Condividi:        

Problema pc lentissimo...causa virus o malware?

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: m.paolo, antoo69, -> EleKtrA <-

Problema pc lentissimo...causa virus o malware?

Postdi ale221286 » 03/01/14 14:36

Ciao a tutti, da circa una settimana ho l'hard disk del pc che lavora di continuo, con la spia rossa sempre accesa o lampeggiante...ma non ci sono applicazioni in background aperte che consumino chissà quali risorse.
Ho fatto varie ricerche su internet e alla fine ho notato, tra l'altro, vari processi svchost.exe in esecuzione che, analizzati, sembra diano qualche problema...ma non riesco a individuarli e chiuderli.
Altra cosa...ho provato a fare il log di hijackthis ma non mi salva il file. Ho usato Rkill e questo è quanto:

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/03/2014 02:28:18 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Active Proxy Server Detected

* Proxy Disabled.
* ProxyOverride value deleted.
* ProxyServer value deleted.
* AutoConfigURL value deleted.
* Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

* No issues found in the Registry.

Backup Registry file created at:
C:\Users\Admin\Desktop\rkill\rkill-01-03-2014-02-28-22.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/03/2014 02:32:43 PM
Execution time: 0 hours(s), 4 minute(s), and 25 seconds(s)


come posso procedere? quali altre scansioni e con quali programmi posso capire cosa non va?

Grazie in anticipo,

Alessandro
ale221286
Newbie
 
Post: 7
Iscritto il: 03/01/14 14:30

Sponsor
 

Re: Problema pc lentissimo...causa virus o malware?

Postdi FDACCC » 03/01/14 22:28

ComboFix: rimuovere le infezioni presenti nel sistema

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
link alternativo: http://www.combofix.org/downloadlink.php
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● clicca due volte sul file ComboFix per avviare l'applicazione
● clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"


● nel caso di Windows XP, verrà richiesta l' installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer; inoltre potrebbe impostarlo come browser predefinito

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
● se non trovi il Report del programma, clicca Start, Esegui e inserisci questa stringa (infine clicca il pulsante Invio):
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Note - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, prima di avviarlo, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso
esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette USB, Hard Disk Esterni, Lettori MP3, Schedine SD..) per prevenire future minacce e aumentare la sicurezza del Computer: quando inserisci un dispositivo esterno, dovrai avviarlo "manualmente" dalle Risorse del computer. Se vuoi che il PC torni come prima, comunicalo nel tuo prossimo post
● se ComboFix rileva Bootkit/Rootkit in attività sul tuo sistema, dopo un avviso ti verrà richiesto di riavviare la macchina: acconsenti (al riavvio la macchina potrebbe mostrare una finestra nera per alcuni minuti, è normale)
● se dopo aver eseguito il programma ricevi un qualunque tipo di messaggio riguardo chiavi di registro cancellate, riavvia la macchina e il problema scomparirà (le chiavi di registro non verranno cancellate, tranquillo)
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Re: Problema pc lentissimo...causa virus o malware?

Postdi pumadel47 » 03/01/14 23:17

Se come S.O. hai Windows XP, leggiti attentamente questo link e con molta probabilità risolverai il problema:
http://www.ilsoftware.it/articoli.asp?t ... -SP3_10338
pumadel47
Utente Junior
 
Post: 31
Iscritto il: 06/11/11 18:22

Re: Problema pc lentissimo...causa virus o malware?

Postdi ale221286 » 06/01/14 09:32

Ecco qua il rapporto di Combofix:

ComboFix 14-01-04.03 - Admin 06/01/2014 1.26.13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2047.1133 [GMT 1:00]
Eseguito da: c:\users\Admin\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\users\Admin\001.JPG
c:\users\Admin\153.JPG
c:\users\Admin\250.jpg
c:\users\Admin\Acrobat
c:\users\Admin\Acrobat\AdbeRdr810_en_US.exe
c:\users\Admin\Acrobat\AdbeRdr810_fr_FR.exe
c:\users\Admin\AppData\Local\Tempcheck.exe
c:\users\Admin\AppData\Roaming\Adminlog.dat
c:\users\Admin\AppData\Roaming\Explorer
c:\users\Admin\AppData\Roaming\explorer\svchost.exe
c:\users\Admin\AppData\Roaming\OfferBox
c:\users\Admin\AppData\Roaming\OfferBox\config.xml
c:\windows\IsUn0410.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\tmp3BDF.tmp
c:\windows\system32\tmp3C2E.tmp
c:\windows\system32\tmpBA5D.tmp
c:\windows\system32\tmpBA7D.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2013-12-06 al 2014-01-06 )))))))))))))))))))))))))))))))))))
.
.
2014-01-06 00:38 . 2014-01-06 00:38 -------- d-----w- c:\users\Admin\AppData\Local\temp
2014-01-06 00:38 . 2014-01-06 00:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-06 00:20 . 2014-01-06 00:20 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13EC62A5-01AD-41F1-8B08-7AAF1C71E2F4}\MpKslff91642e.sys
2014-01-06 00:00 . 2013-12-16 00:54 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13EC62A5-01AD-41F1-8B08-7AAF1C71E2F4}\mpengine.dll
2014-01-04 11:36 . 2013-12-16 00:54 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-03 13:16 . 2014-01-03 13:16 388096 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-03 13:16 . 2014-01-03 13:16 -------- d-----w- c:\program files\Trend Micro
2014-01-03 12:41 . 2014-01-03 13:06 -------- d-----w- c:\programdata\SecTaskMan
2014-01-03 12:41 . 2014-01-03 12:41 -------- d-----w- c:\program files\Security Task Manager
2014-01-03 12:33 . 2014-01-03 12:33 -------- d-----w- c:\users\Admin\AppData\Local\SvchostViewer
2014-01-03 12:10 . 2014-01-03 12:10 -------- d-----w- c:\users\Admin\.android
2014-01-03 12:10 . 2014-01-03 12:16 -------- d-----w- c:\users\Admin\AppData\Local\cache
2014-01-03 12:10 . 2014-01-03 12:10 -------- d-----w- c:\users\Admin\AppData\Local\genienext
2014-01-03 12:10 . 2014-01-03 12:11 -------- d-----w- c:\users\Admin\AppData\Local\Mobogenie
2014-01-03 12:10 . 2014-01-03 12:10 -------- d-----w- c:\programdata\Raxco
2014-01-03 12:09 . 2014-01-03 12:09 -------- d-----w- c:\program files\Common Files\Raxco
2014-01-03 12:09 . 2014-01-03 12:09 -------- d-----w- c:\program files\Raxco
2014-01-03 12:08 . 2014-01-03 12:13 -------- d-----w- c:\program files\Mobogenie
2014-01-03 12:05 . 2014-01-03 19:33 -------- d-----w- c:\program files\MyPC Backup
2014-01-03 11:37 . 2014-01-03 11:37 -------- d-----w- c:\program files\What's my computer doing
2014-01-02 09:08 . 2014-01-03 14:31 -------- d-----w- c:\users\Admin\AppData\Local\Spotify
2014-01-02 09:07 . 2014-01-04 14:30 -------- d-----w- c:\users\Admin\AppData\Roaming\Spotify
2013-12-26 10:32 . 2013-12-26 10:32 1931296 ----a-w- c:\windows\system32\Codejock.Controls.v15.3.1.ocx
2013-12-24 10:35 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-24 10:35 . 2013-12-24 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-19 07:55 . 2013-12-19 07:55 -------- d-----w- c:\programdata\UAB
2013-12-19 07:55 . 2013-12-19 07:55 -------- d-----w- c:\users\Admin\AppData\Local\PC_Drivers_Headquarters
2013-12-19 07:54 . 2013-12-19 07:54 -------- d-----w- c:\programdata\Driver Mender
2013-12-19 07:50 . 2013-12-19 07:50 -------- d-----w- c:\program files\Driver Mender
2013-12-19 07:20 . 2013-12-19 07:14 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{650BA28D-3FFE-4BB3-991E-6F42286888A3}\gapaengine.dll
2013-12-17 10:30 . 2013-12-17 10:30 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e0c507a1cefb132b\InstallManager_WLE_WLE.exe
2013-12-17 10:29 . 2013-12-17 10:29 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c8d98a1cefb1220\MeshBetaRemover.exe
2013-12-17 10:28 . 2013-12-17 10:28 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\DXSETUP.exe
2013-12-17 10:28 . 2013-12-17 10:28 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\DSETUP.dll
2013-12-17 10:28 . 2013-12-17 10:28 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\dsetup32.dll
2013-12-17 10:28 . 2013-12-17 10:28 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba04793a1cefb1217\DXSETUP.exe
2013-12-17 10:28 . 2013-12-17 10:28 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba04793a1cefb1217\dsetup32.dll
2013-12-17 10:28 . 2013-12-17 10:28 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba04793a1cefb1217\DSETUP.dll
2013-12-17 10:25 . 2013-12-17 10:25 -------- d-----w- c:\users\Admin\AppData\Local\Windows Live
2013-12-17 10:23 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-12-17 10:12 . 2013-12-17 10:12 -------- d-----w- c:\windows\Migration
2013-12-17 09:55 . 2013-12-17 09:56 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-17 09:48 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2013-12-15 15:07 . 2013-12-15 15:07 -------- d-----w- C:\File Originali WOT
2013-12-13 18:06 . 2013-12-13 18:06 -------- d-----w- c:\users\Admin\AppData\Roaming\Avira
2013-12-13 17:58 . 2013-12-19 13:07 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-13 17:58 . 2013-12-19 13:07 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-13 17:58 . 2013-12-13 17:56 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-12-13 17:57 . 2013-12-13 17:59 -------- d-----w- c:\programdata\Avira
2013-12-13 17:57 . 2013-12-13 17:57 -------- d-----w- c:\program files\Avira
2013-12-13 17:53 . 2013-12-13 17:53 -------- d-----w- c:\program files\CCleaner
2013-12-13 07:54 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DD48098-4574-4724-A45C-4253335A78C0}\mpengine.dll
2013-12-11 21:19 . 2013-11-14 22:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-11 15:02 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-11 15:02 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 15:02 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 15:02 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 15:02 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-11 15:02 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 15:02 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 15:02 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 15:02 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 15:02 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-26 10:32 . 2004-09-08 17:56 158208 ----a-w- c:\windows\system32\UNRAR.DLL
2013-12-24 11:23 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-11 15:56 . 2012-04-02 08:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 15:56 . 2011-05-14 08:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-03 07:17 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 02:13 . 2006-11-02 10:25 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-22 09:00 . 2013-10-22 09:00 94632 ------w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-11 02:08 . 2013-11-14 08:37 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-14 08:37 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-19 684600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\What's my computer doing.lnk
backup=c:\windows\pss\What's my computer doing.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2012-01-26 16:27 2077536 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2013-12-19 13:05 684600 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Mender]
2013-09-19 09:04 4044656 ----a-w- c:\program files\Driver Mender\Driver Mender\DriverMender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-24 10:59 136176 ----atw- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 10:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 06:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon]
2014-01-03 12:11 761536 ----a-w- c:\program files\Mobogenie\DaemonProcess.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-10-23 13:55 948440 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 11:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-04 09:22 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-01-02 09:08 5951488 ----a-w- c:\users\Admin\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-01-02 09:08 1168896 ----a-w- c:\users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MPKSLFF91642E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:56]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721440691-2519285905-3807245221-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-24 10:59]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721440691-2519285905-3807245221-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-24 10:59]
.
.
------- Scansione supplementare -------
.
uStart Page = gamezona.org
IE: Download with iphone-transfer-platinum - c:\program files\ImTOO\iPhone Transfer Platinum\upod_link.HTM
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2009-08-31 12:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-09-24 12:00; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-PoService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-CheckSound - c:\program files\Common Files\Audio\snddrv.exe
MSConfigStartUp-CnxDslTaskBar - c:\program files\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
MSConfigStartUp-ctfupd - c:\program files\Common Files\Sysupdate\ctfupd.exe
MSConfigStartUp-PlusService - c:\program files\Messenger Plus! Live\PlusService.exe
AddRemove-1efa552d-e5a6-4610-a9d1-8cd285646842 - c:\program files\PassShow\Uninstall.exe
AddRemove-CarmageddonDeinstKey - c:\program files\Games\Carmageddon\DeIsL2.isu
AddRemove-Rollcage Stage II - c:\windows\IsUn0410.exe
AddRemove-sarngvgofjluxba - c:\windows\system32\sarngvgofjluxba.exe
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\unyt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-06 01:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA3C5FE3-5B3F-E9BC-1869-460747E1408C}*]
"haodfjkmbhelmffb"=hex:6b,61,69,65,68,62,6e,66,64,63,63,63,64,62,6b,6d,68,6e,
6c,65,64,64,00,00
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,0a,b7,ef,d8,a7,24,c9,29,bd,4c,92,33,1b,a4,46,b3,0d,e3,6c,4f,70,69,
47,68,a2,22,db,f7,ed,6b,61,79,16,31,98,96,bc,4e,39,9d,22,bc,e9,9c,4b,1b,4b,\
"??"=hex:05,0f,12,98,88,a0,4b,63,04,d1,0d,64,6d,92,10,c2
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,f1,55,78,23,11,dc,01,88,be,db,be,7c,2a,7f,13,28,8c,ca,59,f6,
3b,be,67,66,ff,5e,9d,9f,5a,1b,d6,e5,65,f3,46,14,5d,73,30,69,6d,65,87,7d,59,\
"rkeysecu"=hex:ac,e7,80,4c,cf,80,ea,a6,33,38,58,e1,3e,2e,78,bb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2014-01-06 01:42:09
ComboFix-quarantined-files.txt 2014-01-06 00:42
.
Pre-Run: 69.788.442.624 byte disponibili
Post-Run: 69.628.497.920 byte disponibili
.
- - End Of File - - E59DAB6137AC2367934FF5E0923A29FA
5C616939100B85E558DA92B899A0FC36


notate qualcosa di strano?

Ale
ale221286
Newbie
 
Post: 7
Iscritto il: 03/01/14 14:30

Re: Problema pc lentissimo...causa virus o malware?

Postdi FDACCC » 06/01/14 11:21

Si, nel senso che ti aveto detto di "posizionare il file scaricato sul Desktop"

Non l'ho detto tanto per dire, ma perchè era importante.

Ora, disinstalla Spybot e AVG.
Quali altri software di sicurezza possiedi?

Scarica AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
● termina tutti i programmi aperti
● clicca sul pulsante Cerca
● attendi pazientemente il termine della scansione
● clicca sul pulsante Elimina e conferma cliccando OK
● prosegui cliccando OK per altre due volte: il sistema si riavvia automaticamente
allega il log che compare al riavvio
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Re: Problema pc lentissimo...causa virus o malware?

Postdi ale221286 » 06/01/14 11:42

Intendi come antivirus o come programmi di pulizia? (tipo ccleaner, malwarebytes...)
Quindi riposiziono combofix nel desktop, vado ancora di scansione e allego?
ale221286
Newbie
 
Post: 7
Iscritto il: 03/01/14 14:30

Re: Problema pc lentissimo...causa virus o malware?

Postdi ale221286 » 06/01/14 12:15

ecco la scansione di adwcleaner...in ogni caso ho circa 17 processi svchost.exe all'avvio, uno dei quali di circa 310.000 kb e un altro da 57.000 e qualcosa. terminandoli ricominciano, oppure appena ne termino uno gli altri iniziano a impegnare la cpu...aiuto!
Ho disinstallato avg e sto momentaneamente senza antivirus...cosa conviene mettere?

# AdwCleaner v3.016 - Report created 06/01/2014 at 12:02:44
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Admin - L02
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files\FreeRIP
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Users\Admin\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Admin\AppData\Local\Tiger Savings
Folder Deleted : C:\Users\Admin\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Admin\Documents\Mobogenie
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
File Deleted : C:\END
File Deleted : C:\Users\Admin\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\user.js
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{20a82645-c095-46ed-80e3-08825760534b}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8BCBF25-CBF8-4ABD-9319-068252E61A17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\pdfforge.org
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\pdfforge.org
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (it)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\prefs.js ]

Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1363186892412");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent101", "1363186880499");

-\\ Google Chrome v

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13589 octets] - [06/01/2014 12:01:17]
AdwCleaner[S0].txt - [13849 octets] - [06/01/2014 12:02:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13910 octets] ##########
ale221286
Newbie
 
Post: 7
Iscritto il: 03/01/14 14:30

Re: Problema pc lentissimo...causa virus o malware?

Postdi ale221286 » 06/01/14 13:19

Rifatta la scansione con Combofix, stavolta spostato nel desktop...

ComboFix 14-01-04.03 - Admin 06/01/2014 12.58.33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2047.1210 [GMT 1:00]
Eseguito da: C:\Users\Admin\Desktop\ComboFix.exe


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\WinRAR\Leggimi.Txt
C:\Program Files\WinRAR\Leggimi_1a.Txt
C:\Program Files\WinRAR\Licenza.Txt
C:\Program Files\WinRAR\NoteTecniche.Txt
C:\Program Files\WinRAR\Ordin.htm
C:\Program Files\WinRAR\Ordina.htm
C:\Program Files\WinRAR\SorgUnRAR.Txt
C:\Users\Admin\AUTORUN.INF
C:\Windows\wininit.ini


((((((((((((((((((((((((( Files Creati Da 2013-12-06 al 2014-01-06 )))))))))))))))))))))))))))))))))))


2014-01-06 12:07:35 . 2014-01-06 12:11:11 -------- d-----w- C:\Users\Admin\AppData\Local\temp
2014-01-06 12:07:35 . 2014-01-06 12:07:35 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-06 11:00:27 . 2014-01-06 11:03:38 -------- d-----w- C:\AdwCleaner
2014-01-03 13:16:34 . 2014-01-03 13:16:35 388096 ----a-r- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-03 13:16:32 . 2014-01-03 13:16:32 -------- d-----w- C:\Program Files\Trend Micro
2014-01-03 12:41:53 . 2014-01-03 13:06:50 -------- d-----w- C:\ProgramData\SecTaskMan
2014-01-03 12:41:45 . 2014-01-03 12:41:47 -------- d-----w- C:\Program Files\Security Task Manager
2014-01-03 12:33:28 . 2014-01-06 08:55:33 -------- d-----w- C:\Users\Admin\AppData\Local\SvchostViewer
2014-01-03 12:10:27 . 2014-01-03 12:10:29 -------- d-----w- C:\Users\Admin\.android
2014-01-03 12:10:26 . 2014-01-03 12:16:28 -------- d-----w- C:\Users\Admin\AppData\Local\cache
2014-01-03 12:10:17 . 2014-01-03 12:10:17 -------- d-----w- C:\Users\Admin\AppData\Local\genienext
2014-01-03 12:10:00 . 2014-01-03 12:10:00 -------- d-----w- C:\ProgramData\Raxco
2014-01-03 12:09:58 . 2014-01-03 12:09:58 -------- d-----w- C:\Program Files\Common Files\Raxco
2014-01-03 12:09:57 . 2014-01-03 12:09:57 -------- d-----w- C:\Program Files\Raxco
2014-01-03 11:37:55 . 2014-01-03 11:37:56 -------- d-----w- C:\Program Files\What's my computer doing
2014-01-02 09:08:24 . 2014-01-03 14:31:22 -------- d-----w- C:\Users\Admin\AppData\Local\Spotify
2014-01-02 09:07:19 . 2014-01-04 14:30:34 -------- d-----w- C:\Users\Admin\AppData\Roaming\Spotify
2013-12-26 10:32:04 . 2013-12-26 10:32:04 1931296 ----a-w- C:\Windows\system32\Codejock.Controls.v15.3.1.ocx
2013-12-24 10:35:35 . 2013-04-04 13:50:32 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-12-24 10:35:34 . 2013-12-24 10:35:56 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2013-12-19 07:55:13 . 2013-12-19 07:55:42 -------- d-----w- C:\ProgramData\UAB
2013-12-19 07:55:00 . 2013-12-19 07:55:00 -------- d-----w- C:\Users\Admin\AppData\Local\PC_Drivers_Headquarters
2013-12-19 07:54:19 . 2013-12-19 07:54:19 -------- d-----w- C:\ProgramData\Driver Mender
2013-12-19 07:50:31 . 2013-12-19 07:50:31 -------- d-----w- C:\Program Files\Driver Mender
2013-12-17 10:30:51 . 2013-12-17 10:30:52 469256 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\e0c507a1cefb132b\InstallManager_WLE_WLE.exe
2013-12-17 10:29:42 . 2013-12-17 10:29:43 15712 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\e5c8d98a1cefb1220\MeshBetaRemover.exe
2013-12-17 10:28:44 . 2013-12-17 10:28:45 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\DXSETUP.exe
2013-12-17 10:28:44 . 2013-12-17 10:28:44 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\DSETUP.dll
2013-12-17 10:28:44 . 2013-12-17 10:28:44 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\dsetup32.dll
2013-12-17 10:28:31 . 2013-12-17 10:28:31 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\ba04793a1cefb1217\DXSETUP.exe
2013-12-17 10:28:31 . 2013-12-17 10:28:31 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\ba04793a1cefb1217\dsetup32.dll
2013-12-17 10:28:30 . 2013-12-17 10:28:30 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\ba04793a1cefb1217\DSETUP.dll
2013-12-17 10:25:54 . 2013-12-17 10:25:54 -------- d-----w- C:\Users\Admin\AppData\Local\Windows Live
2013-12-17 10:23:11 . 2009-08-04 08:02:24 754688 ----a-w- C:\Windows\system32\webservices.dll
2013-12-17 10:12:04 . 2013-12-17 10:12:04 -------- d-----w- C:\Windows\Migration
2013-12-17 09:48:46 . 2010-04-05 20:00:40 221568 ----a-w- C:\Windows\system32\drivers\netio.sys
2013-12-15 15:07:01 . 2013-12-15 15:07:01 -------- d-----w- C:\File Originali WOT
2013-12-13 17:57:45 . 2014-01-06 10:43:06 -------- d-----w- C:\ProgramData\Avira
2013-12-13 17:53:52 . 2013-12-13 17:53:59 -------- d-----w- C:\Program Files\CCleaner
2013-12-13 07:54:31 . 2013-11-08 01:15:57 7772552 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DD48098-4574-4724-A45C-4253335A78C0}\mpengine.dll
2013-12-11 21:19:59 . 2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-12-11 15:02:59 . 2013-10-30 02:12:54 335360 ----a-w- C:\Windows\system32\SysFxUI.dll
2013-12-11 15:02:59 . 2013-10-30 01:43:04 130048 ----a-w- C:\Windows\system32\drivers\drmk.sys
2013-12-11 15:02:59 . 2013-10-30 00:43:06 167936 ----a-w- C:\Windows\system32\drivers\portcls.sys
2013-12-11 15:02:57 . 2013-10-30 00:35:24 2050560 ----a-w- C:\Windows\system32\win32k.sys
2013-12-11 15:02:54 . 2013-10-11 02:08:55 36864 ----a-w- C:\Windows\system32\wshcon.dll
2013-12-11 15:02:54 . 2013-10-11 02:08:55 131072 ----a-w- C:\Windows\system32\wshom.ocx
2013-12-11 15:02:54 . 2013-10-11 02:08:35 172032 ----a-w- C:\Windows\system32\scrrun.dll
2013-12-11 15:02:54 . 2013-10-11 00:35:42 135168 ----a-w- C:\Windows\system32\cscript.exe
2013-12-11 15:02:54 . 2013-10-11 00:35:41 155648 ----a-w- C:\Windows\system32\wscript.exe
2013-12-11 15:02:43 . 2013-10-22 07:19:59 158208 ----a-w- C:\Windows\system32\imagehlp.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2013-12-26 10:32:24 . 2004-09-08 17:56:40 158208 ----a-w- C:\Windows\system32\UNRAR.DLL
2013-12-24 11:23:03 . 2010-06-24 10:33:56 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-11 15:56:24 . 2012-04-02 08:51:28 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 15:56:24 . 2011-05-14 08:17:32 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21:30 . 2009-10-03 07:17:53 230048 ------w- C:\Windows\system32\MpSigStub.exe
2013-10-30 02:13:01 . 2006-11-02 10:25:29 1304064 ----a-w- C:\Windows\system32\WMALFXGFXDSP.dll
2013-10-22 09:00:05 . 2013-10-22 09:00:28 94632 ------w- C:\Windows\system32\WindowsAccessBridge.dll
2013-10-11 02:08:02 . 2013-11-14 08:37:41 444928 ----a-w- C:\Windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 . 2013-11-14 08:37:40 596480 ----a-w- C:\Windows\system32\FWPUCLNT.DLL


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09:56 131248 ----a-w- C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09:56 131248 ----a-w- C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09:56 131248 ----a-w- C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 08:01:32 4431872]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 19:25:00 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 19:25:00 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 19:25:00 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=C:\Windows\pss\Exif Launcher S.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\What's my computer doing.lnk
backup=C:\Windows\pss\What's my computer doing.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=C:\Windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16:38 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43:52 59720 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Mender]
2013-09-19 09:04:14 4044656 ----a-w- C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-24 10:59:55 136176 ----atw- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36:46 30040 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41:12 49208 ----a-w- C:\Program Files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 10:56:02 152392 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 06:50:34 2656528 ----a-w- C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47:30 4240760 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40:44 155648 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59:04 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 11:31:24 236016 ----a-w- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-04 09:22:46 1822720 ----a-w- C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-01-02 09:08:22 5951488 ----a-w- C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-01-02 09:08:01 1168896 ----a-w- C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16:26 254336 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07:40 199752 ----a-w- C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38:38 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contenuto della cartella 'Scheduled Tasks'

2014-01-06 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:51:28 . 2013-12-11 15:56:25]

2014-01-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721440691-2519285905-3807245221-1000Core.job
- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-24 10:59:58 . 2011-02-24 10:59:55]

2014-01-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721440691-2519285905-3807245221-1000UA.job
- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-24 10:59:58 . 2011-02-24 10:59:55]


------- Scansione supplementare -------

uStart Page = gamezona.org
IE: Download with iphone-transfer-platinum - C:\Program Files\ImTOO\iPhone Transfer Platinum\upod_link.HTM
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2009-08-31 12:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-09-24 12:00; smartwebprinting@hp.com; C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-AVG9_TRAY - C:\PROGRA~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-avgnt - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-mobilegeni daemon - C:\Program Files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-MSC - c:\Program Files\Microsoft Security Client\msseces.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-Debut - C:\Program Files\NCH Software\Debut\uninst.exe
ale221286
Newbie
 
Post: 7
Iscritto il: 03/01/14 14:30

Re: Problema pc lentissimo...causa virus o malware?

Postdi FDACCC » 06/01/14 15:26

Molto bene.
AVG era vecchio di 3-4 anni, è come se navigavi senza antivirus.

Scarica Security Check: http://screen317.spywareinfoforum.org/SecurityCheck.exe
● salva il tool sul Desktop
● esegui il programma e premi un tasto qualsiasi
● attendi la fine della scansione
● allega il log che si aprirà automaticamente al termine

Scarica CKScanner: http://downloads.malwareremoval.com/CKScanner.exe
● salva il file scaricato sul Destkop
● avvia il programma con un doppio click
● clicca sul pulsante Search For Files
● attendi il termine della scansione: dura poco più di un paio di secondi
● clicca sul pulsante Save List To File: salva il Report sul Desktop
● allega il file CKFiles.txt
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Re: Problema pc lentissimo...causa virus o malware?

Postdi ale221286 » 07/01/14 21:46

Ecco il log di security check:

Results of screen317's Security Check version 0.99.78
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java(TM) 6 Update 21
Java 7 Update 45
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Adobe Flash Player 11.9.900.170
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader XI (KB403742..)
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

e questo è quello di ckscanner:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\torrent harvester\engines\engine - cracks.am.xml
c:\users\admin\documents\mameui32\roms\cracksht.txt
scanner sequence 3.AA.11.ETAPBZ
----- EOF -----
ale221286
Newbie
 
Post: 7
Iscritto il: 03/01/14 14:30

Re: Problema pc lentissimo...causa virus o malware?

Postdi FDACCC » 08/01/14 14:14

vuoi un consiglio? disinstalla questo programma; torrent harvester
E elimina questo file, seguendo il percorso:
c:\users\admin\documents\mameui32\roms\cracksht.txt

Quale/i antivirus sono installati ora?
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Re: Problema pc lentissimo...causa virus o malware?

Postdi ale221286 » 13/01/14 14:45

Ho fatto queste due operazioni...al momento non sono presenti antivirus, cosa mi consigliate di installare?
ale221286
Newbie
 
Post: 7
Iscritto il: 03/01/14 14:30


Torna a Sistemi Operativi Windows


Topic correlati a "Problema pc lentissimo...causa virus o malware?":

Problema con il mouse
Autore: crisge73
Forum: Discussioni
Risposte: 9

Chi c’è in linea

Visitano il forum: mastino46 e 116 ospiti