PcPrimiPassi.it - informatica facile per tutti, home page
PcPrimiPassi.it - informatica facile per tutti, home page



Icona di Messaggio

Topic: pc acer stra-lento

Altre pagine della discussione:




elysa83
Senior Senior
elysa83
Senior Senior
elysa83
Senior
Senior

Avatar generico


Iscritto dal : 28/Luglio/2005
Status: Offline
Posts: 404
Riporta il testo di: elysa83 Rispondibullet Topic: Post n° 104.698 - Postato: 01/Ottobre/2014 alle 15:18


Ecco ho fatto hijack in modalità provvisoria, analizzato fatto fix, riavviato, sono ancora in modalità provvisoria, ho rianalizzato e...le voci ci son di nuovo!! Ma perché???? Come faccio???


RAVEN
Moderatore Moderatore
RAVEN
Moderatore Moderatore
RAVEN
Moderatore
Moderatore

Avatar


Iscritto dal : 04/Settembre/2001
Da: Italy
Status: Offline
Posts: 16.197
Riporta il testo di: RAVEN Rispondibullet Topic: Post n° 104.704 - Postato: 01/Ottobre/2014 alle 17:59


Quindi tu selezioni le varie voci e poi fixandole non succede nulla...

Ricapitoliamo un secondo...fammi un elenco di tutti i programmi antimalware usati sinora...e che antivirus hai attualmente...



Stefano Ravagni - 'tanto prima o poi ti buco!'...disse il baco alla noce

SOSTIENICI



elysa83
Senior Senior
elysa83
Senior Senior
elysa83
Senior
Senior

Avatar generico


Iscritto dal : 28/Luglio/2005
Status: Offline
Posts: 404
Riporta il testo di: elysa83 Rispondibullet Topic: Post n° 104.706 - Postato: 01/Ottobre/2014 alle 19:38


Esatto Rave, io fixo ma se rianalizzo subito è di nuovo tutto li.
Come programmi antimalware ho messo quelli che mi avete consigliato voi, avevo in più solo spybot ma mi avete consigliato di toglierlo e cosi ho fatto. Antivirus ho avg aggiornato al 2014. Altri programmi del genere non ne ho tranne ccleaner ma quello non credo incida...


RAVEN
Moderatore Moderatore
RAVEN
Moderatore Moderatore
RAVEN
Moderatore
Moderatore

Avatar


Iscritto dal : 04/Settembre/2001
Da: Italy
Status: Offline
Posts: 16.197
Riporta il testo di: RAVEN Rispondibullet Topic: Post n° 104.707 - Postato: 01/Ottobre/2014 alle 20:39


Quelli che consigliamo noi sono tanti...non credo tu li abbia usati tutti ... mi riferisco alla guida ufficiale per debellare i virus informatici...per questo ti chiedevo QUALI avevi usato con precisione...

Per l'antivirus mi pareva di averti suggerito di passare ad AVIRA free antivirus...



Stefano Ravagni - 'tanto prima o poi ti buco!'...disse il baco alla noce

SOSTIENICI



elysa83
Senior Senior
elysa83
Senior Senior
elysa83
Senior
Senior

Avatar generico


Iscritto dal : 28/Luglio/2005
Status: Offline
Posts: 404
Riporta il testo di: elysa83 Rispondibullet Topic: Post n° 104.708 - Postato: 01/Ottobre/2014 alle 21:08


Allora ho usato malware bytes e in questo momento sto scaricando un altro programma. Solo che io ho cliccato combofix invece mi sta scaricando Max Spyware Detector Download Manager. Che è???


elysa83
Senior Senior
elysa83
Senior Senior
elysa83
Senior
Senior

Avatar generico


Iscritto dal : 28/Luglio/2005
Status: Offline
Posts: 404
Riporta il testo di: elysa83 Rispondibullet Topic: Post n° 104.710 - Postato: 01/Ottobre/2014 alle 21:32


Combofix non va nel senso che il link che c'è rimanda ad un altro programma che avg mi rileva come pericoloso...ora provo norman e qualche cosa...


elysa83
Senior Senior
elysa83
Senior Senior
elysa83
Senior
Senior

Avatar generico


Iscritto dal : 28/Luglio/2005
Status: Offline
Posts: 404
Riporta il testo di: elysa83 Rispondibullet Topic: Post n° 104.712 - Postato: 01/Ottobre/2014 alle 22:00


Ok ho usato Norman e mi ha eliminato solo Spyware Terminator, quello che mi avete detto di mettere...nient'altro...


RAVEN
Moderatore Moderatore
RAVEN
Moderatore Moderatore
RAVEN
Moderatore
Moderatore

Avatar


Iscritto dal : 04/Settembre/2001
Da: Italy
Status: Offline
Posts: 16.197
Riporta il testo di: RAVEN Rispondibullet Topic: Post n° 104.714 - Postato: 02/Ottobre/2014 alle 08:06


Purtroppo ė uso di molti portali mettere annunci pubblicitari fuorvianti accanto ai link dei download, quindi non hai cliccato sul link giusto x combofix. .. riprova...




Stefano Ravagni - 'tanto prima o poi ti buco!'...disse il baco alla noce

SOSTIENICI



elysa83
Senior Senior
elysa83
Senior Senior
elysa83
Senior
Senior

Avatar generico


Iscritto dal : 28/Luglio/2005
Status: Offline
Posts: 404
Riporta il testo di: elysa83 Rispondibullet Topic: Post n° 104.716 - Postato: 02/Ottobre/2014 alle 16:05


Ho fatto la scansione con Combofix, gran bel programma! Ti posto il log:

ComboFix 14-10-02.01 - user 02/10/2014 15:35:46.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.1978.942 [GMT 2:00]
Eseguito da: c:\users\user\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\Yxte
c:\users\user\AppData\Roaming\Yxte\ozlyd.gyu
c:\windows\wininit.ini
.
---- Esecuzione precedente -------
.
C:\install.exe
c:\users\Gaia\NTUSER.POL.TMP
c:\users\Gaia\THUMBS.DB.TMP
c:\users\Gaia\TISCALI.ODT.TMP
c:\users\user\AppData\Roaming\Local
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\windows\assembly\tmp\U
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-09-02 al 2014-10-02 )))))))))))))))))))))))))))))))))))
.
.
2014-10-02 13:51 . 2014-10-02 13:51     75888     ----a-w-     c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1D242C9-30B9-4C2F-9D2E-2472ABD27561}\offreg.dll
2014-10-02 13:51 . 2014-10-02 13:51     --------     d-----w-     c:\users\rachele\AppData\Local\temp
2014-10-02 13:51 . 2014-10-02 13:51     --------     d-----w-     c:\users\Guest\AppData\Local\temp
2014-10-02 13:51 . 2014-10-02 13:51     --------     d-----w-     c:\users\Gaia\AppData\Local\temp
2014-10-02 13:51 . 2014-10-02 13:51     --------     d-----w-     c:\users\Default\AppData\Local\temp
2014-10-02 13:11 . 2014-09-15 00:08     11578928     ----a-w-     c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1D242C9-30B9-4C2F-9D2E-2472ABD27561}\mpengine.dll
2014-10-01 20:57 . 2014-10-01 20:57     --------     d-----w-     c:\users\user\AppData\Roaming\TeamViewer
2014-10-01 19:45 . 2014-10-01 19:45     0     ----a-w-     c:\windows\system32\drivers\SDACTMON.SYS
2014-10-01 19:43 . 2014-10-01 19:43     --------     d-----w-     c:\users\user\AppData\Local\Norman Malware Cleaner
2014-10-01 19:18 . 2014-10-01 19:22     --------     d-----w-     c:\program files (x86)\Max Spyware Detector
2014-10-01 19:17 . 2014-10-01 19:23     --------     d-----w-     c:\program files\Max Spyware Detector
2014-10-01 19:15 . 2014-10-01 19:18     --------     d-----w-     c:\programdata\Max Secure
2014-10-01 19:06 . 2014-10-01 19:06     --------     d-----w-     c:\users\user\AppData\Local\Max Secure Software
2014-10-01 19:06 . 2014-10-01 19:06     --------     d-----w-     c:\users\user\AppData\Roaming\GetRightToGo
2014-10-01 13:01 . 2014-09-25 02:08     371712     ----a-w-     c:\windows\system32\qdvd.dll
2014-10-01 13:01 . 2014-09-25 01:40     519680     ----a-w-     c:\windows\SysWow64\qdvd.dll
2014-09-29 09:08 . 2014-09-29 19:36     --------     d-----w-     c:\program files\HitmanPro
2014-09-29 08:13 . 2014-09-29 08:13     51496     ----a-w-     c:\windows\system32\drivers\stflt.sys
2014-09-29 08:13 . 2014-09-29 08:19     --------     d-----w-     c:\programdata\Spyware Terminator
2014-09-29 08:13 . 2014-09-29 08:13     --------     d-----w-     c:\users\user\AppData\Roaming\Spyware Terminator
2014-09-29 08:12 . 2014-10-01 19:52     --------     d-----w-     c:\program files (x86)\Spyware Terminator
2014-09-29 08:12 . 2014-09-29 09:29     --------     d-----w-     c:\programdata\HitmanPro
2014-09-28 12:02 . 2014-09-28 18:16     --------     d-----w-     C:\QUARANTENA_VIRIT
2014-09-28 10:21 . 2014-09-09 22:11     2048     ----a-w-     c:\windows\system32\tzres.dll
2014-09-28 10:21 . 2014-09-09 21:47     2048     ----a-w-     c:\windows\SysWow64\tzres.dll
2014-09-28 09:47 . 2010-08-30 06:34     536576     ----a-w-     c:\windows\SysWow64\sqlite3.dll
2014-09-28 09:43 . 2014-09-28 09:49     --------     d-----w-     C:\AdwCleaner
2014-09-28 08:46 . 2014-09-28 08:46     --------     d-----w-     c:\program files\Speccy
2014-09-28 08:24 . 2014-09-29 09:27     --------     d-----w-     c:\windows\system32\tprb
2014-09-28 08:24 . 2014-09-29 09:27     --------     d-----w-     c:\windows\SysWow64\mjcm
2014-09-28 08:22 . 2014-09-28 08:22     --------     d-----w-     c:\users\user\AppData\Local\SWDS
2014-09-21 07:32 . 2014-09-29 19:49     122584     ----a-w-     c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-21 07:30 . 2014-08-18 23:01     23591424     ----a-w-     c:\windows\system32\mshtml.dll
2014-09-21 07:29 . 2014-05-12 05:26     63704     ----a-w-     c:\windows\system32\drivers\mwac.sys
2014-09-21 07:29 . 2014-05-12 05:26     91352     ----a-w-     c:\windows\system32\drivers\mbamchameleon.sys
2014-09-21 07:29 . 2014-05-12 05:25     25816     ----a-w-     c:\windows\system32\drivers\mbam.sys
2014-09-21 07:29 . 2014-09-21 07:29     --------     d-----w-     c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-18 21:02 . 2014-08-23 00:59     3163648     ----a-w-     c:\windows\system32\win32k.sys
2014-09-18 21:02 . 2014-08-23 02:07     404480     ----a-w-     c:\windows\system32\gdi32.dll
2014-09-18 21:02 . 2014-08-23 01:45     311808     ----a-w-     c:\windows\SysWow64\gdi32.dll
2014-09-18 20:57 . 2014-06-24 03:29     2565120     ----a-w-     c:\windows\system32\d3d10warp.dll
2014-09-18 20:57 . 2014-06-24 02:59     1987584     ----a-w-     c:\windows\SysWow64\d3d10warp.dll
2014-09-18 20:57 . 2014-08-01 11:53     1031168     ----a-w-     c:\windows\system32\TSWorkspace.dll
2014-09-18 20:57 . 2014-08-01 11:35     793600     ----a-w-     c:\windows\SysWow64\TSWorkspace.dll
2014-09-18 20:56 . 2014-07-07 02:06     728064     ----a-w-     c:\windows\system32\kerberos.dll
2014-09-18 20:56 . 2014-07-07 01:40     550912     ----a-w-     c:\windows\SysWow64\kerberos.dll
2014-09-18 20:56 . 2014-07-07 02:06     1460736     ----a-w-     c:\windows\system32\lsasrv.dll
2014-09-18 20:55 . 2014-07-07 01:40     22016     ----a-w-     c:\windows\SysWow64\secur32.dll
2014-09-18 20:55 . 2014-07-07 01:39     96768     ----a-w-     c:\windows\SysWow64\sspicli.dll
2014-09-18 20:48 . 2014-09-18 20:48     --------     d-----w-     c:\windows\Temp780DF9AD-BB96-CB13-8A92-B92CB39DD7CA-Signatures
2014-09-18 20:02 . 2014-09-05 02:10     578048     ----a-w-     c:\windows\system32\aepdu.dll
2014-09-18 20:02 . 2014-09-05 02:05     424448     ----a-w-     c:\windows\system32\aeinv.dll
2014-09-18 19:33 . 2014-06-27 02:08     2777088     ----a-w-     c:\windows\system32\msmpeg2vdec.dll
2014-09-18 19:33 . 2014-06-27 01:45     2285056     ----a-w-     c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-09 19:45 . 2014-05-14 16:23     44512     ----a-w-     c:\windows\system32\wups2.dll
2014-09-09 19:45 . 2014-05-14 16:23     58336     ----a-w-     c:\windows\system32\wuauclt.exe
2014-09-09 19:45 . 2014-05-14 16:21     2620928     ----a-w-     c:\windows\system32\wucltux.dll
2014-09-09 19:45 . 2014-05-14 16:23     2477536     ----a-w-     c:\windows\system32\wuaueng.dll
2014-09-09 19:43 . 2014-05-14 16:23     38880     ----a-w-     c:\windows\system32\wups.dll
2014-09-09 19:43 . 2014-05-14 16:23     700384     ----a-w-     c:\windows\system32\wuapi.dll
2014-09-09 19:43 . 2014-05-14 16:20     97792     ----a-w-     c:\windows\system32\wudriver.dll
2014-09-09 19:43 . 2014-05-14 16:17     92672     ----a-w-     c:\windows\SysWow64\wudriver.dll
2014-09-09 19:43 . 2014-05-14 16:23     36320     ----a-w-     c:\windows\SysWow64\wups.dll
2014-09-09 19:43 . 2014-05-14 16:23     581600     ----a-w-     c:\windows\SysWow64\wuapi.dll
2014-09-09 19:41 . 2014-05-14 07:23     179656     ----a-w-     c:\windows\SysWow64\wuwebv.dll
2014-09-09 19:41 . 2014-05-14 07:17     33792     ----a-w-     c:\windows\SysWow64\wuapp.exe
2014-09-09 19:41 . 2014-05-14 07:23     198600     ----a-w-     c:\windows\system32\wuwebv.dll
2014-09-09 19:41 . 2014-05-14 07:20     36864     ----a-w-     c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-28 08:41 . 2014-02-20 21:17     701104     ----a-w-     c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-28 08:41 . 2014-02-20 21:17     71344     ----a-w-     c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-21 07:00 . 2011-08-13 17:10     23256     ----a-w-     c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-18 19:39 . 2011-04-09 16:16     101694776     ----a-w-     c:\windows\system32\MRT.exe
2014-09-16 14:20 . 2011-06-10 23:15     829264     ----a-w-     c:\windows\system32\msvcr100.dll
2014-09-16 14:20 . 2011-06-10 23:15     608080     ----a-w-     c:\windows\system32\msvcp100.dll
2014-09-15 07:06 . 2011-01-18 13:08     278152     ------w-     c:\windows\system32\MpSigStub.exe
2014-09-01 19:30 . 2014-09-01 19:30     0     ---ha-w-     c:\users\user\AppData\Local\BITEED0.tmp
2014-08-06 08:50 . 2014-08-06 08:50     123672     ----a-w-     c:\windows\system32\drivers\avgmfx64.sys
2014-07-25 00:35 . 2014-07-25 00:35     875688     ----a-w-     c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47     869544     ----a-w-     c:\windows\system32\msvcr120_clr0400.dll
2014-07-21 19:03 . 2014-07-21 19:03     244504     ----a-w-     c:\windows\system32\drivers\avgidsdrivera.sys
2014-07-14 02:02 . 2014-08-19 17:51     1216000     ----a-w-     c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-19 17:51     664064     ----a-w-     c:\windows\SysWow64\rpcrt4.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55     120176     ----a-w-     c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NielsenOnline"="c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2014-09-03 91872]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"ModemListener"="c:\program files (x86)\HSPA USB MODEM\ModemListener.exe" [2012-12-10 110248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute     REG_MULTI_SZ        autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 MaxProc64;MaxProc64;c:\windows\System32\drivers\MaxProc64.sys;c:\windows\SYSNATIVE\drivers\MaxProc64.sys [x]
R0 MaxProtector64;MaxProtector64;c:\windows\System32\drivers\MaxProtector64.sys;c:\windows\SYSNATIVE\drivers\MaxProtector64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\ONDA_MW823UP_cdc_acm.sys [x]
R3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\ONDA_MW823UP_cdc_ecm.sys [x]
R3 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\DRIVERS\ONDA_MW823UP_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\ONDA_MW823UP_cpo.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys;c:\program files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 AppObserver;Application creation observer;c:\program files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys;c:\program files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\DRIVERS\ONDA_MW823UP_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\ONDA_MW823UP_dc_enum.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-28 14:22     1096520     ----a-w-     c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20 08:41]
.
2014-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 06:47]
.
2014-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 06:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58     137584     ----a-w-     c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
Trusted Zone: google.it
Trusted Zone: google.it\local
Trusted Zone: google.it\maps
Trusted Zone: google.it\www
TCP: DhcpNameServer = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3850425041-216342284-1254296730-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3850425041-216342284-1254296730-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-10-02 15:57:21
ComboFix-quarantined-files.txt 2014-10-02 13:57
.
Pre-Run: 160.421.322.752 byte disponibili
Post-Run: 159.759.265.792 byte disponibili
.
- - End Of File - - 405D635F9DD9AB3340D6A3D6BE45219D


RAVEN
Moderatore Moderatore
RAVEN
Moderatore Moderatore
RAVEN
Moderatore
Moderatore

Avatar


Iscritto dal : 04/Settembre/2001
Da: Italy
Status: Offline
Posts: 16.197
Riporta il testo di: RAVEN Rispondibullet Topic: Post n° 104.718 - Postato: 02/Ottobre/2014 alle 16:10


Beh....direi che ti ha eliminato un bel po di porcherie, comprese le famose chiavi NO FILE (o file missing)....

Facci sapere come va il computer d'ora in avanti...



Stefano Ravagni - 'tanto prima o poi ti buco!'...disse il baco alla noce

SOSTIENICI



Altre pagine della discussione:






Vai al Forum
Non puoi postare nuovi topic in questo forum
Non puoi rispondere ai topic in questo forum
Non puoi cancellare i tuoi post in questo forum
Non puoi modificare i tuoi post in questo forum
Non puoi creare sondaggi in questo forum
Non puoi votare i sondaggi in questo forum

Bulletin Board Software by Web Wiz Forums version PcPrimiPassi
Copyright ©2001-2006 Web Wiz Guide

Questa pagina è stata generata in 0,055 secondi.

Sostienici

Versione 5.7 Sviluppata da Stefano Ravagni