Toolbar e blocchi pc

[Dwarf]

Salve, da qualche tempo ho dei blocchi del pc che durano qualche secondo. Non sono sicuro che il pc sia infetto, il pc potrebbe essere semplicemente da formattare, ho controllato con Kaspersky, Spybot e Trojan Remover trovando solo una toolbar che ho rimosso. Posto il log di HijackThis

codice:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23.50.56, on 28/05/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)

FIREFOX: 6.0.1 (it)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Users\Roberto\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9206
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (file missing)
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
R3 - URLSearchHook: (no name) - {d8737483-7bcc-4b90-93cc-f2b978b7b5b7} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O9 - Extra button: &Tastiera Virtuale - {0C4CC089-D306-440D-9772-464E226F6539} - (no file)
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe (file missing)
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2231B7E8-5447-4BC5-9E4A-1CAB954743C1}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.2 - Unknown owner - c:\xampp\apache\bin\httpd.exe (file missing)
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VideoAcceleratorService - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (file missing)

--
End of file - 8231 bytes

[R16]

Ciao.
Trojan Remover lo hai acquistato?
Se hai la versione di "prova" (30 gg) ti consiglio di disistallarlo, e installare Malwarebytes free.

Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/...e/2-adwcleaner
Clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Poi:
Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.

[Dwarf]

Fatto
OTL.Txt
Extras.Txt

[R16]

Ciao.
Mi manca il log di Adwcleaner.

Avvia OTL.

Sotto "Custom Scans\Fixes " copia-incolla questo codice:

codice:

:OTL
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (gfiark) -- C:\Windows\System32\drivers\gfiark.sys (GFI Software)
IE - HKU\S-1-5-21-785880914-810184591-1480827710-1000\..\SearchScopes\{672D33E3-4DA0-4923-904F-55752EB71A8E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851640
[2013/04/29 17.42.25 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Roberto\AppData\Roaming\mozilla\Firefox\Profiles\yobglm5u.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/03/19 03.49.08 | 000,023,241 | ---- | M] () (No name found) -- C:\Users\Roberto\AppData\Roaming\mozilla\firefox\profiles\yobglm5u.default\extensions\autoreload@yz.com.xpi
O3 - HKU\S-1-5-21-785880914-810184591-1480827710-1000\..\Toolbar\WebBrowser: (no name) - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No CLSID value found.
O3 - HKU\S-1-5-21-785880914-810184591-1480827710-1000\..\Toolbar\WebBrowser: (no name) - {D8737483-7BCC-4B90-93CC-F2B978B7B5B7} - No CLSID value found.
O3 - HKU\S-1-5-21-785880914-810184591-1480827710-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O33 - MountPoints2\{2ce988b0-6319-11de-a1e4-0017c45073c8}\Shell\AutoRun\command - "" = E:\q9.cmd
O33 - MountPoints2\{2ce988b0-6319-11de-a1e4-0017c45073c8}\Shell\open\Command - "" = E:\q9.cmd
O33 - MountPoints2\{39f93798-0db6-11e1-9d3b-ec38b969458a}\Shell - "" = AutoRun
O33 - MountPoints2\{39f93798-0db6-11e1-9d3b-ec38b969458a}\Shell\AutoRun\command - "" = E:\RunGame.exe
O33 - MountPoints2\{c59406fa-af11-11e0-836e-8d1295fa6a3f}\Shell - "" = AutoRun
O33 - MountPoints2\{c59406fa-af11-11e0-836e-8d1295fa6a3f}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c5940701-af11-11e0-836e-ae4f16314037}\Shell - "" = AutoRun
O33 - MountPoints2\{c5940701-af11-11e0-836e-ae4f16314037}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cea3f72e-c725-11e0-ac4e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cea3f72e-c725-11e0-ac4e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
[2013/04/29 19.06.42 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\Ad-Aware Antivirus

:Files
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]

Clicca sul pulsante RUN FIX .
Lascia fare la scansione senza interferire.
Posta il log.
Verifica se riscontri ancora problemi.