ADW ha eliminato un sacco di porcherie, adware e dirottatori JRT non ha trovato niente di particolare, il pc dovrebbe essere migliorato, facci sapere. Ciao

Io farei la scansione con Combofix come ti avevo già detto, comunque attendi r16 vediamo se è d'accordo. Ciao

Non credo che c'entri la chiavetta magari è da configurare.

Non conosco quella chiavetta quindi non conosco i vari parametri, si potrebbe fare una prova collegarla ad un altro pc per vedere se funziona e si attiva il collegamento, se si allora è un problema del pc altrimenti bisogna far controllare la chiavetta. Ciao

ECCO il log er chi volesse leggerlo..


ComboFix 13-11-15.01 - standard 17/11/2013 20.09.50.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.767.482 [GMT 1:00]
Eseguito da: e:\documents and settings\standard\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000D8023D00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: Avira AntiVir PersonalEdition *Enabled/Outdated* {00000000-F0B8-0012-20E9-917C2802927C}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\All Users\Dati applicazioni\TEMP
e:\documents and settings\standard\Dati applicazioni\vso_ts_preview.xml
e:\documents and settings\standard\Menu Avvio\Internet Explorer.lnk
e:\documents and settings\Utente\WINDOWS
e:\windows\system32\FlashPlayerApp.exe
e:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2013-10-17 al 2013-11-17 )))))))))))))))))))))))))))))))))))
.
.
2013-11-17 18:46 . 2013-11-17 18:58 -------- d-----w- e:\programmi\XP TCPIP Repair
2013-11-16 10:44 . 2013-11-16 10:44 -------- d-----w- e:\programmi\7-Zip
2013-11-15 22:14 . 2013-11-15 22:14 -------- d-----w- e:\windows\ERUNT
2013-11-15 20:06 . 2013-11-15 20:06 -------- d-----w- e:\programmi\CCleaner
2013-11-15 19:49 . 2013-11-16 11:31 -------- d-----w- E:\AdwCleaner
2013-11-14 16:41 . 2013-11-15 10:36 -------- d-----w- E:\FindyKill
2013-11-14 15:03 . 2013-11-17 19:02 -------- d-----w- e:\windows\system32\CatRoot2
2013-10-24 09:43 . 2013-10-24 09:43 -------- d-----w- e:\documents and settings\standard\Dati applicazioni\AVAST Software
2013-10-21 09:55 . 2013-10-08 05:29 145408 ----a-w- e:\windows\system32\javacpl.cpl
2013-10-21 09:55 . 2013-10-08 05:50 94632 ----a-w- e:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-17 17:49 . 2012-04-10 13:50 499796 ----a-w- e:\windows\system32\acs.exe
2013-10-11 14:06 . 2011-05-16 21:02 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:24 . 2004-08-19 13:39 920064 ----a-w- e:\windows\system32\wininet.dll
2013-09-23 18:24 . 2004-08-19 13:39 1469440 ------w- e:\windows\system32\inetcpl.cpl
2013-09-23 18:24 . 2004-08-19 13:39 43520 ----a-w- e:\windows\system32\licmgr10.dll
2013-09-23 18:24 . 2004-08-19 13:39 18944 ----a-w- e:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-19 13:26 385024 ----a-w- e:\windows\system32\html.iec
2013-08-29 07:01 . 2004-08-19 13:31 1878656 ----a-w- e:\windows\system32\win32k.sys
2008-02-18 23:07 . 2008-02-18 23:08 9119744 ----a-w- e:\programmi\Trust CP-2300 Webcam.msi
2004-10-01 13:00 . 2007-04-18 08:18 40960 ----a-w- e:\programmi\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"PAC7311_Monitor"="e:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"HP Software Update"="e:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="e:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]
start http://www.avg.com/it.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNzA1NzA2NDMwLVhMKzEtWE8zNisxLUZMKzktU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1EMzgxTCs2LVRVRyszLUREVCswLUkxMCsxLUxTRCsyLUREMTArMS1TVDEwQVBQKzE&prod=55&ver=10.0.1392 [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-09-28 19:09 700416 ------w- e:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33 421160 ----a-w- e:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11 3872080 ----a-w- e:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- e:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-03-22 05:07 248208 ----a-w- e:\programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 NNSHTTPS;NNSHTTPS;e:\windows\system32\DRIVERS\NNSHttps.sys [2013-01-09 95584]
R2 BBSvc;Bing Bar Update Service;e:\programmi\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 MBAMService;MBAMService;e:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;e:\programmi\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 PAC7311;Trust CP-2300 Webcam;e:\windows\system32\DRIVERS\PA707UCM.SYS [2007-03-14 449024]
R3 pcouffin;VSO Software pcouffin;e:\windows\system32\Drivers\pcouffin.sys [2007-10-14 47360]
R3 pctNDIS;PC Tools Driver;e:\windows\system32\DRIVERS\pctNdis.sys [2009-11-18 55208]
S2 BBUpdate;BBUpdate;e:\programmi\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 MBAMScheduler;MBAMScheduler;e:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 TomTomHOMEService;TomTomHOMEService;e:\programmi\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]
S3 AR9271;Wireless Network Adapter Service;e:\windows\system32\DRIVERS\athuw.sys [2010-01-05 1714176]
S3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2013-04-04 20552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-10-31 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:06]
.
2013-10-08 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-10-21 e:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-842925246-725345543-1003Core.job
- e:\documents and settings\standard\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-03-27 10:32]
.
2013-10-31 e:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-842925246-725345543-1003UA.job
- e:\documents and settings\standard\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-03-27 10:32]
.
2013-10-31 e:\windows\Tasks\OGALogon.job
- e:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2013-10-31 e:\windows\Tasks\User_Feed_Synchronization-{E1273408-B666-4BF2-9B44-9B225044AD0F}.job
- e:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - e:\programmi\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - e:\documents and settings\standard\Dati applicazioni\Mozilla\Firefox\Profiles\zqe5mf6v.default-1355672259015\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-17 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"

Nuovo Combofix:


ComboFix 13-11-16.01 - standard 17/11/2013 22.00.21.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.767.358 [GMT 1:00]
Eseguito da: e:\documents and settings\standard\Desktop\ComboFix.exe
Opzioni usate :: e:\documents and settings\standard\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000D8023D00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: Avira AntiVir PersonalEdition *Enabled/Outdated* {00000000-F0B8-0012-20E9-917C2802927C}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"e:\windows\system32\DRIVERS\NNSHttps.sys"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\standard\Dati applicazioni\AVAST Software
E:\FindyKill
e:\findykill\FindyKill.cmd
e:\findykill\Tools\1.ico
e:\findykill\Tools\EchoX.exe
e:\findykill\Tools\Fdc.reg
e:\findykill\Tools\fsum.exe
e:\findykill\Tools\FYK.vbs
e:\findykill\Tools\GREP.EXE
e:\findykill\Tools\IZARCE.exe
e:\findykill\Tools\Langue.cmd
e:\findykill\Tools\Llave
e:\findykill\Tools\RefMd5.def
e:\findykill\Tools\SniffC.exe
e:\findykill\Tools\SP2.reg
e:\findykill\Tools\SP3.reg
e:\findykill\Tools\swreg.exe
e:\findykill\Tools\Uac.reg
e:\findykill\Tools\Vista.reg
e:\findykill\Tools\winupgro.exe
e:\findykill\Uninstal.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NNSHTTPS
-------\Service_NNSHTTPS
.
.
((((((((((((((((((((((((( Files Creati Da 2013-10-17 al 2013-11-17 )))))))))))))))))))))))))))))))))))
.
.
2013-11-17 18:46 . 2013-11-17 18:58 -------- d-----w- e:\programmi\XP TCPIP Repair
2013-11-16 10:44 . 2013-11-16 10:44 -------- d-----w- e:\programmi\7-Zip
2013-11-15 22:14 . 2013-11-15 22:14 -------- d-----w- e:\windows\ERUNT
2013-11-15 20:06 . 2013-11-15 20:06 -------- d-----w- e:\programmi\CCleaner
2013-11-15 19:49 . 2013-11-16 11:31 -------- d-----w- E:\AdwCleaner
2013-11-14 15:03 . 2013-11-17 20:49 -------- d-----w- e:\windows\system32\CatRoot2
2013-10-21 09:55 . 2013-10-08 05:29 145408 ----a-w- e:\windows\system32\javacpl.cpl
2013-10-21 09:55 . 2013-10-08 05:50 94632 ----a-w- e:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-17 17:49 . 2012-04-10 13:50 499796 ----a-w- e:\windows\system32\acs.exe
2013-10-11 14:06 . 2011-05-16 21:02 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:24 . 2004-08-19 13:39 920064 ----a-w- e:\windows\system32\wininet.dll
2013-09-23 18:24 . 2004-08-19 13:39 1469440 ------w- e:\windows\system32\inetcpl.cpl
2013-09-23 18:24 . 2004-08-19 13:39 43520 ----a-w- e:\windows\system32\licmgr10.dll
2013-09-23 18:24 . 2004-08-19 13:39 18944 ----a-w- e:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-19 13:26 385024 ----a-w- e:\windows\system32\html.iec
2013-08-29 07:01 . 2004-08-19 13:31 1878656 ----a-w- e:\windows\system32\win32k.sys
2008-02-18 23:07 . 2008-02-18 23:08 9119744 ----a-w- e:\programmi\Trust CP-2300 Webcam.msi
2004-10-01 13:00 . 2007-04-18 08:18 40960 ----a-w- e:\programmi\Uninstall_CDS.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"PAC7311_Monitor"="e:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"HP Software Update"="e:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="e:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-09-28 19:09 700416 ------w- e:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33 421160 ----a-w- e:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11 3872080 ----a-w- e:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- e:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-03-22 05:07 248208 ----a-w- e:\programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 BBSvc;Bing Bar Update Service;e:\programmi\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;e:\programmi\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 MBAMScheduler;MBAMScheduler;e:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;e:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;e:\programmi\Skype\Updater\Updater.exe [2013-06-21 162408]
R2 TomTomHOMEService;TomTomHOMEService;e:\programmi\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]
R3 PAC7311;Trust CP-2300 Webcam;e:\windows\system32\DRIVERS\PA707UCM.SYS [2007-03-14 449024]
R3 pcouffin;VSO Software pcouffin;e:\windows\system32\Drivers\pcouffin.sys [2007-10-14 47360]
R3 pctNDIS;PC Tools Driver;e:\windows\system32\DRIVERS\pctNdis.sys [2009-11-18 55208]
S3 AR9271;Wireless Network Adapter Service;e:\windows\system32\DRIVERS\athuw.sys [2010-01-05 1714176]
S3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2013-04-04 20552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-11-17 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:06]
.
2013-10-08 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-10-21 e:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-842925246-725345543-1003Core.job
- e:\documents and settings\standard\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-03-27 10:32]
.
2013-10-31 e:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-842925246-725345543-1003UA.job
- e:\documents and settings\standard\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-03-27 10:32]
.
2013-10-31 e:\windows\Tasks\OGALogon.job
- e:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2013-11-17 e:\windows\Tasks\User_Feed_Synchronization-{E1273408-B666-4BF2-9B44-9B225044AD0F}.job
- e:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - e:\programmi\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - e:\documents and settings\standard\Dati applicazioni\Mozilla\Firefox\Profiles\zqe5mf6v.default-1355672259015\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-FindyKill - e:\findykill\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-17 22:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="E?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
e:\windows\system32\l3codeca.acm
e:\windows\system32\sirenacm.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
e:\windows\system32\acs.exe
e:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\programmi\Bonjour\mDNSResponder.exe
e:\programmi\D-Link\Bluetooth Software\bin\btwdins.exe
e:\programmi\FolderSize\FolderSizeSvc.exe
e:\programmi\Java\jre7\bin\jqs.exe
e:\programmi\File comuni\LightScribe\LSSrvc.exe
e:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\windows\system32\nvsvc32.exe
e:\windows\system32\slserv.exe
e:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Ora fine scansione: 2013-11-17 22:18:00 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-11-17 21:17
ComboFix2.txt 2013-11-17 19:25
.
Pre-Run: 12.175.654.912 byte disponibili
Post-Run: 12.125.569.024 byte disponibili
.
- - End Of File - - 3AC7AF69AB914B98C514E08537BE6C97
828E02D5C4A4FBE53441EE9DBEE51F43

ciao R16
purtroppo niente.... all'avvio lentissimo senza suono di apertura windows ma con solo screensever poi dopo alcuni minuti arrivano le varie icone del desktop.
All'inizio appena arrivate le icone solo la barra di start è di colore bianco (come se stessse in modalità provvisoria) poi diventa normalmente azzurra. Da quel momento tutto sembra funzionare (apro cartelle,, lancio programmi e lancio anche Mozilla che si apre ma naturalmente non trova la pagina. Forse sono in funzione due firewall per cui si annullano a vicenda? C'è da dire che quando ho lanciato Combofix mi chiedeva di disattivare gli antivirus (erano Avira che tanto tempo fa ho installato e poi disinstallato) in pratica la connessione wireless non va e se clicco per attivare l'ICS mi dice che non è possibile.Una curiosità...Lanciando u torrent (per prova)mi dice "WSAStartup failed,or you have the incorret version of Winsock installed"
Che facciamo ci arrendiamo.....

forse abbiamo trovato il pc.... si è subito aperto ha ripreso il suono di apertura di windows è artito subito non è iù lento come prima ma purtroppo la connessione mi dice Non connesso con firewall ,ho tentao il ripristino ma non si collega

scarica Scanner Servizio Farbar sul desktop :
http://download.bleepingcomputer.com/farbar/FSS.exe
Metti un segno di spunta in tutte le caselle sul lato sinistro.
Clicca su "Scan".
Si creerà un log (FSS.txt) nella stessa directory in cui viene eseguito lo strumento.
Posta il log.

Poi:

Scarica MiniToolBox salvalo sul desktop:
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe
Metti la spunta a tutte le caselle.
Clicca GO.
Posta il log.

Result.txt