Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

2 processi di avp.exe , uno mi rallenta il pc

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

2 processi di avp.exe , uno mi rallenta il pc

Messaggioda aboalansar9 » mar mag 05, 2009 11:04 am

ciao a tutti . da qualche giorno il mio pc è molto lento , percio ho aperto il task manager e ho trovato 2 processi avp.exe , uno era del mio kaspersky , invece l'altro nn so da dove viene e mi sta rallentando il pc di tanto perche consuma circa il 95% della cpu
ho fatto qualche ricerca e sono arrivato a questo forum e da quello che ho capito : vi mettero qua l'analisi del HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.36.56, on 05/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\documents and settings\nasr\impostazioni locali\dati applicazioni\eskmueq.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.it/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Register C:\Programmi\Symbian\Shared\SymbianConnectRunTime\SymbianConnectRuntime.exe] "C:\Programmi\Symbian\Shared\SymbianConnectRunTime\SymbianConnectRuntime.exe" /RegServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [eskmueq] "c:\documents and settings\nasr\impostazioni locali\dati applicazioni\eskmueq.exe" eskmueq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2955948109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3120901343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programmi\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10503 bytes



aiutatemi per favore
Avatar utente
aboalansar9
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: lun mag 04, 2009 7:39 pm

Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda cosmo » mar mag 05, 2009 11:14 am

mmm a parte questo qui nn vedo nulla di strano..
O4 - HKCU\..\Run: [eskmueq] "c:\documents and settings\nasr\impostazioni locali\dati applicazioni\eskmueq.exe" eskmueq

Prima di eliminare fai una scansione con Malwarebyte e combofix

E posta il file log di combofix [^]
.....::::CoSmO::::......
Avatar utente
cosmo
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 1778
Iscritto il: ven ott 24, 2003 1:29 pm
Località: Sicilia

Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda crazy.cat » mar mag 05, 2009 12:06 pm

E' un trojan cid, basta combofix per toglierlo.
cosmo ha scritto:O4 - HKCU\..\Run: [eskmueq] "c:\documents and settings\nasr\impostazioni locali\dati applicazioni\eskmueq.exe" eskmueq
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda aboalansar9 » mar mag 05, 2009 12:37 pm

ho fatto come mi avete detto , infatti l combofix mi ha eleminato quel trojan ,
ma il pc è sempre lento , ecco qua il log di combofix

ComboFix 09-05-04.08 - Nasr 05/05/2009 13.02.24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.990.593 [GMT 2:00]
Eseguito da: c:\documents and settings\Nasr\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nasr\Impostazioni locali\Dati applicazioni\eskmueq.dat
c:\documents and settings\Nasr\Impostazioni locali\Dati applicazioni\eskmueq.exe
c:\documents and settings\Nasr\Impostazioni locali\Dati applicazioni\eskmueq_nav.dat
c:\documents and settings\Nasr\Impostazioni locali\Dati applicazioni\eskmueq_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-04-05 al 2009-05-05 )))))))))))))))))))))))))))))))))))
.

2009-05-05 08:48 . 2009-05-05 08:48 -------- dc-h--w c:\documents and settings\All Users\Dati applicazioni\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-05-04 18:46 . 2009-05-04 18:46 -------- d-----w c:\programmi\Trend Micro
2009-04-24 12:55 . 2009-04-24 12:55 -------- dc----w c:\documents and settings\All Users\Dati applicazioni\ATI
2009-04-24 12:53 . 2009-04-24 12:53 0 ----a-w c:\windows\ativpsrm.bin
2009-04-23 18:20 . 2009-02-25 13:15 593920 ------w c:\windows\system32\ati2sgag.exe
2009-04-23 18:15 . 2009-04-23 18:15 -------- dc----w C:\ATI
2009-04-11 09:17 . 2009-04-11 09:17 -------- dc----w c:\documents and settings\Nasr\Dati applicazioni\DAEMON Tools Pro
2009-04-10 09:39 . 2009-04-10 09:39 -------- dc----w c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-04-10 09:39 . 2009-04-28 16:43 -------- d-----w c:\programmi\DAEMON Tools Toolbar
2009-04-10 09:38 . 2009-04-11 09:18 -------- dc----w c:\documents and settings\Nasr\Dati applicazioni\DAEMON Tools Lite
2009-04-09 17:08 . 2009-04-09 17:08 -------- d-----w c:\programmi\Ontrack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 11:07 . 2008-10-02 15:35 548896 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-05 11:07 . 2008-10-02 15:35 2956 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-05 11:07 . 2008-10-02 15:35 2645024 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-05 11:07 . 2008-10-02 15:35 21744 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-04 19:49 . 2008-10-02 16:59 -------- d-----w c:\programmi\SpeedFan
2009-05-03 11:50 . 2006-05-23 14:21 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-28 16:44 . 2008-11-14 22:05 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-23 18:26 . 2006-05-23 14:21 -------- d-----w c:\programmi\ATI Technologies
2009-04-19 16:07 . 2008-11-30 14:55 -------- d-----w c:\programmi\Messenger Plus! Live
2009-04-18 05:42 . 2006-05-23 14:40 85552 ----a-w c:\windows\system32\perfc010.dat
2009-04-18 05:42 . 2006-05-23 14:40 491002 ----a-w c:\windows\system32\perfh010.dat
2009-04-03 18:18 . 2009-04-03 18:18 33256 ------w c:\windows\system32\drivers\HssDrv.sys
2009-03-28 13:06 . 2009-03-28 13:06 -------- d-----w c:\programmi\EA SPORTS
2009-03-22 08:11 . 2009-03-22 08:11 -------- d-----w c:\programmi\Western Digital
2009-03-16 12:18 . 2009-03-30 23:03 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-03-30 23:03 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-03-30 23:03 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-03-30 23:03 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-15 11:31 . 2009-03-15 11:22 -------- d-----w c:\programmi\Microsoft
2009-03-15 11:31 . 2008-10-25 21:21 -------- d-----w c:\programmi\Windows Live
2009-03-15 11:27 . 2009-03-15 11:27 -------- d-----w c:\programmi\Microsoft SQL Server Compact Edition
2009-03-15 11:22 . 2009-03-15 11:22 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-03-09 13:27 . 2009-03-30 23:03 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-03-30 23:03 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 13:27 . 2009-03-30 23:03 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-07 15:19 . 2008-10-02 16:29 43520 -c--a-w c:\documents and settings\Guest\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-07 12:12 . 2008-10-02 14:40 43520 ----a-w c:\documents and settings\Nasr\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-06 23:33 . 2009-03-06 23:33 108848 -c--a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-03-06 23:31 . 2009-03-06 23:31 -------- d-----w c:\programmi\MSBuild
2009-03-06 23:31 . 2009-03-06 23:31 -------- d-----w c:\programmi\Reference Assemblies
2009-03-06 23:25 . 2009-03-06 23:25 -------- d-----w c:\programmi\MSXML 6.0
2009-03-06 14:44 . 2004-08-19 04:00 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-01-09 19:01 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 13:17 . 2009-03-01 13:17 4096 ----a-w c:\windows\d3dx.dat
2009-02-25 22:58 . 2006-04-27 08:46 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2006-04-27 08:47 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2006-04-27 08:17 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2006-04-27 08:41 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2006-04-27 08:41 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2006-04-27 08:41 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2006-04-27 08:41 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2006-04-27 08:41 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2006-04-27 08:39 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2006-04-27 08:39 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2006-04-27 08:31 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2006-04-27 08:48 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2006-04-27 08:25 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2006-04-27 08:12 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2006-04-27 08:11 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2006-04-27 08:05 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2006-04-27 08:05 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-20 17:08 . 2009-01-31 20:20 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:56 . 2004-08-19 04:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:49 . 2004-08-19 04:00 2019328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:48 . 2004-08-19 04:00 2139648 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:19 . 2004-08-19 04:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:19 . 2004-08-19 04:00 683008 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2004-08-19 04:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:18 . 2004-08-19 04:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:05 . 2004-08-19 04:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 19:01 . 2009-02-06 19:01 308088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 16:54 . 2004-08-19 04:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-05 15:37 . 2008-01-29 17:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\programmi\DAEMON Tools Toolbar\DTToolbar.dll" [2008-12-10 929224]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\programmi\DAEMON Tools Toolbar\DTToolbar.dll" [2008-12-10 929224]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 151552]
"ntiMUI"="c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-05 201992]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-17 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2008-06-13 20:39 45184 ----a-w c:\windows\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; [x]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver; [x]
R3 HssTrayService;Hotspot Shield Tray Service; [x]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-05 33808]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 LMPC4;LMPC4; [x]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d0589bc-16b8-11de-a9ca-0016ce6bf806}]
\Shell\AutoRun\command - j:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eab7e5e0-ff8d-11dd-a994-0016ce6bf806}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-DAEMON Tools Lite - c:\programmi\DAEMON Tools Lite\daemon.exe
HKCU-Run-eskmueq - c:\documents and settings\nasr\impostazioni locali\dati applicazioni\eskmueq.exe
HKLM-Run-LaunchApp - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Nasr\Dati applicazioni\Mozilla\Firefox\Profiles\szclx17a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 13:12
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Lock My PC 4\lockpc.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wscntfy.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\notepad.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-05 13.18.18 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-05 11:18

Pre-Run: 18.035.365.376 byte disponibili
Post-Run: 18.213.609.984 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

239 --- E O F --- 2009-05-05 01:01









mentre questo è quello di HIJACKTHIS (quello dopo la scansione di combofix)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.37.01, on 05/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\RunOnce: [Register C:\Programmi\Symbian\Shared\SymbianConnectRunTime\SymbianConnectRuntime.exe] "C:\Programmi\Symbian\Shared\SymbianConnectRunTime\SymbianConnectRuntime.exe" /RegServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2955948109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3120901343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programmi\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9671 bytes

adesso cosa bisogna fare aiutatemi per favore grazie in anticipo [V]
Avatar utente
aboalansar9
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: lun mag 04, 2009 7:39 pm

Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda crazy.cat » mar mag 05, 2009 1:17 pm

Hai provato a vedere nella configurazione?
http://www.MegaLab.it/3974/2/kaspersky-anti-virus-2009
sopratutto per fargli controllare solo i file nuovi e modificati in modo da ridurre i tempi delle scansioni in background.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda aboalansar9 » mar mag 05, 2009 1:43 pm

fatto ma kaspersky nn trova niente ,vorrei anche aggiungere qualcosa sul problema : e che tutto il pc rallenta quando sono su internet e quando esco dopo un po di minuti ritorna , funziona perfettamente e quando entro di nuovo su internet si blocca tutto il pc anzi rallente tantissimo , spero di essre piu chiaro riguardo il problema , aiutatemi per favore e grazie in anticipo
Avatar utente
aboalansar9
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: lun mag 04, 2009 7:39 pm

Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda crazy.cat » mar mag 05, 2009 4:14 pm

Non è tanto da fare un controllo con l'antivirus, si tratta di cercare di modificare la configurazione stessa per limitare l'uso della ram e velocizzare certi controlli.
Se hai alzato al massimo i livelli, euristica alta e tutto al max, il pc può rallentare sopratutto se non hai molta ram (quanta nei hai?).

Ci sono anche un sacco di programmi in esecuzione automatica che potrebbero anche essere rimossi senza grandi rimpianti.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda aboalansar9 » mar mag 05, 2009 5:34 pm

allora per prima cosa , ho modificato le impostazioni di ka al sito che mi hai mandato ,poi ho fatto una scansione completa .
di ram ho 3gb . ma io problema è che ho 2 di processi di avp.exe in base al task manager , uno è di kaspersky ,infatti quando aggiorno kaspersky vedo che questo processo aumenta un po , mentre l'altro nn so da dove viene . questo secondo processo , da quello che ho notato, aumenta fino 99 o 98 o 100 quando apro una finestra di internet o di firefox ,e rimane cosi alto per un po e dopo un po di tempo la pagina si carica e rimane sempre alto , affinche chiudo la finestra e dopo un po il pc ritorna normale . e nn so cosa dovrei fare nn riesco a navigare su internet per colpa di questo secondo processo che nn so da dove viene.
spero di avervi kiarito le idee . aiutatemi per favore e grazie in anticipo [V]
Avatar utente
aboalansar9
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: lun mag 04, 2009 7:39 pm

Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda winman » ven mag 08, 2009 6:05 pm

Ho avuto recentemente, qualche mese fa un problema analogo, era l' hd !
[:p] [:p]
Da quanto te lo fa ? [uhm] [uhm]
Proibizionismo e censura non fanno parte di una società libera
digito ergo sum : la proiezione dell' io intellettuale sulla tasteria !
Avatar utente
winman
Silver Member
Silver Member
 
Messaggi: 1398
Iscritto il: gio mar 31, 2005 5:23 pm
Località: pisa

Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda aboalansar9 » mer mag 20, 2009 2:23 pm

da circa 3 settimane , e
il mio hardisck è in bune condizioni aiutame per favvore
Avatar utente
aboalansar9
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: lun mag 04, 2009 7:39 pm

Re: 2 processi di avp.exe , uno mi rallenta il pc

Messaggioda Amantide » gio mag 21, 2009 12:23 pm

Mi dici le impostazione che trovi andando su KIS>> Protezione>> Anti-virus>> Anti-virus Web?
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising