037EF7-33EB-4F25-AAA4-60A142426391}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{17518B27-7C81-4BB1-8985-4FB98E5C7511}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{27F5818A-D527-4604-9BFC-E7A2B6F2EA64}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{3215D194-70C8-4687-AB06-E33431F23DB5}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{8B74718A-2E71-42B6-8003-182D1459EEB8}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{94807935-B932-4109-8E8C-CDEA22FDE17E}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{95BC18E1-29FD-4A4A-9801-7FD4A6AD02F3}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{C229E30C-D489-4CA9-A88B-404E0AFA29D9}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{D15D1388-9188-49C3-ACCC-A3FE3A822DB0}: NameServer = 176.31.229.24,176.31.229.25 TCP: Interfaces\{E7814B96-F6F5-4E7C-A7A3-0E976A156664}: NameServer = 176.31.229.24,176.31.229.25 FF - ProfilePath - c:\documents and settings\Rita\Dati applicazioni\Mozilla\Firefox\Profiles\2djpk1er.default\ FF - prefs.js: browser.search.selectedEngine - Cerca... FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/ . - - - - CHIAVI ORFANE RIMOSSE - - - - . HKLM-Run-PosService - c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-16 16:57 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'winlogon.exe'(612) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3548) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Ora fine scansione: 2012-08-16 16:59:28 ComboFix-quarantined-files.txt 2012-08-16 14:59 ComboFix2.txt 2012-08-15 12:09 ComboFix3.txt 2010-04-21 17:57 . Pre-Run: 45.649.932.288 byte disponibili Post-Run: 45.642.964.992 byte disponibili . - - End Of File - - 67556E84F69084F1499F7F54A740ED81

di **Vento_ribelle** » 16/08/12 16:15

Ho fatto la scansione con il kasperski che mi hai detto ma non ha trovato nulla (quindi non riavviato). Qui c'è il log (c'è un problema: ne ho trovati 2 log quindi ti ho allegato il più pesante-l'altro era 3,33 kb).

Codice: Seleziona tutto: 17:01:16.0265 2784 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05 17:01:16.0593 2784 ============================================================ 17:01:16.0593 2784 Current date / time: 2012/08/16 17:01:16.0593 17:01:16.0593 2784 SystemInfo: 17:01:16.0593 2784 17:01:16.0593 2784 OS Version: 5.1.2600 ServicePack: 3.0 17:01:16.0593 2784 Product type: Workstation 17:01:16.0593 2784 ComputerName: RITA-1997E2984C 17:01:16.0593 2784 UserName: Rita 17:01:16.0593 2784 Windows directory: C:\WINDOWS 17:01:16.0593 2784 System windows directory: C:\WINDOWS 17:01:16.0593 2784 Processor architecture: Intel x86 17:01:16.0593 2784 Number of processors: 1 17:01:16.0593 2784 Page size: 0x1000 17:01:16.0593 2784 Boot type: Normal boot 17:01:16.0593 2784 ============================================================ 17:01:17.0546 2784 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 17:01:17.0546 2784 ============================================================ 17:01:17.0546 2784 \Device\Harddisk0\DR0: 17:01:17.0546 2784 MBR partitions: 17:01:17.0546 2784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0xAEBC5A3 17:01:17.0593 2784 ============================================================ 17:01:17.0656 2784 C: <-> \Device\Harddisk0\DR0\Partition1 17:01:17.0656 2784 ============================================================ 17:01:17.0656 2784 Initialize success 17:01:17.0656 2784 ============================================================ 17:01:19.0843 1200 ============================================================ 17:01:19.0843 1200 Scan started 17:01:19.0843 1200 Mode: Manual; 17:01:19.0843 1200 ============================================================ 17:01:20.0625 1200 ================ Scan services ============================= 17:01:20.0781 1200 [ d766e636187b8f240bbfbabcd51eb2c6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:01:20.0781 1200 ACPI - ok 17:01:20.0828 1200 [ 49ac5cd87fbdda62f3e25190019e7627 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 17:01:20.0828 1200 ACPIEC - ok 17:01:20.0906 1200 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 17:01:20.0906 1200 AdobeFlashPlayerUpdateSvc - ok 17:01:20.0937 1200 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys 17:01:20.0937 1200 aec - ok 17:01:20.0984 1200 [ 322d0e36693d6e24a2398bee62a268cd ] AFD C:\WINDOWS\System32\drivers\afd.sys 17:01:20.0984 1200 AFD - ok 17:01:21.0031 1200 [ 14a077ad0cf6116d1102631d8e1edee8 ] Alerter C:\WINDOWS\system32\alrsvc.dll 17:01:21.0031 1200 Alerter - ok 17:01:21.0062 1200 [ 79fe2e0d7859738225816658f0bb2a0d ] ALG C:\WINDOWS\System32\alg.exe 17:01:21.0062 1200 ALG - ok 17:01:21.0109 1200 [ 1d8b20120fd54563d5202cc5199dde10 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 17:01:21.0109 1200 AmdK8 - ok 17:01:21.0156 1200 [ 2953a157a783bfc06f42f99fefa5eb07 ] ANIO C:\WINDOWS\system32\ANIO.SYS 17:01:21.0156 1200 ANIO - ok 17:01:21.0203 1200 [ 2d007966bb8a6c89433766e3d682bbec ] ANIWConnService C:\WINDOWS\system32\ANIWConnService.exe 17:01:21.0203 1200 ANIWConnService - ok 17:01:21.0312 1200 [ aa3d68f26b2a27f660afc46039b061a4 ] ANIWZCSdService C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe 17:01:21.0312 1200 ANIWZCSdService - ok 17:01:21.0531 1200 [ 349a0e0039141c9b32e1f6bea860560f ] AntiVirScheduler C:\Programmi\Avira\AntiVir Desktop\sched.exe 17:01:21.0531 1200 AntiVirScheduler - ok 17:01:21.0593 1200 [ 445c1a3f7a5a8d0454c8944115e69f18 ] AntiVirService C:\Programmi\Avira\AntiVir Desktop\avguard.exe 17:01:21.0593 1200 AntiVirService - ok 17:01:21.0718 1200 [ d8e18021f91ad79ca8491cb5a5da22d4 ] Apple Mobile Device C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:01:21.0718 1200 Apple Mobile Device - ok 17:01:21.0796 1200 [ 9062ed05b7519324fd7f0d6afb9d1147 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 17:01:21.0796 1200 AppMgmt - ok 17:01:21.0875 1200 [ baa6b3cc74a4377d063c5a92dd9c4098 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys 17:01:21.0890 1200 AR5211 - ok 17:01:22.0046 1200 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 17:01:22.0046 1200 aspnet_state - ok 17:01:22.0078 1200 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:01:22.0078 1200 AsyncMac - ok 17:01:22.0125 1200 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 17:01:22.0125 1200 atapi - ok 17:01:22.0203 1200 [ e9b73d638608b5b20608db28186d3494 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 17:01:22.0218 1200 Ati HotKey Poller - ok 17:01:22.0328 1200 [ 2922cd8a5d913e737d4e7a634042e154 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 17:01:22.0343 1200 ati2mtag - ok 17:01:22.0406 1200 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:01:22.0406 1200 Atmarpc - ok 17:01:22.0437 1200 [ 1b58d118049304e88464be614c6d0014 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 17:01:22.0437 1200 AudioSrv - ok 17:01:22.0500 1200 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 17:01:22.0500 1200 audstub - ok 17:01:22.0531 1200 [ 0b497c79824f8e1bf22fa6aacd3de3a0 ] avgio C:\Programmi\Avira\AntiVir Desktop\avgio.sys 17:01:22.0531 1200 avgio - ok 17:01:22.0562 1200 [ 1e4114685de1ffa9675e09c6a1fb3f4b ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 17:01:22.0562 1200 avgntflt - ok 17:01:22.0609 1200 [ 0f78d3dae6dedd99ae54c9491c62adf2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 17:01:22.0609 1200 avipbb - ok 17:01:22.0656 1200 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 17:01:22.0656 1200 Beep - ok 17:01:22.0703 1200 [ 48c4763a9c8990fb48b73445beb15d6a ] BITS C:\WINDOWS\system32\qmgr.dll 17:01:22.0718 1200 BITS - ok 17:01:22.0796 1200 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Programmi\Bonjour\mDNSResponder.exe 17:01:22.0796 1200 Bonjour Service - ok 17:01:22.0859 1200 [ 4314623fd836e96a51343ce5c74b48a8 ] Browser C:\WINDOWS\System32\browser.dll 17:01:22.0859 1200 Browser - ok 17:01:22.0921 1200 [ c75927f7bd22f298ada922a946da4586 ] Cam5603D C:\WINDOWS\system32\Drivers\BisonCam.sys 17:01:22.0937 1200 Cam5603D - ok 17:01:23.0078 1200 catchme - ok 17:01:23.0109 1200 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 17:01:23.0109 1200 cbidf2k - ok 17:01:23.0140 1200 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 17:01:23.0140 1200 CCDECODE - ok 17:01:23.0203 1200 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 17:01:23.0203 1200 Cdaudio - ok 17:01:23.0218 1200 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 17:01:23.0218 1200 Cdfs - ok 17:01:23.0250 1200 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:01:23.0250 1200 Cdrom - ok 17:01:23.0312 1200 [ d04f2beb5ea63d0766e12e44aef7c38d ] CiSvc C:\WINDOWS\system32\cisvc.exe 17:01:23.0312 1200 CiSvc - ok 17:01:23.0343 1200 [ 48cb1defa1a6506c3cf09e4950f82ef6 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 17:01:23.0343 1200 ClipSrv - ok 17:01:23.0390 1200 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:01:23.0390 1200 clr_optimization_v2.0.50727_32 - ok 17:01:23.0437 1200 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 17:01:23.0437 1200 CmBatt - ok 17:01:23.0468 1200 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 17:01:23.0468 1200 Compbatt - ok 17:01:23.0484 1200 COMSysApp - ok 17:01:23.0546 1200 [ 75fa19142531cbf490770c2988a7db64 ] cpuz134 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 17:01:23.0546 1200 cpuz134 - ok 17:01:23.0593 1200 [ b6fcbb157e9c8abdca4134c535535a8b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 17:01:23.0593 1200 CryptSvc - ok 17:01:23.0656 1200 [ db0c9517c2374d86a18dbfa12b35b129 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 17:01:23.0687 1200 DcomLaunch - ok 17:01:23.0703 1200 dgderdrv - ok 17:01:23.0765 1200 [ 699ee7f752a25180aeb92c3a0eaee440 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 17:01:23.0765 1200 Dhcp - ok 17:01:23.0796 1200 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 17:01:23.0796 1200 Disk - ok 17:01:23.0828 1200 dmadmin - ok 17:01:23.0890 1200 [ 82bc125a8ed33f5f0e75f2aac1065323 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 17:01:23.0890 1200 dmboot - ok 17:01:23.0953 1200 [ e959ddc0ea7ac11ee5e5602e2a364310 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 17:01:23.0953 1200 dmio - ok 17:01:24.0000 1200 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys 17:01:24.0000 1200 dmload - ok 17:01:24.0046 1200 [ a01858c50704b2d2edeebbf6bbbced2a ] dmserver C:\WINDOWS\System32\dmserver.dll 17:01:24.0046 1200 dmserver - ok 17:01:24.0093 1200 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 17:01:24.0093 1200 DMusic - ok 17:01:24.0140 1200 [ 5a4dac2ed68edf6fdd78529d78cb994e ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 17:01:24.0140 1200 Dnscache - ok 17:01:24.0203 1200 [ d580d77dff316bd8c9d73b38695de8dc ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 17:01:24.0203 1200 Dot3svc - ok 17:01:24.0468 1200 [ 0bcfa67bba938be9024462af8b9f0a99 ] DragonUpdater C:\Programmi\Comodo\Dragon\dragon_updater.exe 17:01:24.0500 1200 DragonUpdater - ok 17:01:24.0546 1200 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 17:01:24.0546 1200 drmkaud - ok 17:01:24.0593 1200 [ 86b1f123bacd444e81960b339bae3ff2 ] EapHost C:\WINDOWS\System32\eapsvc.dll 17:01:24.0593 1200 EapHost - ok 17:01:24.0671 1200 [ aaa8999a169e39fb8b48ae49cd6ac30a ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 17:01:24.0671 1200 ElbyCDIO - ok 17:01:24.0703 1200 [ e205c313417da6fa7afe85912a310a65 ] ElbyDelay C:\WINDOWS\system32\Drivers\ElbyDelay.sys 17:01:24.0703 1200 ElbyDelay - ok 17:01:24.0781 1200 [ 5aee9eedcfbf2b0f9dec53c27ee722a3 ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys 17:01:24.0781 1200 EMSCR - ok 17:01:24.0828 1200 [ b6599eda9f3ebef064504ee35bbeca1c ] ERSvc C:\WINDOWS\System32\ersvc.dll 17:01:24.0828 1200 ERSvc - ok 17:01:24.0859 1200 [ 8e56ab21d10c368029cea57de47d79c2 ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys 17:01:24.0859 1200 ESDCR - ok 17:01:24.0875 1200 [ 0a58fade5e12d3a611427292073362cb ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys 17:01:24.0875 1200 ESMCR - ok 17:01:24.0937 1200 [ dac0440c89b1ea4e35684896d5bf856e ] Eventlog C:\WINDOWS\system32\services.exe 17:01:24.0937 1200 Eventlog - ok 17:01:24.0984 1200 [ ff8566499e5a781da69342d3d76ff246 ] EventSystem C:\WINDOWS\system32\es.dll 17:01:25.0000 1200 EventSystem - ok 17:01:25.0046 1200 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 17:01:25.0046 1200 Fastfat - ok 17:01:25.0109 1200 [ a982208204830a213d7963bf2a215e56 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 17:01:25.0109 1200 FastUserSwitchingCompatibility - ok 17:01:25.0140 1200 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 17:01:25.0140 1200 Fdc - ok 17:01:25.0171 1200 [ 2cfea3326981a18c6baf2bd9be76225b ] Fips C:\WINDOWS\system32\drivers\Fips.sys 17:01:25.0171 1200 Fips - ok 17:01:25.0171 1200 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 17:01:25.0187 1200 Flpydisk - ok 17:01:25.0234 1200 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 17:01:25.0234 1200 FltMgr - ok 17:01:25.0328 1200 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 17:01:25.0328 1200 FontCache3.0.0.0 - ok 17:01:25.0343 1200 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:01:25.0359 1200 Fs_Rec - ok 17:01:25.0375 1200 [ f3269a6ee547ea87b949a1cea4816b38 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:01:25.0375 1200 Ftdisk - ok 17:01:25.0421 1200 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 17:01:25.0421 1200 GEARAspiWDM - ok 17:01:25.0484 1200 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:01:25.0484 1200 Gpc - ok 17:01:25.0781 1200 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Programmi\Google\Update\GoogleUpdate.exe 17:01:25.0781 1200 gupdate - ok 17:01:25.0796 1200 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Programmi\Google\Update\GoogleUpdate.exe 17:01:25.0796 1200 gupdatem - ok 17:01:25.0843 1200 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe 17:01:25.0843 1200 gusvc - ok 17:01:25.0906 1200 [ 3fcc124b6e08ee0e9351f717dd136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 17:01:25.0906 1200 HDAudBus - ok 17:01:25.0984 1200 [ 6ce66b51b4eb23d9d073f92698c55c8d ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 17:01:25.0984 1200 helpsvc - ok 17:01:26.0000 1200 HidServ - ok 17:01:26.0046 1200 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:01:26.0046 1200 hidusb - ok 17:01:26.0109 1200 [ 00cad842f48947887a972828aca665f7 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 17:01:26.0109 1200 hkmsvc - ok 17:01:26.0171 1200 [ 9f1d80908658eb7f1bf70809e0b51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 17:01:26.0171 1200 HPZid412 - ok 17:01:26.0203 1200 [ f7e3e9d50f9cd3de28085a8fdaa0a1c3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 17:01:26.0203 1200 HPZipr12 - ok 17:01:26.0250 1200 [ cf1b7951b4ec8d13f3c93b74bb2b461b ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 17:01:26.0250 1200 HPZius12 - ok 17:01:26.0296 1200 [ 6a5c4732d6803f84e2987edd8e4359ce ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 17:01:26.0296 1200 HSFHWAZL - ok 17:01:26.0343 1200 [ 21c31273c6cc4826e74be8ae3b09d4a8 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 17:01:26.0359 1200 HSF_DPV - ok 17:01:26.0406 1200 [ f6aacf5bce2893e0c1754afeb672e5c9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 17:01:26.0421 1200 HTTP - ok 17:01:26.0468 1200 [ 450091aebfcd08e5858533eab5b9a436 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 17:01:26.0484 1200 HTTPFilter - ok 17:01:26.0515 1200 [ 200ab8daf659c7324601fcc824d7f910 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 17:01:26.0515 1200 hwdatacard - ok 17:01:26.0578 1200 [ 610726e28af55b95043c5c35a727e320 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:01:26.0578 1200 i8042prt - ok 17:01:26.0625 1200 [ daf66902f08796f9c694901660e5a64a ] IDriverT C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe 17:01:26.0640 1200 IDriverT - ok 17:01:26.0750 1200 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:01:26.0765 1200 idsvc - ok 17:01:26.0812 1200 [ 25edd75e23c5ef6b33d0fbcce125a601 ] imagedrv C:\WINDOWS\system32\Drivers\imagedrv.sys 17:01:26.0828 1200 imagedrv - ok 17:01:26.0843 1200 [ 9c4bbacf4e9b9543c3ce23f1fe556941 ] imagesrv C:\WINDOWS\system32\DRIVERS\imagesrv.sys 17:01:26.0843 1200 imagesrv - ok 17:01:26.0906 1200 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 17:01:26.0906 1200 Imapi - ok 17:01:26.0968 1200 [ db491237445f172fdddf00541de1a51d ] ImapiService C:\WINDOWS\system32\imapi.exe 17:01:26.0968 1200 ImapiService - ok 17:01:27.0250 1200 [ fa9a9468f982835e99c1ec21257f7e60 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 17:01:27.0343 1200 IntcAzAudAddService - ok 17:01:27.0390 1200 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 17:01:27.0390 1200 Ip6Fw - ok 17:01:27.0406 1200 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:01:27.0406 1200 IpFilterDriver - ok 17:01:27.0421 1200 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:01:27.0437 1200 IpInIp - ok 17:01:27.0468 1200 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:01:27.0468 1200 IpNat - ok 17:01:27.0531 1200 [ 33642c17c232aa272c68e446a2619899 ] iPod Service C:\Programmi\iPod\bin\iPodService.exe 17:01:27.0546 1200 iPod Service - ok 17:01:27.0578 1200 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:01:27.0578 1200 IPSec - ok 17:01:27.0625 1200 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 17:01:27.0625 1200 IRENUM - ok 17:01:27.0656 1200 [ 0953594beb81cc72fcc62d37921b25a6 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:01:27.0656 1200 isapnp - ok 17:01:27.0765 1200 [ 4f2143570d2250ca4c4a4c98553c82cd ] JavaQuickStarterService C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 17:01:27.0765 1200 JavaQuickStarterService - ok 17:01:27.0781 1200 [ 28b6eace513ca7eaba3b809ad4bc274d ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:01:27.0781 1200 Kbdclass - ok 17:01:27.0828 1200 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 17:01:27.0828 1200 kmixer - ok 17:01:27.0843 1200 [ 1705745d900dabf2d89f90ebaddc7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 17:01:27.0843 1200 KSecDD - ok 17:01:27.0890 1200 [ cfcf4aee4f81c6185ee663097f7189d3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 17:01:27.0906 1200 lanmanserver - ok 17:01:27.0921 1200 [ 9071a3bedcd40ccb221b98f230fdde9a ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 17:01:27.0937 1200 lanmanworkstation - ok 17:01:27.0984 1200 [ e01255727d0b158538d7c2b469b533a8 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 17:01:27.0984 1200 LmHosts - ok 17:01:28.0015 1200 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 17:01:28.0015 1200 MBAMProtector - ok 17:01:28.0109 1200 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe 17:01:28.0125 1200 MBAMService - ok 17:01:28.0234 1200 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE 17:01:28.0234 1200 MDM - ok 17:01:28.0265 1200 [ 0cea2d0d3fa284b85ed5b68365114f76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 17:01:28.0265 1200 mdmxsdk - ok 17:01:28.0312 1200 [ 3b32f662c8607e891f325e41f7ee225c ] Messenger C:\WINDOWS\System32\msgsvc.dll 17:01:28.0312 1200 Messenger - ok 17:01:28.0343 1200 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 17:01:28.0343 1200 mnmdd - ok 17:01:28.0390 1200 [ 514a299ec926baada3c718b171476aa4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 17:01:28.0390 1200 mnmsrvc - ok 17:01:28.0406 1200 [ 8cb6636806d76b85fafaee94d75f5129 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 17:01:28.0406 1200 Modem - ok 17:01:28.0437 1200 [ 69cd0527a73636990967093674a176e2 ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys 17:01:28.0437 1200 motccgp - ok 17:01:28.0468 1200 [ aad6191a4daa519f04ab12b2af73e356 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys 17:01:28.0468 1200 motccgpfl - ok 17:01:28.0500 1200 [ 20ff89c59b0a50f53822303064988e00 ] MotDev C:\WINDOWS\system32\DRIVERS\motodrv.sys 17:01:28.0500 1200 MotDev - ok 17:01:28.0546 1200 [ fe80c18ba448ddd76b7bead9eb203d37 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys 17:01:28.0546 1200 motmodem - ok 17:01:28.0593 1200 [ e904ebed608055a2bfb824c07f59766c ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:01:28.0593 1200 Mouclass - ok 17:01:28.0625 1200 [ d7662f0cf5b77bbbe3202716f5bd5318 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:01:28.0625 1200 mouhid - ok 17:01:28.0656 1200 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 17:01:28.0656 1200 MountMgr - ok 17:01:28.0718 1200 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe 17:01:28.0718 1200 MozillaMaintenance - ok 17:01:28.0734 1200 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:01:28.0734 1200 MRxDAV - ok 17:01:28.0781 1200 [ 68755f0ff16070178b54674fe5b847b0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:01:28.0796 1200 MRxSmb - ok 17:01:28.0859 1200 [ 8e46a7bac823dd82d4fb2a34c3df4c1d ] MSCSPTISRV C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe 17:01:28.0859 1200 MSCSPTISRV - ok 17:01:28.0890 1200 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 17:01:28.0890 1200 Msfs - ok 17:01:28.0906 1200 MSIServer - ok 17:01:28.0937 1200 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:01:28.0937 1200 MSKSSRV - ok 17:01:28.0953 1200 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:01:28.0953 1200 MSPCLOCK - ok 17:01:29.0000 1200 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 17:01:29.0000 1200 MSPQM - ok 17:01:29.0031 1200 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:01:29.0031 1200 mssmbios - ok 17:01:29.0062 1200 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 17:01:29.0062 1200 MSTEE - ok 17:01:29.0093 1200 [ 2f625d11385b1a94360bfc70aaefdee1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 17:01:29.0093 1200 Mup - ok 17:01:29.0125 1200 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 17:01:29.0125 1200 NABTSFEC - ok 17:01:29.0187 1200 [ 911587fd303c9690a428bb4b04732b61 ] napagent C:\WINDOWS\System32\qagentrt.dll 17:01:29.0187 1200 napagent - ok 17:01:29.0218 1200 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 17:01:29.0234 1200 NDIS - ok 17:01:29.0265 1200 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 17:01:29.0265 1200 NdisIP - ok 17:01:29.0281 1200 [ 1ab3d00c991ab086e69db84b6c0ed78f ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:01:29.0281 1200 NdisTapi - ok 17:01:29.0312 1200 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:01:29.0312 1200 Ndisuio - ok 17:01:29.0343 1200 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:01:29.0343 1200 NdisWan - ok 17:01:29.0359 1200 [ 6215023940cfd3702b46abc304e1d45a ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 17:01:29.0359 1200 NDProxy - ok 17:01:29.0375 1200 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 17:01:29.0375 1200 NetBIOS - ok 17:01:29.0406 1200 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 17:01:29.0406 1200 NetBT - ok 17:01:29.0453 1200 [ 1b09227e41f414a93dbc0baf80c4d527 ] NetDDE C:\WINDOWS\system32\netdde.exe 17:01:29.0453 1200 NetDDE - ok 17:01:29.0468 1200 [ 1b09227e41f414a93dbc0baf80c4d527 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 17:01:29.0468 1200 NetDDEdsdm - ok 17:01:29.0515 1200 [ 0fba335727905de8e4cb5a2cf438abf5 ] Netlogon C:\WINDOWS\system32\lsass.exe 17:01:29.0515 1200 Netlogon - ok 17:01:29.0546 1200 [ 02815b70fc4ca8611a926176f1c39fc2 ] Netman C:\WINDOWS\System32\netman.dll 17:01:29.0562 1200 Netman - ok 17:01:29.0593 1200 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:01:29.0593 1200 NetTcpPortSharing - ok 17:01:29.0640 1200 [ 7e1cee90214fa6def0e601cd7a9fc950 ] Nla C:\WINDOWS\System32\mswsock.dll 17:01:29.0640 1200 Nla - ok 17:01:29.0687 1200 [ cfe3462a9e94a57dcd9676f6b7fe7f67 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys 17:01:29.0687 1200 nmwcd - ok 17:01:29.0703 1200 [ 8f2a94f991f8c73cec26b4b5620d1edc ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys 17:01:29.0703 1200 nmwcdc - ok 17:01:29.0750 1200 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 17:01:29.0750 1200 Npfs - ok 17:01:29.0796 1200 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 17:01:29.0796 1200 Ntfs - ok 17:01:29.0812 1200 [ 0fba335727905de8e4cb5a2cf438abf5 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 17:01:29.0812 1200 NtLmSsp - ok 17:01:29.0843 1200 [ 89db90b5f35d2795d9fc56d933cc72b8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 17:01:29.0843 1200 NtmsSvc - ok 17:01:29.0875 1200 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys 17:01:29.0875 1200 Null - ok 17:01:29.0906 1200 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:01:29.0906 1200 NwlnkFlt - ok 17:01:29.0937 1200 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:01:29.0937 1200 NwlnkFwd - ok 17:01:29.0984 1200 [ 302063cc3bf77eb9402c2cddec5166a8 ] ONDAusbmdm6k C:\WINDOWS\system32\DRIVERS\ONDAusbmdm6k.sys 17:01:29.0984 1200 ONDAusbmdm6k - ok 17:01:30.0046 1200 [ 302063cc3bf77eb9402c2cddec5166a8 ] ONDAusbnmea C:\WINDOWS\system32\DRIVERS\ONDAusbnmea.sys 17:01:30.0046 1200 ONDAusbnmea - ok 17:01:30.0062 1200 [ 302063cc3bf77eb9402c2cddec5166a8 ] ONDAusbser6k C:\WINDOWS\system32\DRIVERS\ONDAusbser6k.sys 17:01:30.0062 1200 ONDAusbser6k - ok 17:01:30.0093 1200 [ 9144d56218dabd1fed42d2e1804a99f0 ] ONDA_MW823UP_cdc_acm C:\WINDOWS\system32\DRIVERS\ONDA_MW823UP_cdc_acm.sys 17:01:30.0109 1200 ONDA_MW823UP_cdc_acm - ok 17:01:30.0140 1200 [ 8fec988f3e2ab0168e843f21a49bfd2b ] ONDA_MW823UP_cdc_ecm C:\WINDOWS\system32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys 17:01:30.0140 1200 ONDA_MW823UP_cdc_ecm - ok 17:01:30.0187 1200 [ e8631963b0857deede6fb48798ada5dc ] ONDA_MW823UP_cpo C:\WINDOWS\system32\DRIVERS\ONDA_MW823UP_cpo.sys 17:01:30.0187 1200 ONDA_MW823UP_cpo - ok 17:01:30.0234 1200 [ c34a5c57af3fabe6dfb0e0d9f6c58c3f ] ONDA_MW823UP_dc_enum C:\WINDOWS\system32\DRIVERS\ONDA_MW823UP_dc_enum.sys 17:01:30.0234 1200 ONDA_MW823UP_dc_enum - ok 17:01:30.0281 1200 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE 17:01:30.0281 1200 ose - ok 17:01:30.0296 1200 [ 753a8f339f231d2b857e2ccd51a6e6ca ] PACSPTISVR C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe 17:01:30.0312 1200 PACSPTISVR - ok 17:01:30.0343 1200 [ 4e9408a178b2d955871c2cdd278de3c3 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 17:01:30.0343 1200 Parport - ok 17:01:30.0375 1200 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 17:01:30.0375 1200 PartMgr - ok 17:01:30.0421 1200 [ 0dabef655a444cb1e193626fb1d24b9f ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 17:01:30.0421 1200 ParVdm - ok 17:01:30.0468 1200 [ fd2041e9ba03db7764b2248f02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 17:01:30.0468 1200 pccsmcfd - ok 17:01:30.0500 1200 [ f40a46892afebb0314536b849d57c11e ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 17:01:30.0500 1200 PCI - ok 17:01:30.0515 1200 PCIDump - ok 17:01:30.0562 1200 [ b2df00d650fd6c4ee781740ed3c8e67f ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 17:01:30.0562 1200 PCIIde - ok 17:01:30.0578 1200 [ 815c50f2b1d1562800bdce8be895000e ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 17:01:30.0578 1200 Pcmcia - ok 17:01:30.0625 1200 [ 5b6c11de7e839c05248ced8825470fef ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys 17:01:30.0625 1200 pcouffin - ok 17:01:30.0671 1200 [ dac0440c89b1ea4e35684896d5bf856e ] PlugPlay C:\WINDOWS\system32\services.exe 17:01:30.0671 1200 PlugPlay - ok 17:01:30.0703 1200 [ 9d84376931440f3679beef2a414fa493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe 17:01:30.0703 1200 Pml Driver HPZ12 - ok 17:01:30.0734 1200 [ 0fba335727905de8e4cb5a2cf438abf5 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 17:01:30.0734 1200 PolicyAgent - ok 17:01:30.0843 1200 [ f10c0207890534e92c49f0279f97522d ] PowerOffer Service C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\PosService\Pos.exe 17:01:30.0843 1200 PowerOffer Service - ok 17:01:30.0890 1200 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:01:30.0890 1200 PptpMiniport - ok 17:01:30.0906 1200 [ b479f50e883b2297a5f7f212aaee6f6c ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 17:01:30.0906 1200 Processor - ok 17:01:30.0921 1200 [ 0fba335727905de8e4cb5a2cf438abf5 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 17:01:30.0921 1200 ProtectedStorage - ok 17:01:30.0937 1200 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 17:01:30.0937 1200 PSched - ok 17:01:30.0984 1200 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:01:30.0984 1200 Ptilink - ok 17:01:31.0015 1200 [ 1962166e0ceb740704f30fa55ad3d509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:01:31.0015 1200 PxHelp20 - ok 17:01:31.0046 1200 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:01:31.0046 1200 RasAcd - ok 17:01:31.0078 1200 [ 9839b418343d6e6e52659bdf3ff1fe67 ] RasAuto C:\WINDOWS\System32\rasauto.dll 17:01:31.0078 1200 RasAuto - ok 17:01:31.0109 1200 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:01:31.0109 1200 Rasl2tp - ok 17:01:31.0156 1200 [ 62ad41548e720db4763b86f95e44f3fa ] RasMan C:\WINDOWS\System32\rasmans.dll 17:01:31.0156 1200 RasMan - ok 17:01:31.0171 1200 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:01:31.0171 1200 RasPppoe - ok 17:01:31.0171 1200 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 17:01:31.0187 1200 Raspti - ok 17:01:31.0218 1200 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:01:31.0234 1200 Rdbss - ok 17:01:31.0265 1200 [ 393fc252593323b624b230eca6b85e63 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 17:01:31.0265 1200 redbook - ok 17:01:31.0312 1200 [ 7ebbf16fbd3e0e34f084fa635c1844e3 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 17:01:31.0312 1200 RemoteAccess - ok 17:01:31.0359 1200 [ f667a41bced959988e53feecc8bf5da0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 17:01:31.0375 1200 RemoteRegistry - ok 17:01:31.0421 1200 [ d8b0b4ade32574b2d9c5cc34dc0dbbe7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys 17:01:31.0421 1200 ROOTMODEM - ok 17:01:31.0453 1200 [ dc97f6c8a94691834439872b9e8ff2b3 ] RpcLocator C:\WINDOWS\system32\locator.exe 17:01:31.0468 1200 RpcLocator - ok 17:01:31.0515 1200 [ db0c9517c2374d86a18dbfa12b35b129 ] RpcSs C:\WINDOWS\System32\rpcss.dll 17:01:31.0531 1200 RpcSs - ok 17:01:31.0578 1200 [ dce0d20f8fb66df41d53734bff9d66f0 ] RSVP C:\WINDOWS\system32\rsvp.exe 17:01:31.0578 1200 RSVP - ok 17:01:31.0671 1200 [ a6886caf9d03dade7144171e471eca6f ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys 17:01:31.0687 1200 rt2870 - ok 17:01:31.0750 1200 [ 911e07056b865760c0762f6221145999 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 17:01:31.0750 1200 RTL8023xp - ok 17:01:31.0812 1200 [ d507c1400284176573224903819ffda3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 17:01:31.0812 1200 rtl8139 - ok 17:01:31.0859 1200 [ 0fba335727905de8e4cb5a2cf438abf5 ] SamSs C:\WINDOWS\system32\lsass.exe 17:01:31.0859 1200 SamSs - ok 17:01:31.0890 1200 [ 1d456f1cd76a80793c07ba52cf3a7455 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 17:01:31.0890 1200 SCardSvr - ok 17:01:31.0953 1200 [ 511886e5bd060046cce8373e92e62edf ] Schedule C:\WINDOWS\system32\schedsvc.dll 17:01:31.0968 1200 Schedule - ok 17:01:32.0015 1200 [ 8d04819a3ce51b9eb47e5689b44d43c4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys 17:01:32.0015 1200 sdbus - ok 17:01:32.0078 1200 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:01:32.0078 1200 Secdrv - ok 17:01:32.0125 1200 [ 17c6354ca08e7c7972e12c67478ae134 ] seclogon C:\WINDOWS\System32\seclogon.dll 17:01:32.0140 1200 seclogon - ok 17:01:32.0187 1200 [ a0eca1ce0fccb29c5e4e1f416e95e73e ] SENS C:\WINDOWS\system32\sens.dll 17:01:32.0203 1200 SENS - ok 17:01:32.0265 1200 [ fdbd9d64e2e03270021d424f0dccf79d ] Serial C:\WINDOWS\system32\drivers\Serial.sys 17:01:32.0265 1200 Serial - ok 17:01:32.0375 1200 [ 8c1f87f5fdd92229d1754b98f073913f ] ServiceLayer C:\Programmi\PC Connectivity Solution\ServiceLayer.exe 17:01:32.0390 1200 ServiceLayer - ok 17:01:32.0421 1200 ServUpdater - ok 17:01:32.0468 1200 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 17:01:32.0468 1200 Sfloppy - ok 17:01:32.0546 1200 [ 152c0555925dfe028e3148fd215146bb ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 17:01:32.0546 1200 SharedAccess - ok 17:01:32.0578 1200 [ a982208204830a213d7963bf2a215e56 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 17:01:32.0578 1200 ShellHWDetection - ok 17:01:32.0609 1200 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 17:01:32.0609 1200 SLIP - ok 17:01:32.0640 1200 [ 977aaa4398d7d6fa65d973f5b3f54e40 ] SonicStage Back-End Service C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe 17:01:32.0656 1200 SonicStage Back-End Service - ok 17:01:32.0687 1200 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys 17:01:32.0687 1200 splitter - ok 17:01:32.0734 1200 [ 60977c9bae8f86f9075829325303d0c9 ] Spooler C:\WINDOWS\system32\spoolsv.exe 17:01:32.0734 1200 Spooler - ok 17:01:32.0781 1200 [ e3e6c96b0ef4492c3c8fd0deef4e35a1 ] SPTISRV C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe 17:01:32.0781 1200 SPTISRV - ok 17:01:32.0812 1200 [ 618718cae288bf7cbd8fcbab2577d932 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 17:01:32.0812 1200 sr - ok 17:01:32.0843 1200 [ b3e3da70a7a76e69b872de3d06d32c19 ] srservice C:\WINDOWS\system32\srsvc.dll 17:01:32.0843 1200 srservice - ok 17:01:32.0859 1200 [ 5252605079810904e31c332e241cd59b ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 17:01:32.0859 1200 Srv - ok 17:01:32.0906 1200 [ 5215569dd3a8fbc65a85e85f3c12258b ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 17:01:32.0906 1200 SSDPSRV - ok 17:01:32.0937 1200 [ a36ee93698802cd899f98bfd553d8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 17:01:32.0937 1200 ssmdrv - ok 17:01:32.0984 1200 [ 756e371b3b86a3d3039926d32eac0e8d ] SSScsiSV C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe 17:01:32.0984 1200 SSScsiSV - ok 17:01:33.0031 1200 [ 306521935042fc0a6988d528643619b3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys 17:01:33.0031 1200 StarOpen - ok 17:01:33.0062 1200 [ 3b9263e137896e4d303494f116e00608 ] stisvc C:\WINDOWS\system32\wiaservc.dll 17:01:33.0078 1200 stisvc - ok 17:01:33.0125 1200 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 17:01:33.0125 1200 streamip - ok 17:01:33.0156 1200 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 17:01:33.0156 1200 swenum - ok 17:01:33.0187 1200 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 17:01:33.0187 1200 swmidi - ok 17:01:33.0203 1200 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 17:01:33.0203 1200 sysaudio - ok 17:01:33.0250 1200 [ a34a9a872eec4c026fd542ac7156fe0b ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 17:01:33.0250 1200 SysmonLog - ok 17:01:33.0296 1200 [ 6b85f1a9dce45d45bffad3222c21f297 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 17:01:33.0296 1200 TapiSrv - ok 17:01:33.0343 1200 [ 93ea8d04ec73a85db02eb8805988f733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:01:33.0343 1200 Tcpip - ok 17:01:33.0390 1200 [ a982208204830a213d7963bf2a215e56 ] Themes C:\WINDOWS\System32\shsvcs.dll 17:01:33.0390 1200 Themes - ok 17:01:33.0437 1200 [ 2fff150ea4396956f10b66211687f335 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 17:01:33.0437 1200 TlntSvr - ok 17:01:33.0468 1200 [ 690294999df1248faf85d95b31955d0c ] TrkWks C:\WINDOWS\system32\trkwks.dll 17:01:33.0468 1200 TrkWks - ok 17:01:33.0515 1200 [ be45dad1c73a3216edc8c485916f6594 ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys 17:01:33.0515 1200 truecrypt - ok 17:01:33.0578 1200 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 17:01:33.0578 1200 Udfs - ok 17:01:33.0640 1200 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 17:01:33.0640 1200 Update - ok 17:01:33.0671 1200 [ 8057b0744d9842a090e51d2845861d5f ] upnphost C:\WINDOWS\System32\upnphost.dll 17:01:33.0671 1200 upnphost - ok 17:01:33.0718 1200 [ ec01da44b090d2651fc032c8b9257232 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 17:01:33.0718 1200 upperdev - ok 17:01:33.0734 1200 [ f5e8b846ec10e1df8dca64119e2eb709 ] UPS C:\WINDOWS\System32\ups.exe 17:01:33.0734 1200 UPS - ok 17:01:33.0781 1200 [ 83cafcb53201bbac04d822f32438e244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 17:01:33.0781 1200 USBAAPL - ok 17:01:33.0796 1200 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:01:33.0796 1200 usbccgp - ok 17:01:33.0828 1200 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:01:33.0828 1200 usbehci - ok 17:01:33.0843 1200 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:01:33.0843 1200 usbhub - ok 17:01:33.0859 1200 [ 0daecce65366ea32b162f85f07c6753b ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 17:01:33.0859 1200 usbohci - ok 17:01:33.0890 1200 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:01:33.0890 1200 usbprint - ok 17:01:33.0906 1200 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:01:33.0906 1200 usbscan - ok 17:01:33.0984 1200 [ 4abd37cfbd710e64f01f9da8710c73f7 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 17:01:33.0984 1200 UsbserFilt - ok 17:01:34.0031 1200 [ af4b8cc5ea40c57208796920068ddcd5 ] usbsermptxp C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys 17:01:34.0031 1200 usbsermptxp - ok 17:01:34.0078 1200 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:01:34.0078 1200 USBSTOR - ok 17:01:34.0109 1200 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 17:01:34.0109 1200 VgaSave - ok 17:01:34.0140 1200 [ e46c1b5a56da7da603d09dfcc79ec59e ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 17:01:34.0140 1200 VolSnap - ok 17:01:34.0187 1200 [ c2fe17125256102f5b44194d5db0a799 ] VSS C:\WINDOWS\System32\vssvc.exe 17:01:34.0187 1200 VSS - ok 17:01:34.0234 1200 [ 2969dd84b584a6bb541a5273103957a3 ] W32Time C:\WINDOWS\system32\w32time.dll 17:01:34.0250 1200 W32Time - ok 17:01:34.0281 1200 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:01:34.0281 1200 Wanarp - ok 17:01:34.0359 1200 [ d918617b46457b9ac28027722e30f647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 17:01:34.0375 1200 Wdf01000 - ok 17:01:34.0437 1200 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 17:01:34.0437 1200 wdmaud - ok 17:01:34.0484 1200 [ 2ec50ee79b65f60c8e8b4a03bbb3a42f ] WebClient C:\WINDOWS\System32\webclnt.dll 17:01:34.0500 1200 WebClient - ok 17:01:34.0546 1200 [ 307d248f97835b6879bdd361086924fe ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 17:01:34.0562 1200 winachsf - ok 17:01:34.0656 1200 [ 40911e98d0f1cbb1015f2101982f1ddf ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 17:01:34.0656 1200 winmgmt - ok 17:01:34.0750 1200 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 17:01:34.0750 1200 WmdmPmSN - ok 17:01:34.0828 1200 [ 069d6bdf23ee96fcde2adf9fab27ae0d ] Wmi C:\WINDOWS\System32\advapi32.dll 17:01:34.0843 1200 Wmi - ok 17:01:34.0890 1200 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 17:01:34.0890 1200 WmiAcpi - ok 17:01:34.0937 1200 [ 81fd02839fdb10acf0ec40b809b9f8cc ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 17:01:34.0937 1200 WmiApSrv - ok 17:01:35.0000 1200 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 17:01:35.0000 1200 WS2IFSL - ok 17:01:35.0078 1200 [ 926d921c93cff1e19ef4de3e4c8368ca ] wscsvc C:\WINDOWS\system32\wscsvc.dll 17:01:35.0078 1200 wscsvc - ok 17:01:35.0109 1200 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 17:01:35.0125 1200 WSTCODEC - ok 17:01:35.0140 1200 [ cc48415e6c7cbaa441a3d6a6dccbcfa6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 17:01:35.0156 1200 wuauserv - ok 17:01:35.0203 1200 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 17:01:35.0203 1200 WudfPf - ok 17:01:35.0234 1200 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 17:01:35.0234 1200 WudfRd - ok 17:01:35.0265 1200 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 17:01:35.0281 1200 WudfSvc - ok 17:01:35.0359 1200 [ 053e0307a08cac60793e27e921b46b3e ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 17:01:35.0375 1200 WZCSVC - ok 17:01:35.0437 1200 [ 5526482dcba6047641b13bf9c75a74e0 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 17:01:35.0437 1200 xmlprov - ok 17:01:35.0531 1200 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe 17:01:35.0546 1200 YahooAUService - ok 17:01:35.0609 1200 ================ Scan global =============================== 17:01:35.0656 1200 (17ddfe6a0b5404c5ef4c03ad996d0562) C:\WINDOWS\system32\basesrv.dll 17:01:35.0703 1200 (5764b5d964e0cf313dacbb69c8aa1b2b) C:\WINDOWS\system32\winsrv.dll 17:01:35.0718 1200 (5764b5d964e0cf313dacbb69c8aa1b2b) C:\WINDOWS\system32\winsrv.dll 17:01:35.0734 1200 (dac0440c89b1ea4e35684896d5bf856e) C:\WINDOWS\system32\services.exe 17:01:35.0750 1200 [Global] - ok 17:01:35.0750 1200 ================ Scan MBR ================================== 17:01:35.0765 1200 MBR (0x1B8) (10ae9eb13951b8e206480773f877a330) \Device\Harddisk0\DR0 17:01:35.0828 1200 \Device\Harddisk0\DR0 - ok 17:01:35.0828 1200 ================ Scan VBR ================================== 17:01:35.0843 1200 Boot (0x1200) (b85f90964546078cf9fc779f1efb1dca) \Device\Harddisk0\DR0\Partition1 17:01:35.0843 1200 \Device\Harddisk0\DR0\Partition1 - ok 17:01:35.0843 1200 ============================================================ 17:01:35.0843 1200 Scan finished 17:01:35.0843 1200 ============================================================ 17:01:35.0859 0508 Detected object count: 0 17:01:35.0859 0508 Actual detected object count: 0 17:01:41.0968 3012 Deinitialize success

Ora passiamo al problema. Dopo che ho postato il problema e fatto le prime scansioni il pc non si era più bloccato. Dopo però aver fatto la scansione di combofix come mi hai detto con il txt che mi hai detto il pc è tornato a bloccarsi. Ho notato però che si blocca quasi esclusivamente quando provo a tenere aperto chrome con qualche altro browser. Ho guardato il task manager quando si blocca il pc e ho notato che c'è sempre qualche voce legata proprio al browser (mozilla o opera) che occupa tutta la memoria. Pensavo fosse una cosa normale che due browser potessero occupare tutta la memoria ma visto che è un problema recente la cosa non mi quadra.
Faccio qualche altra scansione?

di **Vento_ribelle** » 16/08/12 20:34

Volvo aggiungere una cosa. Girando sul forum ho trovato un post di una persona che aveva problemi ad eliminare un'applicazione e gli avete consigliato di controllare e se presenti eliminare le seguenti voci:
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\PosService
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Servupdate
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Poweroffer
Io ne ho trovate due (posservice e poweroffer) e le ho eliminate. Ho però un dubbio : nel post che vi ho detto c'è scritto di cercare anche in installazioni applicazioni poweroffer. Io ho cercato e ho trovato power offer 2.0 perciò volevo chiedervi se è lo stesso e quindi se devo eliminarlo.

il pc non esegue nessun comando

il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Re: il pc non esegue nessun comando

Topic correlati a "il pc non esegue nessun comando":

Chi c’è in linea