Pc Lento, Intel I5

saw1989 · June 19, 2012

Salve allego qua il resoconto di hijack

Problema, rallentamento di avvio caricamento desktop...

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Chiara\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Users\Chiara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Chiara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Chiara\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')

O4 - Startup: Facebook Messenger.lnk = Chiara\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - c:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - c:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: DeviceManager - Unknown owner - C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe

O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - c:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 7818 bytes

Ringrazio anticipatamente

*FDAC* · June 22, 2012

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

● posiziona il file scaricato sul Desktop

● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:

● lancia ComboFix con un doppio click

● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte

● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti

Su pc molto infetti il tempo di scansione può raddoppiare facilmente"

● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)

● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:

● potrebbero comparire alcuni file sul Desktop, e poi eliminati

● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi

● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio

● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti

● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:

● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te

● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:

● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore

● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.

Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto

● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.

saw1989 · June 30, 2012

ecco il resoconto :

ComboFix 12-06-28.03 - Chiara 30/06/2012 15:37:05.1.4 - x64

Windows Seven Ice Extreme v1 6.1.7601.1.1252.39.1040.18.8158.6036 [GMT 2:00]

Eseguito da: c:\users\Chiara\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Chiara\AppData\Local\Temp\sfamcc00001.dll

c:\users\Chiara\AppData\Local\Temp\sfareca00001.dll

c:\windows\7Loader.TAG

c:\windows\SysWow64\DEBUG.log

.

((((((((((((((((((((((((( Files Creati Da 2012-05-28 al 2012-06-30 )))))))))))))))))))))))))))))))))))

.

2012-06-30 13:43 . 2012-06-30 13:43 -------- d-----w- c:\users\Default\AppData\Local emp

2012-06-19 13:03 . 2012-06-19 13:03 388096 ----a-r- c:\users\Chiara\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-19 13:03 . 2012-06-19 13:03 -------- d-----w- c:\program files (x86)\Trend Micro

2012-06-11 13:28 . 2012-06-11 13:28 -------- d-----w- c:\programdata\boost_interprocess

2012-06-10 15:41 . 2012-06-10 16:11 -------- d-----w- c:\users\Chiara\AppData\Local\BearShare

2012-06-10 15:40 . 2012-06-17 13:24 -------- d-----w- c:\program files (x86)\BearShare Applications

2012-06-10 15:40 . 2012-06-10 15:40 -------- d-----w- c:\programdata\BearShare

2012-06-10 15:38 . 2012-06-10 15:42 -------- dc-h--w- c:\programdata\{C938105F-6E6F-45FC-9845-42621E29C58F}

2012-06-10 15:38 . 2012-06-10 15:38 -------- d-----w- c:\users\Chiara\AppData\Local\PackageAware

2012-06-04 17:23 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe

2012-06-04 17:23 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2012-06-04 17:18 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2012-06-04 17:16 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2012-06-04 17:16 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2012-06-04 17:16 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-06-04 17:16 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-06-04 16:46 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-06-04 16:46 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2012-06-04 16:46 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2012-06-04 16:46 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-06-04 16:46 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2012-06-04 16:46 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2012-06-04 16:46 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2012-06-04 16:46 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2012-06-04 16:46 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2012-06-04 16:46 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2012-06-04 16:45 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32 zres.dll

2012-06-04 16:45 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64 zres.dll

2012-06-04 16:34 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers cpip.sys

2012-06-04 16:34 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-06-04 16:34 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-06-04 16:34 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-06-04 16:34 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-06-04 16:34 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-06-04 16:33 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-06-04 16:33 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-06-04 16:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-06-04 16:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-17 13:21 . 2012-05-04 18:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-17 13:21 . 2012-05-04 18:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-02 13:29 . 2012-04-27 06:17 45320 ----a-w- c:\windows\SysWow64\certsentry.dll

2012-05-02 13:28 . 2012-04-27 06:17 53512 ----a-w- c:\windows\system32\certsentry.dll

2012-04-27 22:39 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-27 08:53 . 2012-04-27 06:27 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-04-27 08:53 . 2012-04-27 06:27 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-04-27 06:17 . 2012-04-27 06:17 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-04-27 06:17 . 2012-04-27 06:17 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-27 06:17 . 2012-04-27 06:17 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2012-04-04 13:56 . 2012-04-27 08:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-02-10 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-02-10 71168]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [2009-11-17 119680]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-02-10 20992]

R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-02-10 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS erminpt.sys [2011-02-10 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [2011-02-10 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-02-10 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers susbhub.sys [2011-02-10 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]

S2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe [2009-11-17 40960]

S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-06-12 412304]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-04-28 1617472]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]

.

--- Altri Servizi/Drivers In Memoria ---

.

*NewlyCreated* - WS2IFSL

.

Contenuto della cartella 'Scheduled Tasks'

.

2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289539442-4054363349-1003867602-1000Core.job

- c:\users\Chiara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 12:57]

.

2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289539442-4054363349-1003867602-1000UA.job

- c:\users\Chiara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 12:57]

.

2012-06-30 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-27 19:06]

.

2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1289539442-4054363349-1003867602-1000Core.job

- c:\users\Chiara\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 06:39]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1289539442-4054363349-1003867602-1000UA.job

- c:\users\Chiara\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 06:39]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.it/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

Toolbar-10 - (no file)

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Ora fine scansione: 2012-06-30 15:57:33 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2012-06-30 13:57

.

Pre-Run: 20.655.435.776 byte disponibili

Post-Run: 26.124.574.720 byte disponibili

.

- - End Of File - - 01B96DA5DC8864781099C87B37A32309

saw1989 · June 30, 2012

inoltre volevo precisare anche che non mi va mai la cpu al 100%, solo con lo stress cpu va al 100%. se apro 1000 programmi non ci va mai.. mentre nell'altro pc basta che ne apri 1 gia lavora al 100% per aprirlo poi si abbassa.

*FDAC* · July 1, 2012

Ciao.

Il PC è craccato, e non prestiamo assistenza per tali SO.

Ti lascio le ultime indicazioni, dopodichè "scappo":

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe

● posiziona il tool sul Desktop

● termina tutti i programmi attivi, comprese le pagine Internet

● avvia il tool con un doppio click

● clicca, in basso a sinistra, sul pulsante Start

● scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi

● attendi pazientemente il termine delle operazioni

● clicca, in basso a destra, sul pulsante Exit

● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:

TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe

● posiziona il tool sul Desktop

● chiudi tutti i programmi attivi

● avvia il tool con un doppio click

● clicca sul pulsante CleanUp!

● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:

OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale

Buona Domenica.

saw1989 · July 3, 2012

niente non viene risolto vabbè grazie lo stesso

Accedi

Pc Lento, Intel I5

6 messaggi in questa discussione

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Condividi questo messaggio

Link di questo messaggio

Condividi su altri siti

Crea un account o accedi per lasciare un commento

Crea un account

Accedi

Sezioni principali

Attività