Internet Rallentato

**lucasspd** · 15-06-2011, 18:52

Ciao,

ho internet che sembra rallentato ultimamente. Ho nuovo pc fatto da 2 mesi, ho scansionato con avira, malavarebytes, virIT e qualcosa mi hanno trovato (trojan ecc.), ma non mi piace internet così rallentato ci deve essere dell'altro.....

Cosa mi consigliate di scaricare e scansionare ???

Attendo, grazie !

**menatwork** · 15-06-2011, 18:56

ciao lucasspd

potresti postare i log delle scansioni fatte? gia' che ci sei posta anche un log di hijackthis

**lucasspd** · 15-06-2011, 18:57

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.55.29, on 15/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\Explorer.EXE
C:\VEXPLite\viritsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\ASUS\EPU-4 Engine\FourEngine.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\PopTray\PopTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - S-1-5-18 Startup: PopTray.lnk = C:\Programmi\PopTray\PopTray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PopTray.lnk = C:\Programmi\PopTray\PopTray.exe (User 'Default user')
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

**lucasspd** · 15-06-2011, 18:59

O18 - Protocol: bw+0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7B992F59-2435-424B-A264-ADB7E42AA32E} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe

--
End of file - 14269 bytes

Gia controllato nn mi pare nulla qui, un mese fa avevo scansionato con combofix.

Ho 3,5 MB di connessione, ma non mi pare che giri bene internet...

**menatwork** · 15-06-2011, 19:09

nel log non sembra esserci niente che possa rallentare la connessione

un mese dall'ultima scansione e' un po' troppo....da quando noti questo rallentamento? hai installato qualche programma o gioco ultimamente?

**lucasspd** · 15-06-2011, 19:13

le scansioni dove ho trovato dei virus risalgono ad un mese fa, poi dalle scansioni ora non trovo niente, ma l'internet non mi piace come gira, sembra rallentato. Giochi nn ne ho, gli altri programmi sono standard

**menatwork** · 15-06-2011, 19:17

fai pulizia con ccleaner dei file temp e segui una nuova scansione con combofix

scaricalo da qui e mettilo sul desktop

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!

**lucasspd** · 15-06-2011, 22:41

ComboFix 11-06-15.02 - Administrator 15/06/2011 21.10.54.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3535.3014 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\abc.exe
AV: AntiVir Desktop *Disabled/Updated* {001310A0-0000-0000-0000-0000CD55927C}
AV: AntiVir Desktop *Disabled/Updated* {7C926B08-FFFF-FFFF-00D0-FD7FB0F21200}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {7C926B08-FFFF-FFFF-00E0-FD7FB0F21200}
AV: AntiVir Desktop *Enabled/Updated* {7C926B08-FFFF-FFFF-00F0-FD7FB0F21200}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\docume~1\ADMINI~1\IMPOST~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\DelDEB.tmp
c:\documents and settings\Administrator\Impostazioni locali\temp\IadHide5.dll
c:\documents and settings\Default User\DelDEB.tmp
c:\windows\system32\config\systemprofile\DelDEB.tm p
.
La copia infetta di c:\windows\system32\msgsvc.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\ERDNT\cache\msgsvc.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-05-15 al 2011-06-15 )))))))))))))))))))))))))))))))))))
.
.
Nessun nuovo file creato in questo arco di tempo
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2011-06-11 17:19 . 2011-04-20 19:40 460867 ----a-w- c:\windows\WINDOWSUPDATE.LOG.TMP
2011-06-11 17:19 . 2011-04-20 19:40 32516 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2011-06-07 12:05 . 2011-03-14 12:00 81016 ----a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2011-05-29 07:11 . 2011-04-20 13:16 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-04-20 13:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 23:34 . 2010-12-28 23:42 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-19 23:34 . 2011-01-06 15:37 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-19 23:34 . 2011-01-06 15:37 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-19 23:34 . 2011-01-06 15:37 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-05-19 23:34 . 2011-01-06 15:37 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-04-21 07:48 . 2011-04-20 10:55 118784 ------r- c:\windows\bwUnin-7.2.0.137-8876480SL.exe
2011-04-21 07:43 . 2011-04-21 07:43 388096 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-20 14:42 . 2011-04-20 14:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-20 14:42 . 2011-04-20 14:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-20 14:08 . 2011-04-20 14:14 86 ----a-w- c:\documents and settings\Administrator\DelDEB.bat
2011-04-20 14:08 . 2011-04-20 14:11 86 ----a-w- c:\windows\system32\config\systemprofile\DelDEB.ba t
2011-04-20 14:08 . 2011-04-20 14:08 86 ----a-w- c:\documents and settings\Default User\DelDEB.bat
2011-04-20 13:50 . 2011-04-20 13:50 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2011-04-20 13:50 . 2011-04-20 13:50 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-04-20 13:37 . 2011-04-20 13:37 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-04-20 13:37 . 2011-04-20 13:37 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-04-20 11:08 . 2011-04-20 11:08 43488 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2011-04-29 11:55 . 2011-04-20 09:50 142296 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2002-12-31 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-05-04_09.17.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-06-15 19:14 . 2011-06-15 19:14 16384 c:\windows\Temp\Perflib_Perfdata_7a0.dat
+ 2011-05-04 09:26 . 2010-06-17 12:28 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-05-04 09:26 . 2010-06-17 12:28 22360 c:\windows\system32\drivers\avgntmgr.sys
+ 2011-04-20 09:59 . 2011-03-04 12:39 61960 c:\windows\system32\drivers\avgntflt.sys
+ 2011-05-04 09:26 . 2010-06-17 12:28 45416 c:\windows\system32\drivers\avgntdd.sys
+ 2011-04-20 14:44 . 2011-05-18 23:18 87699 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
- 2011-04-20 14:44 . 2011-04-29 12:24 87699 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-06-08 22:18 . 2011-06-08 22:18 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Pl ugin.exe
+ 2011-05-18 23:57 . 2011-05-18 23:57 240288 c:\windows\system32\Macromed\Flash\FlashUtil10q_Ac tiveX.exe
+ 2011-05-18 23:57 . 2011-05-18 23:57 321184 c:\windows\system32\Macromed\Flash\FlashUtil10q_Ac tiveX.dll
+ 2011-05-04 09:26 . 2011-03-04 14:11 137656 c:\windows\system32\drivers\avipbb.sys
+ 2011-05-04 09:23 . 2011-05-04 09:23 219648 c:\windows\Installer\6846a.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-04-20 14:19 . 2011-06-08 22:18 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.

**lucasspd** · 15-06-2011, 22:41

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2011-04-21 32768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-12 174616]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-04-12 145432]
"Six Engine"="c:\programmi\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2011-05-19 2552648]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
PopTray.lnk - c:\programmi\PopTray\PopTray.exe [2006-9-16 1666048]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-4-21 450560]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2011-4-21 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"LDM"=c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRA GTLT.sys [14/03/2011 14.00.02 81016]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [06/01/2011 17.37.02 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [06/01/2011 17.37.04 29400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [21/04/2011 9.50.25 10384]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [20/04/2011 16.27.08 2314240]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [14/03/2011 13.54.14 86016]
R3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\drivers\IntcDAud.sys [20/04/2011 16.20.41 235520]
R3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 12.29.14 162176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [20/04/2011 16.19.30 1691480]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-05-20 c:\windows\Tasks\WebReg 20110520131306.job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-06 23:43]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/index.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{B7C64984-57D6-4B3C-9193-29A7BBD0CC9A}: NameServer = 151.99.125.1,151.99.0.100
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\fpf11hmw.def ault\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.it
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-15 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\guard32.dll
c:\docume~1\ADMINI~1\IMPOST~1\Temp\IadHide5.dll
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\PAStiSvc.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
.
************************************************** ************************
.
Ora fine scansione: 2011-06-15 21:17:03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-06-15 19:17
ComboFix2.txt 2011-05-04 09:19
.
Pre-Run: 458.819.473.408 byte disponibili
Post-Run: 458.805.313.536 byte disponibili
.
- - End Of File - - 85EE596C73D40EC11DEAC5B5B9349B9E

**menatwork** · 15-06-2011, 23:19

Scarica ed installa (attenzione: durante l'installazione togli il flag dalla Toolbar, non va installata)

http://www.ccleaner.com/download/downloading

apri il prgoramma appena installato, seleziona Opzioni>Avanzate. Tolgi il flag da "Cancella i file di Windows Temp....."
Seleziona "Pulizia">"Avvia Pulizia"

Correzione errori File di Registro
CCleaner
Cliccare i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati (Pulsante in basso a Destra)
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI

Da Start >> Esegui, scrivi ( o copia e incolla) la stringa ComboFix /u
cancella la cartella C\qoobox
cancella la cartella ComboFix del desktop.

Discussione: Internet Rallentato

Strumenti discussione

Ricerca discussione

Visualizza

Internet Rallentato

Permessi di invio