problema rallentamento PC e apertura pagine internet

**miluna803** · 03-09-2010, 08:58

ComboFix 10-09-01.04 - renzini 02/09/2010 22.13.43.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1014.562 [GMT 2:00]
Eseguito da: c:\documents and settings\renzini\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100814-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\documents and settings\renzini\Impostazioni locali\Dati applicazioni\Temp
c:\documents and settings\renzini\Impostazioni locali\Dati applicazioni\Temp\BITDF.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-08-02 al 2010-09-02 )))))))))))))))))))))))))))))))))))
.

2010-08-27 15:46 . 2010-08-27 15:50 -------- d-----w- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2010-08-27 15:20 . 2010-08-27 15:22 -------- d-----w- c:\documents and settings\renzini\Dati applicazioni\vlc
2010-08-27 13:00 . 2010-08-27 13:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Raxco
2010-08-27 12:53 . 2010-08-27 13:00 -------- d-----w- c:\programmi\Raxco

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2007-09-07 1015808]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\A zMixerSel.exe" [2005-06-11 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-19 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-06-13 138008]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPSt art.exe" [2007-09-07 102400]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp. exe" [2007-02-20 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_0 6\bin\jusched.exe" [2008-03-25 144784]
"LogitechCommunicationsManager"="c:\programmi\ File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Qu ickCam\Quickcam.exe" [2008-02-13 2196240]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1 \DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-6-25 45056]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2008-8-27 66864]
McAfee Security Scan.lnk - c:\programmi\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
VOIP080.lnk - c:\programmi\Philips\VOIP080\VOIP080.exe [2006-6-29 6651904]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-8-30 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP

orta_torrent
"6118:TCP"= 6118:TCP:bit torrent
"1755:TCP"= 1755:TCP:torrent
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/11/2008 20.44.42 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [11/11/2008 20.44.42 20560]
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-30 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-08-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://it.intl.acer.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-BitTorrent DNA - c:\programmi\DNA\btdna.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 23:14
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(5580)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\WgaTray.exe
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\RTHDCPL.EXE
c:\programmi\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\Raxco\PerfectDisk10\PDAgent.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxext.exe
c:\docume~1\renzini\IMPOST~1\Temp\RtkBtMnt.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Skype\Phone\Skype.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
************************************************** ************************
.
Ora fine scansione: 2010-09-02 23:30:37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-02 21:30

Pre-Run: 56.041.984.000 byte disponibili
Post-Run: 56.270.893.056 byte disponibili

- - End Of File - - 6CFD374C26902EC453281292D19D1E25

Discussione: problema rallentamento PC e apertura pagine internet

Strumenti discussione

Ricerca discussione

Visualizza

Hybrid View

log del file

Permessi di invio