Ieri un mio amico mi ha dato il suo notebook per una controllata poichè era diventato molto lento. Mi ha detto di averlo portato dal tecnico per recuperare dei file cancellati da un virus, ma il tecnico gli ha recuperato i file e, a sua detta, non gli avrebbe cancellato il virus. Allora io fatto un paio di scansioni con Combofix ed affini ma la situazione non è cambiata per nulla, nonostante abbia anche alleggerito notevolmente il notebook disabilitando servizi inutili. Vi posto i log di Hijackthis e Combofix per vedere se magari è rimasto ancora qualche virus.
Combofix:
ComboFix 09-12-30.02 - Vincent 01/01/2010 18.35.55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.503.256 [GMT 1:00]
Eseguito da: c:\documents and settings\Vincent.VNCENT-LAPTOP\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-3C24-9E7C08000A00}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1202660629-220523388-725345543-1003
.
((((((((((((((((((((((((( Files Creati Da 2009-12-01 al 2010-01-01 )))))))))))))))))))))))))))))))))))
.
2009-12-31 14:20 . 2009-12-31 14:26 -------- d-----w- c:\programmi\RegCleaner
2009-12-31 14:14 . 2009-12-31 14:14 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\Opera
2009-12-31 12:58 . 2009-12-31 12:59 -------- d-----w- c:\programmi\Opera
2009-12-31 11:57 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-31 11:57 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-31 11:57 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-31 11:57 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-31 11:57 . 2009-12-31 11:57 -------- d-----w- c:\programmi\Avira
2009-12-31 11:57 . 2009-12-31 11:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-31 11:47 . 2009-08-19 03:08 306 ----a-w- c:\windows\myClean.bat
2009-12-31 11:33 . 2009-12-31 11:33 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Malwarebytes
2009-12-31 11:33 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 11:33 . 2009-12-31 11:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-31 11:33 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 11:33 . 2009-12-31 11:33 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-31 10:59 . 2009-12-31 10:59 -------- d-----w- c:\programmi\CCleaner
2009-12-26 14:38 . 2009-12-26 14:39 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\Packard Bell
2009-12-26 14:38 . 2009-12-26 14:38 -------- d-----w- c:\programmi\Packard Bell
2009-12-26 14:35 . 2009-12-26 14:37 -------- d-----w- c:\programmi\Packard Bell External HDD
2009-12-09 10:38 . 2009-12-09 10:38 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-12-08 16:21 . 2009-12-08 16:21 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Media Player Classic
2009-12-08 15:57 . 2009-12-08 15:57 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Ahead
2009-12-08 15:55 . 2009-12-08 15:55 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\Ahead
2009-12-07 14:30 . 2009-12-07 14:30 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\CyberLink
2009-12-03 11:54 . 2009-12-03 11:55 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 17:11 . 2008-07-21 18:18 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-31 13:33 . 2008-07-21 18:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-31 11:58 . 2008-07-21 17:42 -------- d-----w- c:\programmi\McAfee
2009-12-22 21:49 . 2009-11-29 12:04 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Apple Computer
2009-12-15 13:29 . 2008-07-21 18:25 55304 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-12-15 13:29 . 2008-07-21 18:25 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-15 13:29 . 2008-07-21 18:25 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-15 13:29 . 2008-07-21 18:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-15 13:29 . 2008-07-21 18:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-15 10:14 . 2004-08-19 12:00 80060 ----a-w- c:\windows\system32\perfc010.dat
2009-12-15 10:14 . 2004-08-19 12:00 479750 ----a-w- c:\windows\system32\perfh010.dat
2009-11-28 19:21 . 2009-11-28 19:21 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Yahoo!
2009-11-26 09:43 . 2009-11-26 09:43 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\DivX
2009-11-26 09:40 . 2009-11-26 09:40 66136 ----a-w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-26 09:40 . 2009-11-26 09:40 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\McAfee
2009-11-20 20:22 . 2008-07-21 18:34 -------- d-----w- c:\programmi\eMule AdunanzA
2009-11-06 14:25 . 2009-11-06 14:25 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-11-06 14:24 . 2008-07-23 12:44 -------- d-----w- c:\programmi\Windows Live
2009-11-06 14:22 . 2008-07-23 14:14 -------- d-----w- c:\programmi\Windows Live Toolbar
2009-11-06 14:21 . 2009-11-06 14:21 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-11-06 14:15 . 2009-11-06 14:15 -------- d-----w- c:\programmi\Microsoft
2009-11-06 14:14 . 2009-11-06 14:14 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-06 14:08 . 2009-11-06 14:08 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-11-04 13:22 . 2009-11-04 13:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-10-29 07:42 . 2004-08-19 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2004-08-19 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 06:00 . 2004-08-19 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-19 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-19 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:51 . 2004-08-19 12:00 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:51 . 2004-08-19 12:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:51 . 2004-08-19 12:00 112640 ----a-w- c:\windows\system32\rastls.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Packard Bell Software Suite"="c:\programmi\Packard Bell\Software Suite\PBSoftSuite.exe" [2009-04-10 2901024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MediaChecker.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-08-24 11:20 88363 ----a-w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 14:11 342312 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-09-29 19:58 49152 ----a-w- c:\programmi\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2006-12-15 09:45 787096 ----a-w- c:\programmi\HOTALBUMMyBOX\MBBalloon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 20:57 30208 ------w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-09-23 10:41 860160 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 07:11 1388544 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"wscsvc"=2 (0x2)
"TapiSrv"=2 (0x2)
"SharedAccess"=2 (0x2)
"SCardSvr"=3 (0x3)
"RichVideo"=2 (0x2)
"lanmanserver"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\WebEye\\WebEye.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [23/07/2008 12.15.42 15172]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/11/2009 15.24.08 54752]
R2 PowerSave;PowerSave Service;c:\programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [06/04/2009 10.35.44 1002016]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\system32\drivers\OxUSBTIMOUT.sys [07/06/2007 7.48.34 34152]
.
Contenuto della cartella 'Scheduled Tasks'
2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://www.yahoo.com/?fr=fp-grpj
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-MVS Splash - c:\programmi\McAfee\Managed VirusScan\DesktopUI\XTray.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 18:46
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????????h?h??????? ???B???????????????B????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(816)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-01-01 18:50:04
ComboFix-quarantined-files.txt 2010-01-01 17:50
Pre-Run: 27.349.389.312 byte disponibili
Post-Run: 27.344.224.256 byte disponibili
- - End Of File - - 79827A94665CD99B806B903C87B46B04
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.503.256 [GMT 1:00]
Eseguito da: c:\documents and settings\Vincent.VNCENT-LAPTOP\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-3C24-9E7C08000A00}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1202660629-220523388-725345543-1003
.
((((((((((((((((((((((((( Files Creati Da 2009-12-01 al 2010-01-01 )))))))))))))))))))))))))))))))))))
.
2009-12-31 14:20 . 2009-12-31 14:26 -------- d-----w- c:\programmi\RegCleaner
2009-12-31 14:14 . 2009-12-31 14:14 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\Opera
2009-12-31 12:58 . 2009-12-31 12:59 -------- d-----w- c:\programmi\Opera
2009-12-31 11:57 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-31 11:57 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-31 11:57 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-31 11:57 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-31 11:57 . 2009-12-31 11:57 -------- d-----w- c:\programmi\Avira
2009-12-31 11:57 . 2009-12-31 11:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-31 11:47 . 2009-08-19 03:08 306 ----a-w- c:\windows\myClean.bat
2009-12-31 11:33 . 2009-12-31 11:33 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Malwarebytes
2009-12-31 11:33 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 11:33 . 2009-12-31 11:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-31 11:33 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 11:33 . 2009-12-31 11:33 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-31 10:59 . 2009-12-31 10:59 -------- d-----w- c:\programmi\CCleaner
2009-12-26 14:38 . 2009-12-26 14:39 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\Packard Bell
2009-12-26 14:38 . 2009-12-26 14:38 -------- d-----w- c:\programmi\Packard Bell
2009-12-26 14:35 . 2009-12-26 14:37 -------- d-----w- c:\programmi\Packard Bell External HDD
2009-12-09 10:38 . 2009-12-09 10:38 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-12-08 16:21 . 2009-12-08 16:21 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Media Player Classic
2009-12-08 15:57 . 2009-12-08 15:57 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Ahead
2009-12-08 15:55 . 2009-12-08 15:55 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\Ahead
2009-12-07 14:30 . 2009-12-07 14:30 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\CyberLink
2009-12-03 11:54 . 2009-12-03 11:55 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 17:11 . 2008-07-21 18:18 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-31 13:33 . 2008-07-21 18:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-31 11:58 . 2008-07-21 17:42 -------- d-----w- c:\programmi\McAfee
2009-12-22 21:49 . 2009-11-29 12:04 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Apple Computer
2009-12-15 13:29 . 2008-07-21 18:25 55304 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-12-15 13:29 . 2008-07-21 18:25 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-15 13:29 . 2008-07-21 18:25 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-15 13:29 . 2008-07-21 18:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-15 13:29 . 2008-07-21 18:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-15 10:14 . 2004-08-19 12:00 80060 ----a-w- c:\windows\system32\perfc010.dat
2009-12-15 10:14 . 2004-08-19 12:00 479750 ----a-w- c:\windows\system32\perfh010.dat
2009-11-28 19:21 . 2009-11-28 19:21 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\Yahoo!
2009-11-26 09:43 . 2009-11-26 09:43 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\DivX
2009-11-26 09:40 . 2009-11-26 09:40 66136 ----a-w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-26 09:40 . 2009-11-26 09:40 -------- d-----w- c:\documents and settings\Vincent.VNCENT-LAPTOP\Dati applicazioni\McAfee
2009-11-20 20:22 . 2008-07-21 18:34 -------- d-----w- c:\programmi\eMule AdunanzA
2009-11-06 14:25 . 2009-11-06 14:25 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-11-06 14:24 . 2008-07-23 12:44 -------- d-----w- c:\programmi\Windows Live
2009-11-06 14:22 . 2008-07-23 14:14 -------- d-----w- c:\programmi\Windows Live Toolbar
2009-11-06 14:21 . 2009-11-06 14:21 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-11-06 14:15 . 2009-11-06 14:15 -------- d-----w- c:\programmi\Microsoft
2009-11-06 14:14 . 2009-11-06 14:14 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-06 14:08 . 2009-11-06 14:08 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-11-04 13:22 . 2009-11-04 13:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-10-29 07:42 . 2004-08-19 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2004-08-19 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 06:00 . 2004-08-19 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-19 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-19 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:51 . 2004-08-19 12:00 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:51 . 2004-08-19 12:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:51 . 2004-08-19 12:00 112640 ----a-w- c:\windows\system32\rastls.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Packard Bell Software Suite"="c:\programmi\Packard Bell\Software Suite\PBSoftSuite.exe" [2009-04-10 2901024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MediaChecker.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-08-24 11:20 88363 ----a-w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 14:11 342312 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-09-29 19:58 49152 ----a-w- c:\programmi\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2006-12-15 09:45 787096 ----a-w- c:\programmi\HOTALBUMMyBOX\MBBalloon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 20:57 30208 ------w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-09-23 10:41 860160 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 07:11 1388544 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"wscsvc"=2 (0x2)
"TapiSrv"=2 (0x2)
"SharedAccess"=2 (0x2)
"SCardSvr"=3 (0x3)
"RichVideo"=2 (0x2)
"lanmanserver"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\WebEye\\WebEye.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [23/07/2008 12.15.42 15172]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/11/2009 15.24.08 54752]
R2 PowerSave;PowerSave Service;c:\programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [06/04/2009 10.35.44 1002016]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\system32\drivers\OxUSBTIMOUT.sys [07/06/2007 7.48.34 34152]
.
Contenuto della cartella 'Scheduled Tasks'
2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://www.yahoo.com/?fr=fp-grpj
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-MVS Splash - c:\programmi\McAfee\Managed VirusScan\DesktopUI\XTray.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 18:46
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????????h?h??????? ???B???????????????B????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(816)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-01-01 18:50:04
ComboFix-quarantined-files.txt 2010-01-01 17:50
Pre-Run: 27.349.389.312 byte disponibili
Post-Run: 27.344.224.256 byte disponibili
- - End Of File - - 79827A94665CD99B806B903C87B46B04
Hijackthis:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Packard Bell\Software Suite\PBSoftSuite.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\netdde.exe
C:\Programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Packard Bell\Software Suite\pbDevDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Vincent.VNCENT-LAPTOP\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-grpj
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Programmi\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Packard Bell Software Suite] "C:\Programmi\Packard Bell\Software Suite\PBSoftSuite.exe" /run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6664991687
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vinsss182.spaces.live.com/PhotoU ... nPUpld.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://www.coolstreaming.us/consolle/pl ... OPCORE.CAB
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Packard Bell\Software Suite\PBSoftSuite.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\netdde.exe
C:\Programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Packard Bell\Software Suite\pbDevDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Vincent.VNCENT-LAPTOP\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-grpj
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Programmi\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Packard Bell Software Suite] "C:\Programmi\Packard Bell\Software Suite\PBSoftSuite.exe" /run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6664991687
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vinsss182.spaces.live.com/PhotoU ... nPUpld.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://www.coolstreaming.us/consolle/pl ... OPCORE.CAB
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Programmi\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
P.S.: Io sto inziando a prendere in considerazione che forse il rallentamento può essere dovuto a qualche problema hardware. Voi che ne pensate?