Pc lento e pagine che si aprono

Pubblicità
Ciao Mister.
Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Al termine, dovrai aprire il Pannello di Controllo, cliccare su Opzioni cartella, aprire il tab Visualizzazione e mettere la spunta su Nascondi i file protetti di sistema (consigliato) e Nascondi le estensioni per i tipi di file conosciuti.

Infine, riavvia il sistema e:
Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato da te dopo l'utilizzo del software stesso.
Lo stesso vale per me; questo tool non è un giocattolo e non è destinato all'utilizzo quotidiano. Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, sarai costretto ad avviarla dalle Risorse del computer. Una precauzione in più, una possibile minaccia in meno
 
Federico io comunque sono Roberto piacere di conoscerti ascoltami quando lancio il primo link che mi hai scritto subito mi da impossibile eliminare Dd44 o cosa simile e non mi fa continuare che faccio? sigh
 
Francesco ho dei problemi....
Ho fatto tutto ma come sempre non trovo il log sul disco c
poi non riuscivo piu' ad entrare in internet mi dava errore di connessione anche se c'era la connessione e ho dovuto modificare i dns che avevo e che uso non so....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.46.00, on 30/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\RTHDCPL.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Documenti\PowerOffer\POService.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programmi\Yontoo Layers Runtime\YontooIEClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{48B0BFA7-086E-4D11-966F-61B58AB4611F}: NameServer = 85.37.17.47 85.38.28.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DCE650-EA03-422C-B755-71E188D5B535}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 4500 bytes
 
ComboFix 11-11-04.03 - Roberto 04/11/2011 19.20.38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1443 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\JuicyJoint Toolbar
c:\programmi\mbam-setup-1.51.2.1300.exe
c:\windows\system32\Thumbs.db
d:\documenti\iexplore.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-04 al 2011-11-04 )))))))))))))))))))))))))))))))))))
.
.
2011-10-30 12:26 . 2011-10-30 12:26 -------- d-----w- c:\programmi\Yontoo Layers Runtime
2011-10-30 11:54 . 2011-10-30 11:59 446464 ----a-w- c:\programmi\TFC.exe
2011-10-30 09:38 . 2011-10-30 09:38 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Avira
2011-10-30 09:37 . 2011-10-11 14:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-30 09:37 . 2011-10-11 14:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-30 09:37 . 2011-10-11 14:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-30 09:37 . 2011-10-30 09:37 -------- d-----w- c:\programmi\Avira
2011-10-30 09:37 . 2011-10-30 09:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2011-10-30 09:33 . 2011-10-30 09:33 286152 ----a-w- c:\programmi\SoftonicDownloader_per_avira-antivir-personal-free-antivirus.exe
2011-10-28 17:41 . 2011-10-30 09:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2011-10-26 18:24 . 2011-10-26 18:24 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Malwarebytes
2011-10-26 18:23 . 2011-10-26 18:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-10-26 18:23 . 2011-10-28 13:38 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-10-26 18:23 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 17:06 . 2011-10-26 17:06 -------- d-----w- c:\programmi\Trend Micro
2011-10-26 17:06 . 2011-10-26 17:06 812344 ----a-w- c:\programmi\HJTInstall.exe
2011-10-26 11:06 . 2011-10-26 11:06 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\TuneUp Software
2011-10-26 11:05 . 2011-10-26 22:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2011-10-26 11:05 . 2011-10-26 11:05 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-10-25 22:47 . 2011-10-25 22:47 16409960 ----a-w- c:\programmi\spybotsd162.exe
2011-10-25 15:15 . 2011-10-25 15:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\f-secure
2011-10-25 15:15 . 2011-10-25 15:15 -------- d-----w- C:\D2
2011-10-25 11:51 . 2011-10-28 13:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2011-10-21 12:11 . 2011-10-21 12:12 71618148 ----a-w- c:\programmi\internetsecurity.exe
2011-10-21 11:20 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-21 11:20 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-10-14 19:46 . 2011-10-25 15:15 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\vlc
2011-10-14 19:45 . 2011-10-14 19:45 716318 ----a-w- c:\windows\unins000.exe
2011-10-13 00:20 . 2011-10-13 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-12 19:19 . 2011-10-13 00:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Bandoo
2011-10-12 19:12 . 2011-10-13 00:19 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\BearShare
2011-10-12 19:12 . 2011-10-12 19:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BearShare
2011-10-12 19:11 . 2011-10-13 00:19 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{AF7B5169-F195-47E6-8915-D744A1A6E561}
2011-10-10 15:06 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-10-10 15:06 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-09 17:10 . 2011-10-09 17:10 29333696 ----a-w- c:\programmi\asc_setup_slim.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-19 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-19 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2004-08-19 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-08 21:11 . 2011-09-08 21:11 4007216 ----a-w- c:\programmi\defragsetup_22.exe
2011-09-06 14:10 . 2004-08-19 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 21:14 . 2011-09-02 21:14 4004656 ----a-w- c:\programmi\defragsetup_210.exe
2011-08-17 21:24 . 2004-08-19 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:24 . 2004-08-19 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:24 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:24 . 2004-08-19 12:00 17408 ------w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-19 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-19 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-08-12 12:11 . 2011-06-19 10:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 11:51 . 2010-04-27 17:48 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-08-04 00:19 . 2011-08-04 00:18 31504896 ----a-w- c:\programmi\AGTPro_1.1k.msi
2011-10-27 15:48 . 2011-06-17 00:13 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-07 18:34 194848 ----a-w- c:\programmi\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [30/10/2011 10.37.59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [30/10/2011 10.38.00 86224]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 12.13.00 38144]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/05/2010 23.11.21 1691480]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 14.12.18 341504]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 13.00.00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-920026266-725345543-1003Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-22 17:50]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-920026266-725345543-1003UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-22 17:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{48B0BFA7-086E-4D11-966F-61B58AB4611F}: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{88DCE650-EA03-422C-B755-71E188D5B535}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\udl8qn5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.it
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=4ca6e461000000000000001d7d7c3e5d&tlver=1.4.35.10&affID=100474
FF - user.js: extentions.y2layers.installId - 24748d19-da4b-4346-aeb9-6c4791306472
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.ComboFix 11-11-04.03 - Roberto 04/11/2011 19.20.38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1443 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\JuicyJoint Toolbar
c:\programmi\mbam-setup-1.51.2.1300.exe
c:\windows\system32\Thumbs.db
d:\documenti\iexplore.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-04 al 2011-11-04 )))))))))))))))))))))))))))))))))))
.
.
2011-10-30 12:26 . 2011-10-30 12:26 -------- d-----w- c:\programmi\Yontoo Layers Runtime
2011-10-30 11:54 . 2011-10-30 11:59 446464 ----a-w- c:\programmi\TFC.exe
2011-10-30 09:38 . 2011-10-30 09:38 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Avira
2011-10-30 09:37 . 2011-10-11 14:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-30 09:37 . 2011-10-11 14:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-30 09:37 . 2011-10-11 14:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-30 09:37 . 2011-10-30 09:37 -------- d-----w- c:\programmi\Avira
2011-10-30 09:37 . 2011-10-30 09:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2011-10-30 09:33 . 2011-10-30 09:33 286152 ----a-w- c:\programmi\SoftonicDownloader_per_avira-antivir-personal-free-antivirus.exe
2011-10-28 17:41 . 2011-10-30 09:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2011-10-26 18:24 . 2011-10-26 18:24 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Malwarebytes
2011-10-26 18:23 . 2011-10-26 18:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-10-26 18:23 . 2011-10-28 13:38 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-10-26 18:23 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 17:06 . 2011-10-26 17:06 -------- d-----w- c:\programmi\Trend Micro
2011-10-26 17:06 . 2011-10-26 17:06 812344 ----a-w- c:\programmi\HJTInstall.exe
2011-10-26 11:06 . 2011-10-26 11:06 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\TuneUp Software
2011-10-26 11:05 . 2011-10-26 22:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2011-10-26 11:05 . 2011-10-26 11:05 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-10-25 22:47 . 2011-10-25 22:47 16409960 ----a-w- c:\programmi\spybotsd162.exe
2011-10-25 15:15 . 2011-10-25 15:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\f-secure
2011-10-25 15:15 . 2011-10-25 15:15 -------- d-----w- C:\D2
2011-10-25 11:51 . 2011-10-28 13:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2011-10-21 12:11 . 2011-10-21 12:12 71618148 ----a-w- c:\programmi\internetsecurity.exe
2011-10-21 11:20 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-21 11:20 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-10-14 19:46 . 2011-10-25 15:15 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\vlc
2011-10-14 19:45 . 2011-10-14 19:45 716318 ----a-w- c:\windows\unins000.exe
2011-10-13 00:20 . 2011-10-13 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-12 19:19 . 2011-10-13 00:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Bandoo
2011-10-12 19:12 . 2011-10-13 00:19 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\BearShare
2011-10-12 19:12 . 2011-10-12 19:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BearShare
2011-10-12 19:11 . 2011-10-13 00:19 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{AF7B5169-F195-47E6-8915-D744A1A6E561}
2011-10-10 15:06 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-10-10 15:06 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-09 17:10 . 2011-10-09 17:10 29333696 ----a-w- c:\programmi\asc_setup_slim.exe
.
.
 
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-19 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-19 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2004-08-19 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-08 21:11 . 2011-09-08 21:11 4007216 ----a-w- c:\programmi\defragsetup_22.exe
2011-09-06 14:10 . 2004-08-19 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 21:14 . 2011-09-02 21:14 4004656 ----a-w- c:\programmi\defragsetup_210.exe
2011-08-17 21:24 . 2004-08-19 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:24 . 2004-08-19 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:24 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:24 . 2004-08-19 12:00 17408 ------w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-19 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-19 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-08-12 12:11 . 2011-06-19 10:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 11:51 . 2010-04-27 17:48 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-08-04 00:19 . 2011-08-04 00:18 31504896 ----a-w- c:\programmi\AGTPro_1.1k.msi
2011-10-27 15:48 . 2011-06-17 00:13 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-07 18:34 194848 ----a-w- c:\programmi\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [30/10/2011 10.37.59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [30/10/2011 10.38.00 86224]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 12.13.00 38144]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/05/2010 23.11.21 1691480]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 14.12.18 341504]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 13.00.00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-920026266-725345543-1003Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-22 17:50]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-920026266-725345543-1003UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-22 17:50]
.
.
 
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{48B0BFA7-086E-4D11-966F-61B58AB4611F}: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{88DCE650-EA03-422C-B755-71E188D5B535}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\udl8qn5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.it
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=4ca6e461000000000000001d7d7c3e5d&tlver=1.4.35.10&affID=100474
FF - user.js: extentions.y2layers.installId - 24748d19-da4b-4346-aeb9-6c4791306472
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\DATIAP~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-04 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2011-11-04 19:24:21
ComboFix-quarantined-files.txt 2011-11-04 18:24
.
Pre-Run: 22.917.464.064 byte disponibili
Post-Run: 22.898.884.608 byte disponibili
.
- - End Of File - - A0F77FFA6D35FFE391D035617B2601A7

- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\DATIAP~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-04 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2011-11-04 19:24:21
ComboFix-quarantined-files.txt 2011-11-04 18:24
.
Pre-Run: 22.917.464.064 byte disponibili
Post-Run: 22.898.884.608 byte disponibili
.
- - End Of File - - A0F77FFA6D35FFE391D035617B2601A7

TE L'HO MANDATO IN 4 PARTI PERO' IN UN MODO O NELL'ALTRO CI SONO RIUSCITO FAMMI SAPERE FRANCESCO PER PIACERE GRAZIE MILLE PER LA PAZIENZA A SEGUIRE UN VECCHIETTO
 
ComboFix 11-11-04.03 - Roberto 05/11/2011 20.14.37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1569 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Roberto\Desktop\CFScript.htm
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-05 al 2011-11-05 )))))))))))))))))))))))))))))))))))
.
.
2011-10-30 12:26 . 2011-10-30 12:26 -------- d-----w- c:\programmi\Yontoo Layers Runtime
2011-10-30 11:54 . 2011-10-30 11:59 446464 ----a-w- c:\programmi\TFC.exe
2011-10-30 09:38 . 2011-10-30 09:38 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Avira
2011-10-30 09:37 . 2011-10-11 14:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-30 09:37 . 2011-10-11 14:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-30 09:37 . 2011-10-11 14:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-30 09:37 . 2011-10-30 09:37 -------- d-----w- c:\programmi\Avira
2011-10-30 09:37 . 2011-10-30 09:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2011-10-30 09:33 . 2011-10-30 09:33 286152 ----a-w- c:\programmi\SoftonicDownloader_per_avira-antivir-personal-free-antivirus.exe
2011-10-28 17:41 . 2011-10-30 09:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2011-10-26 18:24 . 2011-10-26 18:24 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Malwarebytes
2011-10-26 18:23 . 2011-10-26 18:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-10-26 18:23 . 2011-10-28 13:38 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-10-26 18:23 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 17:06 . 2011-10-26 17:06 -------- d-----w- c:\programmi\Trend Micro
2011-10-26 17:06 . 2011-10-26 17:06 812344 ----a-w- c:\programmi\HJTInstall.exe
2011-10-26 11:06 . 2011-10-26 11:06 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\TuneUp Software
2011-10-26 11:05 . 2011-10-26 22:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2011-10-26 11:05 . 2011-10-26 11:05 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-10-25 22:47 . 2011-10-25 22:47 16409960 ----a-w- c:\programmi\spybotsd162.exe
2011-10-25 15:15 . 2011-10-25 15:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\f-secure
2011-10-25 15:15 . 2011-10-25 15:15 -------- d-----w- C:\D2
2011-10-25 11:51 . 2011-10-28 13:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2011-10-21 12:11 . 2011-10-21 12:12 71618148 ----a-w- c:\programmi\internetsecurity.exe
2011-10-21 11:20 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-21 11:20 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-10-14 19:46 . 2011-10-25 15:15 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\vlc
2011-10-14 19:45 . 2011-10-14 19:45 716318 ----a-w- c:\windows\unins000.exe
2011-10-13 00:20 . 2011-10-13 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-12 19:19 . 2011-10-13 00:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Bandoo
2011-10-12 19:12 . 2011-10-13 00:19 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\BearShare
2011-10-12 19:12 . 2011-10-12 19:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BearShare
2011-10-12 19:11 . 2011-10-13 00:19 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{AF7B5169-F195-47E6-8915-D744A1A6E561}
2011-10-10 15:06 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-10-10 15:06 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-09 17:10 . 2011-10-09 17:10 29333696 ----a-w- c:\programmi\asc_setup_slim.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-19 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-19 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2004-08-19 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-08 21:11 . 2011-09-08 21:11 4007216 ----a-w- c:\programmi\defragsetup_22.exe
2011-09-06 14:10 . 2004-08-19 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 21:14 . 2011-09-02 21:14 4004656 ----a-w- c:\programmi\defragsetup_210.exe
2011-08-17 21:24 . 2004-08-19 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:24 . 2004-08-19 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:24 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:24 . 2004-08-19 12:00 17408 ------w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-19 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-19 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-08-12 12:11 . 2011-06-19 10:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 11:51 . 2010-04-27 17:48 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-08-04 00:19 . 2011-08-04 00:18 31504896 ----a-w- c:\programmi\AGTPro_1.1k.msi
2011-10-27 15:48 . 2011-06-17 00:13 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-04_18.23.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-05 19:03 . 2011-11-05 19:03 16384 c:\windows\Temp\Perflib_Perfdata_760.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-07 18:34 194848 ----a-w- c:\programmi\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [30/10/2011 10.37.59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [30/10/2011 10.38.00 86224]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 12.13.00 38144]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/05/2010 23.11.21 1691480]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 14.12.18 341504]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 13.00.00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-920026266-725345543-1003Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-22 17:50]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-920026266-725345543-1003UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-08-22 17:50]
.
 
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{48B0BFA7-086E-4D11-966F-61B58AB4611F}: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{88DCE650-EA03-422C-B755-71E188D5B535}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\udl8qn5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.it
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=4ca6e461000000000000001d7d7c3e5d&tlver=1.4.35.10&affID=100474
FF - user.js: extentions.y2layers.installId - 24748d19-da4b-4346-aeb9-6c4791306472
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-05 20:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(804)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2011-11-05 20:18:14
ComboFix-quarantined-files.txt 2011-11-05 19:18
ComboFix2.txt 2011-11-04 18:24
.
Pre-Run: 22.769.332.224 byte disponibili
Post-Run: 22.758.608.896 byte disponibili
.
- - End Of File - - 8CDC33083147D83B67585D32210387EB


Spero di avere fatto bene Francesco
Grazie mille per la pazienza che hai con me.
 
MisterFord, lo script non è andato a buon Fine.
Apri questo link (semplice tasto sinistro del Mouse) clicca Download Link in basso in verde.

Il file di testo .TXT verrà scaricato sul PC.
Posizionalo sul Desktop e trascinalo con il mouse sull'icona di combofix, parte una nuova scansione, allega il report.

Ecco il link;
Wikisend: free file sharing service
 
misterford ha detto:
Federico mi ha detto di aprire una nuova discussione
Sono nuovo del forum e con il pc non sono granche' anzi....
Mio nipote mi ha riportato il pc l'ho acceso ma mi sono accorto che e' molto lento e per di piu' si aprono ogni tanto pagine pubblicitarie mentre ne apro una io
Qualcuno che puo' aiutarmi grazie mille
Clicca per espandere...

Per le pagine pubblicitarie mi viene in mente il plocco pop up,per la lentezza in generale mi viene in mente Ccleaner,ma la domanda sorge spontanea☺:"che pc hai?",non si può pretendere troppo da configurazioni absolete o quasi,non voglio insinuare nulla anzi.
Comunque fai una deframmentazione del disco e lascia perdere MalwareBytes►ComboFix e compagnia bella,anzi se hai una licenza OeM o Retail(per il resto a buon intenditor poche parole)installati SecurityEssential o,se hai possibiltà acquista Norton.
In ogni caso per la lentezza in generale escluderei virus/trojan/maleware e quant'altro dato che,esiste una concezzione molto astratta di quest'ultimi e spesso diventano spauracchi inesistenti,se hai MicorsoftWindowsWista è normale se hai Seven quasi,se hai Xp un pò meno,se hai Win9x è vecchiaia.
 
ComboFix 11-11-04.03 - Roberto 07/11/2011 17.41.50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1449 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Roberto\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\programmi\asc_setup_slim.exe"
"c:\programmi\internetsecurity.exe"
"c:\programmi\SoftonicDownloader_per_avira-antivir-personal-free-antivirus.exe"
"c:\programmi\spybotsd162.exe"
"c:\windows\unins000.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
 
Pubblicità
Pubblicità
Indietro
Top