Condividi:        

pc lento

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

pc lento

Postdi dupasquet » 15/07/10 17:49

ciao, ringrazio in anticipo chi puo darmi una mano , il pc ha avuto un drastico rallentamento
posto il log di combofix..


ComboFix 09-05-06.05 - moira 15/07/2010 18.26.05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1023.412 [GMT 2:00]
Eseguito da: c:\users\moira\Desktop\ComboFix.exe
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2010-06-15 al 2010-07-15 )))))))))))))))))))))))))))))))))))
.

2010-07-15 15:50 . 2010-07-15 15:50 12536 ----a-w c:\windows\system32\avgrsstx.dll
2010-07-13 21:31 . 2010-07-15 16:19 -------- d-----w c:\users\moira\AppData\Roaming\Abine
2010-07-13 21:29 . 2010-07-13 21:29 -------- d-----w c:\programdata\McAfee
2010-07-13 21:29 . 2010-07-13 21:29 -------- d-----w c:\users\All Users\McAfee
2010-06-23 15:53 . 2009-11-08 08:55 99176 ----a-w c:\windows\system32\PresentationHostProxy.dll
2010-06-23 15:53 . 2009-11-08 08:55 295264 ----a-w c:\windows\system32\PresentationHost.exe
2010-06-23 15:53 . 2009-11-08 08:55 297808 ----a-w c:\windows\system32\mscoree.dll
2010-06-23 15:53 . 2009-11-08 08:55 49472 ----a-w c:\windows\system32\netfxperf.dll
2010-06-23 15:53 . 2009-11-08 08:55 1130824 ----a-w c:\windows\system32\dfshim.dll
2010-06-23 15:36 . 2010-04-16 16:43 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2010-06-23 15:36 . 2010-04-16 14:39 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 16:17 . 2010-03-17 20:33 0 ----a-w c:\users\moira\AppData\Local\prvlcl.dat
2010-07-15 16:08 . 2006-11-06 01:52 14270 ----a-w c:\windows\system32\perfh010.dat
2010-07-15 16:08 . 2006-11-06 01:52 121096 ----a-w c:\windows\system32\perfc010.dat
2010-07-15 15:50 . 2009-11-17 15:59 243024 ----a-w c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:50 . 2010-04-15 16:07 -------- d-----w c:\program files\SUPERAntiSpyware
2010-07-15 15:50 . 2009-11-17 15:59 216400 ----a-w c:\windows\system32\drivers\avgldx86.sys
2010-07-14 14:09 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2010-07-14 14:09 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2010-07-13 20:50 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2010-06-16 22:34 . 2010-06-10 08:38 -------- d-----w c:\program files\ShotOnline
2010-06-10 08:18 . 2010-06-10 08:18 -------- d-----w c:\program files\Pando Networks
2010-06-05 15:05 . 2008-05-02 10:28 -------- d-----w c:\program files\Microsoft Silverlight
2010-05-28 21:46 . 2010-05-28 21:47 411368 ----a-w c:\windows\system32\deployJava1.dll
2010-05-26 17:06 . 2010-06-10 07:13 34304 ----a-w c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 07:13 289792 ----a-w c:\windows\system32\atmfd.dll
2010-05-04 05:59 . 2010-06-10 07:13 916480 ----a-w c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 07:13 71680 ----a-w c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 07:13 109056 ----a-w c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 07:13 133632 ----a-w c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 07:12 2037248 ----a-w c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 10:03 2048 ----a-w c:\windows\system32\tzres.dll
2010-04-21 21:00 . 2007-04-04 17:14 101568 ----a-w c:\users\moira\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-21 20:33 . 2010-04-21 20:31 32193656 ----a-w c:\windows\system32\moovida.exe
2010-04-16 20:26 . 2010-04-16 20:26 41872 ----a-w c:\windows\system32\xfcodec.dll
2008-05-02 13:45 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w c:\windows\system32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-15 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="c:\program files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [2002-05-24 357376]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2005-08-13 176128]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ff,02,7f,a7,a8,37,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AA874AC1-1452-45B7-BB44-714CCD7E52B6}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{AD95D388-ADE7-47B5-9103-759F9A38A6FC}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{A7FA316F-01D0-456D-BA83-A6CD2B98E525}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{2559D624-230A-48A2-95FA-31B6EA43E93D}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{E09BC2E9-3FF5-4281-8D78-CA04BDF454F5}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{F317AE4E-4D92-4928-85D4-87877584D8C7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{82A00AB6-880E-423A-B9C6-3B3356707954}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{20BB505E-6D91-4AEF-B082-64D8FE510F83}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{B4DBE8EE-1787-4E86-9AE3-556CF9DAC0FD}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8BC81CF4-B596-4EF4-BDB2-8983CBD738B1}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{E2731B48-59DD-40E5-AEC8-E83192FC86F6}"= UDP:c:\program files\Xfire\xfire.exe:Xfire
"{6F6A6BF2-CE40-4E99-8016-6A26F9A86BEC}"= TCP:c:\program files\Xfire\xfire.exe:Xfire
"{588B079E-78E0-4028-A07E-D987CB8A7D59}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{72DB212A-67B6-436E-9703-D15F7819D1B2}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{417EC7B2-6BFA-4EC7-8ADF-FD82AF6A1DC2}"= UDP:c:\program files\Activision\Call of Duty 2\CoD2MP_s.exe:Call of Duty(R) 2 - Multigiocatore
"{2DC49C3F-283C-4D2A-ADED-0EBCF8EE1170}"= TCP:c:\program files\Activision\Call of Duty 2\CoD2MP_s.exe:Call of Duty(R) 2 - Multigiocatore
"{E5B0DC10-84B5-49DD-86D7-9CC0E5838B7D}"= UDP:c:\program files\Xfire\xfire.exe:Xfire
"{387E9FD6-3CBE-49C2-890D-9DA059DC3731}"= TCP:c:\program files\Xfire\xfire.exe:Xfire
"TCP Query User{03A10A65-2FE9-4550-827E-6F127A043F01}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{020D7B3F-E2A1-4754-BD89-5374CE0D8D12}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"TCP Query User{113C8951-57CB-4381-987C-9AB4F1AE44CF}c:\\program files\\codemasters\\micromachines v4\\mmv4.exe"= UDP:c:\program files\codemasters\micromachines v4\mmv4.exe:MMV4
"UDP Query User{794E4326-4108-46C7-AEF2-56FFFBA735A0}c:\\program files\\codemasters\\micromachines v4\\mmv4.exe"= TCP:c:\program files\codemasters\micromachines v4\mmv4.exe:MMV4
"{49AFD4BE-8DA6-45A0-BA40-F53FB9ED32D7}"= UDP:c:\program files\WiFiConnector\NintendoWFCReg.exe:Chiave USB Wi-Fi Nintendo
"{E066778E-C977-42A1-9786-F850ABD30FDE}"= TCP:c:\program files\WiFiConnector\NintendoWFCReg.exe:Chiave USB Wi-Fi Nintendo
"TCP Query User{7738FA28-95B8-4677-BB75-01925D79CFBA}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{0843B7CF-5C90-4415-8B1B-B3B5A2530D45}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"TCP Query User{A12BC917-9ABF-4B64-A794-8E0D03B22E64}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{B7CB1036-FF84-43D5-BEC6-98DBF9B591E9}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{77CF9E11-76CF-47AE-85F2-08F8D79305B8}"= UDP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{43AEA100-6D42-4C63-B425-FDE4D9565CA7}"= TCP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"TCP Query User{4505131B-800A-4358-A2AA-DBC243149964}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{CDFF6A5B-7884-4919-AD30-4629F16CD49E}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{0C54F67A-D1E2-4B92-A2AE-C40DF1CE05D5}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{F7A50B3A-DB09-4002-912A-D8AB14AF912B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1F5564CC-7356-4BB6-B8D3-7D59997FC66D}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{739BD70F-9D2A-4246-8A3C-93CD28BFFC14}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E97CF015-0FA7-4B98-80EF-8490BEA6DBD6}"= UDP:c:\program files\Cyanide\Wintersport Pro 2006\WinterApp.exe:WinterChallenge
"{28666CFF-5F87-440A-A600-6ACD99E4732C}"= TCP:c:\program files\Cyanide\Wintersport Pro 2006\WinterApp.exe:WinterChallenge
"TCP Query User{B8E2CCB2-FD4F-4B80-9F2A-5CC5DDDEE3E6}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"UDP Query User{DD1F121F-E273-4DCE-8B8E-EAE894C080D7}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"TCP Query User{00FE0D28-BE61-41C1-8C79-250FF58FFDA2}c:\\program files\\briscola\\brsnet.exe"= UDP:c:\program files\briscola\brsnet.exe:Briscola
"UDP Query User{EE695F7C-7D4E-4F37-8B6F-7088A628E25A}c:\\program files\\briscola\\brsnet.exe"= TCP:c:\program files\briscola\brsnet.exe:Briscola
"{D5156355-042B-48B7-8C3B-062EFA172133}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{D27EE8C0-A1E9-454C-9C4D-45804E5E816C}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi
"TCP Query User{3C833C8C-9361-4B62-82A7-869A896B2E67}c:\\users\\moira\\appdata\\local\\temp\\rar$ex01.513\\teewars-0.3.3-win32\\teewars_srv.exe"= UDP:c:\users\moira\appdata\local\temp\rar$ex01.513\teewars-0.3.3-win32\teewars_srv.exe:teewars_srv.exe
"UDP Query User{C72B642B-2D29-4C7D-B858-2D24A518841E}c:\\users\\moira\\appdata\\local\\temp\\rar$ex01.513\\teewars-0.3.3-win32\\teewars_srv.exe"= TCP:c:\users\moira\appdata\local\temp\rar$ex01.513\teewars-0.3.3-win32\teewars_srv.exe:teewars_srv.exe
"TCP Query User{C8AFBBC2-1ED8-497F-BBE3-2D32DC2307AA}c:\\users\\moira\\appdata\\local\\temp\\rar$ex52.887\\teewars-0.3.3-win32\\teewars_srv.exe"= UDP:c:\users\moira\appdata\local\temp\rar$ex52.887\teewars-0.3.3-win32\teewars_srv.exe:teewars_srv.exe
"UDP Query User{CDFD2721-AFBF-4E7D-AAA9-46FC17A1B6CC}c:\\users\\moira\\appdata\\local\\temp\\rar$ex52.887\\teewars-0.3.3-win32\\teewars_srv.exe"= TCP:c:\users\moira\appdata\local\temp\rar$ex52.887\teewars-0.3.3-win32\teewars_srv.exe:teewars_srv.exe
"TCP Query User{D35D4800-3A9C-4F91-A3B9-F2132985A294}c:\\program files\\aspyr\\guitar hero iii\\copiare e incollare nella directori del gioco.exe"= UDP:c:\program files\aspyr\guitar hero iii\copiare e incollare nella directori del gioco.exe:Guitar Hero III
"UDP Query User{07A62A71-3C0C-4627-9068-A2470F151C1D}c:\\program files\\aspyr\\guitar hero iii\\copiare e incollare nella directori del gioco.exe"= TCP:c:\program files\aspyr\guitar hero iii\copiare e incollare nella directori del gioco.exe:Guitar Hero III
"TCP Query User{2832C87D-369D-4252-A704-F975B1D08DE0}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{1F97933B-8F62-47E3-B8B6-CF7D0D222370}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"TCP Query User{65DD2B0D-24A8-4C8A-801C-654FB3037059}c:\\users\\moira\\desktop\\win2ds.exe"= UDP:c:\users\moira\desktop\win2ds.exe:win2ds.exe
"UDP Query User{90579E74-142C-4BC0-BD8A-EF2DD3498267}c:\\users\\moira\\desktop\\win2ds.exe"= TCP:c:\users\moira\desktop\win2ds.exe:win2ds.exe
"TCP Query User{9F21CA57-1F17-4DEE-8340-BE3B06125BC6}c:\\program files\\wificonnector\\nintendowfcreg.exe"= UDP:c:\program files\wificonnector\nintendowfcreg.exe:Nintendo Wi-Fi Connector USB
"UDP Query User{66BE5E22-D396-4B2E-B205-D485880AE937}c:\\program files\\wificonnector\\nintendowfcreg.exe"= TCP:c:\program files\wificonnector\nintendowfcreg.exe:Nintendo Wi-Fi Connector USB
"TCP Query User{5ED392DC-5C8E-4278-BC40-8FE26D469428}c:\\program files\\ea games\\command and conquer generals\\game.dat"= UDP:c:\program files\ea games\command and conquer generals\game.dat:game.dat
"UDP Query User{284BD3F4-9088-44A5-8052-3578CA1FAA34}c:\\program files\\ea games\\command and conquer generals\\game.dat"= TCP:c:\program files\ea games\command and conquer generals\game.dat:game.dat
"{861ADE57-BA84-4D1F-B771-D9BA991653FB}"= UDP:D:\Beijing.exe:Beijing 2008™
"{C085CF0E-46EF-4FA4-9351-C429351D2A3B}"= TCP:D:\Beijing.exe:Beijing 2008™
"{E9DECBEE-73D3-4FC3-8BD8-38538362B580}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{39F4A612-54CB-4F02-AA6D-01B91C013800}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DAB00EDD-6389-45D7-9A1F-AF4DEAD5E436}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
"UDP Query User{57E3A9C1-A66F-4689-80F9-132FB5416DBF}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Helper Microsoft DirectPlay
"TCP Query User{8F94DE03-0E58-4293-94A9-546F7808BABA}c:\\program files\\infogrames interactive\\monopoly\\monopoly.exe"= UDP:c:\program files\infogrames interactive\monopoly\monopoly.exe:Monopoly
"UDP Query User{1A790F9C-602B-4274-92CE-AA7AC0D69AB3}c:\\program files\\infogrames interactive\\monopoly\\monopoly.exe"= TCP:c:\program files\infogrames interactive\monopoly\monopoly.exe:Monopoly
"TCP Query User{B650C54F-3B6A-4AD7-AD86-655C957A9025}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"UDP Query User{79336FE4-BABE-404B-874F-795CD37B35D4}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"{0B06E6B6-BC4E-4F24-B48C-49577251E081}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{338E99E0-2D52-499D-B509-ECDF37C85A47}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{173011B9-C95A-428A-88E2-7CB1F73F7C11}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1006D272-8C0E-4FC8-8A8A-E6261BBE61BC}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CBCA1F18-A166-45DE-97D1-88E53C6558DA}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{D38446C2-D574-4871-8DC9-71F48F34EE06}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{BB18093B-2F16-450D-BDC4-42A63332DF3F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F3DEFC20-AC50-4880-849F-84991850AD1B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C58A135B-F8DB-4AA3-A691-F98B83FB6889}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89E2D6D9-28E2-4BBD-9EFB-8B2DAC85ACB3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F159217C-1D55-44BB-8C8D-1B79AA6595D5}"= Disabled:UDP:c:\users\moira\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer
"{5B220FBA-9AF4-4779-B61F-DC0AFB7E0E89}"= Disabled:TCP:c:\users\moira\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer
"{E8363D77-2C21-4930-B774-D1F1F3707A71}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8ED1FAEE-9F3F-4087-810E-1A983176626F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{206D9400-BA2E-4304-B05D-2E5C87D4560B}"= c:\program files\AVG\AVG9\avgnsx.exe:avgnsx.exe
"{4B9666F9-9739-43EA-9D5C-2E068EAED3A5}"= c:\program files\AVG\AVG9\avgemc.exe:avgemc.exe
"{DB15D7EA-3F08-4759-8717-42ED2C5A43FD}"= c:\program files\AVG\AVG9\avgupd.exe:avgupd.exe
"{F2B0B48C-A027-4584-83B8-4A065B0B6CE0}"= UDP:c:\program files\Moovida\moovida.exe:Moovida Media Center
"{03F74922-D9B3-47FE-B224-543032CB8F91}"= TCP:c:\program files\Moovida\moovida.exe:Moovida Media Center
"{B835FE3C-446B-43BD-ABDF-A5435A08ADCB}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{9D10F96B-0414-4290-8252-57104C492616}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{2D66B456-D23C-44B9-B999-2E312B15F651}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{F68BC7BB-1AD1-4DCD-8438-44FBE210A37F}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{2C19DC19-CA7E-4941-A9E7-8D7B1591CAF6}"= c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [17/11/2009 17.59.37 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [17/11/2009 17.59.38 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15/07/2010 17.50.05 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/07/2010 17.50.11 308136]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [19/05/2009 11.36.18 240512]
S3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [02/05/2008 14.12.42 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [16/11/2009 2.53.06 54632]
S3 fsssvc;Servizio Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 23.48.42 704864]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 11.34.42 507136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [04/04/2007 19.42.39 80744]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - SASDIFSV
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a2b456b-67e8-11de-875c-001921598399}]
\shell\AutoRun\command - driver\usb\usb_driver.exe
\shell\open\command - driver\usb\usb_driver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70c69a7d-3d6b-11de-b588-001921598399}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wouyUU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3823567654-1030167955-2503654186-1000Core.job
- c:\users\moira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 08:51]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3823567654-1030167955-2503654186-1000UA.job
- c:\users\moira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 08:51]

2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{96C1CD80-AC37-439E-9735-36CFF2F9E224}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-PEVSystemStart


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it
mStart Page = hxxp://it.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
LSP: c:\windows\system32\wpclsp.dll
TCP: {5ECEDEBF-B280-4351-849E-B7072F88D43E} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\users\moira\AppData\Roaming\Mozilla\Firefox\Profiles\vzh8k44i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/sear ... -web_it&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\moira\AppData\Roaming\Mozilla\Firefox\Profiles\vzh8k44i.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
FF - component: c:\users\moira\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\components\DataXPCOM.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\moira\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 18:27
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3823567654-1030167955-2503654186-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:62,d6,61,12,80,30,fe,fb,f8,de,0d,e2,35,21,4b,9e,28,1f,8e,d2,d7,7b,33,
38,97,d3,96,be,42,b2,10,e0,56,c7,01,32,01,17,6c,a0,1e,b3,83,e9,33,1b,0b,14,\
"??"=hex:f6,74,ad,13,1e,f9,5d,85,87,c5,2a,cb,ea,36,49,5a

[HKEY_USERS\S-1-5-21-3823567654-1030167955-2503654186-1000\Software\SecuROM\License information*]
"datasecu"=hex:c8,05,bd,8a,67,bc,86,40,77,25,cc,47,9d,49,50,8a,9e,ce,20,27,88,
86,4f,21,e6,14,81,ea,0e,43,09,6d,fb,c8,cb,b6,04,83,a8,71,d0,96,f8,5d,6d,a8,\
"rkeysecu"=hex:45,e9,0b,26,3d,f5,45,9a,bb,2f,c1,ee,a9,e3,66,fb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(5972)
c:\windows\system32\ieframe.dll
c:\program files\Tech\Wheel Mouse\5.3\MOUDL32A.DLL
.
Ora fine scansione: 2010-07-15 18.33.53
ComboFix-quarantined-files.txt 2010-07-15 16:33
ComboFix2.txt 2008-08-04 09:51

Pre-Run: 16.261.095.424 byte disponibili
Post-Run: 16.073.183.232 byte disponibili

412 --- E O F --- 2010-07-13 20:50
dupasquet
Utente Junior
 
Post: 22
Iscritto il: 27/08/06 16:10

Sponsor
 

Torna a Sicurezza e Privacy


Topic correlati a "pc lento":

pc lento
Autore: HammerLil
Forum: Sistemi Operativi Windows
Risposte: 5

Chi c’è in linea

Visitano il forum: Nessuno e 46 ospiti