Problema con services.exe

[Pres-drew]

Scusate sono nuovo del forum e ho un problema. Qualche giorno fa ho iniziato a notare malfunzionamenti e rallentamenti sul pc. Nel frattempo mi sono accorto della presenza di services.exe tra i processi ed informandomi ho notato che probabilmente è lui la causa dei miei problemi. Ho provato a seguire alcuni passaggi suggeriti ad altri utenti e ho rilevato la cartella dell'utente HelpAssistant (mai vista prima) contenente foto mie e non e file scaricati da internet. Ciò penso mi rallenti notevolmente il pc e non solo. Ah da quando ho rilevato il problema non riesco +a spegnere il pc (unica modalità possibile staccare la spina )e la connessione alla rete locale mi si attiva ad ogni riavvio del pc (tra le eccezioni del firewall trovo sempre spuntate 4 services che perentoriamente elimino). Penso sia insediato nell'MBR ma pure Prevx3.0 mi dice sistema pulito. Ho avast come antivirus. Se qualcuno potesse aiutarmi ne sarei grato

così va bene?

Sistema Operativo Windows xp

[menatwork]

Buonasera e benvenuto

per cominciare potresti specificare il tuo S.O.?

[menatwork]

Pres-drew se modifichi i post dopo la domanda potrebbe essere difficile risponderti

esegui questa operazione

da start\esegui digita control userpasswords2 e dimmi quali utenti vedi

[Pres-drew]

Administrator
Andrea
HelpAssistant <= trovato pure in Documents and setting

[menatwork]

se non lo riconosci seleziona l'utente HelpAssistant e clicca ''Rimuovi''

disattiva il tuo antivirus

scarica combofix sul desktop
(non installare la recovery console)

- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

[JeanGrey]

Chiedo scusa per l'intrusione, vorrei solo fare una precisazione sull'esecuzione di Combofix.
Il disclaimer dove veniva data l'opzione di scelta 1 per continuare, 2 per annullare, è stato sostituito ormai da tre anni. In quello attuale basta cliccare su "Si" per procedere alla scansione.


Una guida ed un tutorial sull' utilizzo di ComboFix

[Pres-drew]

Ehm cliccando sul link o andando sul sito mi appare la schermata

é stato scelto di aprire
Combofix.exe
che è un Applicazione
da: http://download.bleepingcomputer.com
Salvare questo file?
Salva file o annulla

Sarà 1banalità risolvere il problema ma non sono troppo pratico. Così facendo combofix si salva nella cartella download in documents and setting. Invece dovrebbe esserci esegui o salva o annulla e cliccando su salva ti dovrebbe portare a salva con nome o sbaglio?

[menatwork]

salvalo come 123.exe sul desktop

[Pres-drew]

Fatto

ComboFix 10-06-21.03 - Andrea 22/06/2010 19.01.19.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.2047.1501 [GMT 2:00]
Eseguito da: c:\documents and settings\Andrea\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100622-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\docume~1\Andrea\IMPOST~1\Temp\swtlib-32\swt-gdip-win32-3550.dll
c:\docume~1\Andrea\IMPOST~1\Temp\tmp2.tmp
c:\docume~1\Andrea\IMPOST~1\Temp\WLZ6C20.tmp\ml_au totag.lng
c:\docume~1\Andrea\IMPOST~1\Temp\WLZ6C20.tmp\ml_tr anscode.lng
c:\docume~1\Andrea\IMPOST~1\Temp\WLZ6C20.tmp\out_w ave.lng
c:\docume~1\Andrea\IMPOST~1\Temp\WLZ6C20.tmp\tagz. lng
c:\docume~1\Andrea\IMPOST~1\Temp\WLZ7A6A.tmp\dsp_s ps.lng
c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\bobiv.dat
c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\bobiv_nav.dat
c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\bobiv_navps.dat
c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\wwcck.dat
c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\wwcck_nav.dat
c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\wwcck_navps.dat
c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\yysoq.exe
c:\documents and settings\Andrea\Impostazioni locali\Temp\swtlib-32\swt-gdip-win32-3550.dll
c:\documents and settings\Andrea\Impostazioni locali\Temp\WLZ6C20.tmp\ml_autotag.lng
c:\documents and settings\Andrea\Impostazioni locali\Temp\WLZ6C20.tmp\ml_transcode.lng
c:\documents and settings\Andrea\Impostazioni locali\Temp\WLZ6C20.tmp\out_wave.lng
c:\documents and settings\Andrea\Impostazioni locali\Temp\WLZ6C20.tmp\tagz.lng
c:\documents and settings\Andrea\Impostazioni locali\Temp\WLZ7A6A.tmp\dsp_sps.lng
c:\documents and settings\Andrea\Preferiti\Videos.url
c:\windows\Install.txt
c:\windows\system32\comsa32.sys
c:\windows\system32\drmgs.sys
c:\windows\system32\ebolawuk.ini
c:\windows\system32\edumekid.ini
c:\windows\system32\efekefab.ini
c:\windows\system32\epabelum.ini
c:\windows\system32\erohuror.ini
c:\windows\system32\ewumivuv.ini
c:\windows\system32\ibegazah.ini
c:\windows\system32\idetujes.ini
c:\windows\system32\idurosov.ini
c:\windows\system32\ifokogen.ini
c:\windows\system32\itezoveb.ini
c:\windows\system32\ivozumar.ini
c:\windows\system32\obakepak.ini
c:\windows\system32\ohotureh.ini
c:\windows\system32\osuvakun.ini
c:\windows\system32\ovumivid.ini
c:\windows\system32\ozomorar.ini
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp0_115398886806.bk
c:\windows\system32\tmp0_135594207090.bk
c:\windows\system32\tmp0_14297771854.bk
c:\windows\system32\tmp0_157855718721.bk
c:\windows\system32\tmp0_169870328241.bk
c:\windows\system32\tmp0_171086519284.bk
c:\windows\system32\tmp0_17388286919.bk
c:\windows\system32\tmp0_211765310100.bk
c:\windows\system32\tmp0_215721264277.bk
c:\windows\system32\tmp0_21957125604.bk
c:\windows\system32\tmp0_219896438468.bk
c:\windows\system32\tmp0_221069840988.bk
c:\windows\system32\tmp0_225697240438.bk
c:\windows\system32\tmp0_226792505639.bk
c:\windows\system32\tmp0_268072226019.bk
c:\windows\system32\tmp0_274981239894.bk
c:\windows\system32\tmp0_276962304248.bk
c:\windows\system32\tmp0_280595175197.bk
c:\windows\system32\tmp0_292731772231.bk
c:\windows\system32\tmp0_302459743875.bk
c:\windows\system32\tmp0_31096227629.bk
c:\windows\system32\tmp0_325800553526.bk
c:\windows\system32\tmp0_364410832520.bk
c:\windows\system32\tmp0_376228691828.bk
c:\windows\system32\tmp0_401200376051.bk
c:\windows\system32\tmp0_48921633461.bk
c:\windows\system32\tmp0_490357145792.bk
c:\windows\system32\tmp0_495795196486.bk
c:\windows\system32\tmp0_501301537862.bk
c:\windows\system32\tmp0_50283666729.bk
c:\windows\system32\tmp0_526546561247.bk
c:\windows\system32\tmp0_533756506048.bk
c:\windows\system32\tmp0_537673470126.bk
c:\windows\system32\tmp0_546002666207.bk
c:\windows\system32\tmp0_562507551089.bk
c:\windows\system32\tmp0_56479622742.bk
c:\windows\system32\tmp0_572397112072.bk
c:\windows\system32\tmp0_580990441718.bk
c:\windows\system32\tmp0_581467195386.bk
c:\windows\system32\tmp0_581558341277.bk
c:\windows\system32\tmp0_588938762027.bk
c:\windows\system32\tmp0_60907637040.bk
c:\windows\system32\tmp0_629537737576.bk
c:\windows\system32\tmp0_637265614331.bk
c:\windows\system32\tmp0_65250626956.bk
c:\windows\system32\tmp0_65308551407.bk
c:\windows\system32\tmp0_654417661118.bk
c:\windows\system32\tmp0_68465402892.bk
c:\windows\system32\tmp0_725899430156.bk
c:\windows\system32\tmp0_7272674940.bk
c:\windows\system32\tmp0_732244325530.bk
c:\windows\system32\tmp0_734581104206.bk
c:\windows\system32\tmp0_75356721279.bk
c:\windows\system32\tmp0_780000661471.bk
c:\windows\system32\tmp0_807579833345.bk
c:\windows\system32\tmp0_829376396299.bk
c:\windows\system32\tmp0_837678878817.bk
c:\windows\system32\tmp0_861287782128.bk
c:\windows\system32\tmp0_891180840987.bk
c:\windows\system32\tmp0_892166704931.bk
c:\windows\system32\tmp0_897390558864.bk
c:\windows\system32\tmp0_92716437719.bk
c:\windows\system32\tmp0_95375877735.bk
c:\windows\system32\tmp1_180603451824.bk
c:\windows\system32\tmp1_201717534277.bk
c:\windows\system32\tmp1_202058531626.bk
c:\windows\system32\tmp1_21975887941.bk
c:\windows\system32\tmp1_264416494477.bk
c:\windows\system32\tmp1_289215363062.bk
c:\windows\system32\tmp1_304790837849.bk
c:\windows\system32\tmp1_312565244935.bk
c:\windows\system32\tmp1_327810335318.bk
c:\windows\system32\tmp1_328218382958.bk
c:\windows\system32\tmp1_380609568111.bk
c:\windows\system32\tmp1_427813542505.bk
c:\windows\system32\tmp1_450647546240.bk
c:\windows\system32\tmp1_452335791927.bk
c:\windows\system32\tmp1_477739366559.bk
c:\windows\system32\tmp1_481330281820.bk
c:\windows\system32\tmp1_505220828107.bk
c:\windows\system32\tmp1_50774058277.bk
c:\windows\system32\tmp1_519091405131.bk
c:\windows\system32\tmp1_520605849666.bk
c:\windows\system32\tmp1_561312286817.bk
c:\windows\system32\tmp1_57489734530.bk
c:\windows\system32\tmp1_59995297078.bk
c:\windows\system32\tmp1_61160254214.bk
c:\windows\system32\tmp1_6366141045.bk
c:\windows\system32\tmp1_647771277409.bk
c:\windows\system32\tmp1_653481363900.bk
c:\windows\system32\tmp1_662526589881.bk
c:\windows\system32\tmp1_671460101065.bk
c:\windows\system32\tmp1_685498834918.bk
c:\windows\system32\tmp1_70820336593.bk
c:\windows\system32\tmp1_708924306342.bk
c:\windows\system32\tmp1_713828660028.bk
c:\windows\system32\tmp1_726263714123.bk
c:\windows\system32\tmp1_788959472974.bk
c:\windows\system32\tmp1_874493118358.bk
c:\windows\system32\tmp1_8775534166.bk
c:\windows\system32\tmp1_88598115840.bk
c:\windows\system32\tmp1_886108717883.bk
c:\windows\system32\tmp1_896174112243.bk
c:\windows\system32\tmp1_89913987362.bk
c:\windows\system32\tmp1_96105790962.bk
c:\windows\system32\tmp2_254653139011.bk
c:\windows\system32\tmp2_293684491692.bk
c:\windows\system32\tmp3_122362390912.bk
c:\windows\system32\tmp3_154876236664.bk
c:\windows\system32\tmp3_181396263288.bk
c:\windows\system32\tmp3_198808376015.bk
c:\windows\system32\tmp3_217671669887.bk
c:\windows\system32\tmp3_224315566217.bk
c:\windows\system32\tmp3_248349289247.bk
c:\windows\system32\tmp3_263972160127.bk
c:\windows\system32\tmp3_283389859643.bk
c:\windows\system32\tmp3_291179389046.bk
c:\windows\system32\tmp3_295322817185.bk
c:\windows\system32\tmp3_29744966545.bk
c:\windows\system32\tmp3_298370587428.bk
c:\windows\system32\tmp3_307379637325.bk
c:\windows\system32\tmp3_308074419857.bk
c:\windows\system32\tmp3_332023229521.bk
c:\windows\system32\tmp3_343301639410.bk
c:\windows\system32\tmp3_353253275620.bk
c:\windows\system32\tmp3_38128561543.bk
c:\windows\system32\tmp3_389274516148.bk
c:\windows\system32\tmp3_39570829741.bk
c:\windows\system32\tmp3_431593583831.bk
c:\windows\system32\tmp3_438787387199.bk
c:\windows\system32\tmp3_46194857962.bk
c:\windows\system32\tmp3_465963567722.bk
c:\windows\system32\tmp3_47882289720.bk
c:\windows\system32\tmp3_482209467539.bk
c:\windows\system32\tmp3_501555724504.bk
c:\windows\system32\tmp3_517566851915.bk
c:\windows\system32\tmp3_533776899769.bk
c:\windows\system32\tmp3_539897411955.bk
c:\windows\system32\tmp3_542266635948.bk
c:\windows\system32\tmp3_556081123927.bk
c:\windows\system32\tmp3_563081629677.bk
c:\windows\system32\tmp3_576056225805.bk
c:\windows\system32\tmp3_576373252799.bk
c:\windows\system32\tmp3_595149134698.bk
c:\windows\system32\tmp3_608042295550.bk
c:\windows\system32\tmp3_618425207948.bk
c:\windows\system32\tmp3_63463669630.bk
c:\windows\system32\tmp3_635812189699.bk
c:\windows\system32\tmp3_643818523399.bk
c:\windows\system32\tmp3_645288812616.bk
c:\windows\system32\tmp3_682732184578.bk
c:\windows\system32\tmp3_709415771238.bk
c:\windows\system32\tmp3_710032740791.bk
c:\windows\system32\tmp3_714493442867.bk
c:\windows\system32\tmp3_73148858356.bk
c:\windows\system32\tmp3_732708150614.bk
c:\windows\system32\tmp3_736255527841.bk
c:\windows\system32\tmp3_741912731189.bk
c:\windows\system32\tmp3_753992489863.bk
c:\windows\system32\tmp3_761106237223.bk
c:\windows\system32\tmp3_7655722038.bk
c:\windows\system32\tmp3_76748274756.bk
c:\windows\system32\tmp3_775367788133.bk
c:\windows\system32\tmp3_788919184249.bk
c:\windows\system32\tmp3_796341684585.bk
c:\windows\system32\tmp3_797670709377.bk
c:\windows\system32\tmp3_803205156399.bk
c:\windows\system32\tmp3_81742169451.bk
c:\windows\system32\tmp3_831173426121.bk
c:\windows\system32\tmp3_874552186724.bk
c:\windows\system32\tmp3_879471774000.bk
c:\windows\system32\tmp4_111813400023.bk
c:\windows\system32\tmp4_12564833333.bk
c:\windows\system32\tmp4_13132342181.bk
c:\windows\system32\tmp4_147812225428.bk
c:\windows\system32\tmp4_170390264177.bk
c:\windows\system32\tmp4_189780863573.bk
c:\windows\system32\tmp4_19092680502.bk
c:\windows\system32\tmp4_192041839173.bk
c:\windows\system32\tmp4_195908879019.bk
c:\windows\system32\tmp4_196609384429.bk
c:\windows\system32\tmp4_215073322168.bk
c:\windows\system32\tmp4_221238830093.bk
c:\windows\system32\tmp4_23729916226.bk
c:\windows\system32\tmp4_296626342510.bk
c:\windows\system32\tmp4_30135286815.bk
c:\windows\system32\tmp4_324499767558.bk
c:\windows\system32\tmp4_34152158432.bk
c:\windows\system32\tmp4_361865891325.bk
c:\windows\system32\tmp4_36350816137.bk
c:\windows\system32\tmp4_368219249930.bk
c:\windows\system32\tmp4_37083974890.bk
c:\windows\system32\tmp4_37383226213.bk
c:\windows\system32\tmp4_378213278138.bk
c:\windows\system32\tmp4_382424164025.bk
c:\windows\system32\tmp4_396305813317.bk
c:\windows\system32\tmp4_428347451934.bk
c:\windows\system32\tmp4_433531340026.bk
c:\windows\system32\tmp4_441703378747.bk
c:\windows\system32\tmp4_4661165306.bk
c:\windows\system32\tmp4_477531587390.bk
c:\windows\system32\tmp4_49245991082.bk
c:\windows\system32\tmp4_521777109586.bk
c:\windows\system32\tmp4_566730738953.bk
c:\windows\system32\tmp4_580047402133.bk
c:\windows\system32\tmp4_588619771918.bk
c:\windows\system32\tmp4_618969258841.bk
c:\windows\system32\tmp4_632328782851.bk
c:\windows\system32\tmp4_633170273713.bk
c:\windows\system32\tmp4_658186845685.bk
c:\windows\system32\tmp4_66490447809.bk
c:\windows\system32\tmp4_667693332425.bk
c:\windows\system32\tmp4_6738730922.bk
c:\windows\system32\tmp4_677763815912.bk
c:\windows\system32\tmp4_67936662884.bk
c:\windows\system32\tmp4_68730969857.bk
c:\windows\system32\tmp4_698052387702.bk
c:\windows\system32\tmp4_699982260429.bk
c:\windows\system32\tmp4_706176727800.bk
c:\windows\system32\tmp4_720032836460.bk
c:\windows\system32\tmp4_734907477011.bk
c:\windows\system32\tmp4_757514484738.bk
c:\windows\system32\tmp4_762399249835.bk
c:\windows\system32\tmp4_77748259800.bk
c:\windows\system32\tmp4_78308389796.bk
c:\windows\system32\tmp4_797490863514.bk
c:\windows\system32\tmp4_800724796466.bk
c:\windows\system32\tmp4_83310649107.bk
c:\windows\system32\tmp4_850928551986.bk
c:\windows\system32\tmp4_862348506573.bk
c:\windows\system32\tmp4_86564664473.bk
c:\windows\system32\tmp4_891742829614.bk
c:\windows\system32\udefivum.ini
c:\windows\system32\udifuheg.ini
c:\windows\system32\uzehiven.ini

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_perfmons
-------\Service_Routing

[Pres-drew]

((((((((((((((((((((((((( Files Creati Da 2010-05-22 al 2010-06-22 )))))))))))))))))))))))))))))))))))
.

2010-06-22 16:44 . 2010-06-22 17:00 -------- d-----w- c:\documents and settings\HelpAssistant.PC-E6DB5C5D0E48.001
2010-06-22 15:27 . 2010-06-22 15:27 -------- d-----w- c:\documents and settings\HelpAssistant.PC-E6DB5C5D0E48.000\UserData
2010-06-22 15:19 . 2008-03-06 17:36 -------- d--h--w- c:\documents and settings\HelpAssistant.PC-E6DB5C5D0E48.000\Risorse di stampa
2010-06-22 15:19 . 2008-03-06 17:36 -------- d--h--w- c:\documents and settings\HelpAssistant.PC-E6DB5C5D0E48.000\Risorse di rete
2010-06-22 15:19 . 2008-03-06 17:36 -------- d-----r- c:\documents and settings\HelpAssistant.PC-E6DB5C5D0E48.000\Menu Avvio
2010-06-22 15:19 . 2008-03-06 16:43 -------- d--h--w- c:\documents and settings\HelpAssistant.PC-E6DB5C5D0E48.000\Modelli
2010-06-22 15:05 . 2010-06-22 15:05 -------- d-----w- c:\documents and settings\HelpAssistant.PC-E6DB5C5D0E48\UserData
2010-06-22 14:56 . 2010-06-22 14:56 -------- d-----w- c:\documents and settings\HelpAssistant.PC-E6DB5C5D0E48\Contacts
2010-06-22 10:43 . 2010-06-22 13:37 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\QuickScan
2010-06-21 14:40 . 2010-06-21 14:40 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-06-21 14:40 . 2010-06-21 14:40 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-06-21 14:40 . 2010-06-21 14:40 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-21 14:40 . 2010-06-21 14:40 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-06-21 14:40 . 2010-06-21 14:40 -------- d-----w- c:\programmi\Prevx
2010-06-21 14:39 . 2010-06-22 16:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-06-21 13:35 . 2010-06-21 14:33 -------- d-----w- C:\VEXPLite
2010-06-21 13:34 . 2010-06-21 13:35 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{B88B6AD1-D159-4657-94C5-4E8E86C1B94E}
2010-06-21 13:33 . 2010-06-21 13:33 -------- d-----w- c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\PackageAware
2010-06-21 13:07 . 2010-06-21 13:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-21 13:06 . 2010-06-21 20:25 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\DAEMON Tools Lite
2010-06-21 13:06 . 2010-06-21 13:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-06-21 09:56 . 2010-06-21 10:00 -------- d-----w- c:\documents and settings\HelpAssistant\Documenti
2010-06-21 09:56 . 2008-03-06 17:36 -------- d--h--w- c:\documents and settings\HelpAssistant\Risorse di stampa
2010-06-21 09:56 . 2008-03-06 17:36 -------- d-----r- c:\documents and settings\HelpAssistant\Menu Avvio
2010-06-21 09:56 . 2008-03-06 16:43 -------- d--h--w- c:\documents and settings\HelpAssistant\Modelli
2010-06-20 10:44 . 2010-06-20 10:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Azureus
2010-06-20 10:44 . 2010-06-20 22:40 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Azureus
2010-06-20 10:43 . 2010-06-21 10:55 -------- d-----w- c:\programmi\Vuze
2010-06-11 18:00 . 2010-06-11 18:00 -------- d-----w- c:\windows\Profiles
2010-06-11 18:00 . 2010-06-11 18:00 -------- d-----w- c:\windows\system32\Adobe
2010-06-11 18:00 . 2010-06-11 18:00 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\InterTrust
2010-06-11 18:00 . 1998-11-13 10:07 307712 ----a-w- c:\windows\IsUn0410.exe
2010-06-11 18:00 . 2010-06-11 18:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AQ
2010-06-11 18:00 . 2010-06-11 18:02 -------- d-----w- C:\Classes
2010-06-11 17:58 . 2010-06-11 18:00 -------- d-----w- C:\vga
2010-06-11 17:58 . 2010-06-11 17:58 -------- d-----w- C:\swf
2010-06-11 17:56 . 2010-06-11 18:00 -------- d-----w- C:\AQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-06-22 14:33 . 2008-05-11 15:53 -------- d-----w- c:\programmi\Yahoo!
2010-06-21 14:32 . 2010-06-21 14:32 691696 ----a-w- c:\windows\system32\drivers\SPTD.SYS.TMP
2010-06-21 14:32 . 2010-06-21 14:32 32516 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2010-06-21 14:06 . 2009-11-11 07:53 45312 ----a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2010-06-21 13:55 . 2009-10-28 20:29 -------- d-----w- c:\programmi\Live-Player
2010-06-21 13:20 . 2010-01-30 14:17 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-06-21 13:20 . 2010-01-30 14:17 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-06-21 13:20 . 2010-01-30 14:17 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-06-21 10:08 . 2004-08-19 12:00 70766 ----a-w- c:\windows\system32\perfc010.dat
2010-06-21 10:08 . 2004-08-19 12:00 440500 ----a-w- c:\windows\system32\perfh010.dat
2010-06-11 18:00 . 2008-03-06 17:52 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-30 22:20 . 2008-03-08 17:16 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\U3
2010-05-24 20:35 . 2010-04-09 14:04 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\PC Suite
2010-05-24 18:27 . 2010-04-09 14:04 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Nokia
2009-01-20 16:15 . 2009-01-20 16:15 3852 --sh--w- c:\windows\system32\nefavega.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"DAEMON Tools Lite"="e:\programmi\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"BDRegion"="c:\programmi\Cyberlink\Shared Files\brs.exe" [2007-11-17 91432]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\P DVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDV D\Language\Language.exe" [2007-10-11 62760]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"WinampAgent"="e:\programmi\Winamp\winampa.exe " [2008-08-03 36352]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-03-09 148888]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-06-21 278528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Picture Package Menu.lnk - c:\programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-6-15 151552]
Picture Package VCD Maker.lnk - c:\programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-6-15 106496]
SIDA.Connect.lnk - c:\aq\supdate.exe [2008-12-10 2151936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 18:31 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-10 07:28 16126464 ------r- c:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"e:\\Programmi\\Gameforge4D\\4Story\\4Story.ex e"=
"c:\\Programmi\\File comuni\\Adobe\\Updater5\\AdobeUpdater.exe"=
"c:\\Programmi\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\Programmi\\Alwil Software\\Avast4\\ashWebSv.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe" =
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"e:\\Programmi\\eMule\\emule.exe"=
"e:\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Programmi\\File comuni\\Nero\\Lib\\NMIndexingService.exe"=
"c:\\Programmi\\File comuni\\Nero\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Programmi\\CyberLink\\Shared files\\RichVideo.exe"=
"c:\\Programmi\\File comuni\\EPSON\\EBAPI\\SAgent2.exe"=
"c:\\Programmi\\Sony Corporation\\Picture Package\\Picture Package Menu\\SonyTray.exe"=
"c:\\Programmi\\Toshiba\\Bluetooth Toshiba Stack\\TosA2dp.exe"=
"c:\\Programmi\\Toshiba\\Bluetooth Toshiba Stack\\TosAVRC.exe"=
"c:\\Programmi\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHSP.exe"=
"c:\\Programmi\\Toshiba\\Bluetooth Toshiba Stack\\TosBtSrv.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Andrea\\Desktop\\Andrea\\MVM 2005 - Sacred\\GameServer.exe"=
"c:\\Documents and Settings\\Andrea\\Desktop\\Andrea\\MVM 2005 - Sacred\\sacred.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Sierra\\Empire Earth\\Empire Earth.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"23219:TCP"= 23219:TCP:192.168.1.2
"33482:UDP"= 33482:UDP:192.168.1.2
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"9302:TCP"= 9302:TCP:Services
"9301:TCP"= 9301:TCP:Services
"6661:TCP"= 6661:TCP:Services
"6662:TCP"= 6662:TCP:Services

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.s ys [21/06/2010 16.40.19 30320]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRA GTLT.sys [11/11/2009 9.53.20 45312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/06/2008 13.29.41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [20/06/2008 13.29.41 20560]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [21/06/2010 16.40.17 6385616]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [21/06/2010 16.40.19 61624]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\T omTom HOME 2\TomTomHOMEService.exe [13/11/2009 13.31.14 92008]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [27/11/2009 16.10.32 69632]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [21/06/2010 16.40.18 24400]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [09/04/2010 15.57.47 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [09/04/2010 15.57.49 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/06/2010 15.07.56 691696]
.
.