Ciao
Scusa il ritardo

Con mbm non ha trovato nulla ( lo uso da parecchio tempo in background)

Log di Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.03.46, on 26/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\VEXPLite\viritsvc.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\VEXPLite\MONLITE.EXE
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\PeerBlock\peerblock.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\WINDOWS\System32\svchost.exe
I:\PortableApps\Sicureza\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Programmi\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255620173140
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 7001 bytes

ho visto che hai installato anche virit,ti ha trovato qualcosa?riscontri problemi nel pc?il log non presenta infezioni,se vuoi fare una scansione con combofix ti do le istruzioni....dovresti eliminare il teatimer di spybot.

dal programma.

Grazie
Poi ti faccio sapere i vari risultati.
Ciao

Ho eseguito tutto quello che mi hai detto.

Hijack mi ha trovato una marea di ADS.
Questa operazione che mi hai descritto la devo fare ogno volta che faccio pulizia???

Si è il mio log.
Devo fare quello che mi suggerisci riguardo a MBR.
Per avviare in Modalità Provvisoria seguo questo percorso:
Start > Esegui > msconfig > In Generale spunto la casellina " Avvio disgnostico"

E' corretto???

Log di Combofix

ComboFix 10-03-25.09 - Administrator 26/03/2010 18.20.23.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1549 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\Download Internet\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-02-26 al 2010-03-26 )))))))))))))))))))))))))))))))))))
.

2010-03-26 17:07 . 2010-03-26 17:07 77312 ----a-w- C:\mbr.exe
2010-03-23 16:01 . 2010-03-23 16:04 -------- d-----w- c:\documents and settings\Administrator\.scribus
2010-03-20 11:09 . 2010-03-20 11:09 -------- d-----w- c:\programmi\AnyBizSoft
2010-03-19 16:35 . 2010-03-21 08:13 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Thunderbird
2010-03-19 16:35 . 2010-03-19 16:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Thunderbird
2010-03-19 16:35 . 2010-03-21 08:13 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-03-19 15:56 . 2010-03-10 15:20 2855419 -c----w- c:\documents and settings\All Users\Dati applicazioni\{FD28B3FA-74C5-4F4F-9C6E-A303AB888DAF}\vnlt6607.exe
2010-03-19 15:56 . 2010-03-26 15:48 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{FD28B3FA-74C5-4F4F-9C6E-A303AB888DAF}
2010-03-19 15:56 . 2010-03-19 15:56 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\PackageAware
2010-03-18 16:44 . 2010-03-26 16:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-16 14:25 . 2010-03-26 17:16 -------- d-----w- c:\programmi\PeerBlock
2010-03-15 16:49 . 2010-03-15 16:49 398336 ----a-w- c:\windows\system32\CF24357.exe
2010-03-14 10:00 . 2010-03-14 10:00 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2010-03-14 09:12 . 2010-03-14 09:12 -------- d-----w- C:\Program Files
2010-03-14 08:21 . 2010-03-14 08:21 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-13 11:11 . 2010-03-13 11:11 -------- d-sh--w- c:\documents and settings\All Users\DRM
2010-03-13 10:39 . 2010-03-13 10:51 -------- d-----w- c:\programmi\TeraCopy
2010-03-10 17:39 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-08 15:06 . 2010-03-08 15:06 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-07 18:39 . 2010-03-12 09:43 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Movienizer
2010-03-07 16:48 . 2010-03-07 16:48 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\vdownloader
2010-03-07 10:40 . 2010-03-15 10:45 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google
2010-03-05 14:34 . 2010-03-05 14:34 -------- d-----w- c:\programmi\DVD Identifier
2010-03-05 13:53 . 2010-03-05 13:53 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\uTorrent
2010-03-05 09:16 . 2010-03-05 09:16 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-02-25 10:31 . 2010-02-25 10:32 -------- d-----w- c:\programmi\Disable Startup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 17:13 . 2009-10-14 15:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\TeraCopy
2010-03-26 16:59 . 2009-10-14 07:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-03-26 16:44 . 2009-10-14 07:07 76016 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-26 16:40 . 2009-10-14 07:02 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-26 10:39 . 2009-09-10 05:59 -------- d-----w- c:\programmi\CCleaner
2010-03-24 10:26 . 2010-02-14 18:33 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-03-24 10:17 . 2010-01-10 07:38 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-22 16:03 . 2009-10-14 07:58 -------- d-----w- c:\programmi\Smart CD Catalog PRO
2010-03-20 21:49 . 2009-09-10 06:48 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-03-20 10:53 . 2009-11-25 10:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\RFA_Backups
2010-03-20 09:52 . 2010-03-20 09:52 721904 ----a-w- c:\windows\system32\drivers\SPTD.SYS.TMP
2010-03-20 09:52 . 2010-03-20 09:52 32420 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2010-03-14 09:13 . 2010-01-09 09:31 -------- d-----w- c:\programmi\Motorola Phone Tools
2010-03-10 10:29 . 2009-12-16 07:59 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\FILEminimizerPictures
2010-03-07 06:56 . 2009-09-10 06:50 -------- d-----w- c:\programmi\uTorrent
2010-03-05 14:03 . 2009-10-14 07:42 -------- d-----w- c:\programmi\Ant Movie Catalog
2010-02-24 15:10 . 2009-09-08 23:50 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-02-24 15:10 . 2010-01-13 19:00 -------- d-----w- c:\programmi\CallingID
2010-02-24 15:09 . 2010-01-20 16:50 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\CallingID
2010-02-22 18:15 . 2010-02-22 18:15 8145584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB17\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\Firefox Setup 3.6.exe
2010-02-22 15:52 . 2010-02-22 15:52 461632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB13\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\GetSystemInfo(2).exe
2010-02-22 15:11 . 2010-02-22 15:25 182944 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1040.dat
2010-02-22 14:37 . 2010-02-22 14:37 2544640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB10\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\SysInspector(2).exe
2010-02-22 14:36 . 2010-02-22 14:36 2544640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB10\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\SysInspector.exe
2010-02-22 10:45 . 2010-02-22 10:44 44063760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB8\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\ashampoo_photo_commander_7_7.31_sm.exe
2010-02-19 15:10 . 2009-10-14 08:22 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Winamp
2010-02-19 08:43 . 2009-10-19 10:14 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-02-16 09:39 . 2010-02-16 09:39 -------- d-----w- c:\programmi\Lavalys
2010-02-16 09:11 . 2009-11-25 10:03 -------- d-----w- c:\programmi\KeePass Password Safe
2010-02-16 09:06 . 2010-02-16 09:06 -------- d-----w- c:\programmi\File comuni\Java
2010-02-16 09:05 . 2010-02-16 09:05 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b26c4e7-n\msvcp71.dll
2010-02-16 09:05 . 2010-02-16 09:05 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b26c4e7-n\jmc.dll
2010-02-16 09:05 . 2010-02-16 09:05 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b26c4e7-n\msvcr71.dll
2010-02-16 09:05 . 2010-02-16 09:05 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2352b303-n\decora-sse.dll
2010-02-16 09:05 . 2010-02-16 09:05 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2352b303-n\decora-d3d.dll
2010-02-16 09:05 . 2009-09-10 06:21 -------- d-----w- c:\programmi\Java
2010-02-16 09:04 . 2009-10-20 13:51 -------- d-----w- c:\programmi\Paint.NET
2010-02-16 08:59 . 2009-10-19 10:13 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-16 08:58 . 2010-02-16 08:58 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-16 08:36 . 2010-02-16 08:34 -------- d-----w- c:\programmi\NVIDIA Corporation
2010-02-16 08:35 . 2010-02-16 08:35 -------- d-----w- c:\programmi\AGEIA Technologies
2010-02-16 08:35 . 2010-02-16 08:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2010-02-15 10:50 . 2009-09-10 06:58 -------- d-----w- c:\programmi\Foxit Software
2010-02-15 10:43 . 2010-02-15 10:43 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Foxit Software
2010-02-14 17:24 . 2010-02-14 17:24 -------- d-----w- c:\programmi\Dnote Software
2010-02-04 10:46 . 2010-02-04 09:56 22328 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\PnkBstrK.sys
2010-02-04 10:46 . 2010-02-04 09:56 22328 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\PnkBstrK.sys
2010-02-04 10:43 . 2009-10-14 17:29 -------- d-----w- c:\programmi\Ubisoft
2010-02-04 09:01 . 2010-02-17 16:08 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-17 16:08 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-17 16:08 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-17 16:08 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-03 17:47 . 2010-02-02 18:30 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-02-01 17:49 . 2010-02-01 17:49 -------- d-----w- c:\programmi\OO Software
2010-02-01 17:23 . 2009-11-16 08:32 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2010-02-01 11:15 . 2010-02-01 11:15 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\aignes
2010-02-01 11:09 . 2010-02-01 11:09 -------- d-----w- c:\programmi\AM-DeadLink
2010-01-31 09:30 . 2010-01-31 09:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CanonCP
2010-01-30 11:41 . 2009-11-01 11:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\gtk-2.0
2010-01-28 09:30 . 2009-10-14 08:22 -------- d-----w- c:\programmi\Winamp
2010-01-18 09:46 . 2004-08-19 12:00 80382 ------w- c:\windows\system32\perfc010.dat
2010-01-18 09:46 . 2004-08-19 12:00 482022 ------w- c:\windows\system32\perfh010.dat
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-10 07:38 . 2010-01-10 07:38 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-09 09:32 . 2010-01-09 09:32 5936 ----a-w- c:\documents and settings\Administrator\mqdmwhnt.sys
2010-01-09 09:32 . 2010-01-09 09:32 79328 ----a-w- c:\documents and settings\Administrator\mqdmserd.sys
2010-01-09 09:32 . 2010-01-09 09:32 92064 ----a-w- c:\documents and settings\Administrator\mqdmmdm.sys
2010-01-09 09:32 . 2010-01-09 09:32 9232 ----a-w- c:\documents and settings\Administrator\mqdmmdfl.sys
2010-01-09 09:32 . 2010-01-09 09:32 66656 ----a-w- c:\documents and settings\Administrator\mqdmbus.sys
2010-01-09 09:32 . 2010-01-09 09:32 6208 ----a-w- c:\documents and settings\Administrator\mqdmcmnt.sys
2010-01-09 09:32 . 2010-01-09 09:32 4048 ----a-w- c:\documents and settings\Administrator\mqdmcr.sys
2010-01-09 09:32 . 2010-01-09 09:32 25600 ----a-w- c:\documents and settings\Administrator\usbsermptxp.sys
2010-01-09 09:32 . 2010-01-09 09:32 22768 ----a-w- c:\documents and settings\Administrator\usbsermpt.sys
2010-01-08 05:22 . 2010-01-08 05:22 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-08 05:22 . 2010-01-08 05:22 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-08 05:22 . 2010-01-08 05:22 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-08 05:22 . 2010-01-08 05:22 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-08 05:22 . 2010-01-08 05:22 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-08 05:22 . 2010-01-08 05:22 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-08 05:22 . 2010-01-08 05:22 397328 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-08 05:22 . 2010-01-08 05:22 315408 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-08 05:22 . 2010-01-08 05:22 19472 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-08 05:22 . 2010-01-08 05:22 109072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-08 05:21 . 2010-01-08 05:21 397328 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-08 05:21 . 2010-01-08 05:21 17936 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-08 05:21 . 2010-01-08 05:21 109072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-08 05:21 . 2010-01-08 05:21 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-08 05:21 . 2010-01-08 05:21 315408 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-08 05:15 . 2010-01-08 05:15 95259 ------w- c:\windows\system32\drivers\klick.dat
2010-01-08 05:15 . 2010-01-08 05:15 108059 ------w- c:\windows\system32\drivers\klin.dat
2010-01-07 15:07 . 2009-10-19 10:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-19 10:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-19 12:00 353792 ------w- c:\windows\system32\drivers\srv.sys
.

------- Sigcheck -------

[-] 2009-12-21 . 07D26189C25F030F7828B7F669170FD6 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 2012912]
"PeerBlock"="c:\programmi\PeerBlock\peerblock.exe" [2009-09-28 1524824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^STasks 1.9.lnk]
backup=c:\windows\pss\STasks 1.9.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NeroFilterCheck"=c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Easy-PrintToolBox"=c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21.18.34 36880]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/2008 8.32.40 15328]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [14/10/2009 8.48.12 15172]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 7.56.04 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 66632]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [25/11/2009 16.46.11 116560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [25/11/2009 16.43.52 41424]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19.39.44 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [09/09/2009 0.02.27 1086208]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/10/2009 11.16.34 721904]
S2 gupdate;Servizio di Google Update (gupdate); [x]
S3 esihdrv;esihdrv; [x]
S3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys --> c:\windows\system32\DRIVERS\nbdrv.sys [?]
S3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [16/03/2010 15.25.16 14424]
S3 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [17/11/2009 12.49.51 220128]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 12872]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-26 c:\windows\Tasks\CCleaner.job
- c:\programmi\CCleaner\CCleaner.exe [2010-02-24 17:45]

2010-03-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\myrnmj77.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 18:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-790525478-1383384898-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,65,e2,66,8f,e7,b6,43,a7,f4,ee,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,10,72,1b,20,bb,f7,44,85,9b,fb,\

[HKEY_USERS\S-1-5-21-790525478-1383384898-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:2e,48,76,7d,1b,d6,bb,f9,c2,0f,cf,fd,22,27,c7,bb,4d,c1,98,1e,e3,
43,01,38,af,19,4f,59,d8,40,b8,1a,61,f7,05,6a,f8,ce,be,d1,66,c6,da,94,b8,39,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E488FB931AF3DDB5BAE45B79BFE4BC91A4FA36C045ED36C1B7F555B2866B6B42D426E7653EABF2C691D2015D30F354B727E71977E1CE188D756D29A8692867F2144D4D8646C7B639F9EE7A274686881C2A1E4B4A8A683AD878C350570877E18E5DEF782EAAF5BB76D5AE07BAF6DE2D6758369CE94BB5CF2757594BDE29A68E964E513B088B7BD71D6D5E68F1D8D5D9F1C42060FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A6A0AC4980AC7933B7EB6111B63DCA632136116DA8F587DAA1B29689E7B89510A099FDB71A30B22995C4F238B6DCA205629E05EECCC81B7D819CB73B984C7C417EC45FCE63DE573B48CFD620BE78C5054A4D7DE782079670575F062E2570C41EEB0A1AEC619F3B23338549B82430753DE730C9065A19E02004068871FEF399C2B32989217ECCF14EAC0099347186C70F415D4FBE9DCAB3FBD43C57D9C78E7B5014891AC25CA65D2F7F7E2B0864E3A5D94D8B0547444C9E7791D221FE57D9BD6B3E34D0E9CF4DB7BBEAE2F46E6C93CE07F695F79BFD32830A71BFA43D3A51093C58D641F3E0C88C6CA2B581E43144D27E20FD49FB2D751AB0239ABAB5AE585870FC449681CB823FBF4D20F02F0B0A98B11CE6ABE8E8F1ECE9C621C9CA2933FAB63A72107802C90237867276D187DB5A12331867AB79E7DA3970B3CF26518A95C5127AFE822750DF58DB1FD99769152515217E5ACE60FC95272A58DD3302ED20D4799A490B932D33AD523D750FA476D938952973A24FB726BD71369A21CA4DE5A1DBB4E94554D9AD43DE07B80A64A1AFF6B4CB3738AA06658EB61BBDE6EEFE07EB96CEEE24AA35D42BED5B281F049F30D5173F3EE68F37822C5E79963AE63BF6F87B92FAE20A0281FCDD3F59A71759395B4800354B4C8001AE43E20417DD9F7D1251CEC4FC9BE55FCE815678C26121FB9248ABDBC46179B6B1B0937BBFB32E368251F395B4BB6B6F4221EDC351DE297F090C878574879FCE54686508377B4C119BAA184B8E7A818775767410FABA879B51FAFB9C432953C73A9FDBC5C4FBC352B17DF6D8D39CF94E90317BC32857B9FE03F0939BDA62D6F50DFE1BE676B1C0909D616C45131B0DC33C73BB5B88CA1E2CB83D00922C8855FCF4236BAF1A4CD4B9BBE07BA91BA152B5A5D58F640E5DF7F7902592A76820D9DA251D3A79462FF68B6D774AB403914A4A7FE175816E8D6F0CAD60469288E5D45DCE731831D0F0FD9A9799A0A9227FD5F97F9890EC240C0FE7B51B351EC7461B262A1EB95AD7DE2A4DA12CEEDC1733BC12DDEAA7EF6CBFC65BD4F49EAB2364E4AC738A78873BF69B62798A463A42A9A733D9C025EA4A41E98C3881E730DF174E3C6A9851E21EEC56E70E015C3F4993"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1204)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-03-26 18:25:50
ComboFix-quarantined-files.txt 2010-03-26 17:25

Pre-Run: 151.207.211.008 byte disponibili
Post-Run: 151.161.151.488 byte disponibili

- - End Of File - - 282D25A712A087F9958958991B003F57

Mentre aspettavo la tua risposta stavo proprio confrontando i due log.

Le pulizie le ho finite.

Le operazioni che mi hai detto riguardo a Hijack le devo fare ogno volta che faccio la pulizia del pc??

Ti ringrazio ancora
Aldo

Molto interessante l'articolo sugli ADS.
Ti auguro un buon fine settimana.
Aldo