www.MegaLab.it

[The Doctor]

Senza massacrare il pc, perché non provi semplicemente a cancellarla?
http://www.MegaLab.it/2745/3/inserire-l ... l-computer

segui il consiglio di crazy.cat per rimuovere la password del bios

[Trinità]

Per far partire Pc Cmos Cleaner si deve impostare il giusto ordine di boot, ovvero mettere al primo posto il lettore CD/DVD. Il mio problema è proprio questo, ovvero non poter impostare l'ordine di boot non potendo accedere a nessuna parte del Bios, sicuramente non mi è chiaro qualcosa .

[Fred]

Procedi alla cancellazione per via fisica, è meglio

[Trinità]

Procedi alla cancellazione per via fisica, è meglio

Mi avete anche fatto installare un sw per masterizzare sul mio Pc cavia

Daresti uno sguardo alle foto che ho postato nella pagina precedente se vedi qualche pila/connettore? Non è che devo smontare la tastiera e tutto? Comunque a questo punto non CI è chiara l'utilità di quel programma

[Vincent Vega]

Comunque la batteria dovrebbe essere proprio quella in alto a destra nella seconda foto. In caso, dovresti poter anche trovare un Jumper più a portata di mano.

[TheSloth]

Comunque la batteria dovrebbe essere proprio quella in alto a destra nella seconda foto. In caso, dovresti poter anche trovare un Jumper più a portata di mano.

penso anch'io. ma la prossima volta, posta immagini più grandi. ho perso qualche diottria (considerando anche che ora è e il colore dei miei occhi...)

per il jumper, hai un manuale del pc? dovrebbe essere indicato dove si trova. sul pcb, dovresti poter leggere qualcosa che descriva la funzione del jumper, ma accertati di quello che fai...

[The Doctor]

Per far partire Pc Cmos Cleaner si deve impostare il giusto ordine di boot, ovvero mettere al primo posto il lettore CD/DVD. Il mio problema è proprio questo, ovvero non poter impostare l'ordine di boot non potendo accedere a nessuna parte del Bios, sicuramente non mi è chiaro qualcosa .

Azz... scusa Trinità ma è disattivata anche l'opzione di scelta di cosa avviare appena accendi il pc (tipo F8, F12 ecc)?

[Trinità]

Che succede se non è quella la pila?

Ho trovato questo su un sito:

Apparently, the RTC/CMOS battery itself is under (or next to) the heatsink for the CPU; but, it is also just a coin battery in heatshrink with two wires (red and black) and the connector ought to be visible near the heatsink with the keyboard removed.

Comunque sul manuale che ho scaricato dal web non parla della pila
Potrebbe essere la Ram la batteria?



Edit: Quella pseudo-batteria non si toglie, non è una batteria, ha dei cavi in rame attorcigliati intorno, tipo motorino delle macchinine, ho rotto il coso di plastica attorno per far leva con il cacciavite, fortuna che funziona ancora tuttoXD

Edit2: Che dite ci metto una goccia di attak sul cosino di plastica? Non lo ho rotto tutto, si è solo spezzato da una parte ma per il resto è integro

@ TheSloth: La prossima volta che devo trovare la password del Bios di un portatile e non si può usare PC CMOS Cleaner, nè trovo un jumper o la pila, mi ricorderò di mettere delle foto più grandi

[Vincent Vega]

No, l'Attak no, può essere conduttivo e rischi di cortocircuitare qualcosa, lascia così com'è. Comunque l'Hw si tratta con delicatezza, per il resto... Un modo per fare il Clear CMOS ci sarà pure, devi trovare una batteria tampone, come quella degli orologi per intenderci.

[TheSloth]

Azz... scusa Trinità ma è disattivata anche l'opzione di scelta di cosa avviare appena accendi il pc (tipo F8, F12 ecc)?

quoto.

interpretando le due righe in inglese, c'è una batteria a bottone vicino il dissipatore, ma la vedi solo dopo aver rimosso la tastiera...

l'attack nn dovrebbe essere elettroconduttivo ma è sensibile al calore, e all'interno di un portatile non lo vedo bene.

[Fred]

Azz... scusa Trinità ma è disattivata anche l'opzione di scelta di cosa avviare appena accendi il pc (tipo F8, F12 ecc)?

Ma la password viene chiesta prima o dopo il POST (non me lo ricordo mai, mi sembra prima, ma non ne sono certo).

Comunque l'Hw si tratta con delicatezza

Ti ricordo che ti sei autodefinito "massacratore di hardware"

(considerando anche che ora è e il colore dei miei occhi...)

E quello che hai fatto fino ad ora .

[Trinità]

La password viene chiesta prima
Non mi resta che aprirlo, a livelli di software ho disinstallato office ed eliminto circa 10 Gb di quei setups che erano tutte installazioni di Office, il pc funziona, gli altri riguardano Java e altri programmi...+

edit ecccezionale!!!: Ho utilizzato ComboFix, che avevo dimenticato, ha eliminato: wnsapivs.exe ed Uninstall.ini e, forse non ci crederete, i setups sono scomparsi

Ecco il log di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.20.42, on 17/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\DllHost.exe
C:\Documents and Settings\user\Desktop\jxpiinstall.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Programmi\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Programmi\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WkCalRem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cheapnet.it/
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6235 bytes

Ora il Pc è veloce, solo l'avvio è un po' lento, suggerimenti?

[Fred]

jxpiinstall.exe Questo è l'unico che non so cosa sia, e non mi convince per niente. Per il resto il log è pulito.

[Trinità]

E' il setup di un aggiornamento Java
Ma tipo programmi all'avvio come Vassoio Utility Sis e Speed Touch USB Diagnostics posso disattivarli tranquillamente per velocizzare l'avvio?

Log di Hijack Hunter:

Hijack Hunter 1.5.0.0
http://www.novirusthanks.org
Log created on 17/04/2010 at 22.04.19

[+] Generic system info

Operating System: Microsoft Windows XP Service Pack 3 32-bit OS
Build Version: 2600.xpsp_sp3_gdr.100216-1514
Internet Explorer: 8.0.6001.18702
System Folder: C:\WINDOWS\system32

[+] Running processes

C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (40384 bytes) (ALWIL Software) (57e6d33e74c6d3f198890db4933644a7)
C:\Acer\eManager\anbmServ.exe (1287168 bytes) (OSA Technologies Inc.) (c10d0fae427ea464edea2ee5dc40f056)
C:\Programmi\Java\jre6\bin\jqs.exe (153376 bytes) (Sun Microsystems, Inc.) (1834c96fb1f9280bcf6ddfa6de8338bf)
C:\Programmi\PC Tools Firewall Plus\FWService.exe (818432 bytes) (PC Tools) (c45ed958d60b95e98bacb45f4f2f1649)
C:\WINDOWS\system32\HPZipm12.exe (73728 bytes) (HP) (2d091a99624fb9e7eef0a86d872ec0c3)
C:\WINDOWS\System32\PAStiSvc.exe (53248 bytes) (Unknown) (ed78dfad8efcdfbc89500492c4d14645)
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe (98394 bytes) (Synaptics, Inc.) (3665ba88b993554db062ff96542d85ff)
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe (688218 bytes) (Synaptics, Inc.) (55582f239914c8efccf89bd632639542)
C:\WINDOWS\AGRSMMSG.exe (88363 bytes) (Agere Systems) (cbdc5fe0f88f02f7aabf13c0871b9317)
C:\WINDOWS\system32\keyhook.exe (32768 bytes) (Silicon Integrated Systems Corporation) (a141351c191a65b66e067326bac0a190)
C:\Programmi\Arcade\PCMService.exe (49152 bytes) (CyberLink Corp.) (46695588db7a33dd7ca9d57e364311b3)
C:\Programmi\Launch Manager\QtZgAcer.EXE (315392 bytes) (Dritek System Inc.) (30a74ea0d54131e8d3dc83848de183d9)
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe (866816 bytes) (THOMSON Telecom Belgium) (d40191aa225638ab20e59524cdd74030)
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe (2790472 bytes) (ALWIL Software) (8de8defe523c005c5f88852e2493d67d)
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe (3168216 bytes) (PC Tools) (b4c1c657fcccaf24ebf028ce68e6d086)
C:\Programmi\File comuni\Java\Java Update\jusched.exe (248040 bytes) (Sun Microsystems, Inc.) (52db6cdac5bc7a1fc884e97c41c91213)
C:\WINDOWS\system32\sistray.exe (331776 bytes) (Silicon Integrated Systems Corporation) (21cb0dfdd55db20b2c55ab241961ffe1)
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe (24651 bytes) (Microsoft® Corporation) (1828f1775691d7ac520299739b52d82b)
C:\Documents and Settings\user\Desktop\HijackHunter.exe (521728 bytes) (NoVirusThanks Company Srl) (898eeee758821f9e8a06fe6a93542226)

[+] Loaded Modules

C:\WINDOWS\system32\WgaLogon.dll (236928 bytes) (Microsoft Corporation) (181ecbb92daf7778e9cc8344be051bde)
C:\WINDOWS\system32\msacm32.drv (20992 bytes) (Microsoft Corporation) (05e84eead6b27c958621a4e6d33859d1)
C:\WINDOWS\AppPatch\AcAdProc.dll (39424 bytes) (Microsoft Corporation) (ec06bc70432c1312d307ad91686d3aac)
C:\WINDOWS\system32\Normaliz.dll (23552 bytes) (Microsoft Corporation) (10753a3adc3e39a3b10cc3f08e98e6b4)
C:\WINDOWS\system32\iertutil.dll (1985536 bytes) (Microsoft Corporation) (4a9ec3384e91863069d742b7651f9b50)
C:\WINDOWS\system32\wups2.dll (44768 bytes) (Microsoft Corporation) (5bd1234e11b39c63bba87022af6d43c2)
C:\WINDOWS\system32\CNMLM50.DLL (100352 bytes) (CANON INC.) (038bdad2319a7813b3762511af7ecfb0)
C:\WINDOWS\system32\HpTcpMon.dll (155648 bytes) (Hewlett Packard) (4e460240cb29778f5f8c1feb38806679)
C:\WINDOWS\system32\hpzjrd01.dll (139264 bytes) (Hewlett Packard) (ee142789631138c42112b5b757dde6a9)
C:\WINDOWS\system32\HPTcpMUI.dll (233472 bytes) (Microsoft Corporation) (739707ac9768dc86f1f5f8028b396e36)
C:\WINDOWS\system32\hptcpmib.dll (102400 bytes) (Hewlett Packard) (adbb61bf0b9c97de818090738ec71e57)
C:\WINDOWS\system32\hpz3l054.dll (38400 bytes) (Hewlett-Packard Company) (fdb859f93c8491f961c3b9168fa90f51)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD50.DLL (16384 bytes) (CANON INC.) (2d758a859683616a4dd535700155f54e)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll (74240 bytes) (Hewlett-Packard Corporation) (4b410e9dbc93846d2e6c9ebde8304845)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (18944 bytes) (Microsoft Corporation) (58e13a2292839321d3cdc918d5a4f5ae)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (89088 bytes) (Microsoft Corporation) (eee7f12d9ff46f68fbc0da059a359e9e)
C:\WINDOWS\system32\odbcbcp.dll (24576 bytes) (Microsoft Corporation) (3211caa2b94ba366fdbaf63b02d2d861)
C:\WINDOWS\system32\netfxperf.dll (32768 bytes) (Microsoft Corporation) (31fb4b337dd09bdf99429d7dbb5fdd48)
C:\WINDOWS\system32\mscoree.dll (282112 bytes) (Microsoft Corporation) (c99248b969a799b771f484cd68bcb96e)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll (88584 bytes) (Microsoft Corporation) (c5a9554406507ab2ab341b221d97519d)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (5812560 bytes) (Microsoft Corporation) (a29e27328caa54ee94104694270fd8d0)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll (89608 bytes) (Microsoft Corporation) (2e61c409474416cc78d66300f1bcb722)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll (33800 bytes) (Microsoft Corporation) (f1430f5d20f4bb71a003209c3db3addf)
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll (258048 bytes) (Microsoft Corporation) (4b423ddb78ab25bcd2ef9bb2f264cbd7)
C:\WINDOWS\system32\ieframe.dll (11070976 bytes) (Microsoft Corporation) (80120e3374834a708fdeb5f6e69efb1f)
C:\WINDOWS\system32\WPDShServiceObj.dll (133632 bytes) (Microsoft Corporation) (045e228f71c31901084b64be59093499)
C:\WINDOWS\system32\PortableDeviceTypes.dll (166912 bytes) (Microsoft Corporation) (22358578cb321f3325496a3723029409)
C:\WINDOWS\system32\PortableDeviceApi.dll (284160 bytes) (Microsoft Corporation) (9d45b2201d0ecf9f42136c7b99deb8b2)
C:\WINDOWS\system32\SynTPFcs.dll (69722 bytes) (Synaptics, Inc.) (63bc0c63325234379fa86cd14b237017)
C:\WINDOWS\system32\SynCOM.dll (77917 bytes) (Synaptics, Inc.) (07e1f1997d717a4b1c85ba524bcb664a)
C:\WINDOWS\system32\SynTPAPI.dll (90202 bytes) (Synaptics, Inc.) (434937e43cf87066f73724a0d3122824)
C:\WINDOWS\system32\SiSPower.dll (49152 bytes) (Silicon Integrated Systems Corporation) (085d293743cb9a11620fcaca8f066276)
C:\WINDOWS\system32\SiSApCom.dll (176128 bytes) (Silicon Integrated Systems Corporation) (e3405fe62e4584dce568d622fddbefcf)
C:\WINDOWS\system32\SiSBase.dll (49152 bytes) (Silicon Integrated Systems Corporation) (e3159592a1e8ceb874556cb1ac75439c)
C:\WINDOWS\system32\SiSHook.dll (28672 bytes) (Silicon Integrated Systems Corporation) (d64c9ec3b2c58a79c03f80e7d74239c4)

[+] Registry startups

Value: SynTPLpr
Data: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: SynTPEnh
Data: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: AGRSMMSG
Data: AGRSMMSG.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: SiSPower
Data: Rundll32.exe SiSPower.dll,ModeAgent
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: SiS Windows KeyHook
Data: C:\WINDOWS\system32\keyhook.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: PCMService
Data: "C:\Programmi\Arcade\PCMService.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: IMJPMIG8.1
Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: MSPY2002
Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: PHIME2002ASync
Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: PHIME2002A
Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: LManager
Data: C:\Programmi\Launch Manager\QtZgAcer.EXE
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: SpeedTouch USB Diagnostics
Data: "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Adobe Reader Speed Launcher
Data: "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Adobe ARM
Data: "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: avast5
Data: C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: 00PCTFW
Data: "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: SunJavaUpdateSched
Data: "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: ctfmon.exe
Data: C:\WINDOWS\system32\ctfmon.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: CTFMON.EXE
Data: C:\WINDOWS\system32\CTFMON.EXE
Key: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

Value: StubPath
Data: C:\WINDOWS\system32\ieudinit.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}

Value: StubPath
Data: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}

Value: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Data: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

Value: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Data: C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Data: C:\Programmi\Java\jre6\bin\jp2ssv.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Value: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
Data: C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}


[+] Other Startups Methods

Value: WPDShServiceObj
Data: C:\WINDOWS\system32\WPDShServiceObj.dll
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: UPnPMonitor
Data: C:\WINDOWS\system32\upnpui.dll
CLSID: {e57ce738-33e8-4c51-8354-bb4de9d215d1}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: DllName
Data: %SystemRoot%\System32\dimsntfy.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy

Value: DllName
Data: WgaLogon.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon


[+] Startup folders

C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\WkCalRem.LNK (813 bytes) (Unknown) (d627949b15642ed36f3777d00d335709)
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Utility Tray.lnk (1421 bytes) (Unknown) (b22f6efc5de4f426c737afffe8d8b665)

[+] TCPIP nameservers


[+] Internet Explorer settings

Value: Start Page
Data: http://www.google.it/
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Default_Search_URL
Data: http://kingkongsearch.com/
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: SearchMigratedDefaultURL
Data: http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main


[+] Internet Explorer Trusted Sites


[+] Windows Firewall allowed programs

Value: C:\WINDOWS\System32\FXSCLNT.exe
Data: C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft Fax Console
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\WINDOWS\System32\dpvsetup.exe
Data: C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil_.exe
Data: C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\AVG\AVG8\avgupd.exe
Data: C:\Programmi\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\AVG\AVG8\avgnsx.exe
Data: C:\Programmi\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe
Data: C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe
Data: C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\HP\Digital Imaging\bin\hposid01.exe
Data: C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\HP\Digital Imaging\bin\hpqscnvw.exe
Data: C:\Programmi\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe
Data: C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\HP\Digital Imaging\bin\hpqCopy.exe
Data: C:\Programmi\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe
Data: C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe
Data: C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\HP\Digital Imaging\bin\hpqnrs08.exe
Data: C:\Programmi\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Programmi\MSN Messenger\msncall.exe
Data: C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

Value: C:\Programmi\MSN Messenger\livecall.exe
Data: C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List


[+] Windows Firewall allowed ports

Value: 1900:UDP
Data: 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 2869:TCP
Data: 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 1900:UDP
Data: 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 2869:TCP
Data: 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 139:TCP
Data: 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 445:TCP
Data: 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 137:UDP
Data: 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 138:UDP
Data: 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List


[+] System Hijack

Value: DisableSR
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore

Value: Hidden
Data: 2
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: ShowSuperHidden
Data: 0
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: FirstRunDisabled
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: EnableDCOM
Data: Y
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

Value: Wallpaper
Data: C:\WINDOWS\Web\Wallpaper\Colline.bmp
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: OriginalWallpaper
Data: C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: ConvertedWallpaper
Data: C:\WINDOWS\Web\Wallpaper\Amico.jpg
Key: HKEY_CURRENT_USER\Control Panel\Desktop


[+] Executables in Temp folders

C:\DOCUME~1\user\IMPOST~1\Temp\_iu14D2N.tmp (697824 bytes) (PC Tools) (fa4147d460d2145dee0fb504df874a73)
C:\DOCUME~1\user\IMPOST~1\Temp\VSUSetup.exe (2249368 bytes) (Unknown) (6e9346d54210c5935e49cc99df46a01f)

[+] Executables in suspicious folders

C:\mbr.exe (77312 bytes) (Unknown) (c5ec72a20b4c98db5314e6c46765b148)
C:\WINDOWS\system\RCDSETUP.EXE (345983 bytes) (Unknown) (7a794e0099633319cc9aaa202e44060f)
C:\Programmi\windows nt\hypertrm.exe (28160 bytes) (Hilgraeve, Inc.) (ef34aaaa03d7cc4579239fe6dabf1577)

[+] Unknown .SYS files

C:\WINDOWS\system32\drivers\aavmker4.sys (28880 bytes) (ALWIL Software) (94321612e022baed249bf6bc2b9ddf9e)
C:\WINDOWS\system32\drivers\aswmon.sys (94800 bytes) (ALWIL Software) (098e3a9ffae8ca693fae7229f6e659b7)
C:\WINDOWS\system32\drivers\aswmon2.sys (100432 bytes) (ALWIL Software) (71a24fc1564c39cf834acec3396577e6)
C:\WINDOWS\system32\drivers\regguard.sys (25837 bytes) (Greatis Software) (0d95b742cff80054fc09d8b05fb93a61)
C:\WINDOWS\system32\drivers\mbam.sys (20824 bytes) (Malwarebytes Corporation) (f61b04f2bb5098a34817d776c59e5e7c)
C:\WINDOWS\system32\drivers\pctplfw.sys (115216 bytes) (PC Tools) (6d74df36716a458619a62dd764fc4f8b)
C:\WINDOWS\system32\drivers\AGRSM.sys (1270540 bytes) (Agere Systems) (ceffa3db1657293322e0bdea7d99e754)
C:\WINDOWS\system32\drivers\pctgntdi.sys (233136 bytes) (PC Tools) (39e8623f9f29dbc9e053a696d85f8ac6)
C:\WINDOWS\system32\drivers\tmcomm.sys (160272 bytes) (Trend Micro Inc.) (310465d1ba3481b299247b38b2f5da84)
C:\WINDOWS\system32\drivers\mdmxsdk.sys (11868 bytes) (Conexant) (195741aee20369980796b557358cd774)
C:\WINDOWS\system32\drivers\sffp_mmc.sys (10240 bytes) (Microsoft Corporation) (d66d22d76878bf3483a6be30183fb648)
C:\WINDOWS\system32\drivers\SISAGPX.SYS (36992 bytes) (Silicon Integrated Systems Corporation) (61ca562def09a782d26b3e7edec5369a)
C:\WINDOWS\system32\drivers\pfc.sys (10368 bytes) (Padus, Inc.) (444f122e68db44c0589227781f3c8b3f)
C:\WINDOWS\system32\drivers\AmdK8.sys (43520 bytes) (Microsoft Corporation) (e4061645af86f9d0e508d257f6eb870c)
C:\WINDOWS\system32\drivers\sisnicxp.sys (32768 bytes) (SiS Corporation) (47f39481bc8941e0d51601a85691448d)
C:\WINDOWS\system32\drivers\BCMWL5.SYS (369024 bytes) (Broadcom Corporation) (38ca1443660d0f5f06887c6a2e692aeb)
C:\WINDOWS\system32\drivers\aswTdi.sys (46672 bytes) (ALWIL Software) (9e82102b7249ef33a1cc132f26afeac4)
C:\WINDOWS\system32\drivers\SynTP.sys (185824 bytes) (Synaptics, Inc.) (eb363ddfbe8b6d51003ccab29d93d744)
C:\WINDOWS\system32\drivers\hitmanpro35.sys (15944 bytes) (Unknown) (d7e05e0173719b66bb108f3d97e49a6a)
C:\WINDOWS\system32\drivers\ALCXWDM.SYS (2311680 bytes) (Realtek Semiconductor Corp.) (5dae13401e4d3b8f132bf5867447d661)
C:\WINDOWS\system32\drivers\aswRdr.sys (23376 bytes) (ALWIL Software) (9a2f01e6bcece7a1a1f39846e392cd41)
C:\WINDOWS\system32\drivers\osaio.sys (8704 bytes) (Avocent/OSA Technologies Inc.) (b270a30ae97524e7edb5eca7b2afb846)
C:\WINDOWS\system32\drivers\osanbm.sys (4010 bytes) (Windows (R) 2000 DDK provider) (3245bee5176697faf0744a2e1288dc77)
C:\WINDOWS\system32\drivers\OsaFsLoc.sys (10890 bytes) (OSA Technologies) (240b6c0c50f98a2a7b829accd5158b1b)
C:\WINDOWS\system32\drivers\aswSP.sys (162768 bytes) (ALWIL Software) (7df85e2e544b505ee74d734a394e39c7)
C:\WINDOWS\system32\drivers\aswFsBlk.sys (19024 bytes) (ALWIL Software) (7f7135c14ed4fb190aa75cb1fd1f14e8)
C:\WINDOWS\system32\drivers\srvkp.sys (13312 bytes) (Silicon Integrated Systems Corporation) (87a5176a3762b1341619ce63152c1da9)
C:\WINDOWS\system32\drivers\pctNdis.sys (58816 bytes) (PC Tools) (8bbe917bc4da64b0ba8db33d4c0e0b7d)
C:\WINDOWS\system32\drivers\NTIDrvr.sys (6144 bytes) (NewTech Infosystems, Inc.) (7f1c1f78d709c4a54cbb46ede7e0b48d)
C:\WINDOWS\system32\drivers\DKbFltr.SYS (16896 bytes) (Dritek System Inc.) (08d30af92c270f2e76787c81589dbad6)
C:\WINDOWS\system32\drivers\mbamswissarmy.sys (38224 bytes) (Malwarebytes Corporation) (75b8ef2a089127e8a3b38f46cc366d79)
C:\WINDOWS\system32\drivers\pctNdis-DNS.sys (32680 bytes) (PC Tools) (0afd401e45033c6264080989647989d2)
C:\WINDOWS\system32\drivers\PCTCore.sys (207792 bytes) (PC Tools) (ad629e621cb1242ba8707cd9c2c5b6ec)
C:\WINDOWS\system32\drivers\U81xbus.sys (52352 bytes) (MCCI) (8452977e2331af70652c3a4c28d2706d)
C:\WINDOWS\system32\drivers\U81xwh.sys (5744 bytes) (MCCI) (4a4aa9301e284599abf4aa0557e82f1c)
C:\WINDOWS\system32\drivers\U81xwhnt.sys (5744 bytes) (MCCI) (4a4aa9301e284599abf4aa0557e82f1c)
C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (70664 bytes) (PC Tools) (4a7ef973fcd9c6cad6040ebb61262a5c)
C:\WINDOWS\system32\drivers\PCTAppEvent.sys (88040 bytes) (PC Tools) (cc174f32cc9c18ea3109c4b0fc2ca8df)
C:\WINDOWS\system32\drivers\U81xmdm.sys (84480 bytes) (MCCI) (eb0bbf5d8c53f1abe7911907b276a0b6)
C:\WINDOWS\system32\drivers\U81xmdfl.sys (6064 bytes) (MCCI) (e39c410fcd87570e36dcc34f6d2502b7)
C:\WINDOWS\system32\drivers\U81xmgmt.sys (77472 bytes) (MCCI) (f0eea020cc5986260b87cb92050af160)
C:\WINDOWS\system32\drivers\U81xobex.sys (75456 bytes) (MCCI) (aa1eb6bfd8176c25c04b803542bcd7ac)
C:\WINDOWS\system32\drivers\U81xcm.sys (6144 bytes) (MCCI) (5737e3b371db33a0c619ddf19d0221b3)
C:\WINDOWS\system32\drivers\U81xcmnt.sys (6144 bytes) (MCCI) (5737e3b371db33a0c619ddf19d0221b3)
C:\WINDOWS\system32\drivers\z3f2wh.sys (5744 bytes) (MCCI) (3804c903c79125ba637648d543de647f)
C:\WINDOWS\system32\drivers\hdaudbus.sys (144384 bytes) (Windows (R) Server 2003 DDK provider) (573c7d0a32852b48f3058cfd8026f511)
C:\WINDOWS\system32\drivers\z3f2cm.sys (6112 bytes) (MCCI) (dc5ca7dc334e44865ef89a0bf7410d3c)
C:\WINDOWS\system32\drivers\usbsermptxp.sys (24192 bytes) (Microsoft Corporation) (af4b8cc5ea40c57208796920068ddcd5)
C:\WINDOWS\system32\drivers\HPZius12.sys (21568 bytes) (HP) (7ac43c38ca8fd7ed0b0a4466f753e06e)
C:\WINDOWS\system32\drivers\HPZid412.sys (49664 bytes) (HP) (30ca91e657cede2f95359d6ef186f650)
C:\WINDOWS\system32\drivers\HPZipr12.sys (16496 bytes) (HP) (efd31afa752aa7c7bbb57bcbe2b01c78)
C:\WINDOWS\system32\drivers\ADFUUD.SYS (12570 bytes) (Unknown) (a341f600699d7d6ab11b8fabf6f177a8)
C:\WINDOWS\system32\drivers\BrScnUsb.sys (15295 bytes) (Brother Industries Ltd.) (92a964547b96d697e5e9ed43b4297f5a)
C:\WINDOWS\system32\drivers\WudfPf.sys (77568 bytes) (Microsoft Corporation) (f15feafffbb3644ccc80c5da584e6311)
C:\WINDOWS\system32\drivers\WudfRd.sys (82944 bytes) (Microsoft Corporation) (28b524262bce6de1f7ef9f510ba3985b)
C:\WINDOWS\system32\drivers\wpdusb.sys (38528 bytes) (Microsoft Corporation) (cf4def1bf66f06964dc0d91844239104)
C:\WINDOWS\system32\drivers\secdrv.sys (20480 bytes) (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (90a3935d05b494a5a39d37e71f09a677)

[+] Non accessible files


[+] Executables in Internet Explorer Folder

C:\Programmi\Internet Explorer\custsat.dll (33792 bytes) (Microsoft Corporation) (ad7a6ccd52c94700b1ba38ffaabcfbb8)
C:\Programmi\Internet Explorer\ExtExport.exe (144384 bytes) (Microsoft Corporation) (44d37a87f00d8684ad907dae295f67fb)
C:\Programmi\Internet Explorer\iedvtool.dll (742912 bytes) (Microsoft Corporation) (bd3c4101b9340e697c9eb0c9c7c9fedf)
C:\Programmi\Internet Explorer\iexplore.exe.mui (16384 bytes) (Microsoft Corporation) (d7b502fceadfebcc61205f4cf6539ad4)
C:\Programmi\Internet Explorer\jsdbgui.dll (521216 bytes) (Microsoft Corporation) (33db6e706fd3a2271033c5d29b3d6f76)
C:\Programmi\Internet Explorer\jsdebuggeride.dll (121344 bytes) (Microsoft Corporation) (3494af094cfb1d1b9a3c1ce255492b6c)
C:\Programmi\Internet Explorer\JSProfilerCore.dll (118272 bytes) (Microsoft Corporation) (d68cc4e775420716b6abc4d188d5d316)
C:\Programmi\Internet Explorer\jsprofilerui.dll (233984 bytes) (Microsoft Corporation) (0f6a0675181d3ae76755986f3bf9e598)
C:\Programmi\Internet Explorer\pdm.dll (355832 bytes) (Microsoft Corporation) (3ca2dfd1ee857cde7dccf4235f52d142)
C:\Programmi\Internet Explorer\sqmapi.dll (134144 bytes) (Microsoft Corporation) (5eb87ba0b93ca7e894fc8002e3ce4c2a)
C:\Programmi\Internet Explorer\iecompat.dll (64000 bytes) (Microsoft Corporation) (c49bcadd185a78e548a7b87434dd5c26)
C:\Programmi\Internet Explorer\xpshims.dll (12800 bytes) (Microsoft Corporation) (6b40358e790c81c4bf1fc4253bae9d3b)
C:\Programmi\Internet Explorer\ieproxy.dll (247808 bytes) (Microsoft Corporation) (8acac2d245b2239a52d4ded586801331)

I programmi all'avvio sono i Registry Startups Son parecchi...
Ps. Ho tagliato il log altrimenti non ci entrava!

[Fred]

Ps. Ho tagliato il log altrimenti non ci entrava!

Per questo i log vanno messi fra i tag

e

.
Se vuoi eliminare i programmi all'avvio apri CCleaner e utilizza l'apposita voce, altrimenti da Start -> Esegui -> digiti "msconfig" -> scheda "avvio" e togli la spunta ai programmi che no vuoi si avviino.