Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

computer lento

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

computer lento

Messaggioda ivan92 » gio lug 16, 2009 10:18 am

oggi stavo trasferendo dei file da una miscro sd da 2 gb al computer per un totale di 1.74 gb di roba...e il compouter ha iniziato a rallentarsi in una maniera spaventosa...non mi era mai successo....cosa puo essere?
Avatar utente
ivan92
Senior Member
Senior Member
 
Messaggi: 285
Iscritto il: mer gen 09, 2008 4:48 pm
Località: orsago( tv)

Re: computer lento

Messaggioda stevens » gio lug 16, 2009 10:46 am

ciao

inizia col postare hijackthis

http://www.trendsecure.com/portal/en-US ... kthis.php#

1) crea una cartella dedicata e scompattalo al suo interno
2) lancia il programma
3) nel menu' di destra clicca su "do a system scan and save a log file"
4) il programma ti rilascerà un file di report in formato txt, salvalo e postalo sul forum


Nel download mettilo in C:\Programmi
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: computer lento

Messaggioda ivan92 » gio lug 16, 2009 11:56 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.00.29, on 16/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\PoivY.com\PoivY\PoivY.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Utente\Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{035A7A39-03E6-4522-9147-59CAF8CF44C6}: NameServer = 85.37.17.6 85.38.28.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{035A7A39-03E6-4522-9147-59CAF8CF44C6}: NameServer = 85.37.17.6 85.38.28.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{035A7A39-03E6-4522-9147-59CAF8CF44C6}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\APSHook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1c9a3f1bdcd0f3e) (gupdate1c9a3f1bdcd0f3e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 12084 bytes
Avatar utente
ivan92
Senior Member
Senior Member
 
Messaggi: 285
Iscritto il: mer gen 09, 2008 4:48 pm
Località: orsago( tv)


Re: computer lento

Messaggioda stevens » gio lug 16, 2009 12:02 pm

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tasto destro del Mouse su:
- combofix.exe
- Esegui come amministratore
- Premi Invio.
- Alla richiesta di creare una console di ripristino rispondere:
NO


Importante:
Non usare nessun programma sino a che Combofix non abbia terminato.
- Al termine, verrà creato un file log in C:\ComboFix.txt
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: computer lento

Messaggioda Roberto88 » gio lug 16, 2009 12:51 pm

Computer lento? Non è sempre colpa dei malware!
nel caso non vengano rilevate minacce dai un'occhiata all'articolo [;)]
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm

Re: computer lento

Messaggioda ivan92 » gio lug 16, 2009 7:49 pm

ComboFix 09-07-14.08 - Utente 16/07/2009 18.55.52.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2046.1208 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\a602f8.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-06-16 al 2009-07-16 )))))))))))))))))))))))))))))))))))
.

2009-07-15 10:57 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 10:57 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 10:57 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 10:57 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-10 18:02 . 2009-07-10 18:02 -------- d-----w- c:\users\Utente\AppData\Roaming\Yahoo!
2009-07-10 18:02 . 2009-07-10 18:02 -------- d-----w- c:\programdata\Yahoo! Companion
2009-07-02 11:02 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-02 11:01 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 09:33 . 2009-07-02 10:30 -------- d-----w- c:\program files\Cyanide
2009-07-02 07:59 . 2009-07-02 07:59 -------- d-----w- c:\program files\EA Games
2009-07-02 07:57 . 2009-06-25 14:36 1291640 ----a-w- c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-07-02 07:57 . 2009-06-25 14:36 729088 ----a-w- c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-07-01 17:22 . 2009-07-01 17:22 -------- d-----w- c:\program files\AAALOGO2009
2009-07-01 08:21 . 2009-07-01 08:21 -------- d-----w- c:\program files\WhoCrashed
2009-07-01 08:17 . 2009-07-01 08:18 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-06-30 09:26 . 2009-06-30 09:41 -------- d-s---w- C:\ciao
2009-06-30 08:21 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-30 08:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-30 08:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-30 08:20 . 2009-06-30 08:23 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-30 08:20 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-30 08:19 . 2009-06-30 08:19 -------- d-----w- c:\programdata\PC Tools
2009-06-28 15:57 . 2009-06-28 16:20 -------- d-----w- c:\users\Utente\AppData\Roaming\Hamachi
2009-06-28 15:56 . 2009-06-28 15:56 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-18 08:38 . 2009-06-18 08:38 -------- d-----w- c:\program files\Eidos
2009-06-17 17:56 . 2009-06-17 17:56 -------- d-----w- c:\program files\Enlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:04 . 2009-02-26 15:03 933180384 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-16 14:55 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-07-16 14:55 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-07-16 12:24 . 2008-09-02 08:12 -------- d-----w- c:\programdata\Google Updater
2009-07-16 07:52 . 2009-03-25 17:56 -------- d-----w- c:\users\Utente\AppData\Roaming\Skype
2009-07-15 21:27 . 2009-02-26 15:03 10884980 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-15 21:26 . 2008-11-26 19:10 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-15 21:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 17:44 . 2009-01-10 17:01 -------- d-----w- c:\users\Utente\AppData\Roaming\gtk-2.0
2009-07-15 12:08 . 2008-09-02 08:14 -------- d-----w- c:\program files\Spyware Doctor
2009-07-15 08:19 . 2008-09-28 18:08 -------- d-----w- c:\users\Utente\AppData\Roaming\Canon
2009-07-15 05:48 . 2008-10-29 15:42 89246 ----a-w- c:\programdata\nvModes.dat
2009-07-13 09:43 . 2009-01-31 13:30 -------- d-----w- c:\users\Utente\AppData\Roaming\FileZilla
2009-07-10 18:02 . 2008-09-02 13:47 -------- d-----w- c:\program files\Yahoo!
2009-07-07 09:17 . 2008-09-09 12:18 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-07 09:16 . 2008-09-09 12:18 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-07 07:50 . 2009-01-31 13:30 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-04 11:46 . 2008-09-02 13:47 -------- d-----w- c:\program files\FLV Player
2009-07-02 08:08 . 2008-09-09 12:18 139152 ----a-w- c:\users\Utente\AppData\Roaming\PnkBstrK.sys
2009-07-02 08:08 . 2008-09-09 12:18 139152 ----a-w- c:\users\Utente\AppData\Roaming\PnkBstrK.sys
2009-07-02 08:08 . 2008-09-09 12:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-02 08:08 . 2008-09-09 12:18 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-02 06:30 . 2008-10-31 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 06:30 . 2009-02-22 21:33 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-28 18:19 . 2008-11-27 16:24 -------- d-----w- c:\program files\PC Wizard 2008
2009-06-27 10:39 . 2009-05-29 16:43 -------- d-----w- c:\users\Utente\AppData\Roaming\Download Manager
2009-06-24 14:19 . 2007-07-20 11:18 -------- d-----w- c:\program files\Google
2009-06-23 21:18 . 2008-10-19 12:18 1 ----a-w- c:\users\Utente\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-20 12:35 . 2008-09-04 08:27 -------- d-----w- c:\program files\McAfee
2009-06-17 18:01 . 2007-07-20 10:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 09:27 . 2008-10-31 15:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-10-31 15:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 20:28 . 2008-09-02 13:35 -------- d-----w- c:\users\Utente\AppData\Roaming\uTorrent
2009-06-11 21:16 . 2007-07-20 11:03 -------- d-----w- c:\program files\Microsoft Works
2009-05-30 14:05 . 2009-05-30 14:05 -------- d-----w- c:\programdata\FLEXnet
2009-05-30 14:05 . 2008-09-01 09:10 88280 ----a-w- c:\users\Utente\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-30 13:34 . 2008-09-03 15:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-29 17:18 . 2009-05-29 17:18 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-25 18:11 . 2009-02-12 14:25 -------- d-----w- c:\users\Utente\AppData\Roaming\tuxmath
2009-05-23 17:31 . 2009-05-23 17:04 -------- d-----w- c:\program files\UltraStar Deluxe
2009-05-23 16:53 . 2009-05-23 16:53 53248 ----a-w- c:\users\Utente\lametritonus_en.dll
2009-05-23 16:53 . 2009-05-23 16:53 162304 ----a-w- c:\users\Utente\lame_enc_en.dll
2009-05-22 15:40 . 2009-04-04 11:29 -------- d-----w- c:\program files\AutoLyrix
2009-05-22 15:40 . 2008-09-04 09:06 -------- d-----w- c:\program files\Ashampoo
2009-05-20 14:36 . 2009-04-12 09:53 -------- d-----w- c:\program files\a-squared Free
2009-05-13 21:25 . 2008-09-04 08:27 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-05-13 21:25 . 2008-09-04 08:27 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-05-13 21:25 . 2008-09-04 08:27 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-05-13 21:25 . 2008-06-27 04:08 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-13 21:24 . 2008-09-04 08:26 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-04-30 12:37 . 2009-06-14 10:18 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-14 10:18 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-29 11:53 . 2008-09-01 09:01 8268 ----a-w- c:\users\Utente\AppData\Local\d3d9caps.dat
2009-04-27 18:39 . 2009-04-27 18:39 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-04-27 18:39 . 2009-05-06 16:08 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-04-27 18:39 . 2009-04-27 18:39 87696 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-04-27 18:39 . 2009-04-27 18:39 79888 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-04-27 18:39 . 2009-05-06 16:09 100944 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-04-23 12:43 . 2009-06-11 07:55 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 07:56 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:55 . 2009-06-11 07:56 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 15:35 . 2009-04-19 15:35 126976 ----a-w- c:\windows\gdf.dll
2009-06-24 16:22 . 2008-09-02 07:54 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" [2008-09-26 9102112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-09 1176808]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoLyrix.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoLyrix.lnk
backup=c:\windows\pss\AutoLyrix.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9BA697B1-915C-4D61-A4FD-4A685A2B695F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{45E9392E-1E22-424B-A50C-E49D9433C510}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AF8CF5BE-8FC3-47B4-A050-F0A54D8DE1D1}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8DECF182-E4F8-4A7F-91A5-872FFFE6A6C4}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{CB53E6C5-95DE-4EBE-81C7-D8022B21E053}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{018A8A45-657B-43C2-BD0F-AA78AB1ED596}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{ADDDF97D-1BB8-43AA-9A19-08C2C1AF7DD5}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{CB8CF604-16C7-47BC-A3B7-794083351E29}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{5A349D5F-7813-49B5-BBB9-F0F23A6E31D5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{64CBA301-5FDA-4850-A29F-ED26F4FF4964}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BAFB88BA-5BFB-49BD-AE71-793AB59CC9D1}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{66B929BD-8124-44E9-8A5C-3E3752952FA0}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{A24CF1F3-9446-4041-88D0-5E8F23690881}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{D3863EFA-D539-4E33-A727-22399C01D96E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{23412EA0-E5CC-492B-8B7E-C501076F464A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{6A423948-CFF2-412C-A96F-10ED6F17EB81}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{EA44934B-1F47-4CC3-9FE1-FCBDCF3E0C50}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{813C92B2-705B-4000-868A-32CF2EB9F219}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6D872ACC-E90F-4DA4-A7CE-CD9466A03960}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{125AEC90-117F-462D-8545-D70D55144697}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{538E6507-533C-4E01-ACCD-B086623C956F}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{470D2922-CA8C-4095-A3F2-CE01712C155C}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{0EC91057-2450-440A-BD2B-95A2FCB4CA3E}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{2D671A28-E617-44EA-B06F-A5E86431F899}"= UDP:5353:Adobe CSI CS4
"{C47D72F7-101C-4927-A035-25029BD58D27}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{01EEF17A-8171-4886-92EB-65AB18F1E069}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A16C5436-0A59-4B64-BD37-882349D183F0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E3B184D8-AFE2-4DB9-BBE6-569ED0F175E2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{EFBA52DD-B1EC-41CA-A545-8F06E3434001}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{43250031-C85F-4093-85B6-546CE2E551B2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3621EBA8-CC68-47E6-A58F-644787825ABF}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{7506094A-1A1C-4E56-ACBF-16D553290EF8}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [30/06/2009 10.21.20 130936]
R1 is-8LH1Gdrv;is-8LH1Gdrv;c:\windows\System32\drivers\63692176.sys [12/04/2009 19.55.46 148496]
R1 is-PDJFDdrv;is-PDJFDdrv;c:\windows\System32\drivers\10947585.sys [12/04/2009 20.00.37 148496]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [06/05/2009 18.09.14 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [06/05/2009 18.08.23 41424]
R2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe -k Cognizance [06/09/2008 13.43.48 21504]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [06/09/2008 13.43.48 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [04/09/2008 10.29.40 210216]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [02/10/2008 17.42.24 482176]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [27/04/2009 20.39.08 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [27/04/2009 20.39.08 87696]
S2 gupdate1c9a3f1bdcd0f3e;Servizio di Google Update (gupdate1c9a3f1bdcd0f3e);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2009 17.38.20 133104]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [19/04/2009 14.46.36 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [19/04/2009 14.46.36 3072]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [22/02/2009 17.15.40 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19.08.58 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/06/2009 10.20.15 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-02 14:05]

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 15:37]

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 15:37]

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603610610-2782796317-2799079916-1000Core.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-18 18:20]

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603610610-2782796317-2799079916-1000UA.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-18 18:20]

2008-09-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 06:57]

2008-09-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 06:57]
.
.
------- Scansione supplementare -------
.
uStart Page = www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Utente\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 19:05
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\Utente\AppData\Local\Temp\catchme.dll

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-603610610-2782796317-2799079916-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,64,30,fe,f1,06,01,11,21,97,24,99,60,47,25,c2,5b,7f,56,3f,a4,
6c,22,25,93,2c,4f,56,13,31,1c,e2,9d,df,6d,13,63,87,68,e4,41,2d,02,ad,7c,e1,\
"rkeysecu"=hex:7d,9a,36,f9,97,f7,5a,18,dd,82,e4,3e,61,55,92,01

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(684)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll
.
Ora fine scansione: 2009-07-16 19.08.59
ComboFix-quarantined-files.txt 2009-07-16 17:08
ComboFix2.txt 2009-06-30 09:41
ComboFix3.txt 2009-05-04 14:37

Pre-Run: 37.437.751.296 byte disponibili
Post-Run: 37.458.137.088 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
364 --- E O F --- 2009-07-15 21:25
Avatar utente
ivan92
Senior Member
Senior Member
 
Messaggi: 285
Iscritto il: mer gen 09, 2008 4:48 pm
Località: orsago( tv)

Re: computer lento

Messaggioda stevens » gio lug 16, 2009 11:09 pm

non so se ultimamente hai avuto il bagle o se si sta generando nel pc

Scarica Avenger

http://swandog46.geekstogo.com/avenger.zip

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe
Ora incolla queste righe nella box bianca che si è aperta:


files to delete:
c:\windows\bthservsdp.dat
c:\users\Utente\AppData\Local\d3d9caps.dat
c:\windows\System32\drivers\63692176.sys




Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.




Per maggior sicurezza, esegui questo programmino da modalita' provvisoria

il download lo trovi in fondo alla pagina http://www.zonavirus.com/datos/descarga ... ibagla.asp

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione


quando avra' finito troverai il log in C:\InfoSat.txt. - copialo in blocco note e postalo nel forum





Amalizza questo file e controlla i risultati senza eliminare niente

c:\windows\system32\drivers\pctplsg.sys

analizzalo qui =====> http://www.virustotal.com/it/
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: computer lento

Messaggioda ivan92 » ven lug 17, 2009 11:12 am

ecco il contenuto di avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Wed May 06 15:54:37 2009

15:54:37: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Wed May 06 15:54:57 2009

15:54:57: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Wed May 06 15:58:07 2009

15:58:07: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Wed May 06 16:43:54 2009

16:43:54: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Wed May 06 16:44:26 2009

16:44:26: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Wed May 06 16:45:06 2009

16:45:06: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Wed May 06 20:36:42 2009

20:36:42: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Wed May 06 20:36:54 2009

20:36:53: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Fri Jul 17 11:42:46 2009

11:42:46: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\windows\bthservsdp.dat" deleted successfully.
File "c:\users\Utente\AppData\Local\d3d9caps.dat" deleted successfully.
File "c:\windows\System32\drivers\63692176.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

più tardi inserirò gli altri
Avatar utente
ivan92
Senior Member
Senior Member
 
Messaggi: 285
Iscritto il: mer gen 09, 2008 4:48 pm
Località: orsago( tv)


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 22 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising