Foursnakes

Aspetta, forse non ho capito... la cartella di cui parli è quella al percorso C:\i386, quindi? E' questo che si intende per "radice"? E poi un'altra cosa... come faccio a modificare le chiavi di registro? Si fa dal regedit? Mi puoi spiegare passo passo cosa devo fare? Grazie ancora per l'infinita pazienza

Non c'è nessuna cartella C:\ dentro i386... ti faccio vedere uno screen delle cartelle che ci sono:

Sì, ce l'ha.

Ok, ma quindi posso usare anche un cd di XP Home Edition di un altro computer o mi fa casino con le product key?

Ehm... io non ho il cd di XP Cioè, mi hanno venduto il pc con XP originale ma senza cd di installazione... lo so che è incredibile, ma me ne accorsi solo dopo, all'epoca non ne sapevo molto di queste cose! Ho però un cd di XP di un altro computer: è un XP Professional, mentre quello installato qui è un Home Edition, dici che va bene lo stesso?

Perfetto, tutto a posto... sono tornato a NT AUTHORITY Anche se in effetti non è cambiato nulla rispetto a prima, non capisco proprio cosa vada a modificare... vabbè, l'importante è essere tornati alla posizione di partenza. Adesso resta sempre il problema dei rallentamenti con relativo messaggio fittizio del firewall (il messaggio d'errore me lo dà ancora)

Mmh, non credo... non consapevolmente almeno. Però ho programmi come CCleaner e TuneUp che modificano il registro, per esempio con TuneUp l'ho deframmentato alcune volte e lo tengo pulito molto spesso con CCleaner... una settimana fa l'ho anche pulito con RegistryBooster.

Infatti avevo riavviato subito dopo, l'immagine che ho allegato risale a dopo il riavvio. Per il resto ho provato i vari passaggi: la Fase 1 non ha dato risultati, la Fase 3 mi dà questo errore quando gli do l'ok per l'aggiunta dei dati al registro:

Ok, tento i passaggi successivi... però forse il problema che ho io è diverso da quello messo in evidenza nella pagina; c'è scritto "Impossibile avviare il servizio Windows Firewall in Windows XP SP2", però il mio firewall si attiva alla fine... dopo 2 minuti buoni, ma si attiva XD Poi io ho XP SP3, non so se è la stessa cosa... comunque tentar non nuoce, ti faccio sapere.

Ciao, innanzitutto grazie per il tempo che stai perdendo dietro il mio problema Seconda cosa: il servizio Remote Procedure Call (RPC) non era configurato per l'accesso come Account di sistema locale ma per l'accesso come Account con nome NT AUTHORITY\NetworkService, con relativa password e conferma di password... stessa configurazione anche per il servizio RPC Locator. Io ho provato a cambiare il Remote Procedure Call (RPC) come hai detto tu, ma non è cambiato nulla, anzi adesso non posso più tornare alla configurazione precedente... ti allego un'immagine: Adesso che faccio, cambio anche l'RPC Locator o posso andare avanti con i passaggi successivi che hai descritto?

Allora, Comodo non ha migliorato il problema (i rallentamenti iniziali) e disinstallandolo con Revo la situazione è ritornata quella iniziale... neanche modificando le variabili d'ambiente è cambiato qualcosa

Sì, l'ho già provato, ma non fa altro che attivare Windows Firewall se questo è disattivato... comunque grazie per l'interessamento

Ciao Mr 4011. In realtà, ora che mi ricordo, il messaggio del Firewall e credo anche i rallentamenti iniziali sono cominciati quando tempo fa installai Outpost Firewall Pro e poi lo disinstallai perchè troppo peso... quindi non so, provo a installare Comodo e guardo cosa succede. Magari provo anche a disinstallarlo e guardo se la situazione torna la stessa di adesso.

Ok, ti posto il nuovo log di ComboFix... ma non credo cambierà molto da quello precedente, visto che questo problema del Firewall ce l'ho ormai da anni XD ComboFix 12-02-19.02 - Andrea 20/02/2012 16.38.42.6.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1471.1072 [GMT 1:00] Eseguito da: c:\documents and settings\Andrea\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {00000000-0715-0000-08F2-12003094807C} AV: Avira Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000} . ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . . ((((((((((((((((((((((((( Files Creati Da 2012-01-20 al 2012-02-20 ))))))))))))))))))))))))))))))))))) . . 2012-02-20 00:36 . 2012-02-20 00:36 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Malwarebytes 2012-02-20 00:36 . 2012-02-20 00:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2012-02-20 00:35 . 2012-02-20 00:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2012-02-20 00:35 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-19 19:26 . 2012-02-19 19:26 -------- d-----w- c:\programmi\ESET 2012-02-18 17:56 . 2012-02-19 14:15 -------- d-----w- c:\documents and settings\Ornella e Riccardo 2012-02-18 12:12 . 2012-02-18 12:12 -------- d-----w- c:\programmi\Sun 2012-02-18 11:00 . 2012-02-18 11:00 -------- d-----w- c:\programmi\File comuni\Java 2012-02-18 11:00 . 2012-02-18 11:00 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-02-18 10:52 . 2012-02-18 10:52 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-15 08:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-15 08:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-02-14 14:48 . 2012-02-17 15:05 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-02-14 14:48 . 2011-12-16 08:51 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-02-14 14:48 . 2011-12-16 08:51 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-02-14 14:48 . 2012-02-14 14:48 -------- d-----w- c:\programmi\Avira 2012-02-14 14:48 . 2012-02-14 14:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira 2012-02-14 10:51 . 2012-02-14 11:03 -------- d-----w- c:\programmi\Safer Networking 2012-02-14 10:38 . 2012-02-14 10:38 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Safer Networking 2012-02-07 17:45 . 2012-02-19 11:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-06 18:43 . 2012-02-06 18:43 -------- d-----w- c:\programmi\sisagp 2012-02-06 18:43 . 2012-02-06 18:44 -------- d-----w- c:\programmi\SiS VGA Utilities V3.93 2012-02-06 18:04 . 2010-10-26 10:05 65536 ------w- c:\windows\system32\SiSHook.dll 2012-02-06 18:04 . 2010-10-26 10:04 110592 ------w- c:\windows\system32\TVMode.dll 2012-02-06 18:04 . 2010-10-26 10:02 135168 ------w- c:\windows\system32\SiSApCom.dll 2012-02-06 18:04 . 2012-02-06 18:43 -------- d-----w- c:\programmi\SiSUnin 2012-02-06 18:04 . 2008-08-07 13:00 163923 ------w- c:\windows\system32\SiSUninstall.exe 2012-02-06 18:04 . 2010-10-26 10:04 53248 ------w- c:\windows\system32\SiSPower.dll 2012-02-06 18:04 . 2010-10-26 10:03 262144 ----a-w- c:\windows\system32\sistray.exe 2012-02-06 18:04 . 2010-06-04 15:17 208896 ----a-w- c:\windows\Progress.exe 2012-02-06 18:04 . 2006-04-28 08:56 49152 ------w- c:\windows\InstFunc.exe 2012-02-06 18:04 . 2010-10-26 10:03 12288 ------w- c:\windows\InstFunc.dll 2012-02-06 17:52 . 2012-02-06 17:52 -------- d-----w- c:\programmi\SiSLan 2012-02-06 12:25 . 2012-02-06 12:25 -------- d-----w- c:\windows\SIS 2012-02-06 12:11 . 2010-10-26 10:39 325120 ----a-w- c:\windows\system32\drivers\sisgrp.sys 2012-02-06 12:11 . 2010-10-26 10:39 325120 ----a-w- c:\windows\system32\dllcache\sisgrp.sys 2012-02-06 11:14 . 2010-10-26 11:12 19200 ----a-w- c:\windows\system32\drivers\srvkp.sys 2012-02-06 11:14 . 2010-10-26 10:46 3468288 ----a-w- c:\windows\system32\sisgrv.dll 2012-02-06 11:14 . 2010-10-26 10:46 3468288 ----a-w- c:\windows\system32\dllcache\sisgrv.dll 2012-02-06 11:14 . 2010-10-26 10:04 9728 ----a-w- c:\windows\system32\SiSPIns2.dll 2012-02-06 11:14 . 2010-10-26 11:10 1571001 ----a-w- c:\windows\system32\sisgl.dll 2012-02-06 11:14 . 2010-10-26 10:02 49152 ----a-w- c:\windows\system32\SiSBase.dll 2012-02-06 11:14 . 2006-01-19 09:34 49152 ----a-w- c:\windows\system32\sis660.bin 2012-02-06 11:14 . 2005-10-07 14:13 65536 ----a-w- c:\windows\system32\sis760.bin 2012-02-06 11:14 . 2005-10-07 14:13 65536 ----a-w- c:\windows\system32\sis741.bin 2012-02-06 00:58 . 2006-03-22 20:53 337320 ----a-w- c:\windows\difxapi.dll 2012-02-06 00:35 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2012-02-06 00:32 . 2012-02-06 00:53 -------- d-----w- c:\windows\Logs 2012-02-05 19:42 . 2012-02-05 19:42 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Avira 2012-01-23 17:43 . 2012-01-23 17:43 -------- d-----w- c:\programmi\iPod 2012-01-23 17:43 . 2012-01-23 17:44 -------- d-----w- c:\programmi\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-18 11:00 . 2010-05-05 14:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-12 17:20 . 2005-10-06 03:08 1859968 ----a-w- c:\windows\system32\win32k.sys 2011-12-19 08:09 . 2006-01-09 17:59 832512 ----a-w- c:\windows\system32\wininet.dll 2011-12-19 08:09 . 2004-08-19 12:00 1830912 -c--a-w- c:\windows\system32\inetcpl.cpl 2011-12-19 08:09 . 2009-04-01 17:56 78336 -c--a-w- c:\windows\system32\ieencode.dll 2011-12-19 08:09 . 2004-08-19 12:00 17408 -c--a-w- c:\windows\system32\corpol.dll 2011-11-25 21:57 . 2005-09-01 01:44 293888 ----a-w- c:\windows\system32\winsrv.dll 2012-02-18 09:50 . 2012-02-07 17:32 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programmi\\eMule\\emule.exe"= "c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programmi\\Mozilla Firefox\\firefox.exe"= "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Programmi\\uTorrent\\uTorrent.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Programmi\\eclipse C-C++\\eclipse.exe"= "c:\\Programmi\\Bonjour\\mDNSResponder.exe"= "c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/06/2011 16.12.31 717296] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14/02/2012 15.48.42 36000] R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [14/02/2012 15.48.43 86224] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [07/11/2011 10.38.22 1479488] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [31/10/2011 15.00.20 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [27/08/2010 18.12.11 47360] S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenuto della cartella 'Scheduled Tasks' . 2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-02-20 c:\windows\Tasks\User_Feed_Synchronization-{5602F371-9443-44C7-9B4D-F67CC6F11F1F}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 10:58] . . ------- Scansione supplementare ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.it/ mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://it.intl.acer.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\yi211538.default\ FF - prefs.js: browser.search.selectedEngine - Ricerca video di YouTube FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox FF - prefs.js: network.proxy.type - 0 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-20 16:43 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,34,47,c4,ae,9f,d7,49,b4,0c,75,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,34,47,c4,ae,9f,d7,49,b4,0c,75,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'explorer.exe'(556) c:\windows\system32\WININET.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Ora fine scansione: 2012-02-20 16:45:25 ComboFix-quarantined-files.txt 2012-02-20 15:45 . Pre-Run: 4.442.034.176 byte disponibili Post-Run: 4.422.709.248 byte disponibili . - - End Of File - - 70AEC233EBB9D000B9B0B6202E6B63C8

Ciao Mr 4011, questo è il log di ComboFix di qualche giorno fa: ComboFix 12-02-13.01 - Andrea 14/02/2012 15.12.13.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1471.1065 [GMT 1:00] Eseguito da: c:\documents and settings\Andrea\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {00000000-0715-0000-08F2-12003094807C} AV: Avira Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000} . ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Andrea\Recent\RouterLogin.com.url c:\documents and settings\Andrea\WINDOWS c:\windows\bwUnin-7.2.0.157-8876480SL.exe c:\windows\IsUn0410.exe c:\windows\system32\STEC3.sys . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_STEC3 -------\Service_STEC3 . . ((((((((((((((((((((((((( Files Creati Da 2012-01-14 al 2012-02-14 ))))))))))))))))))))))))))))))))))) . . 2012-02-14 10:51 . 2012-02-14 10:51 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-14 10:51 . 2012-02-14 11:03 -------- d-----w- c:\programmi\Safer Networking 2012-02-14 10:38 . 2012-02-14 10:38 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Safer Networking 2012-02-07 17:45 . 2012-02-10 23:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-07 11:17 . 2012-02-07 11:17 -------- d-----w- c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\PackageAware 2012-02-06 18:43 . 2012-02-06 18:43 -------- d-----w- c:\programmi\sisagp 2012-02-06 18:43 . 2012-02-06 18:44 -------- d-----w- c:\programmi\SiS VGA Utilities V3.93 2012-02-06 18:04 . 2010-10-26 10:05 65536 ------w- c:\windows\system32\SiSHook.dll 2012-02-06 18:04 . 2010-10-26 10:04 110592 ------w- c:\windows\system32\TVMode.dll 2012-02-06 18:04 . 2010-10-26 10:02 135168 ------w- c:\windows\system32\SiSApCom.dll 2012-02-06 18:04 . 2012-02-06 18:43 -------- d-----w- c:\programmi\SiSUnin 2012-02-06 18:04 . 2008-08-07 13:00 163923 ------w- c:\windows\system32\SiSUninstall.exe 2012-02-06 18:04 . 2010-10-26 10:04 53248 ------w- c:\windows\system32\SiSPower.dll 2012-02-06 18:04 . 2010-10-26 10:03 262144 ----a-w- c:\windows\system32\sistray.exe 2012-02-06 18:04 . 2010-06-04 15:17 208896 ----a-w- c:\windows\Progress.exe 2012-02-06 18:04 . 2006-04-28 08:56 49152 ------w- c:\windows\InstFunc.exe 2012-02-06 18:04 . 2010-10-26 10:03 12288 ------w- c:\windows\InstFunc.dll 2012-02-06 17:52 . 2012-02-06 17:52 -------- d-----w- c:\programmi\SiSLan 2012-02-06 12:25 . 2012-02-06 12:25 -------- d-----w- c:\windows\SIS 2012-02-06 12:11 . 2010-10-26 10:39 325120 ----a-w- c:\windows\system32\drivers\sisgrp.sys 2012-02-06 12:11 . 2010-10-26 10:39 325120 ----a-w- c:\windows\system32\dllcache\sisgrp.sys 2012-02-06 11:14 . 2010-10-26 11:12 19200 ----a-w- c:\windows\system32\drivers\srvkp.sys 2012-02-06 11:14 . 2010-10-26 10:46 3468288 ----a-w- c:\windows\system32\sisgrv.dll 2012-02-06 11:14 . 2010-10-26 10:46 3468288 ----a-w- c:\windows\system32\dllcache\sisgrv.dll 2012-02-06 11:14 . 2010-10-26 10:04 9728 ----a-w- c:\windows\system32\SiSPIns2.dll 2012-02-06 11:14 . 2010-10-26 11:10 1571001 ----a-w- c:\windows\system32\sisgl.dll 2012-02-06 11:14 . 2010-10-26 10:02 49152 ----a-w- c:\windows\system32\SiSBase.dll 2012-02-06 11:14 . 2006-01-19 09:34 49152 ----a-w- c:\windows\system32\sis660.bin 2012-02-06 11:14 . 2005-10-07 14:13 65536 ----a-w- c:\windows\system32\sis760.bin 2012-02-06 11:14 . 2005-10-07 14:13 65536 ----a-w- c:\windows\system32\sis741.bin 2012-02-06 00:58 . 2006-03-22 20:53 337320 ----a-w- c:\windows\difxapi.dll 2012-02-06 00:35 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2012-02-06 00:32 . 2012-02-06 00:53 -------- d-----w- c:\windows\Logs 2012-02-05 19:42 . 2012-02-05 19:42 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Avira 2012-01-23 17:43 . 2012-01-23 17:43 -------- d-----w- c:\programmi\iPod 2012-01-23 17:43 . 2012-01-23 17:44 -------- d-----w- c:\programmi\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2005-09-01 01:44 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2005-10-06 03:08 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2004-08-19 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2004-08-19 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2004-08-19 12:00 152064 ----a-w- c:\windows\system32\schannel.dll 2012-02-11 13:59 . 2012-02-07 17:32 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Utility Tray.lnk] path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Utility Tray.lnk backup=c:\windows\pss\Utility Tray.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] Alaunch [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] 2006-04-18 18:54 49152 ----a-w- c:\windows\system32\SysMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 10:48 58656 ----a-w- c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25 59240 ----a-w- c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] 2006-06-01 13:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 19:17 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-08-20 08:54 150016 ----a-w- c:\programmi\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] 2004-08-19 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 16:22 421736 ----a-w- c:\programmi\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] 2007-12-26 17:07 36864 ----a-w- c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2006-10-31 00:03 284184 ----a-w- c:\programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2006-11-15 20:58 746520 ----a-w- c:\programmi\Logitech\QuickCam10\QuickCam10.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2006-11-15 21:01 244512 ----a-w- c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2008-04-14 02:14 172032 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] 2004-08-19 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI] 2005-05-12 01:15 45056 ----a-w- c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] 2004-08-19 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] 2004-08-19 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService] 2011-10-24 15:51 801792 ----a-w- c:\programmi\Yuna Software\Messenger Plus!\PlusService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-03 03:24 32768 ------w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] 2010-10-26 10:04 53248 ------w- c:\windows\system32\SiSPower.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-08-16 21:39 90112 ----a-w- c:\windows\SOUNDMAN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programmi\\eMule\\emule.exe"= "c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programmi\\Mozilla Firefox\\firefox.exe"= "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Programmi\\uTorrent\\uTorrent.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Programmi\\eclipse C-C++\\eclipse.exe"= "c:\\Programmi\\Bonjour\\mDNSResponder.exe"= "c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/06/2011 16.12.31 717296] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [07/11/2011 10.38.22 1479488] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [31/10/2011 15.00.20 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [27/08/2010 18.12.11 47360] S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenuto della cartella 'Scheduled Tasks' . 2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{5602F371-9443-44C7-9B4D-F67CC6F11F1F}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 10:58] . . ------- Scansione supplementare ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.it/ mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://it.intl.acer.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\yi211538.default\ FF - prefs.js: browser.search.selectedEngine - Ricerca video di YouTube FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - CHIAVI ORFANE RIMOSSE - - - - . SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-QuickTime Task - c:\programmi\QuickTime\QTTask.exe MSConfigStartUp-SMSERIAL - sm56hlpr.exe MSConfigStartUp-SunJavaUpdateSched - c:\programmi\File comuni\Java\Java Update\jusched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-14 15:19 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,34,47,c4,ae,9f,d7,49,b4,0c,75,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,34,47,c4,ae,9f,d7,49,b4,0c,75,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'explorer.exe'(1740) c:\windows\system32\WININET.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\system32\UTSCSI.EXE c:\programmi\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Ora fine scansione: 2012-02-14 15:21:18 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-02-14 14:21 . Pre-Run: 3.726.688.256 byte disponibili Post-Run: 3.823.525.888 byte disponibili . - - End Of File - - 1DBEAD602ACC6F321D3F35DB43E0F93C

Ciao a tutti, questo è il log di Malwarebytes: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Versione database: v2012.02.20.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 Andrea :: ACER-6618B8BBB0 [amministratore] 20/02/2012 11.10.27 mbam-log-2012-02-20 (11-10-27).txt Tipo di scansione: Scansione completa Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM Opzioni di scansione disattivate: P2P Elementi esaminati: 296899 Tempo impiegato: 1 ore, 1 minuti, 4 secondi Processi rilevati in memoria: 0 (non sono stati rilevati elementi nocivi) Moduli di memoria rilevati: 0 (non sono stati rilevati elementi nocivi) Chiavi di registro rilevate: 0 (non sono stati rilevati elementi nocivi) Valori di registro rilevati: 0 (non sono stati rilevati elementi nocivi) Voci rilevate nei dati di registro: 0 (non sono stati rilevati elementi nocivi) Cartelle rilevate: 0 (non sono stati rilevati elementi nocivi) File rilevati: 0 (non sono stati rilevati elementi nocivi) (fine) Anche Eset non ha trovato niente di niente.

Malwarebytes l'ho già provato giorni fa ma senza che risolvesse il problema... devo comunque rifare una scansione?

Ok, questo è il DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_31 Run by Andrea at 17:47:06 on 2012-02-19 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1471.1016 [GMT 1:00] . AV: Avira Desktop *Disabled/Updated* {00000000-0715-0000-08F2-12003094807C} AV: Avira Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Programmi\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Programmi\Avira\AntiVir Desktop\avshadow.exe svchost.exe C:\Programmi\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dllhost.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.it/ mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://it.intl.acer.yahoo.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182421639421 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll IFEO: excel.exe - "c:\programmi\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: javaw.exe - "c:\programmi\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: javaws.exe - "c:\programmi\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: msaccess.exe - "c:\programmi\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: msoxmled.exe - "c:\programmi\tuneup utilities 2012\TUAutoReactivator32.exe" . Note: multiple IFEO entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\andrea\dati applicazioni\mozilla\firefox\profiles\yi211538.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox FF - plugin: c:\programmi\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\programmi\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\programmi\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\programmi\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\programmi\mozilla firefox\plugins\npOGAPlugin.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-14 36000] R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\avira\antivir desktop\sched.exe [2012-2-14 86224] R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2012-2-14 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-14 74640] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-11-7 1479488] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-31 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-02-18 12:12:30 -------- d-----w- c:\programmi\Sun 2012-02-18 11:00:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-02-18 10:52:10 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-02-18 10:52:10 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-18 10:42:17 -------- d-----w- c:\programmi\file comuni\Java(2) 2012-02-15 08:46:13 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-15 08:46:13 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-02-14 14:48:42 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-02-14 14:48:42 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-02-14 14:48:41 -------- d-----w- c:\programmi\Avira 2012-02-14 14:48:41 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Avira 2012-02-14 14:10:12 256000 ----a-w- c:\windows\PEV.exe 2012-02-14 14:10:12 208896 ----a-w- c:\windows\MBR.exe 2012-02-14 10:51:46 -------- d-----w- c:\programmi\Safer Networking 2012-02-14 10:38:24 -------- d-----w- c:\documents and settings\andrea\dati applicazioni\Safer Networking 2012-02-07 17:45:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-07 11:17:43 -------- d-----w- c:\documents and settings\andrea\impostazioni locali\dati applicazioni\PackageAware 2012-02-06 18:43:51 -------- d-----w- c:\programmi\sisagp 2012-02-06 18:43:34 -------- d-----w- c:\programmi\SiS VGA Utilities V3.93 2012-02-06 18:04:16 65536 ------w- c:\windows\system32\SiSHook.dll 2012-02-06 18:04:16 135168 ------w- c:\windows\system32\SiSApCom.dll 2012-02-06 18:04:16 110592 ------w- c:\windows\system32\TVMode.dll 2012-02-06 18:04:15 163923 ------w- c:\windows\system32\SiSUninstall.exe 2012-02-06 18:04:15 -------- d-----w- c:\programmi\SiSUnin 2012-02-06 18:04:14 53248 ------w- c:\windows\system32\SiSPower.dll 2012-02-06 18:04:14 49152 ------w- c:\windows\InstFunc.exe 2012-02-06 18:04:14 262144 ----a-w- c:\windows\system32\sistray.exe 2012-02-06 18:04:14 208896 ----a-w- c:\windows\Progress.exe 2012-02-06 18:04:13 12288 ------w- c:\windows\InstFunc.dll 2012-02-06 17:52:43 -------- d-----w- c:\programmi\SiSLan 2012-02-06 12:25:39 -------- d-----w- c:\windows\SIS 2012-02-06 12:11:15 325120 ----a-w- c:\windows\system32\drivers\sisgrp.sys 2012-02-06 12:11:15 325120 ----a-w- c:\windows\system32\dllcache\sisgrp.sys 2012-02-06 11:14:11 9728 ----a-w- c:\windows\system32\SiSPIns2.dll 2012-02-06 11:14:11 3468288 ----a-w- c:\windows\system32\sisgrv.dll 2012-02-06 11:14:11 3468288 ----a-w- c:\windows\system32\dllcache\sisgrv.dll 2012-02-06 11:14:11 19200 ----a-w- c:\windows\system32\drivers\srvkp.sys 2012-02-06 11:14:10 65536 ----a-w- c:\windows\system32\sis760.bin 2012-02-06 11:14:10 65536 ----a-w- c:\windows\system32\sis741.bin 2012-02-06 11:14:10 49152 ----a-w- c:\windows\system32\SiSBase.dll 2012-02-06 11:14:10 49152 ----a-w- c:\windows\system32\sis660.bin 2012-02-06 11:14:10 1571001 ----a-w- c:\windows\system32\sisgl.dll 2012-02-06 00:58:29 337320 ----a-w- c:\windows\difxapi.dll 2012-02-06 00:35:59 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2012-02-06 00:32:58 -------- d-----w- c:\windows\Logs 2012-02-05 19:42:00 -------- d-----w- c:\documents and settings\andrea\dati applicazioni\Avira 2012-01-23 17:43:18 -------- d-----w- c:\programmi\iPod 2012-01-23 17:43:13 -------- d-----w- c:\programmi\iTunes . ==================== Find3M ==================== . 2012-02-18 11:00:27 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-12 17:20:32 1859968 ----a-w- c:\windows\system32\win32k.sys 2011-12-19 08:09:38 832512 ----a-w- c:\windows\system32\wininet.dll 2011-12-19 08:09:37 1830912 -c--a-w- c:\windows\system32\inetcpl.cpl 2011-12-19 08:09:36 78336 -c--a-w- c:\windows\system32\ieencode.dll 2011-12-19 08:09:36 17408 -c--a-w- c:\windows\system32\corpol.dll 2011-11-25 21:57:07 293888 ----a-w- c:\windows\system32\winsrv.dll . ============= FINISH: 17.47.38,20 =============== E questo è l'Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 25/12/2006 19.31.52 System Uptime: 19/02/2012 15.08.02 (2 hours ago) . Motherboard: Acer | | E661GXM Processor: Intel® Pentium® 4 CPU 3.06GHz | Socket 775 | 3066/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 35 GiB total, 4,209 GiB free. D: is FIXED (FAT32) - 35 GiB total, 17,763 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1206: 19/02/2012 14.54.20 - Microsoft Fix it 50102 installato . ==== Image File Execution Options ============= . IFEO: excel.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: javaw.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: javaws.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: msaccess.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: msoxmled.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: mspub.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: mstore.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: outlook.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: powerpnt.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: presentationhost.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: winword.exe - "C:\Programmi\TuneUp Utilities 2012\TUAutoReactivator32.exe" . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Acer Empowering Technology Acer ePerformance Management Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) - Italiano Aggiornamento della protezione per Windows Internet Explorer 7 (KB2544521) Aggiornamento della protezione per Windows Internet Explorer 7 (KB2618444) Aggiornamento della protezione per Windows Internet Explorer 7 (KB2647516) Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127) Aggiornamento della protezione per Windows Internet Explorer 7 (KB942615) Aggiornamento della protezione per Windows Internet Explorer 7 (KB944533) Aggiornamento della protezione per Windows Internet Explorer 7 (KB950759) Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838) Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390) Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215) Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714) Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260) Aggiornamento della protezione per Windows Media Player (KB911564) Aggiornamento della protezione per Windows XP (KB923789) Aggiornamento rapido per Windows Internet Explorer 7 (KB947864) Apple Application Support Apple Mobile Device Support Apple Software Update Assistente per l'accesso a Windows Live µTorrent Avira Free Antivirus Bonjour Borland C++Builder 6 BufferChm C4400 C4400_Help Cards_Calendar_OrderGift_DoMorePlugout CCleaner Copy CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 Defraggler Destination Component DeviceDiscovery DivX Setup DocProc Driver di Logitech® Camera EarMaster Pro 4 eMule Google Update Helper GPBaseService Guitar Pro 5.2 Harry Potter Screen Saver Hotfix for Windows XP (KB976002-v5) HP Imaging Device Functions 10.0 HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 HP Photosmart Essential 3.5 HP Solution Center 10.0 HP Update HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPPhotoSmartPhotobookWebPack1 HPProductAssistant iTunes Java Auto Updater Java DB 10.6.2.1 Java 6 Update 31 Java SE Development Kit 6 Update 31 Logitech Audio Echo Cancellation Component Logitech Desktop Messenger Logitech QuickCam Logitech Video Enumerator Lyrics Plugin for Windows Media Player MATLAB R2010a Messenger Plus! Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) Microsoft .NET Framework 4 Client Profile ITA Language Pack Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Italian) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Italian) 2007 Microsoft Office Groove MUI (Italian) 2007 Microsoft Office InfoPath MUI (Italian) 2007 Microsoft Office OneNote MUI (Italian) 2007 Microsoft Office Outlook MUI (Italian) 2007 Microsoft Office PowerPoint MUI (Italian) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (Italian) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Italian) 2007 Microsoft Office Shared MUI (Italian) 2007 Microsoft Office Word MUI (Italian) 2007 Microsoft Software Update for Web Folders (Italian) 12 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MobileMe Control Panel Mozilla Firefox 10.0.2 (x86 it) MSVC80_x86 MSVC90_x86 MSVCRT MSXML 4.0 SP2 (KB973688) MVision NTI CD & DVD-Maker OCA Client history tool install OCR Software by I.R.I.S. 10.0 OGA Notifier 1.7.0105.35.0 PanoStandAlone PowerDVD PS_AIO_03_C4400_ProductContext PS_AIO_03_C4400_Software PS_AIO_03_C4400_Software_Min PSSWCORE Realtek AC'97 Audio Revo Uninstaller 1.93 Scan SearchTheWeb Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Segoe UI SiS VGA Utilities SiSAGP driver SolutionCenter Status Strumento di caricamento di Windows Live Toolbox Transcribe! 7.11 TrayApp TuneUp Utilities 2012 TuneUp Utilities Language Pack (it-IT) UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition vanBasco's Karaoke Player VC80CRTRedist - 8.0.50727.4053 VideoToolkit01 VLC media player 1.1.11 WebFldrs XP WebReg Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Media Format 11 runtime Windows Media Player 11 WinRAR gestione archivi . ==== End Of File ===========================

Ciao Mr 4011, scusa se ho scritto qui, non sono molto pratico di forum XD Ho scaricato ed eseguito DDS, allego il file DDS.txt DDS.txt

Come, scusa? XD

No aspetta, mi sa che non hai capito... la colonna del Nome utente c'è fin dall'inizio nel Task Manager, solo che non appaiono proprio i nomi, tipo SYSTEM o SERVIZIO LOCALE... di processi in avvio ne ho solo 2, perchè li controllo da TuneUp e CCleaner, e sono l'antivirus e la barra della lingua (ctfmon.exe per intendersi)... per il resto ho già provato tutto quello che hai scritto più e più volte.

Però non si spiegano i rallentamenti e il fatto che i nomi utente nel Task Manager non appaiono... è come se il pc stesse fermo senza lavorare per quei 1-2 minuti e poi ad un tratto finisce di caricare quello che gli manca... qualche consiglio?

Salve, ho letto la discussione, ho anch'io un problema simile a quello che ha avuto torelli: all'inizio non posso eseguire alcune operazioni e comunque è tutto rallentato (nel frattempo nel Task Manager non appaiono i Nomi utente accanto ai processi), poi dopo 1-2 minuti, Windows mi dice che il Firewall è disattivato, dopo alcuni secondi il messaggio scompare, compaiono i computerini della connessione in basso a destra e tutto ritorna normale... potete aiutarmi? Ho Windows XP SP3, Avira Antivir 12, CCleaner e TuneUp Utilities 2012 installati. Premetto che è da almeno un anno che ho questo problema, che ho fatto molte scansioni senza risultati e che ho già provato ad utilizzare Malwarebytes senza che questo risolvesse il problema.