Vista partire Spegnere e molto lentamente, non è sicuro Che cosa fare

**HistoryGirl** · #1 29. Marzo 2009, 08:59

In primo luogo mi assumendo questo è il posto giusto per mettere questo.

Sono andato in Pannello di controllo e delle prestazioni e trovato un paio di problemi di prestazioni dicendo:

Programmi di avvio per avviare la causa di finestre lentamente
Programmi causano finestre per spegnere lentamente

I dettagli di queste sono:

A partire lentamente:

http://i7.photobucket.com/albums/y27...tartslowly.jpg

Arresto:

http://i7.photobucket.com/albums/y27...downslowly.jpg

Ho anche HijackThis e ha ottenuto questo messaggio:

http://i7.photobucket.com/albums/y27...rormessage.jpg

Questa è probabilmente una domanda stupida ma come faccio a rimediare a queste? Se ragazzi mi potrebbe punto nella giusta direzione che vorrà diventare grande.

**evilfantasy** · #2 29. Marzo 2009, 11:19

Con Vista si ha diritto a scegliere il HJT icona e scegliere 'Esegui come amministratore'.

Avete fatto ultimamente qualsiasi intervento di manutenzione? Pulitura disco, defrag?

**HistoryGirl** · #3 30. Marzo 2009, 10:11

Sì ho ho eseguito la pulitura e la deframmentazione del disco recentemente che essere ciò che è stato causa problemi?

Entra Nuovo HijackThis:

Citazione:

Logfile di Trend Micro HijackThis v2.0.2
Scan salvato in 18:25:00, a 30/03/2009
Piattaforma: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Processi in esecuzione:
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ Explorer.EXE
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ AsGHost.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Program Files \ ASUS \ ASUS Live Update \ ALU.exe
C: \ Windows \ ASScrPro.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ RocketDock \ RocketDock.exe
C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Program Files \ Infineon \ Security Platform Software \ PSDrt.exe
C: \ Program Files \ Infineon \ Security Platform Software \ SpTna.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.asus.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int Ethernet Impostazioni, ProxyOverride = *. locali
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - (no file)
O1 - Hosts::: 1 localhost
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin per Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (no file)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O2 - BHO: (no name) - (AA58ED58-01DD-4d91-8333-CF10577473F7) - (no file)
O2 - BHO: ASUS Security Protect Manager - (DF21F1DB-80C6-11D3-9483-B03D0EC10000) - C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ItIEAddIn.dll
O3 - Toolbar: (no name) - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - (no file)
O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O4 - HKLM \ .. \ Run: [ASUS Screen Saver Protector] C: \ Windows \ ASScrPro.exe
O4 - HKLM \ .. \ Run: [IFXSPMGT] C: \ Windows \ system32 \ ifxspmgt.exe / NotifyLogon
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKCU \ .. \ Run: [RocketDock] "C: \ Program Files \ RocketDock \ RocketDock.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ PROGRA ~ 1 \ Java \ JRE16 ~ 4.0_0 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ PROGRA ~ 1 \ Java \ JRE16 ~ 4.0_0 \ bin \ ssv.dll
O9 - Extra pulsante: Blog This - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: & blog in Windows Live Writer - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra pulsante: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
Ø16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
Ø18 - Protocollo: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
Ø20 - AppInit_DLLs: APSHook.dll, avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - (E31004D1-41B8-A431-826F-E902F9D95C81) - C: \ Windows \ System32 \ DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Servizio ASLDR (ASLDRService) - Sconosciuto proprietario - C: \ Program Files \ ATK Hotkey \ ASLDRSrv.exe
O23 - Service: Servizio ATKGFNEX (ATKGFNEXSrv) - Sconosciuto proprietario - C: \ Program Files \ ATKGFNEX \ GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe
O23 - Service: AVG Free8 Watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Sconosciuto proprietario - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file mancanti)
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FlexNet Licensing Service - Macrovision Europe Ltd. - C: \ Program Files \ Common Files \ Macrovision Shared \ FlexNet Publisher \ FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C: \ Program Files \ BinarySense \ HDDlife 3 \ hldasvc.exe
O23 - Service: Intel (R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C: \ Windows \ system32 \ ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C: \ Windows \ system32 \ ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: NMIndexingService - Sconosciuto proprietario - C: \ Program Files \ Common Files \ Ahead \ Lib \ NMIndexingService.exe (file mancanti)
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C: \ Windows \ system32 \ IfxPsdSv.exe
O23 - Service: ProtexisLicensing - Sconosciuto proprietario - C: \ Windows \ system32 \ PSIService.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe
O23 - Service: spmgr - Sconosciuto proprietario - C: \ Program Files \ ASUS \ NB Probe \ SPM \ spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C: \ Windows \ System32 \ StkCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C: \ Windows \ System32 \ ZoneLabs \ vsmon.exe

--

**evilfantasy** · #4 30. Marzo 2009, 10:30

Apri HijackThis e selezionare Non solo un sistema di scansione.

Mettere un segno di spunta accanto alle seguenti voci: (se esiste)

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: (no name) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (no file)
O3 - Toolbar: (no name) - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - (no file)

Importante: Chiudere tutte le finestre, ad eccezione di HijackThis e quindi fare clic su Fix controllati.

Uscita HijackThis.

----------

Scarica ComboFix © by SUBS da uno dei link qui sotto. Assicurarsi superiore a salvare la Desktop.

Link # 1
Link # 2

** Nota: E 'importante che si è salvato direttamente sul tuo desktop

Chiudere tutti i browser Web aperto. (Firefox, Internet Explorer, etc) prima di iniziare ComboFix.

Temporaneamente disattivare tuo antivirus, E qualsiasi antispyware protezione in tempo reale prima eseguire una scansione. Fare clic sul pulsante questo link per visualizzare un elenco di programmi di sicurezza che dovrebbero essere disattivati e come disattivarli.

Fare doppio clic su combofix.exe e segui le istruzioni.
Una volta terminato ComboFix produrrà un log per voi.
Posta la ComboFix log nella prossima risposta.

Importante: Non clic ComboFix della finestra, mentre è in esecuzione. Che potrebbero indurlo a stalla.

Ricorda di riattivare l'antivirus e antispyware quando ComboFix protezione è completa.

Se avete problemi con ComboFix uso, vedere Come usare ComboFix

**HistoryGirl** · #5 30. Marzo 2009, 11:37

Innanzi tutto grazie per l'aiuto e la consulenza. Ho fatto ciò che lei ha detto HJT e che è stato bene. Tuttavia ho fatto come dice il link per quanto riguarda la disabilitazione AVG residente scudo, ma nonostante questo quando cerco ed eseguire combofix, si dice ancora AVG anti-virus è in esecuzione in modo io non sono certo perché.

Vuoi suggerire magari riavviare il mio sistema?

**evilfantasy** · #6 30. Marzo 2009, 13:39

AVG e Combofix che hanno questione. Basta lanciare ComboFix comunque. Se AVG tenta di bloccarlo poi consentire l'esecuzione.

**HistoryGirl** · #7 30. Marzo 2009, 14:21

Diritto ok tutto fatto. Entra come richiesto.

Citazione:

ComboFix 09-03-29.04 - CHLOE 2009-03-30 21:54:30.1 - NTFSx86
Microsoft ® Windows Vista ™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.967 [GMT 1:00]
Running da: c: \ utenti \ CHLOE \ Desktop \ ComboFix.exe
AV: AVG Anti-Virus Free-* Il permesso di accesso * (Aggiornato)
FW: ZoneAlarm Firewall attivato * *
* Creato un nuovo punto di ripristino
.

Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ system32 \ acovcnt.exe

.
((((((((((((((((((((((((( I file creati dal 2009/02/28 al 2009/03/30 ))))))))))) ))))))))))))))))))))
.

2009-03-29 16:23. 2008-06-20 02:14 781.344 - un ------ C: \ Windows \ System32 \ PresentationNative_v0300.dll
2009-03-29 16:23. 2008-06-20 02:14 622.080 - un ------ C: \ Windows \ System32 \ icardagt.exe
2009-03-29 16:23. 2008-06-20 02:14 326.160 - un ------ C: \ Windows \ System32 \ PresentationHost.exe
2009-03-29 16:23. 2008-06-20 02:14 105.016 - un ------ C: \ Windows \ System32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-03-29 16:23. 2008-06-20 02:14 97.800 - a ------ C: \ Windows \ System32 \ infocardapi.dll
2009-03-29 16:23. 2008-06-20 02:14 43.544 - a ------ C: \ Windows \ System32 \ PresentationHostProxy.dll
2009-03-29 16:23. 2008-06-20 02:14 37.384 - a ------ C: \ Windows \ System32 \ infocardcpl.cpl
2009-03-29 16:23. 2008-06-20 02:14 11.264 - a ------ C: \ Windows \ System32 \ icardres.dll
2009-03-29 16:15. 2008-07-27 19:03 282.112 - un ------ C: \ Windows \ System32 \ Mscoree.dll
2009-03-29 16:15. 2008-07-27 19:03 96.760 - a ------ C: \ Windows \ System32 \ dfshim.dll
2009-03-29 16:15. 2008-07-27 19:03 41.984 - a ------ C: \ Windows \ System32 \ netfxperf.dll
2009-03-29 16:14. 2008-07-27 19:03 158.720 - un ------ C: \ Windows \ System32 \ mscorier.dll
2009-03-29 16:14. 2008-07-27 19:03 83.968 - a ------ C: \ Windows \ System32 \ mscories.dll
2009-03-29 13:52. 2009-03-29 13:53 <DIR> d -------- C: \ Program Files \ Defraggler
2009-03-29 13:26. 2008-02-23 05:38 170.496 - un ------ C: \ Windows \ System32 \ tcpipcfg.dll
2009-03-29 13:26. 2008-02-23 03:41 22.528 - a ------ C: \ Windows \ System32 \ netiougc.exe
2009-03-29 13:25. 2009-02-16 00:10 1.221.512 - un ------ C: \ Windows \ System32 \ zpeng25.dll
2009-03-17 21:57. 2009-03-17 21:57 <DIR> d -------- C: \ Program Files \ Microsoft
2009-03-17 21:56. 2009-03-17 21:56 <DIR> d -------- C: \ Windows \ PCHealth
2009-03-16 22:43. 2009-03-28 22:36 <DIR> d - h ----- C: \ $ $ AVG8.VAULT
2009-03-16 20:59. 2009-03-16 20:59 25 - a ------ C: \ Windows \ cdplayer.ini
2009-03-14 00:34. 2008-12-05 05:32 428.544 - un ------ C: \ Windows \ System32 \ EncDec.dll
2009-03-14 00:34. 2008-12-05 05:32 293.376 - un ------ C: \ Windows \ System32 \ psisdecd.dll
2009-03-14 00:34. 2008-12-05 05:31 217.088 - un ------ C: \ Windows \ System32 \ psisrndr.ax
2009-03-14 00:34. 2008-12-05 05:31 177.664 - un ------ C: \ Windows \ System32 \ mpg2splt.ax
2009-03-14 00:34. 2008-12-05 05:31 80.896 - a ------ C: \ Windows \ System32 \ MSNP.ax
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- C: \ programdata \ (00D89592-F643-4D8D-8F0F-AFAE0F14D4C3)
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- C: \ Program Files \ iTunes
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- C: \ Program Files \ iPod
2009-03-14 00:29. 2008-04-17 13:12 107.368 - un ------ C: \ Windows \ System32 \ GEARAspi.dll
2009-03-14 00:29. 2009-01-15 13:19 23.848 - a ------ C: \ Windows \ System32 \ drivers \ GEARAspiWDM.sys
2009-03-14 00:26. 2009-03-14 00:27 <DIR> d -------- C: \ Program Files \ QuickTime
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- C: \ programdata \ Kontiki
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- C: \ Program Files \ Kontiki
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- C: \ Program Files \ Channel4
2009-03-12 23:38. 2009-03-12 23:38 <DIR> d -------- C: \ programdata \ Channel4
2009-03-11 22:33. 2009-03-30 21:10 d -------- <DIR> c: \ utenti \ CHLOE \ Tracing
2009-03-11 22:22. 2009-03-11 22:22 <DIR> d -------- C: \ Program Files \ Windows Live SkyDrive
2009-03-11 22:22. 2009-03-17 21:57 <DIR> d -------- C: \ Program Files \ Windows Live
2009-03-11 21:57. 2009-03-11 21:57 <DIR> d -------- C: \ Program Files \ Common Files \ Windows Live
2009-03-11 13:13. 2009-03-11 21:47 <DIR> d -------- C: \ Program Files \ Amazzonia
2009-03-11 13:13. 2009-03-11 13:13 107.272 - un ------ C: \ Windows \ System32 \ drivers \ avgtdix.sys
2009-03-11 02:09. 2009-01-15 04:36 1.383.424 - un ------ C: \ Windows \ System32 \ mshtml.tlb
2009-03-11 02:09. 2009-01-15 07:11 827.392 - un ------ C: \ Windows \ System32 \ wininet.dll
2009-03-11 02:05. 2008-12-16 04:29 8.147.456 - un ------ C: \ Windows \ System32 \ wmploc.DLL
2009-03-11 02:05. 2008-12-16 06:31 7.680 - un ------ C: \ Windows \ System32 \ spwmp.dll
2009-03-11 02:05. 2008-12-16 06:31 4.096 - un ------ C: \ Windows \ System32 \ msdxm.ocx
2009-03-11 02:05. 2008-12-16 06:31 4.096 - un ------ C: \ Windows \ System32 \ dxmasf.dll
2009-03-11 02:03. 2008-12-16 03:42 288.768 - un ------ C: \ Windows \ System32 \ drivers \ Srv.sys
2009-03-11 02:03. 2008-11-27 05:43 268.288 - un ------ C: \ Windows \ System32 \ Schannel.dll
2009-03-11 02:02. 2009-02-09 04:10 2.033.152 - un ------ C: \ Windows \ System32 \ win32k.sys
2009-02-06 19:52. 2009-02-06 19:52 49.504 - a ------ C: \ Windows \ System32 \ sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 21:07 350.195 --- ha-w C: \ Windows \ system32 \ drivers \ vsconfig.xml
2009-03-30 21:07 --------- d --- aw C: \ programdata \ TEMP
2009-03-29 14:42 --------- d ----- wc: \ programdata \ Spybot - Search & Destroy
2009-03-29 14:42 --------- d ----- wc: \ Program Files \ Spybot - Search & Destroy
2009-03-29 14:42 --------- d ----- wc: \ Program Files \ CCleaner
2009-03-19 16:48 --------- d ----- wc: \ utenti \ CHLOE \ AppData \ Roaming \ uTorrent
2009-03-16 19:58 --------- d ----- wc: \ Program Files \ Common Files \ Real
2009-03-13 23:29 --------- d ----- wc: \ programdata \ Apple Computer
2009-03-13 23:29 --------- d ----- wc: \ Program Files \ Common Files \ Apple
2009-03-13 23:27 --------- d ----- wc: \ Program Files \ Bonjour
2009-03-12 22:24 --------- d ----- wc: \ Program Files \ Google
2009-03-11 23:07 --------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009-03-11 23:05 --------- d ----- wc: \ Program Files \ Windows Mail
2009-03-11 12:13 325.128 ---- aw c: \ windows \ system32 \ drivers \ avgldx86.sys
2009-03-11 11:52 --------- d ----- wc: \ programdata \ avg8
2009-02-15 23:11 293.528 ---- aw c: \ windows \ system32 \ drivers \ vsdatant.sys
2009-01-14 20:20 55.232 ---- aw c: \ utenti \ CHLOE \ AppData \ Roaming \ GDIPFONTCACHEV1.DAT
2008-12-31 21:51 13.025 ---- aw c: \ utenti \ CHLOE \ AppData \ Roaming \ nvModes.dat
2008-12-31 14:32 174 - sha-w C: \ Program Files \ desktop.ini
2008-11-19 15:31 81.920 ---- aw c: \ utenti \ CHLOE \ AppData \ Roaming \ ezpinst.exe
2008-11-19 15:31 47.360 ---- aw c: \ utenti \ CHLOE \ AppData \ Roaming \ pcouffin.sys
2007-05-31 18:23 77.160 ---- aw c: \ utenti \ CHLOE \ DSETUP.dll
2007-05-31 18:23 503.144 ---- aw c: \ utenti \ CHLOE \ DXSETUP.exe
2007-05-31 18:23 1.673.576 ---- aw c: \ utenti \ CHLOE \ dsetup32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"RocketDock" = "C: \ Program Files \ RocketDock \ RocketDock.exe" [2007-09-02 495616]
"msnmsgr" = "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ASUS Screen Saver Protector" = "C: \ Windows \ ASScrPro.exe" [2007-05-15 33136]
"IFXSPMGT" = "c: \ windows \ system32 \ ifxspmgt.exe" [2007-02-26 677408]
"ZoneAlarm Client" = "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2009-02-16 981384]
"SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [2007-03-01 857648]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ System]
"EnableUIADesktopToggle" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = APSHook.dll avgrsstx.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"msacm.ac3filter" = ac3filter.acm

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa]
Notifica Pacchetti REG_MULTI_SZ SceCli ASWLNPkg

[HKLM \ ~ \ startupfolder \ C: ^ ^ programdata Microsoft Vento ows ^ ^ Menu Avvio ^ Programmi ^ ^ avvio WinZip Quick Pick.lnk]
path = c: \ programdata \ Microsoft \ Windows \ Menu Avvio \ Programmi \ Startup \ WinZip Quick Pick.lnk
backup = C: \ Windows \ pss \ WinZip Quick Pick.lnk.CommonStartup
backupExtension =. CommonStartup

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ 4oD]
- un ------ 2007-04-23 12:23 1032640 C: \ Program Files \ Kontiki \ KHost.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Reader Speed Launcher]
- un ------ 2008-06-12 02:38 34672 d: \ Program Files \ Reader \ reader_sl.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ASUS Camera ScreenSaver]
- un ------ 2007-05-15 05:12 37232 c: \ windows \ ASScrProlog.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATKMEDIA]
- un ------ 2006-11-02 16:27 61440 C: \ Program Files \ ASUS \ ATK Media \ DMedia.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ AVG8_TRAY]
- un ------ 2009-03-11 13:13 1601304 C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CognizanceTS]
-ra ------ 2003-12-21 22:11 17920 c: \ progra ~ 1 \ ASUSSE ~ 1 \ ASUSSE ~ 1 \ bin \ ASTSVCC.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ehTray.exe]
- un ------ 2008-01-19 08:33 125952 C: \ Windows \ ehome \ ehtray.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Google Update]
- un ---- t-2009-03-17 22:06 133104 c: \ utenti \ CHLOE \ AppData \ Local \ Google \ Update \ GoogleU pdate.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper]
- un ------ 2009-03-11 14:52 342312 C: \ Program Files \ iTunes \ iTunesHelper.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ msnmsgr]
- un ------ 2009-02-06 19:51 3885408 C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvCplDaemon]
- un ------ 2007-04-04 12:40 8429568 C: \ Windows \ System32 \ nvcpl.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvMediaCenter]
- un ------ 2007-04-04 12:40 81920 C: \ Windows \ System32 \ nvmctray.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ nvsvc]
- un ------ 2007-04-04 12:40 86016 C: \ Windows \ System32 \ nvsvc.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- un ------ 2009-01-05 17:18 413696 C: \ Program Files \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RocketDock]
- un ------ 2007-09-02 13:58 495616 C: \ Program Files \ RocketDock \ RocketDock.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2009-03-05 16:07 2260480 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunJavaUpdateSched]
- un ------ 2008-06-10 04:27 144784 C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ TkBellExe]
- un ------ 2009-03-16 20:58 198160 C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Windows Defender]
- un ------ 2008-01-19 08:38 1008184 C: \ Program Files \ Windows Defender \ MSASCui.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WMPNSCFG]
- un ------ 2008-01-19 08:33 202240 C: \ Program Files \ Windows Media Player \ wmpnscfg.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ (0228e555-4f9c-4e35-a3ec-b109a192b4c2)]
- un ------ 2005-07-15 22:48 479232 C: \ Program Files \ Google \ Gmail Notifier \ gnotify.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RtHDVCpl]
- un ------ 2007-02-15 10:07 4390912 C: \ Windows \ RtHDVCpl.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ ZoneLabsFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ DomainProfile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules]
"(71E74FA5-D1FA-4A82-9121-AE2CACB2ED04)" = = privato Profilo | C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(2FE2345B-5C77-485E-9855-FC6024DE75EC)" = = privato Profilo | C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(CC9CFD37-6799-47CF-9AEE-1063F21C5548)" = = privato Profilo | C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(3D44E6E8-68F3-42F0-B97E-1081F1354874)" = UDP: C: \ Program Files \ LimeWire \ LimeWire.exe: LimeWire 4.12.15
"(B2393435-26B3-4482-A391-C964F3370D66)" = TCP: C: \ Program Files \ LimeWire \ LimeWire.exe: LimeWire 4.12.15
"(1B1039C9-3AEF-4B2E-85CA-DA79FB7CDBD3)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(F9EC3544-5A35-4D84-A067-E7167563791A)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(A9CE85F3-F9BA-4875-B169-9DEF59911C8A)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (0FAAFA32-F5A3-4C35-9AFD-A648E4B3016E) c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" = UDP: C: \ Program Files \ uTorrent \ utorrent.exe: uTorrent
"UDP Query User (CDC85196-C503-4F00-82DC-B95F8D021895) c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" = TCP: C: \ Program Files \ uTorrent \ utorrent.exe: uTorrent
"TCP Query User (5D761702-BEB7-4B94-B693-1A7EF8E441ED) c: \ \ Program Files \ \ facile webtv e radio \ \ easywebtv.exe" = UDP: C: \ Program Files \ facile webtv e radio \ easywebtv.exe : Web TV \ Radio \ Media
"UDP Query User (A7E2F9B1-976E-49B1-960A-8FE671DECB26) c: \ \ Program Files \ \ facile webtv e radio \ \ easywebtv.exe" = TCP: C: \ Program Files \ facile webtv e radio \ easywebtv.exe : Web TV \ Radio \ Media
"(978D57EE-8CEF-4E88-B3CC-472590D8A602)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(038AD6DB-57BA-4294-B6BE-DC5AC329D87A)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (20F3997A-2406-42BC-9A96-17DBA8717938) c: \ \ Program Files \ \ SoulSeek \ \ slsk.exe" = UDP: C: \ Program Files \ SoulSeek \ slsk.exe: SoulSeek
"UDP Query User (EBEDABDC-8DFA-4EA4-83A0-5D79C8A2BE45) c: \ \ Program Files \ \ SoulSeek \ \ slsk.exe" = TCP: C: \ Program Files \ SoulSeek \ slsk.exe: SoulSeek
"TCP Query User (A2D20908-089C-441b-B9C8-C8811AFCAB9E) c: \ \ Program Files \ \ LimeWire \ \ limewire.exe" = UDP: C: \ Program Files \ limewire \ limewire.exe: LimeWire
"UDP Query User (0B6B64F6-D6E9-4D1D-B83A-E6E85E360C05) c: \ \ Program Files \ \ LimeWire \ \ limewire.exe" = TCP: C: \ Program Files \ limewire \ limewire.exe: LimeWire
"(2E890455-237D-4ABA-BE37-B5E6E1862834)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(DDAAC8F6-7557-495a-82B3-EBFF9330A2CC)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(5131D757-BC24-44C9-8EA5-E268DFC6DCAC)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (4C52E1A6-D998-41D5-8E99-27F21E3CA7CB) c: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = UDP: C: \ Program Files \ Mozilla Firefox \ firefox.exe: Firefox
"UDP Query User (80235B6B-2462-4AC3-8A59-7534841DE76B) c: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = TCP: C: \ Program Files \ Mozilla Firefox \ firefox.exe: Firefox
"TCP Query User (049DD1E6-8191-4983-A59D-240E79B46042) c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" = UDP: C: \ Program Files \ uTorrent \ utorrent.exe: uTorrent
"UDP Query User (9A00A32D-A675-4425-8F5E-1528AAB521FB) c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" = TCP: C: \ Program Files \ uTorrent \ utorrent.exe: uTorrent
"TCP Query User (348698D9-5A1D-AC00-4E1C-DBDC43BE0ACF) c: \ \ Program Files \ \ SoulSeek \ \ slsk.exe" = UDP: C: \ Program Files \ SoulSeek \ slsk.exe: SoulSeek
"UDP Query User (60AFF659-3A7C-488C-9CCA-0A8589DD32FA) c: \ \ Program Files \ \ SoulSeek \ \ slsk.exe" = TCP: C: \ Program Files \ SoulSeek \ slsk.exe: SoulSeek
"TCP Query User (3EF98A58-7B3C-8A5A-42B1-CF7DEF59C2A7) c: \ \ Program Files \ \ SopCast \ \ sopcast.exe" = UDP: C: \ Program Files \ SopCast \ sopcast.exe: SopCast Main Application
"UDP Query User (D8A0735D-6D19-4482-A90A-35A9D023DEBE) c: \ \ Program Files \ \ SopCast \ \ sopcast.exe" = TCP: C: \ Program Files \ SopCast \ sopcast.exe: SopCast Main Application
"TCP Query User (7B392C25-D64F-4897-B5CC-5C9B83106BB0) c: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = UDP: C: \ Program Files \ Mozilla Firefox \ firefox.exe: Firefox
"UDP Query User (9990806D-9198-4760-93E7-C65D44E1FE8A) c: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = TCP: C: \ Program Files \ Mozilla Firefox \ firefox.exe: Firefox
"TCP Query User (9998DAB7-D775-4620-A491-D752230551A3) c: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = UDP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"UDP Query User (B9293167-A4DC-43ED-893B-B5B1B89F9988) c: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = TCP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"TCP Query User (B04F6C2B-953A-469D-AFD8-4F3AE27A4941) c: \ \ utenti \ \ chloe \ \ AppData \ \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = UDP: c: \ utenti \ chloe \ appdata \ roaming \ SopCast \ adv \ SOP adver.exe: sopadver.exe
"UDP Query User (914B6A2A-9A2A-43A8-B4EA-BB1EEDC476B5) c: \ \ utenti \ \ chloe \ \ AppData \ \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = TCP: c: \ utenti \ chloe \ appdata \ roaming \ SopCast \ adv \ SOP adver.exe: sopadver.exe
"TCP Query User (69F8C35B-6614-4033-B40E-59012B10975A) c: \ \ Program Files \ \ bearflix \ \ bearflix.exe" = UDP: C: \ Program Files \ bearflix \ bearflix.exe: BearFlix
"UDP Query User (89ABF64F-F79E-456D-9136-82A8675A3E17) c: \ \ Program Files \ \ bearflix \ \ bearflix.exe" = TCP: C: \ Program Files \ bearflix \ bearflix.exe: BearFlix
"(8D76BC83-ABC9-406B-8945-366EA3B7074B)" = UDP: C: \ Program Files \ SmartFTP Client \ SmartFTP.exe: SmartFTP Cliente
"(9FC79C86-3E66-4A61-AA2A-FAB0C61E0453)" = TCP: C: \ Program Files \ SmartFTP Client \ SmartFTP.exe: SmartFTP Cliente
"TCP Query User (9FF9F89E-5323-45dB-89F0-BA37B84180EE) c: \ \ Program Files \ \ TVAnts \ \ tvants.exe" = UDP: C: \ Program Files \ TVAnts \ tvants.exe: TVAnts
"UDP Query User (C10505B7-BDD4-49BB-93E6-E73B8E6C4E33) c: \ \ Program Files \ \ TVAnts \ \ tvants.exe" = TCP: C: \ Program Files \ TVAnts \ tvants.exe: TVAnts
"TCP Query User (A9E241F3-D69C-4E67-938B-33C91AB576A1) c: \ \ Program Files \ \ TVUPlayer \ \ tvuplayer.exe" = UDP: C: \ Program Files \ TVUPlayer \ tvuplayer.exe: TVU Player Componente
"UDP Query User (D3542B64-2CF9-4C20-B6CB-1D9096FF27EB) c: \ \ Program Files \ \ TVUPlayer \ \ tvuplayer.exe" = TCP: C: \ Program Files \ TVUPlayer \ tvuplayer.exe: TVU Player Componente
"(F8B68D6E-3A24-4B31-8261-FB3CA92B5740)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (4E95BA55-EDF5-491d-9059-F11FF353A128) c: \ \ utenti \ \ chloe \ \ AppData \ \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = UDP: c: \ utenti \ chloe \ appdata \ roaming \ SopCast \ adv \ SOP adver.exe: sopadver.exe
"UDP Query User (55C79E39-F1AC-45C7-8F99-995A835F089A) c: \ \ utenti \ \ chloe \ \ AppData \ \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = TCP: c: \ utenti \ chloe \ appdata \ roaming \ SopCast \ adv \ SOP adver.exe: sopadver.exe
"TCP Query User (A3EF2380-6740-4FD5-913E-D67F54A54B11) c: \ \ Program Files \ \ SopCast \ \ sopcast.exe" = UDP: C: \ Program Files \ SopCast \ sopcast.exe: SopCast Main Application
"UDP Query User (E9C164FD-CB41-4D08-9DBA-BDDB929D1C86) c: \ \ Program Files \ \ SopCast \ \ sopcast.exe" = TCP: C: \ Program Files \ SopCast \ sopcast.exe: SopCast Main Application
"TCP Query User (C1148110-2D5B-4810-8651-98FBFD3A6751) c: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = UDP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"UDP Query User (F15683E5-A578-47EE-BEB1-4541978254F4) c: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = TCP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"TCP Query User (CCA39E89-B85B-41BA-9A33-CA6DB37579E4) d: \ \ Program Files \ \ clue.exe" = UDP: d: \ Program Files \ clue.exe: Clue
"UDP Query User (39F3C83F-DCF0-43B4-B149-19F3630B3078) d: \ \ Program Files \ \ clue.exe" = TCP: d: \ Program Files \ clue.exe: Clue
"(01834D55-82B5-480D-beff-52EDB82BB8B5)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(90ECB35B-6897-4166-A35A-04BC39978BA9)" = C: \ Program Files \ AVG \ AVG8 \ avgemc.exe: avgemc.exe
"(504F647E-1476-4948-AA42-DC1DF85CA9A8)" = C: \ Program Files \ AVG \ AVG8 \ avgupd.exe: avgupd.exe
"(CC411EBB-9ACA-4217-9994-ABB961E83B3C)" = UDP: C: \ Program Files \ uTorrent \ uTorrent.exe: μTorrent (TCP-In)
"(031AA3B5-F93B-4E4B-9ED7-66C6B9FFF3E8)" = TCP: C: \ Program Files \ uTorrent \ uTorrent.exe: μTorrent (UDP-In)
"(1D54F818-ABAC-418F-8F39-17EA7664FABE)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(3C9FFAF4-40EA-450F-A906-D34D3E2EFA72)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(6AC9F5D1-C3AC-4878-8740-8A3E10F857E2)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(77045B5E-EC2E-4749-AC23-32130CD39567)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(00BE12C0-42CB-4B64-AA07-80A45C05B97C)" = Disabled: UDP: C: \ Program Files \ Sports Interactive \ Football Manager 2008 \ fm.exe: Football Manager 2008
"(0A529C81-B8E4-4809-A54B-B5141A997A78)" = Disabled: TCP: C: \ Program Files \ Sports Interactive \ Football Manager 2008 \ fm.exe: Football Manager 2008

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ PublicProfile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 AvgLdx86; AVG Free AVI Loader Driver x86; c: \ windows \ system32 \ drivers \ avgldx86.sys [2008-12-24 325128]
R1 AvgTdiX; AVG8 Network Redirector; c: \ windows \ system32 \ drivers \ avgtdix.sys [2009-03-11 107272]
R1 ItSDisk; ItSDisk; c: \ windows \ system32 \ drivers \ itsdis k.sys [2006-05-16 23496]
R1 PersonalSecureDrive; PersonalSecureDrive; c: \ windows \ system32 \ drivers \ psd.sys [2007-01-23 39080]
R2 ASBroker; Broker di sessione di accesso, c: \ windows \ System32 \ svchost.exe-k Cognizance [2008-08-07 21504]
R2 ASChannel; canale di comunicazione locale; c: \ windows \ System32 \ svchost.exe-k Cognizance [2008-08-07 21504]
R2 avg8emc; Free8 AVG E-mail Scanner; c: \ progra ~ 1 \ AVG \ AVG8 \ avgemc.exe [2009-03-11 903960]
R2 avg8wd; AVG Free8 watchdog; c: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [2009-03-11 298264]
R2 HDDlife HDD Access servizio; HDDlife HDD Access servizio; C: \ Program Files \ BinarySense \ HDDlife 3 \ hldasvc.exe [2007-08-09 816376]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [2007-07-15 1153368]
R2 StkSSrv; AVStream Syntek USB2.0 WebCam Service; c: \ windows \ System32 \ StkCSrv.exe [2007-02-07 24576]
R3 AtcL001; NDIS Miniport Driver per Attansic L1 Gigabit Ethernet Controller; c: \ windows \ system32 \ drivers \ atl01v32.sy s [2007-03-15 48128]
R3 StkCMini; Syntek USB2.0 1.3M WebCam AVStream; c: \ windows \ system32 \ drivers \ StkCMini.sys [2007-02-13 1245056]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ E]
\ shell \ AutoRun \ command - E: \ Start.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ H]
\ shell \ AutoRun \ command - H: \ LaunchU3.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (1a4a90a1-32d4-11dc-aa3d-001bfc03310e)]
\ shell \ AutoRun \ command - H: \ LaunchU3.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (c1865685-0291-11dc-b943-806e6f6e6963)]
\ shell \ AutoRun \ command - E: \ autorun.exe
.
Indice dell ' "Operazioni pianificate' cartella

2009/01/11 c: \ windows \ Tasks \ Defrag Job # 00.job
- C: \ Program Files \ DiskTrix \ UltimateDefrag \ UDefrag.exe []

2009/03/26 c: \ windows \ Tasks \ GoogleUpdateTaskUserS-1-5-21-3600620296-2450975610-132854369-1000.job
- C: \ utenti \ CHLOE \ AppData \ Local \ Google \ Update \ GoogleU pdate.exe [2009-03-17 22:06]

2009/03/30 c: \ windows \ Tasks \ User_Feed_Synchronization-(5963E371-2796-42F4-9A54-042DA9F406BC). Posti di lavoro
- C: \ windows \ system32 \ msfeedssync.exe [2008-01-19 08:33]
.
.
------- ------- Supplementari Scan
.
uStart Page = hxxp: / / www.google.co.uk/
uInternet Impostazioni, ProxyOverride = *. locali
IE: E & sporta in Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000
FF - ProfilePath - c: \ utenti \ CHLOE \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ ppnzryw9.default \
FF - prefs.js: browser.search.defaulturl - hxxp: / / search.conduit.com / ResultsExt.aspx? Ctid = CT1178131 & SearchSource = 3 & q =
FF - prefs.js: browser.search.selectedEngine - Ricerca Web
FF - prefs.js: browser.startup.homepage - hxxp: / / www.google.co.uk/
FF - componente: C: \ Program Files \ AVG \ AVG8 \ Firefox \ componenti \ avgssff.dll
FF - componente: C: \ Program Files \ AVG \ AVG8 \ ToolbarFF \ componenti \ vmAVGConnector. Dll
FF - componente: C: \ Program Files \ Real \ RealPlayer \ browserrecord \ componenti \ npr pbrowserrecordplugin.dll
FF - componente: c: \ utenti \ CHLOE \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ ppnzryw9.default \ extensions \ (463F6CA5-EE3C-4be1-B7E6-7FEE11953374) \ piattaforma \ WINNT \ componenti \ FoxyTunes. dll
FF - plug in: C: \ Program Files \ Mozilla Firefox \ plugins \ np-mswmp.dll
FF - plug in: c: \ utenti \ CHLOE \ AppData \ Local \ Google \ Update \ 1.2.141 .5 \ npGoogleOneClick7.dll
FF - plugin: d: \ Program Files \ Reader \ browser \ nppdf32.dll

FIREFOX POLITICHE ---- ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08); user_pref (general.useragent.extra.zencast, Creative ZENcast v2.00.07.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 22:08:49
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

scansione di file nascosti ...

scansione completata con successo
i file nascosti: 0

************************************************** ************************
.
--------------------- DLLs Loaded Sotto i processi in esecuzione ---------------------

- - - - - - -> 'Lsass.exe' (696)
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ bin \ ASWLNPkg.dll
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ bin \ ItMsg.dll

- - - - - - -> 'Explorer.exe' (5000)
C: \ Program Files \ RocketDock \ RocketDock.dll
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ SFSShell.dll
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ItMsg.dll
.
------------------------ Altri processi in esecuzione ----------------------- --
.
c: \ windows \ System32 \ audiodg.exe
c: \ windows \ system32 \ ZoneLabs \ vsmon.exe
c: \ windows \ System32 \ wlanext.exe
C: \ Program Files \ ATK Hotkey \ ASLDRSrv.exe
C: \ Program Files \ ATKGFNEX \ GFNEXSrv.exe
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ asghost.exe
C: \ Program Files \ ATK Hotkey \ HControl.exe
C: \ Program Files \ ATKOSD2 \ ATKOSD2.exe
C: \ Program Files \ Wireless Console 2 \ wcourier.exe
C: \ Program Files \ ASUS \ Splendid \ ACMON.exe
C: \ Program Files \ P4G \ BatteryLife.exe
c: \ windows \ System32 \ ACEngSvr.exe
C: \ Program Files \ ATK Hotkey \ ATKOSD.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
c: \ progra ~ 1 \ AVG \ AVG8 \ avgrsx.exe
c: \ progra ~ 1 \ AVG \ AVG8 \ avgnsx.exe
C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ IAANTmon.exe
c: \ windows \ System32 \ IFXTCS.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
c: \ windows \ System32 \ IfxPsdSv.exe
c: \ windows \ System32 \ PSIService.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ ASUS \ NB Probe \ SPM \ spmgr.exe
C: \ Program Files \ AVG \ AVG8 \ avgcsrvx.exe
c: \ windows \ System32 \ IfxUAGUI.exe
C: \ Program Files \ Infineon \ Security Platform Software \ PSDrt.exe
C: \ Program Files \ Infineon \ Security Platform Software \ SpTNA.exe
c: \ windows \ System32 \ rundll32.exe
.
************************************************** ************************
.
Completamento orario: 2009-03-30 22:16:25 - macchina è stato riavviato
ComboFix-quarantena-files.txt 2009-03-30 21:15:12

Pre-Run: 38800285696 bytes libero
Post-Run: 38307028992 bytes libero

Corrente di default = 1 = 1 = 0 Impossibile LastKnownGood = 41 = Imposta 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35, 36,37,38,39,40,41
354 --- EOF --- 2009-03-29 15:30:34

Un'altra breve domanda firefox sembra essere in esecuzione un po 'più lenta del solito e quando ho chiuderlo e passare ad avviare su un po' di tempo dopo. Si esce con un messaggio che dice Firefox è attualmente in esecuzione, ma non risponde. Si prega di chiudere tutte le versioni prima di tentare di nuovo o qualcosa del genere. Vorrei che accedi indicare / mostra alcuna ragione per questo? Scusa se thats uno stupido questione.

**evilfantasy** · #8 30. Marzo 2009, 15:17

Elimina i file / cartelle, come segue:

1. Vai a Inizio > Correre > Tipo Notepad.exe e fare clic su OK per aprire il Blocco note.
Esso dovere essere il Blocco note, non Wordpad.
2. Copia il testo nella casella qui sotto il codice evidenziando tutto il testo e premendo Ctrl + C

Codice:

Killall:: Registro:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] [-HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ mountpoints2 \ E] [-HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ mountpoints2 \ (c1865685-0291-11dc-b943-806e6f6e6963)] Firefox:: FF - prefs.js: browser.search.defaulturl - hxxp: / / search.conduit.com / ResultsExt.aspx? ctid = CT1178131 & SearchSource = 3 & q = FF - prefs.js: browser.search.selectedEngine - Ricerca Web

3. Vai alla finestra e fare clic su Blocco note Modifica > Incolla
4. Quindi, fare clic su File > Salvare
5. Nome del file CFScript.txt - Salva il file sul tuo desktop
6. Quindi, trascinare il CFScript (tenere premuto il tasto sinistro del mouse mentre si trascina il file) e rilasciarlo (rilasciare il tasto sinistro del mouse) in ComboFix.exe come potete vedere nella schermata qui sotto. Importante: Eseguire questa attentamente le istruzioni!

ComboFix inizierà a eseguire, basta seguire le istruzioni.
Dopo il reboot (nel caso in cui si chiede di riavviare), che produrrà un log per voi.
Post che log (Combofix.txt) nella prossima risposta.

Nota: Non clic ComboFix della finestra, mentre è in esecuzione. Questo può causare il sistema per congelare

----------

Scarica il Norton Removal Tool (SymNRT) sul desktop.

Una volta scaricato si prega di chiudere tutti i browser aperti, anche salvare qualsiasi lavoro, perché questo può richiedere un riavvio.

Vai sul desktop e fare doppio clic su lo strumento di rimozione e quindi fare clic su Impostazione.
Una volta aperto Clicca Successivo
Accettare il contratto di licenza e fare clic su Successivo
Digitare le lettere / numeri che vedi nella casella di testo fare clic su Successivo.
Quindi, fare clic su Successivo e lo strumento avrà inizio.
Una volta finito di riavviare il PC.
Elimina Nortonremoval strumento dal tuo desktop.

----------

Java non è aggiornata.

Le versioni precedenti sono vulnerabilità siti dannosi che possono essere utilizzate per infettare il sistema.

Per prima cosa installare il nuovo Sun Java Runtime Environment

Accertarsi di chiudere tutte le finestre del browser prima di iniziare l'installazione.

Rimuovere la vecchia versione (s)

Scaricare JavaRa

Decomprimere il file e aprire la JavaRa.exe
Fare clic sul pulsante Rimuovere le versioni precedenti
JavaRa e la ricerca di rimuovere qualsiasi versione obsoleta di Java ed elimina quelle che si trovano.
Fare clic sul pulsante Funzioni aggiuntive
Mettere un segno di spunta accanto a Rimuovere i file JRE Inutili e fare clic su Andare
Uscita JavaRa
JavaRa Eliminare il file dal desktop

Nota: Il Java Quick Starter (JQS.exe) aggiunge un servizio per migliorare il tempo di avvio iniziale di applet Java e le applicazioni. Per disattivare il servizio JQS se non si desidera utilizzare, vai a Start> Pannello di controllo> Java> Avanzate> Varie e unseleziona la casella per Java Quick Starter. Fare clic su OK e riavviare il computer.

----------

Scaricare ATF Cleaner da Atribune al tuo desktop.

Link di download alternativo

Nota: Vista gli utenti devono utilizzare Esegui come amministratore

Sotto Main: Selezionare Elimina file scegliere: Seleziona tutto.
Fare clic sul Vuotare selezionati pulsante.
Se si utilizza Firefox fare clic su Firefox in alto e scegliere: Seleziona tutto
Fare clic sul Vuotare selezionati pulsante.
Se volete mantenere la vostra password salvate clic No al prompt.
Se si utilizza browser Opera fare clic su Opera in alto e scegliere: Seleziona tutto
Fare clic sul Vuotare selezionati pulsante.
Se volete mantenere la vostra password salvate clic No al prompt.
Fare clic sul pulsante Esci il menu principale per chiudere il programma.

Si noti che il sistema più lento per eseguire un riavvio o due dopo aver usato questo strumento in modo non panico.

Importante: Riavviare il computer prima di continuare.

----------

Come è il computer che esegue ora?

**HistoryGirl** · #9 31. Marzo 2009, 09:25

Nuova ComboFix Entra:

ComboFix 09-03-29.04 - CHLOE 2009-03-31 16:37:20.2 - NTFSx86
Microsoft ® Windows Vista ™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.1173 [GMT 1:00]
Running da: c: \ utenti \ CHLOE \ Desktop \ ComboFix.exe
Interruttori di comando utilizzati:: c: \ utenti \ CHLOE \ Desktop \ CFScript.txt
AV: AVG Anti-Virus Free-* Il permesso di accesso * (Aggiornato)
FW: ZoneAlarm Firewall attivato * *
* Creato un nuovo punto di ripristino
.

((((((((((((((((((((((((( I file creati dal 2009/02/28 al 2009/03/31 ))))))))))) ))))))))))))))))))))
.

2009-03-31 17:15. 2009-03-31 17:15 45.056 - a ------ C: \ Windows \ System32 \ acovcnt.exe
2009-03-30 22:26. 2009-03-30 22:26 <DIR> d -------- C: \ Program Files \ MediaMonkey
2009-03-29 16:23. 2008-06-20 02:14 781.344 - un ------ C: \ Windows \ System32 \ PresentationNative_v0300.dll
2009-03-29 16:23. 2008-06-20 02:14 622.080 - un ------ C: \ Windows \ System32 \ icardagt.exe
2009-03-29 16:23. 2008-06-20 02:14 326.160 - un ------ C: \ Windows \ System32 \ PresentationHost.exe
2009-03-29 16:23. 2008-06-20 02:14 105.016 - un ------ C: \ Windows \ System32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-03-29 16:23. 2008-06-20 02:14 97.800 - a ------ C: \ Windows \ System32 \ infocardapi.dll
2009-03-29 16:23. 2008-06-20 02:14 43.544 - a ------ C: \ Windows \ System32 \ PresentationHostProxy.dll
2009-03-29 16:23. 2008-06-20 02:14 37.384 - a ------ C: \ Windows \ System32 \ infocardcpl.cpl
2009-03-29 16:23. 2008-06-20 02:14 11.264 - a ------ C: \ Windows \ System32 \ icardres.dll
2009-03-29 16:15. 2008-07-27 19:03 282.112 - un ------ C: \ Windows \ System32 \ Mscoree.dll
2009-03-29 16:15. 2008-07-27 19:03 96.760 - a ------ C: \ Windows \ System32 \ dfshim.dll
2009-03-29 16:15. 2008-07-27 19:03 41.984 - a ------ C: \ Windows \ System32 \ netfxperf.dll
2009-03-29 16:14. 2008-07-27 19:03 158.720 - un ------ C: \ Windows \ System32 \ mscorier.dll
2009-03-29 16:14. 2008-07-27 19:03 83.968 - a ------ C: \ Windows \ System32 \ mscories.dll
2009-03-29 13:52. 2009-03-29 13:53 <DIR> d -------- C: \ Program Files \ Defraggler
2009-03-29 13:26. 2008-02-23 05:38 170.496 - un ------ C: \ Windows \ System32 \ tcpipcfg.dll
2009-03-29 13:26. 2008-02-23 03:41 22.528 - a ------ C: \ Windows \ System32 \ netiougc.exe
2009-03-29 13:25. 2009-02-16 00:10 1.221.512 - un ------ C: \ Windows \ System32 \ zpeng25.dll
2009-03-17 21:57. 2009-03-17 21:57 <DIR> d -------- C: \ Program Files \ Microsoft
2009-03-17 21:56. 2009-03-17 21:56 <DIR> d -------- C: \ Windows \ PCHealth
2009-03-16 22:43. 2009-03-28 22:36 <DIR> d - h ----- C: \ $ $ AVG8.VAULT
2009-03-16 20:59. 2009-03-16 20:59 25 - a ------ C: \ Windows \ cdplayer.ini
2009-03-14 00:34. 2008-12-05 05:32 428.544 - un ------ C: \ Windows \ System32 \ EncDec.dll
2009-03-14 00:34. 2008-12-05 05:32 293.376 - un ------ C: \ Windows \ System32 \ psisdecd.dll
2009-03-14 00:34. 2008-12-05 05:31 217.088 - un ------ C: \ Windows \ System32 \ psisrndr.ax
2009-03-14 00:34. 2008-12-05 05:31 177.664 - un ------ C: \ Windows \ System32 \ mpg2splt.ax
2009-03-14 00:34. 2008-12-05 05:31 80.896 - a ------ C: \ Windows \ System32 \ MSNP.ax
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- C: \ programdata \ (00D89592-F643-4D8D-8F0F-AFAE0F14D4C3)
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- C: \ Program Files \ iTunes
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- C: \ Program Files \ iPod
2009-03-14 00:29. 2008-04-17 13:12 107.368 - un ------ C: \ Windows \ System32 \ GEARAspi.dll
2009-03-14 00:29. 2009-01-15 13:19 23.848 - a ------ C: \ Windows \ System32 \ drivers \ GEARAspiWDM.sys
2009-03-14 00:26. 2009-03-14 00:27 <DIR> d -------- C: \ Program Files \ QuickTime
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- C: \ programdata \ Kontiki
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- C: \ Program Files \ Kontiki
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- C: \ Program Files \ Channel4
2009-03-12 23:38. 2009-03-12 23:38 <DIR> d -------- C: \ programdata \ Channel4
2009-03-11 22:33. 2009-03-31 17:16 d -------- <DIR> c: \ utenti \ CHLOE \ Tracing
2009-03-11 22:22. 2009-03-11 22:22 <DIR> d -------- C: \ Program Files \ Windows Live SkyDrive
2009-03-11 22:22. 2009-03-17 21:57 <DIR> d -------- C: \ Program Files \ Windows Live
2009-03-11 21:57. 2009-03-11 21:57 <DIR> d -------- C: \ Program Files \ Common Files \ Windows Live
2009-03-11 13:13. 2009-03-11 21:47 <DIR> d -------- C: \ Program Files \ Amazzonia
2009-03-11 13:13. 2009-03-11 13:13 107.272 - un ------ C: \ Windows \ System32 \ drivers \ avgtdix.sys
2009-03-11 02:09. 2009-01-15 04:36 1.383.424 - un ------ C: \ Windows \ System32 \ mshtml.tlb
2009-03-11 02:09. 2009-01-15 07:11 827.392 - un ------ C: \ Windows \ System32 \ wininet.dll
2009-03-11 02:05. 2008-12-16 04:29 8.147.456 - un ------ C: \ Windows \ System32 \ wmploc.DLL
2009-03-11 02:05. 2008-12-16 06:31 7.680 - un ------ C: \ Windows \ System32 \ spwmp.dll
2009-03-11 02:05. 2008-12-16 06:31 4.096 - un ------ C: \ Windows \ System32 \ msdxm.ocx
2009-03-11 02:05. 2008-12-16 06:31 4.096 - un ------ C: \ Windows \ System32 \ dxmasf.dll
2009-03-11 02:03. 2008-12-16 03:42 288.768 - un ------ C: \ Windows \ System32 \ drivers \ Srv.sys
2009-03-11 02:03. 2008-11-27 05:43 268.288 - un ------ C: \ Windows \ System32 \ Schannel.dll
2009-03-11 02:02. 2009-02-09 04:10 2.033.152 - un ------ C: \ Windows \ System32 \ win32k.sys
2009-02-06 19:52. 2009-02-06 19:52 49.504 - a ------ C: \ Windows \ System32 \ sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 16:15 --------- d --- aw C: \ programdata \ TEMP
2009-03-31 16:14 350.195 --- ha-w C: \ Windows \ system32 \ drivers \ vsconfig.xml
2009-03-29 14:42 --------- d ----- wc: \ programdata \ Spybot - Search & Destroy
2009-03-29 14:42 --------- d ----- wc: \ Program Files \ Spybot - Search & Destroy
2009-03-29 14:42 --------- d ----- wc: \ Program Files \ CCleaner
2009-03-19 16:48 --------- d ----- wc: \ utenti \ CHLOE \ AppData \ Roaming \ uTorrent
2009-03-16 19:58 --------- d ----- wc: \ Program Files \ Common Files \ Real
2009-03-13 23:29 --------- d ----- wc: \ programdata \ Apple Computer
2009-03-13 23:29 --------- d ----- wc: \ Program Files \ Common Files \ Apple
2009-03-13 23:27 --------- d ----- wc: \ Program Files \ Bonjour
2009-03-12 22:24 --------- d ----- wc: \ Program Files \ Google
2009-03-11 23:07 --------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009-03-11 23:05 --------- d ----- wc: \ Program Files \ Windows Mail
2009-03-11 12:13 325.128 ---- aw c: \ windows \ system32 \ drivers \ avgldx86.sys
2009-03-11 11:52 --------- d ----- wc: \ programdata \ avg8
2009-02-15 23:11 293.528 ---- aw c: \ windows \ system32 \ drivers \ vsdatant.sys
2009-01-14 20:20 55.232 ---- aw c: \ utenti \ CHLOE \ AppData \ Roaming \ GDIPFONTCACHEV1.DAT
2008-12-31 21:51 13.025 ---- aw c: \ utenti \ CHLOE \ AppData \ Roaming \ nvModes.dat
2008-12-31 14:32 174 - sha-w C: \ Program Files \ desktop.ini
2008-11-19 15:31 81.920 ---- aw c: \ utenti \ CHLOE \ AppData \ Roaming \ ezpinst.exe
2008-11-19 15:31 47.360 ---- aw c: \ utenti \ CHLOE \ AppData \ Roaming \ pcouffin.sys
2007-05-31 18:23 77.160 ---- aw c: \ utenti \ CHLOE \ DSETUP.dll
2007-05-31 18:23 503.144 ---- aw c: \ utenti \ CHLOE \ DXSETUP.exe
2007-05-31 18:23 1.673.576 ---- aw c: \ utenti \ CHLOE \ dsetup32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-30_22.13.33.29 )))))))))) )))))))))))))))))))))))))))))))
.
+ 2009-03-31 16:14:31 2.048 - sha-w C: \ Windows \ ServiceProfiles \ LocalService \ AppData \ Lo cal \ lastalive0.dat
+ 2009-03-31 16:14:31 2.048 - sha-w C: \ Windows \ ServiceProfiles \ LocalService \ AppData \ Lo cal \ lastalive1.dat
- 2009-03-30 21:07:56 1.048.576 - sha-w C: \ Windows \ ServiceProfiles \ LocalService \ Ntuser.dat
+ 2009-03-31 16:15:44 1.048.576 - sha-w C: \ Windows \ ServiceProfiles \ LocalService \ Ntuser.dat
- 2009-03-30 21:07:56 1.048.576 - sha-w C: \ Windows \ ServiceProfiles \ NetworkService \ NTUSER.D A
+ 2009-03-31 16:15:44 1.048.576 - sha-w C: \ Windows \ ServiceProfiles \ NetworkService \ NTUSER.D A
- 2009-03-30 21:07:06 16.384 - sha-w C: \ Windows \ System32 \ config \ systemprofile \ AppData \ LOCALI \ Microsoft \ Windows \ Cronologia \ History.IE5 \ index.d a
+ 2009-03-31 16:14:35 16.384 - sha-w C: \ Windows \ System32 \ config \ systemprofile \ AppData \ LOCALI \ Microsoft \ Windows \ Cronologia \ History.IE5 \ index.d a
- 2009-03-30 21:07:06 32.768 - sha-w C: \ Windows \ System32 \ config \ systemprofile \ AppData \ LOCALI \ Microsoft \ Windows \ Temporary Internet Files \ Content.IE5 \ index.dat
+ 2009-03-31 16:14:35 32.768 - sha-w C: \ Windows \ System32 \ config \ systemprofile \ AppData \ LOCALI \ Microsoft \ Windows \ Temporary Internet Files \ Content.IE5 \ index.dat
- 2009-03-30 21:07:06 16.384 - sha-w C: \ Windows \ System32 \ config \ systemprofile \ AppData \ R oaming \ Microsoft \ Windows \ Cookies \ index.dat
+ 2009-03-31 16:14:35 16.384 - sha-w C: \ Windows \ System32 \ config \ systemprofile \ AppData \ R oaming \ Microsoft \ Windows \ Cookies \ index.dat
- 2009-03-30 19:05:35 126.818 ---- aw C: \ Windows \ System32 \ perfc007.dat
+ 2009-03-31 15:21:23 126.818 ---- aw C: \ Windows \ System32 \ perfc007.dat
- 2009-03-30 19:05:35 119.076 ---- aw C: \ Windows \ System32 \ Perfc009.dat
+ 2009-03-31 15:21:23 119.076 ---- aw C: \ Windows \ System32 \ Perfc009.dat
- 2009-03-30 19:05:35 127.578 ---- aw C: \ Windows \ System32 \ perfc00C.dat
+ 2009-03-31 15:21:23 127.578 ---- aw C: \ Windows \ System32 \ perfc00C.dat
- 2009-03-30 19:05:35 124.352 ---- aw C: \ Windows \ System32 \ perfc010.dat
+ 2009-03-31 15:21:23 124.352 ---- aw C: \ Windows \ System32 \ perfc010.dat
- 2009-03-30 19:05:35 130.866 ---- aw C: \ Windows \ System32 \ perfc013.dat
+ 2009-03-31 15:21:23 130.866 ---- aw C: \ Windows \ System32 \ perfc013.dat
- 2009-03-30 19:05:35 130.272 ---- aw C: \ Windows \ System32 \ perfc019.dat
+ 2009-03-31 15:21:23 130.272 ---- aw C: \ Windows \ System32 \ perfc019.dat
- 2009-03-30 19:05:35 620.942 ---- aw C: \ Windows \ System32 \ perfh007.dat
+ 2009-03-31 15:21:23 620.942 ---- aw C: \ Windows \ System32 \ perfh007.dat
- 2009-03-30 19:05:35 644.794 ---- aw C: \ Windows \ System32 \ Perfh009.dat
+ 2009-03-31 15:21:23 644.794 ---- aw C: \ Windows \ System32 \ Perfh009.dat
- 2009-03-30 19:05:35 672.380 ---- aw C: \ Windows \ System32 \ perfh00C.dat
+ 2009-03-31 15:21:23 672.380 ---- aw C: \ Windows \ System32 \ perfh00C.dat
- 2009-03-30 19:05:35 666.234 ---- aw C: \ Windows \ System32 \ perfh010.dat
+ 2009-03-31 15:21:23 666.234 ---- aw C: \ Windows \ System32 \ perfh010.dat
- 2009-03-30 19:05:35 669.852 ---- aw C: \ Windows \ System32 \ perfh013.dat
+ 2009-03-31 15:21:23 669.852 ---- aw C: \ Windows \ System32 \ perfh013.dat
- 2009-03-30 19:05:35 657.990 ---- aw C: \ Windows \ System32 \ perfh019.dat
+ 2009-03-31 15:21:23 657.990 ---- aw C: \ Windows \ System32 \ perfh019.dat
- 2009-03-30 19:03:55 17.414 ---- aw C: \ Windows \ System32 \ WDI \ (86432a0b-3c7d-4ddf-a89c-172faa90485d) \ S-1-5-21-3600620296-2450975610 - 132854369-1000_UserData.bin
+ 2009-03-31 16:17:14 18.026 ---- aw C: \ Windows \ System32 \ WDI \ (86432a0b-3c7d-4ddf-a89c-172faa90485d) \ S-1-5-21-3600620296-2450975610 - 132854369-1000_UserData.bin
- 2009-03-30 19:03:55 81.750 ---- aw C: \ Windows \ System32 \ WDI \ BootPerformanceDiagnostics _SystemData.bin
+ 2009-03-31 16:17:14 81.884 ---- aw C: \ Windows \ System32 \ WDI \ BootPerformanceDiagnostics _SystemData.bin
- 2009-03-30 19:03:54 68.204 ---- aw C: \ Windows \ System32 \ WDI \ ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-03-31 15:15:30 68.346 ---- aw C: \ Windows \ System32 \ WDI \ ShutdownPerformanceDiagnos tics_SystemData.bin
.
- Snapshot reset a data corrente --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"RocketDock" = "C: \ Program Files \ RocketDock \ RocketDock.exe" [2007-09-02 495616]
"msnmsgr" = "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ASUS Screen Saver Protector" = "C: \ Windows \ ASScrPro.exe" [2007-05-15 33136]
"IFXSPMGT" = "c: \ windows \ system32 \ ifxspmgt.exe" [2007-02-26 677408]
"ZoneAlarm Client" = "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2009-02-16 981384]
"SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [2007-03-01 857648]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ System]
"EnableUIADesktopToggle" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = APSHook.dll avgrsstx.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"msacm.ac3filter" = ac3filter.acm

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa]
Notifica Pacchetti REG_MULTI_SZ SceCli ASWLNPkg

[HKLM \ ~ \ startupfolder \ C: ^ ^ programdata Microsoft Vento ows ^ ^ Menu Avvio ^ Programmi ^ ^ avvio WinZip Quick Pick.lnk]
path = c: \ programdata \ Microsoft \ Windows \ Menu Avvio \ Programmi \ Startup \ WinZip Quick Pick.lnk
backup = C: \ Windows \ pss \ WinZip Quick Pick.lnk.CommonStartup
backupExtension =. CommonStartup

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ 4oD]
- un ------ 2007-04-23 12:23 1032640 C: \ Program Files \ Kontiki \ KHost.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Reader Speed Launcher]
- un ------ 2008-06-12 02:38 34672 d: \ Program Files \ Reader \ reader_sl.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ASUS Camera ScreenSaver]
- un ------ 2007-05-15 05:12 37232 c: \ windows \ ASScrProlog.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATKMEDIA]
- un ------ 2006-11-02 16:27 61440 C: \ Program Files \ ASUS \ ATK Media \ DMedia.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ AVG8_TRAY]
- un ------ 2009-03-11 13:13 1601304 C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CognizanceTS]
-ra ------ 2003-12-21 22:11 17920 c: \ progra ~ 1 \ ASUSSE ~ 1 \ ASUSSE ~ 1 \ bin \ ASTSVCC.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ehTray.exe]
- un ------ 2008-01-19 08:33 125952 C: \ Windows \ ehome \ ehtray.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Google Update]
- un ---- t-2009-03-17 22:06 133104 c: \ utenti \ CHLOE \ AppData \ Local \ Google \ Update \ GoogleU pdate.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper]
- un ------ 2009-03-11 14:52 342312 C: \ Program Files \ iTunes \ iTunesHelper.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ msnmsgr]
- un ------ 2009-02-06 19:51 3885408 C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvCplDaemon]
- un ------ 2007-04-04 12:40 8429568 C: \ Windows \ System32 \ nvcpl.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvMediaCenter]
- un ------ 2007-04-04 12:40 81920 C: \ Windows \ System32 \ nvmctray.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ nvsvc]
- un ------ 2007-04-04 12:40 86016 C: \ Windows \ System32 \ nvsvc.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- un ------ 2009-01-05 17:18 413696 C: \ Program Files \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RocketDock]
- un ------ 2007-09-02 13:58 495616 C: \ Program Files \ RocketDock \ RocketDock.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2009-03-05 16:07 2260480 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunJavaUpdateSched]
- un ------ 2008-06-10 04:27 144784 C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ TkBellExe]
- un ------ 2009-03-16 20:58 198160 C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Windows Defender]
- un ------ 2008-01-19 08:38 1008184 C: \ Program Files \ Windows Defender \ MSASCui.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WMPNSCFG]
- un ------ 2008-01-19 08:33 202240 C: \ Program Files \ Windows Media Player \ wmpnscfg.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ (0228e555-4f9c-4e35-a3ec-b109a192b4c2)]
- un ------ 2005-07-15 22:48 479232 C: \ Program Files \ Google \ Gmail Notifier \ gnotify.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RtHDVCpl]
- un ------ 2007-02-15 10:07 4390912 C: \ Windows \ RtHDVCpl.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ ZoneLabsFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ DomainProfile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules]
"(71E74FA5-D1FA-4A82-9121-AE2CACB2ED04)" = = privato Profilo | C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(2FE2345B-5C77-485E-9855-FC6024DE75EC)" = = privato Profilo | C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(CC9CFD37-6799-47CF-9AEE-1063F21C5548)" = = privato Profilo | C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(3D44E6E8-68F3-42F0-B97E-1081F1354874)" = UDP: C: \ Program Files \ LimeWire \ LimeWire.exe: LimeWire 4.12.15
"(B2393435-26B3-4482-A391-C964F3370D66)" = TCP: C: \ Program Files \ LimeWire \ LimeWire.exe: LimeWire 4.12.15
"(1B1039C9-3AEF-4B2E-85CA-DA79FB7CDBD3)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(F9EC3544-5A35-4D84-A067-E7167563791A)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(A9CE85F3-F9BA-4875-B169-9DEF59911C8A)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (0FAAFA32-F5A3-4C35-9AFD-A648E4B3016E) c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" = UDP: C: \ Program Files \ uTorrent \ utorrent.exe: uTorrent
"UDP Query User (CDC85196-C503-4F00-82DC-B95F8D021895) c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" = TCP: C: \ Program Files \ uTorrent \ utorrent.exe: uTorrent
"TCP Query User (5D761702-BEB7-4B94-B693-1A7EF8E441ED) c: \ \ Program Files \ \ facile webtv e radio \ \ easywebtv.exe" = UDP: C: \ Program Files \ facile webtv e radio \ easywebtv.exe : Web TV \ Radio \ Media
"UDP Query User (A7E2F9B1-976E-49B1-960A-8FE671DECB26) c: \ \ Program Files \ \ facile webtv e radio \ \ easywebtv.exe" = TCP: C: \ Program Files \ facile webtv e radio \ easywebtv.exe : Web TV \ Radio \ Media
"(978D57EE-8CEF-4E88-B3CC-472590D8A602)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(038AD6DB-57BA-4294-B6BE-DC5AC329D87A)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (20F3997A-2406-42BC-9A96-17DBA8717938) c: \ \ Program Files \ \ SoulSeek \ \ slsk.exe" = UDP: C: \ Program Files \ SoulSeek \ slsk.exe: SoulSeek
"UDP Query User (EBEDABDC-8DFA-4EA4-83A0-5D79C8A2BE45) c: \ \ Program Files \ \ SoulSeek \ \ slsk.exe" = TCP: C: \ Program Files \ SoulSeek \ slsk.exe: SoulSeek
"TCP Query User (A2D20908-089C-441b-B9C8-C8811AFCAB9E) c: \ \ Program Files \ \ LimeWire \ \ limewire.exe" = UDP: C: \ Program Files \ limewire \ limewire.exe: LimeWire
"UDP Query User (0B6B64F6-D6E9-4D1D-B83A-E6E85E360C05) c: \ \ Program Files \ \ LimeWire \ \ limewire.exe" = TCP: C: \ Program Files \ limewire \ limewire.exe: LimeWire
"(2E890455-237D-4ABA-BE37-B5E6E1862834)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(DDAAC8F6-7557-495a-82B3-EBFF9330A2CC)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(5131D757-BC24-44C9-8EA5-E268DFC6DCAC)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (4C52E1A6-D998-41D5-8E99-27F21E3CA7CB) c: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = UDP: C: \ Program Files \ Mozilla Firefox \ firefox.exe: Firefox
"UDP Query User (80235B6B-2462-4AC3-8A59-7534841DE76B) c: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = TCP: C: \ Program Files \ Mozilla Firefox \ firefox.exe: Firefox
"TCP Query User (049DD1E6-8191-4983-A59D-240E79B46042) c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" = UDP: C: \ Program Files \ uTorrent \ utorrent.exe: uTorrent
"UDP Query User (9A00A32D-A675-4425-8F5E-1528AAB521FB) c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" = TCP: C: \ Program Files \ uTorrent \ utorrent.exe: uTorrent
"TCP Query User (348698D9-5A1D-AC00-4E1C-DBDC43BE0ACF) c: \ \ Program Files \ \ SoulSeek \ \ slsk.exe" = UDP: C: \ Program Files \ SoulSeek \ slsk.exe: SoulSeek
"UDP Query User (60AFF659-3A7C-488C-9CCA-0A8589DD32FA) c: \ \ Program Files \ \ SoulSeek \ \ slsk.exe" = TCP: C: \ Program Files \ SoulSeek \ slsk.exe: SoulSeek
"TCP Query User (3EF98A58-7B3C-8A5A-42B1-CF7DEF59C2A7) c: \ \ Program Files \ \ SopCast \ \ sopcast.exe" = UDP: C: \ Program Files \ SopCast \ sopcast.exe: SopCast Main Application
"UDP Query User (D8A0735D-6D19-4482-A90A-35A9D023DEBE) c: \ \ Program Files \ \ SopCast \ \ sopcast.exe" = TCP: C: \ Program Files \ SopCast \ sopcast.exe: SopCast Main Application
"TCP Query User (7B392C25-D64F-4897-B5CC-5C9B83106BB0) c: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = UDP: C: \ Program Files \ Mozilla Firefox \ firefox.exe: Firefox
"UDP Query User (9990806D-9198-4760-93E7-C65D44E1FE8A) c: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = TCP: C: \ Program Files \ Mozilla Firefox \ firefox.exe: Firefox
"TCP Query User (9998DAB7-D775-4620-A491-D752230551A3) c: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = UDP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"UDP Query User (B9293167-A4DC-43ED-893B-B5B1B89F9988) c: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = TCP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"TCP Query User (B04F6C2B-953A-469D-AFD8-4F3AE27A4941) c: \ \ utenti \ \ chloe \ \ AppData \ \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = UDP: c: \ utenti \ chloe \ appdata \ roaming \ SopCast \ adv \ SOP adver.exe: sopadver.exe
"UDP Query User (914B6A2A-9A2A-43A8-B4EA-BB1EEDC476B5) c: \ \ utenti \ \ chloe \ \ AppData \ \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = TCP: c: \ utenti \ chloe \ appdata \ roaming \ SopCast \ adv \ SOP adver.exe: sopadver.exe
"TCP Query User (69F8C35B-6614-4033-B40E-59012B10975A) c: \ \ Program Files \ \ bearflix \ \ bearflix.exe" = UDP: C: \ Program Files \ bearflix \ bearflix.exe: BearFlix
"UDP Query User (89ABF64F-F79E-456D-9136-82A8675A3E17) c: \ \ Program Files \ \ bearflix \ \ bearflix.exe" = TCP: C: \ Program Files \ bearflix \ bearflix.exe: BearFlix
"(8D76BC83-ABC9-406B-8945-366EA3B7074B)" = UDP: C: \ Program Files \ SmartFTP Client \ SmartFTP.exe: SmartFTP Cliente
"(9FC79C86-3E66-4A61-AA2A-FAB0C61E0453)" = TCP: C: \ Program Files \ SmartFTP Client \ SmartFTP.exe: SmartFTP Cliente
"TCP Query User (9FF9F89E-5323-45dB-89F0-BA37B84180EE) c: \ \ Program Files \ \ TVAnts \ \ tvants.exe" = UDP: C: \ Program Files \ TVAnts \ tvants.exe: TVAnts
"UDP Query User (C10505B7-BDD4-49BB-93E6-E73B8E6C4E33) c: \ \ Program Files \ \ TVAnts \ \ tvants.exe" = TCP: C: \ Program Files \ TVAnts \ tvants.exe: TVAnts
"TCP Query User (A9E241F3-D69C-4E67-938B-33C91AB576A1) c: \ \ Program Files \ \ TVUPlayer \ \ tvuplayer.exe" = UDP: C: \ Program Files \ TVUPlayer \ tvuplayer.exe: TVU Player Componente
"UDP Query User (D3542B64-2CF9-4C20-B6CB-1D9096FF27EB) c: \ \ Program Files \ \ TVUPlayer \ \ tvuplayer.exe" = TCP: C: \ Program Files \ TVUPlayer \ tvuplayer.exe: TVU Player Componente
"(F8B68D6E-3A24-4B31-8261-FB3CA92B5740)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (4E95BA55-EDF5-491d-9059-F11FF353A128) c: \ \ utenti \ \ chloe \ \ AppData \ \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = UDP: c: \ utenti \ chloe \ appdata \ roaming \ SopCast \ adv \ SOP adver.exe: sopadver.exe
"UDP Query User (55C79E39-F1AC-45C7-8F99-995A835F089A) c: \ \ utenti \ \ chloe \ \ AppData \ \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = TCP: c: \ utenti \ chloe \ appdata \ roaming \ SopCast \ adv \ SOP adver.exe: sopadver.exe
"TCP Query User (A3EF2380-6740-4FD5-913E-D67F54A54B11) c: \ \ Program Files \ \ SopCast \ \ sopcast.exe" = UDP: C: \ Program Files \ SopCast \ sopcast.exe: SopCast Main Application
"UDP Query User (E9C164FD-CB41-4D08-9DBA-BDDB929D1C86) c: \ \ Program Files \ \ SopCast \ \ sopcast.exe" = TCP: C: \ Program Files \ SopCast \ sopcast.exe: SopCast Main Application
"TCP Query User (C1148110-2D5B-4810-8651-98FBFD3A6751) c: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = UDP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"UDP Query User (F15683E5-A578-47EE-BEB1-4541978254F4) c: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = TCP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"TCP Query User (CCA39E89-B85B-41BA-9A33-CA6DB37579E4) d: \ \ Program Files \ \ clue.exe" = UDP: d: \ Program Files \ clue.exe: Clue
"UDP Query User (39F3C83F-DCF0-43B4-B149-19F3630B3078) d: \ \ Program Files \ \ clue.exe" = TCP: d: \ Program Files \ clue.exe: Clue
"(01834D55-82B5-480D-beff-52EDB82BB8B5)" = C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(90ECB35B-6897-4166-A35A-04BC39978BA9)" = C: \ Program Files \ AVG \ AVG8 \ avgemc.exe: avgemc.exe
"(504F647E-1476-4948-AA42-DC1DF85CA9A8)" = C: \ Program Files \ AVG \ AVG8 \ avgupd.exe: avgupd.exe
"(CC411EBB-9ACA-4217-9994-ABB961E83B3C)" = UDP: C: \ Program Files \ uTorrent \ uTorrent.exe: μTorrent (TCP-In)
"(031AA3B5-F93B-4E4B-9ED7-66C6B9FFF3E8)" = TCP: C: \ Program Files \ uTorrent \ uTorrent.exe: μTorrent (UDP-In)
"(1D54F818-ABAC-418F-8F39-17EA7664FABE)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(3C9FFAF4-40EA-450F-A906-D34D3E2EFA72)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(6AC9F5D1-C3AC-4878-8740-8A3E10F857E2)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(77045B5E-EC2E-4749-AC23-32130CD39567)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(00BE12C0-42CB-4B64-AA07-80A45C05B97C)" = Disabled: UDP: C: \ Program Files \ Sports Interactive \ Football Manager 2008 \ fm.exe: Football Manager 2008
"(0A529C81-B8E4-4809-A54B-B5141A997A78)" = Disabled: TCP: C: \ Program Files \ Sports Interactive \ Football Manager 2008 \ fm.exe: Football Manager 2008

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ PublicProfile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 AvgLdx86; AVG Free AVI Loader Driver x86; c: \ windows \ system32 \ drivers \ avgldx86.sys [2008-12-24 325128]
R1 AvgTdiX; AVG8 Network Redirector; c: \ windows \ system32 \ drivers \ avgtdix.sys [2009-03-11 107272]
R1 ItSDisk; ItSDisk; c: \ windows \ system32 \ drivers \ itsdis k.sys [2006-05-16 23496]
R1 PersonalSecureDrive; PersonalSecureDrive; c: \ windows \ system32 \ drivers \ psd.sys [2007-01-23 39080]
R2 ASBroker; Broker di sessione di accesso, c: \ windows \ System32 \ svchost.exe-k Cognizance [2008-08-07 21504]
R2 ASChannel; canale di comunicazione locale; c: \ windows \ System32 \ svchost.exe-k Cognizance [2008-08-07 21504]
R2 avg8emc; Free8 AVG E-mail Scanner; c: \ progra ~ 1 \ AVG \ AVG8 \ avgemc.exe [2009-03-11 903960]
R2 avg8wd; AVG Free8 watchdog; c: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [2009-03-11 298264]
R2 HDDlife HDD Access servizio; HDDlife HDD Access servizio; C: \ Program Files \ BinarySense \ HDDlife 3 \ hldasvc.exe [2007-08-09 816376]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [2007-07-15 1153368]
R2 StkSSrv; AVStream Syntek USB2.0 WebCam Service; c: \ windows \ System32 \ StkCSrv.exe [2007-02-07 24576]
R3 AtcL001; NDIS Miniport Driver per Attansic L1 Gigabit Ethernet Controller; c: \ windows \ system32 \ drivers \ atl01v32.sy s [2007-03-15 48128]
R3 StkCMini; Syntek USB2.0 1.3M WebCam AVStream; c: \ windows \ system32 \ drivers \ StkCMini.sys [2007-02-13 1245056]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ H]
\ shell \ AutoRun \ command - H: \ LaunchU3.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (1a4a90a1-32d4-11dc-aa3d-001bfc03310e)]
\ shell \ AutoRun \ command - H: \ LaunchU3.exe
.
Indice dell ' "Operazioni pianificate' cartella

2009/01/11 c: \ windows \ Tasks \ Defrag Job # 00.job
- C: \ Program Files \ DiskTrix \ UltimateDefrag \ UDefrag.exe []

2009/03/26 c: \ windows \ Tasks \ GoogleUpdateTaskUserS-1-5-21-3600620296-2450975610-132854369-1000.job
- C: \ utenti \ CHLOE \ AppData \ Local \ Google \ Update \ GoogleU pdate.exe [2009-03-17 22:06]

2009/03/30 c: \ windows \ Tasks \ User_Feed_Synchronization-(5963E371-2796-42F4-9A54-042DA9F406BC). Posti di lavoro
- C: \ windows \ system32 \ msfeedssync.exe [2008-01-19 08:33]
.
.
------- ------- Supplementari Scan
.
uStart Page = hxxp: / / www.google.co.uk/
uInternet Impostazioni, ProxyOverride = *. locali
IE: E & sporta in Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000
FF - ProfilePath - c: \ utenti \ CHLOE \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ ppnzryw9.default \
FF - prefs.js: browser.search.defaulturl - hxxp: / / search.conduit.com / ResultsExt.aspx? Ctid = CT1178131 & SearchSource = 3 & q =
FF - prefs.js: browser.search.selectedEngine - Ricerca Web
FF - prefs.js: browser.startup.homepage - hxxp: / / www.google.co.uk/
FF - componente: C: \ Program Files \ AVG \ AVG8 \ Firefox \ componenti \ avgssff.dll
FF - componente: C: \ Program Files \ AVG \ AVG8 \ ToolbarFF \ componenti \ vmAVGConnector. Dll
FF - componente: C: \ Program Files \ Real \ RealPlayer \ browserrecord \ componenti \ npr pbrowserrecordplugin.dll
FF - componente: c: \ utenti \ CHLOE \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ ppnzryw9.default \ extensions \ (463F6CA5-EE3C-4be1-B7E6-7FEE11953374) \ piattaforma \ WINNT \ componenti \ FoxyTunes. dll
FF - plug in: C: \ Program Files \ Mozilla Firefox \ plugins \ np-mswmp.dll
FF - plug in: c: \ utenti \ CHLOE \ AppData \ Local \ Google \ Update \ 1.2.141 .5 \ npGoogleOneClick7.dll
FF - plugin: d: \ Program Files \ Reader \ browser \ nppdf32.dll

FIREFOX POLITICHE ---- ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08); user_pref (general.useragent.extra.zencast, Creative ZENcast v2.00.07.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 17:16:10
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

"10ûÿét0ûÿ3ö9sHu [1166747253] 0x75636F44
"10ûÿét0ûÿ3ö9sHu [1166747253] 0x6F6D6D6F
scansione entrate autostart nascoste ...

scansione di file nascosti ...

scansione completata con successo
i file nascosti: 0

************************************************** ************************
.
--------------------- DLLs Loaded Sotto i processi in esecuzione ---------------------

- - - - - - -> 'Lsass.exe' (704)
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ bin \ ASWLNPkg.dll
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ bin \ ItMsg.dll

- - - - - - -> 'Explorer.exe' (3304)
C: \ Program Files \ RocketDock \ RocketDock.dll
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ SFSShell.dll
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ItMsg.dll
.
------------------------ Altri processi in esecuzione ----------------------- --
.
c: \ windows \ System32 \ audiodg.exe
c: \ windows \ system32 \ ZoneLabs \ vsmon.exe
c: \ windows \ System32 \ wlanext.exe
C: \ Program Files \ ATK Hotkey \ ASLDRSrv.exe
C: \ Program Files \ ATKGFNEX \ GFNEXSrv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
c: \ progra ~ 1 \ AVG \ AVG8 \ avgrsx.exe
c: \ progra ~ 1 \ AVG \ AVG8 \ avgnsx.exe
C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ IAANTmon.exe
c: \ windows \ System32 \ IFXTCS.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
c: \ windows \ System32 \ IfxPsdSv.exe
c: \ windows \ System32 \ PSIService.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ ASUS \ NB Probe \ SPM \ spmgr.exe
C: \ Program Files \ AVG \ AVG8 \ avgcsrvx.exe
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ asghost.exe
C: \ Program Files \ ATK Hotkey \ HControl.exe
C: \ Program Files \ ATKOSD2 \ ATKOSD2.exe
C: \ Program Files \ Wireless Console 2 \ wcourier.exe
C: \ Program Files \ ASUS \ Splendid \ ACMON.exe
C: \ Program Files \ P4G \ BatteryLife.exe
c: \ windows \ System32 \ ACEngSvr.exe
C: \ Program Files \ ATK Hotkey \ ATKOSD.exe
c: \ windows \ System32 \ IfxUAGUI.exe
C: \ Program Files \ Infineon \ Security Platform Software \ PSDrt.exe
C: \ Program Files \ Infineon \ Security Platform Software \ SpTNA.exe
c: \ windows \ System32 \ wbem \ WMIADAP.exe
c: \ windows \ System32 \ Dllhost.exe
.
************************************************** ************************
.
Completamento orario: 2009-03-31 17:23:29 - macchina è stato riavviato
ComboFix-quarantena-files.txt 2009-03-31 16:23:16
ComboFix2.txt 2009-03-30 21:16:26

Pre-Run: 39213060096 bytes libero
Post-Run: 38632595456 bytes libero

Corrente di default = 1 = 1 = 0 Impossibile LastKnownGood = 41 = Imposta 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35, 36,37,38,39,40,41
396 --- EOF --- 2009-03-29 15:30:34

**HistoryGirl** · #10 31. Marzo 2009, 09:48

Per quanto riguarda la rimozione di Norton non ho mai installato Norton qui perché è symantec elencati?

Threads simili
Filo	Thread Starter	Forum	Risposte	Ultimo Post
Scheda grafica problema potrebbe essere Stopping Vista normale avvio.	Jonmal	Hardware Generale Chat	1	5 novembre 2009 11:21
XP gira lentamente, non Malware ...	mbonwick	Sistemi operativi Windows	3	24 agosto 2009 07:52
Dell Laptop - Avvio di Windows Trouble - Mantiene arrestare	jazker	Computer, Cellulari e PDA	4	25 mar 2009 06:59
Perché la scansione McAfee così lentamente?	stevescholes	Virus, Spyware e sicurezza	3	29 dic 2008 15:48
Il mio Vista Freeze poco dopo l'inizio.	Jyan29	Hardware Generale Chat	2	30 nov 2008 16:40

Thread Tools
Visualizza Versione stampabile Invia questa pagina