Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pc estremamente lento - controllo log

2 pages: [1] 2
pc estremamente lento - controllo log Opzioni
Topic Precedente · Topic Sucessivo
testabianca
Inviato: Monday, April 26, 2010 4:40:09 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Il pc portatile, un Pavilion dv6500, di mia figlia è divenuto lentissimo anche nell'apertura e nella chiusura.
Ho fatto le varie pulizie anche con Ccleaner e Advance System Csare.
Allego log Haijackthis.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.26.18, on 26/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\alessandra\Desktop\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: (no name) - *{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [yikcc] "c:\users\alessandra\appdata\local\yikcc.exe" yikcc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldit-it.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APSHOOK.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GT Detect (GtDetectSc) - OptionNV - C:\Windows\system32\GtDetectSc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 12855 bytes

SO originale.
Vorrei togliere AVG e sostituirlo con antivirus Microsoft; come eliminare completamente AVG senza far rimanere rimasugli vari?

Grazie anticipatamente e salutoni.
Torna in alto
 
Sponsor
Inviato: Monday, April 26, 2010 4:40:09 PM

 
Torna in alto
 
shapiro
Inviato: Monday, April 26, 2010 4:49:02 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

hai qualche infezione da eliminare

apri hijackthis , seleziona do a systemscan only metti la spunta accanto a queste voci e premi fix checked


Code:
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

    O4 - HKCU\..\Run: [yikcc] "c:\users\alessandra\appdata\local\yikcc.exe" yikcc



scarica combofix

disconnetiti da internet
- disattiva l'antivirus
- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt


elimina i residui del norton con Norton Removal Tool

per disinstallare avg usa questo tool
Torna in alto
 
testabianca
Inviato: Monday, April 26, 2010 5:20:50 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Grazie shapiro.
Eseguo la prima parte per fixare.
La seconda, non conoscendo vista, mi dovrai gentilmente seguire passo passo come trovare il log.
Salutoni
Torna in alto
 
shapiro
Inviato: Monday, April 26, 2010 5:23:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scusa non avevo visto

se hai vista eseguilo come amministratore e avvialo col tasto destro
Torna in alto
 
testabianca
Inviato: Monday, April 26, 2010 6:09:55 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Come amministratore l'avevo intuito ma non so come vedere C.\ per trovare il log.
Ti avverto che il link per il tool norton fa scaricare un tool vecchio non eseguibile; dovresti aggiornarlo.
Per il resto ci sentialo appena il pc di mia figlia me lo consente data la sua lentezza.
Salutoni e grazie per la pazienda che vorrai offrirmi.
Salutoni.
Torna in alto
 
shapiro
Inviato: Monday, April 26, 2010 7:15:43 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
guarda se questo va bene
Torna in alto
 
testabianca
Inviato: Monday, April 26, 2010 7:41:36 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ti ringrazio. Avevo già provveduto.
Ora sto facendo la scansione con combofix e appena terminato torneto a postare.
Salutoni.
Torna in alto
 
testabianca
Inviato: Monday, April 26, 2010 8:32:03 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
ecco il file di testo di combofix:
ComboFix 10-04-21.01 - alessandra 26/04/2010 19.38.01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.1014.276 [GMT 2:00]
Eseguito da: c:\users\alessandra\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2635387291-1119825907-1126837931-500
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\intel64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\localsys64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\ntos.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\oembios.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\swin32.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twex.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twext.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\wsnpoema.exe
c:\program files\messengerskinner
c:\program files\messengerskinner\download\defaultPack.cab
c:\program files\messengerskinner\resources\appconfig.xml
c:\program files\messengerskinner\resources\btn.rgn
c:\program files\messengerskinner\resources\btnBnr.rgn
c:\program files\messengerskinner\resources\btnIn.rgn
c:\program files\messengerskinner\resources\btnInNormal.bmp
c:\program files\messengerskinner\resources\btnInOver.bmp
c:\program files\messengerskinner\resources\btnNormal.bmp
c:\program files\messengerskinner\resources\btnNormal.gif
c:\program files\messengerskinner\resources\btnNormalBnr.bmp
c:\program files\messengerskinner\resources\btnNormalBnr.gif
c:\program files\messengerskinner\resources\btnOver.bmp
c:\program files\messengerskinner\resources\btnOver.gif
c:\program files\messengerskinner\resources\btnOverBnr.bmp
c:\program files\messengerskinner\resources\btnOverBnr.gif
c:\program files\messengerskinner\resources\languages_v2.xml
c:\program files\messengerskinner\uninst.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Condizioni generali.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Disinstalla.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\MessengerSkinner.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Riservatezza.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Website.url
c:\users\ALESSA~1\FAVORI~1\Videos.url
c:\users\alessandra\AppData\Local\yikcc.dat
c:\users\alessandra\AppData\Local\yikcc.exe
c:\users\alessandra\AppData\Local\yikcc_nav.dat
c:\users\alessandra\AppData\Local\yikcc_navps.dat
c:\users\alessandra\AppData\Roaming\MessengerSkinner
c:\users\alessandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\alessandra\Desktop\Videos.url
c:\users\alessandra\Favorites\Videos.url
c:\windows\system32\nvs2.inf

.
((((((((((((((((((((((((( Files Creati Da 2010-03-26 al 2010-04-26 )))))))))))))))))))))))))))))))))))
.

2010-04-26 17:54 . 2010-04-26 17:59 -------- d-----w- c:\users\alessandra\AppData\Local\temp
2010-04-26 17:54 . 2010-04-26 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-26 15:49 . 2010-04-26 15:49 -------- d-----w- c:\users\alessandra\AppData\Local\Kiwee Toolbar2
2010-04-26 12:42 . 2010-04-26 12:42 -------- d-----w- c:\users\alessandra\AppData\Roaming\IObit
2010-04-26 12:42 . 2010-04-26 12:42 -------- d-----w- c:\program files\IObit
2010-04-26 11:13 . 2010-04-26 11:13 -------- d-----w- C:\PerfLogs
2010-04-26 08:56 . 2010-04-26 08:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-26 08:16 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-04-26 08:16 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-04-26 08:16 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll
2010-04-26 08:16 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2010-04-26 08:11 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-26 08:11 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2010-04-26 08:11 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-25 18:23 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-25 17:25 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-04-25 17:25 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-04-25 17:25 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-04-25 17:25 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2010-04-25 17:25 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-04-25 17:24 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-04-25 17:24 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-04-25 17:08 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-04-25 17:08 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-04-25 17:08 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-04-25 17:08 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-04-25 17:08 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2010-04-25 17:05 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-25 17:05 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-25 17:05 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-25 17:00 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-25 17:00 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-04-25 17:00 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-25 17:00 . 2008-01-19 07:36 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-04-25 17:00 . 2008-01-19 07:36 64512 ----a-w- c:\windows\system32\wlanapi.dll
2010-04-25 17:00 . 2008-01-05 11:34 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-04-25 17:00 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-25 16:53 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-04-25 16:53 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-04-25 16:52 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-04-25 16:52 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-04-25 16:52 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-04-25 16:52 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-04-25 16:52 . 2008-01-19 07:34 23552 ----a-w- c:\windows\system32\lpk.dll
2010-04-25 16:52 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-25 16:52 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-25 16:51 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-04-25 16:51 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-04-25 16:51 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-04-25 16:51 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-04-25 16:51 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-04-25 16:51 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-04-25 16:51 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-04-25 16:51 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-04-25 16:51 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-04-25 16:48 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2010-04-25 16:48 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-04-25 16:48 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-04-25 16:48 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-04-25 16:48 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-25 16:48 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-25 16:48 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-04-25 16:48 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2010-04-25 16:48 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2010-04-25 16:47 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-25 16:47 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-25 16:47 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-25 16:47 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-04-25 16:47 . 2008-01-19 07:34 98816 ----a-w- c:\windows\system32\mfps.dll
2010-04-25 16:47 . 2008-01-19 07:33 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-04-25 16:47 . 2008-01-19 07:33 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-04-25 16:47 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-25 16:47 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-25 16:47 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-04-25 16:46 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2010-04-25 16:45 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-04-25 16:45 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-04-25 16:44 . 2008-01-19 07:36 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-04-25 16:44 . 2008-01-19 07:33 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-04-25 16:44 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-04-25 16:41 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-25 16:41 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-04-25 16:41 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-25 16:41 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-04-25 16:41 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-25 16:41 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-25 16:41 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-25 16:41 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-04-25 16:41 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-25 16:41 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-04-25 16:22 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-25 16:18 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2010-04-25 16:15 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-25 16:15 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-25 16:15 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-25 16:15 . 2008-01-19 05:55 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-25 16:15 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-04-25 16:15 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2010-04-25 16:15 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-04-25 16:15 . 2008-01-19 07:36 37888 ----a-w- c:\windows\system32\printcom.dll
2010-04-25 16:14 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 16:14 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-04-25 16:14 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-25 16:14 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-04-25 16:14 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-04-25 16:13 . 2008-11-27 04:43 268288 ----a-w- c:\windows\system32\schannel.dll
2010-04-25 16:13 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-04-25 16:13 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2010-04-25 16:12 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-04-25 16:12 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-04-25 16:11 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-04-25 16:11 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-04-25 16:11 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-04-25 16:10 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-04-25 16:10 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-04-25 16:06 . 2010-04-26 12:17 -------- d-----w- c:\programdata\Norton
2010-04-25 16:05 . 2010-04-25 16:05 -------- d-----w- c:\programdata\NortonInstaller
2010-04-25 16:02 . 2010-04-26 17:27 -------- d-----w- c:\users\alessandra\Tracing
2010-04-25 15:58 . 2009-08-05 20:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-04-25 15:58 . 2010-04-25 15:58 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-25 15:53 . 2010-04-25 15:53 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-04-25 15:43 . 2008-06-26 03:21 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-04-25 15:43 . 2008-06-26 03:21 347648 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-04-25 15:36 . 2010-04-25 15:36 -------- d-----w- c:\program files\Microsoft
2010-04-25 15:35 . 2010-04-25 15:35 -------- d-----w- c:\program files\Windows Live SkyDrive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 17:55 . 2007-10-08 10:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-26 17:43 . 2006-11-06 01:52 662862 ----a-w- c:\windows\system32\perfh010.dat
2010-04-26 17:43 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-04-26 16:07 . 2007-04-13 14:36 -------- d-----w- c:\program files\Symantec
2010-04-26 16:05 . 2007-08-09 21:55 -------- d-----w- c:\users\alessandra\AppData\Roaming\Skype
2010-04-26 16:03 . 2007-04-13 14:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-26 15:11 . 2007-04-13 15:03 -------- d-----w- c:\program files\Google
2010-04-26 12:18 . 2007-09-07 19:36 -------- d-----w- c:\program files\Totò Sapore
2010-04-26 12:17 . 2008-03-19 19:54 -------- d-----w- c:\program files\Norton Security Scan
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-26 11:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-26 11:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-26 10:24 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-26 10:23 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-26 08:57 . 2007-04-13 15:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-26 08:54 . 2007-04-13 15:20 -------- d-----w- c:\program files\Java
2010-04-25 19:58 . 2008-03-04 21:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-25 19:06 . 2008-06-22 13:18 -------- d-----w- c:\program files\Virtual Earth 3D
2010-04-25 18:09 . 2007-04-13 14:49 -------- d-----w- c:\program files\Microsoft Works
2010-04-25 16:31 . 2008-05-20 10:05 95 ----a-w- c:\users\alessandra\AppData\Local\sxdinzx.bat
2010-04-25 15:58 . 2008-05-11 21:05 -------- d-----w- c:\program files\Windows Live
2010-04-25 15:56 . 2007-09-02 20:10 -------- d-----w- c:\program files\Windows Live Toolbar
2010-04-25 14:42 . 2008-05-19 21:52 -------- d-----w- c:\programdata\Kiwee Toolbar2
2010-02-23 06:39 . 2010-04-26 08:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-26 08:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-26 08:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-26 08:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 08:52 265360 ----a-w- c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-13 20034600]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-02-12 253000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-02-16 172032]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-08-09 77824]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-04-25 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"KiweeHook"="c:\program files\Kiwee Toolbar2\1.5.131\kwtbaim.exe" [2008-04-03 56456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-04-25 30192]
R3 GTFFBUS;GT FF BUS;c:\windows\system32\DRIVERS\gtffbus.sys [2006-11-16 17024]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2006-11-16 115840]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2006-11-16 34560]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 GtDetectSc;GT Detect;c:\windows\system32\GtDetectSc.exe [2006-11-16 167936]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-26 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-26 12:54]

2008-08-06 c:\windows\Tasks\HPCeeScheduleForalessandra.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-04-13 14:08]

2010-04-26 c:\windows\Tasks\User_Feed_Synchronization-{1185D9E9-3F6E-4526-ADAA-F3441A5E3878}.job
- c:\windows\system32\msfeedssync.exe [2010-04-26 04:54]
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-*{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 20:00
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(2260)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-26 20:09:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-26 18:09

Pre-Run: 61.754.552.320 byte disponibili
Post-Run: 61.435.850.752 byte disponibili

- - End Of File - - 4F72C76FAD34CA917B2C802EFFF5E2E6


Attendo istruzioni prima di sostituire l'antivirus.
Salutoni
Torna in alto
 
shapiro
Inviato: Monday, April 26, 2010 9:03:39 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
allora....l'antivirus sostituiscilo subito senza rischiare e fino a uando non lo hai fatto rimani connesso solo su questo sito

lo credo che il pc era lento, eri pieno di infezioni

analizza qui questo file

c:\windows\system32\lpk.dll



visualizza i file nascosti

1.
Code:
Start -->Computer
   2. Premi  il tasto ALT per la visualizzazione della Barra dei Menu
   3. Clicca su Strumenti --> Opzioni cartella --> Tab >>>Visualizzazione
   4. Metti  il segno di spunta su Visualizza cartelle e file nascosti


segui il percorso ed elimina il file in rosso

c:\users\alessandra\AppData\Local\sxdinzx.bat


vai in pannello di controllo (installazione \applicazioni) e rimuovi la KiweeToolbar



scarica malwarebytes

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
testabianca
Inviato: Monday, April 26, 2010 9:51:33 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Eseguito tutto ma non trovo il file da analizzare (forse non sono capace io) che nonostante ho seguito il percorso non esiste.
Appena pronto posto il log di MBA,
Salutoni
Torna in alto
 
testabianca
Inviato: Monday, April 26, 2010 11:56:45 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ecco il log di MBA:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 4040

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

26/04/2010 23.51.19
mbam-log-2010-04-26 (23-51-19).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 259070
Tempo trascorso: 2 ore, 7 minuti, 16 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


Nessuna infezione anche se la durata sembra eccessiva.
Ringrazio ed auguro buona notte.
Torna in alto
 
testabianca
Inviato: Monday, April 26, 2010 11:57:22 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ecco il log di MBA:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 4040

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

26/04/2010 23.51.19
mbam-log-2010-04-26 (23-51-19).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 259070
Tempo trascorso: 2 ore, 7 minuti, 16 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


Nessuna infezione anche se la durata sembra eccessiva.


Posso ora eliminare le cartelle relative a combofix?
Ringrazio ed auguro buona notte.
Torna in alto
 
shapiro
Inviato: Tuesday, April 27, 2010 9:17:15 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scarica Ccleaner

ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica atf cleaner

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)

vai in C:\ ed elimina la cartella qoobox

scarica virit

vai in modalita' provvisoria e fai una scansione completa del pc

esegui una nuova scansione con combofix e posta i due rapporti
Torna in alto
 
testabianca
Inviato: Tuesday, April 27, 2010 11:39:11 AM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ho eseguito tutto tranne combofix per due ragioni:
a) nella modalità provvisoria l'icona di combofix non è presente,
b) non so come disattivare microsoft security essential.



Ecco il risultato di Virit:
VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
27/04/2010 - 10:08:01

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1563.
Files Totali: 1563.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

27/04/2010 - 10:08:59

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK


[D:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK


[E:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 171446.
Files Totali: 171446.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK

Riscontrato miglioramento nell'esecuzione dei programmi e nella navigazione ma restano lente le aperture e le chiusure di windows.


In attesa di suggerimenti, ringrazio ed invio calorosi saluti.
Torna in alto
 
shapiro
Inviato: Tuesday, April 27, 2010 12:11:23 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova a fare la scansione in modalita' normale

per disattivarlo dovrebbe essere come in tutti gli antivirus .....prova sull'icona nella trybar col tasto destro e vedi se ci sono delle opzioni
Torna in alto
 
testabianca
Inviato: Tuesday, April 27, 2010 12:26:26 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ho provato con il tasto destro ma esiste una sola opzione: APRI, ho aperto la non ci sono scelte per disattivare.
Torna in alto
 
shapiro
Inviato: Tuesday, April 27, 2010 12:28:21 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova a lanciare combofix, vedi se te lo permette....
Torna in alto
 
testabianca
Inviato: Tuesday, April 27, 2010 1:41:34 PM

Rank: AiutAmico

Iscritto dal : 12/11/2008
Posts: 508
Ho trovato come disabilitare: Apri - impostazioni - protezione in tempo reale e togliere le due spunte, confermare,
All'inizio combofix non andava ma dopo alcuni tentativi ecco il risultato.

ComboFix 10-04-21.01 - alessandra 27/04/2010 13.06.34.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.1014.276 [GMT 2:00]
Eseguito da: c:\users\alessandra\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\intel64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\localsys64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\ntos.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\oembios.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\swin32.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twex.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twext.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\wsnpoema.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-03-27 al 2010-04-27 )))))))))))))))))))))))))))))))))))
.

2010-04-27 11:23 . 2010-04-27 11:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-27 11:23 . 2010-04-27 11:23 -------- d-----w- c:\users\alessandra\AppData\Local\temp
2010-04-27 10:00 . 2010-04-27 10:00 -------- d-----w- c:\programdata\Panda Security
2010-04-27 10:00 . 2010-04-27 10:00 -------- d-----w- c:\program files\Panda USB Vaccine
2010-04-27 08:01 . 2010-04-27 10:42 -------- d-----w- C:\VEXPLite
2010-04-27 07:57 . 2010-04-27 08:02 -------- dc-h--w- c:\programdata\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}
2010-04-27 07:56 . 2010-04-27 07:56 -------- d-----w- c:\users\alessandra\AppData\Local\PackageAware
2010-04-27 07:44 . 2010-04-27 07:44 -------- d-----w- c:\users\alessandra\AppData\Local\Adobe
2010-04-26 19:42 . 2010-04-26 19:42 -------- d-----w- c:\users\alessandra\AppData\Roaming\Malwarebytes
2010-04-26 19:42 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 19:42 . 2010-04-26 19:42 -------- d-----w- c:\programdata\Malwarebytes
2010-04-26 19:42 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:42 . 2010-04-26 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 19:06 . 2010-04-26 19:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-26 17:53 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-04-26 17:53 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-26 16:41 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-26 16:41 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-26 16:41 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2010-04-26 16:41 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2010-04-26 16:41 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2010-04-26 16:41 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-04-26 16:41 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2010-04-26 16:41 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2010-04-26 16:41 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2010-04-26 16:41 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2010-04-26 16:41 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-04-26 15:49 . 2010-04-26 15:49 -------- d-----w- c:\users\alessandra\AppData\Local\Kiwee Toolbar2
2010-04-26 12:42 . 2010-04-26 12:42 -------- d-----w- c:\users\alessandra\AppData\Roaming\IObit
2010-04-26 12:42 . 2010-04-26 12:42 -------- d-----w- c:\program files\IObit
2010-04-26 11:13 . 2010-04-26 11:13 -------- d-----w- C:\PerfLogs
2010-04-26 08:56 . 2010-04-26 08:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-26 08:16 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-04-26 08:16 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-04-26 08:16 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll
2010-04-26 08:16 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2010-04-26 08:11 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-26 08:11 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2010-04-26 08:11 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-25 18:23 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-25 17:25 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-04-25 17:25 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-04-25 17:25 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-04-25 17:25 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2010-04-25 17:25 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-04-25 17:24 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-04-25 17:24 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-04-25 17:08 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-04-25 17:08 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-04-25 17:08 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-04-25 17:08 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-04-25 17:08 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2010-04-25 17:05 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-25 17:05 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-25 17:05 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-25 17:00 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-25 17:00 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-04-25 17:00 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-25 17:00 . 2008-01-19 07:36 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-04-25 17:00 . 2008-01-19 07:36 64512 ----a-w- c:\windows\system32\wlanapi.dll
2010-04-25 17:00 . 2008-01-05 11:34 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-04-25 17:00 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-25 16:53 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-04-25 16:53 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-04-25 16:52 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-04-25 16:52 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-04-25 16:52 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-04-25 16:52 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-04-25 16:52 . 2008-01-19 07:34 23552 ----a-w- c:\windows\system32\lpk.dll
2010-04-25 16:52 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-25 16:52 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-25 16:51 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-04-25 16:51 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-04-25 16:51 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-04-25 16:51 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-04-25 16:51 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-04-25 16:51 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-04-25 16:51 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-04-25 16:51 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-04-25 16:51 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-04-25 16:48 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2010-04-25 16:48 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-04-25 16:48 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-04-25 16:48 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-04-25 16:48 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-25 16:48 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-25 16:48 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-04-25 16:48 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2010-04-25 16:48 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2010-04-25 16:47 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-25 16:47 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-25 16:47 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-25 16:47 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-04-25 16:47 . 2008-01-19 07:34 98816 ----a-w- c:\windows\system32\mfps.dll
2010-04-25 16:47 . 2008-01-19 07:33 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-04-25 16:47 . 2008-01-19 07:33 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-04-25 16:47 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-25 16:47 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-25 16:47 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-04-25 16:46 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2010-04-25 16:45 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-04-25 16:45 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-04-25 16:44 . 2008-01-19 07:36 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-04-25 16:44 . 2008-01-19 07:33 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-04-25 16:44 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-04-25 16:41 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-25 16:41 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-04-25 16:41 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-25 16:41 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-04-25 16:41 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-25 16:41 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-25 16:41 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-25 16:41 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-04-25 16:41 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-25 16:41 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-04-25 16:22 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-25 16:18 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2010-04-25 16:15 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-25 16:15 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-25 16:15 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-25 16:15 . 2008-01-19 05:55 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-25 16:15 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-04-25 16:15 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2010-04-25 16:15 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-04-25 16:15 . 2008-01-19 07:36 37888 ----a-w- c:\windows\system32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 11:01 . 2007-10-08 10:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-27 09:15 . 2006-11-06 01:52 662862 ----a-w- c:\windows\system32\perfh010.dat
2010-04-27 09:15 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-04-27 06:49 . 2010-04-27 06:49 407304 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-26 22:12 . 2007-08-09 21:55 -------- d-----w- c:\users\alessandra\AppData\Roaming\Skype
2010-04-26 19:20 . 2008-05-19 21:52 -------- d-----w- c:\programdata\Kiwee Toolbar2
2010-04-26 16:07 . 2007-04-13 14:36 -------- d-----w- c:\program files\Symantec
2010-04-26 16:03 . 2007-04-13 14:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-26 15:11 . 2007-04-13 15:03 -------- d-----w- c:\program files\Google
2010-04-26 14:26 . 2010-04-27 08:02 2856267 -c--a-w- c:\programdata\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\vnlt6639.exe
2010-04-26 13:51 . 2010-04-27 07:58 278528 -c--a-w- c:\programdata\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2010-04-26 12:18 . 2007-09-07 19:36 -------- d-----w- c:\program files\Totò Sapore
2010-04-26 12:17 . 2008-03-19 19:54 -------- d-----w- c:\program files\Norton Security Scan
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-26 11:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-26 11:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-26 11:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-26 11:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-26 10:24 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-26 10:23 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-26 08:57 . 2007-04-13 15:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-26 08:54 . 2007-04-13 15:20 -------- d-----w- c:\program files\Java
2010-04-25 19:58 . 2008-03-04 21:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-25 19:06 . 2008-06-22 13:18 -------- d-----w- c:\program files\Virtual Earth 3D
2010-04-25 18:09 . 2007-04-13 14:49 -------- d-----w- c:\program files\Microsoft Works
2010-04-25 16:16 . 2010-04-25 16:16 4 --sha-w- c:\windows\Fonts\ARIAL.TCX
2010-04-25 15:58 . 2008-05-11 21:05 -------- d-----w- c:\program files\Windows Live
2010-04-25 15:56 . 2007-09-02 20:10 -------- d-----w- c:\program files\Windows Live Toolbar
2010-04-13 06:54 . 2010-04-27 07:58 360448 -c--a-w- c:\programdata\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2010-03-23 10:27 . 2010-04-27 07:58 819200 -c--a-w- c:\programdata\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
2010-03-12 07:53 . 2010-04-27 07:58 122880 -c--a-w- c:\programdata\{968F9FBF-0523-4FFE-95F9-512F1E2811A3}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2010-02-23 06:39 . 2010-04-26 08:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-26 08:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-26 08:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-26 08:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-13 20034600]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-02-12 253000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-02-16 172032]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-08-09 77824]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-04-25 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-04-27 278528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-04-25 30192]
R3 GTFFBUS;GT FF BUS;c:\windows\system32\DRIVERS\gtffbus.sys [2006-11-16 17024]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2006-11-16 115840]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2006-11-16 34560]
S0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2009-11-11 45312]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 GtDetectSc;GT Detect;c:\windows\system32\GtDetectSc.exe [2006-11-16 167936]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-27 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-26 12:54]

2008-08-06 c:\windows\Tasks\HPCeeScheduleForalessandra.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-04-13 14:08]

2010-04-26 c:\windows\Tasks\User_Feed_Synchronization-{1185D9E9-3F6E-4526-ADAA-F3441A5E3878}.job
- c:\windows\system32\msfeedssync.exe [2010-04-26 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 13:23
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-04-27 13:31:04
ComboFix-quarantined-files.txt 2010-04-27 11:31
ComboFix2.txt 2010-04-26 18:09

Pre-Run: 57.650.688.000 byte disponibili
Post-Run: 57.390.223.360 byte disponibili

- - End Of File - - 9016F0979273C4C48D3BFDCA1E2B3188

Come mai è presente ancora avg se disinstallato con il suo tool?
Vorrei fare una ricerca sul pc del file ma non trovo il relativo comamdo CERCA,

Se ritieni necessario effettuo una scansione con Haijackthis,
Salutoni,
Torna in alto
 
shapiro
Inviato: Tuesday, April 27, 2010 3:41:23 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
continuo a vedere quel c:\windows\system32\lpk.dll che non mi piace proprio Think

scaricati prevx e controlla cosa individua

per le chiavi rimaste scarica RegSeeker

scompattalo e lancialo

vai su ''cerca voci inutili'' e scrivi uno ad uno i programmi che hai disinstallato

norton

avg

KiweeToolbar

avvia la ricerca ed elimina quello che trova in riferimento al programma

attendo tue notizie
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pc estremamente lento - controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.