Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

mi controllate il log ---------grazie-------- Opzioni
guido47
Inviato: Wednesday, April 28, 2010 7:13:38 AM
Rank: Member

Iscritto dal : 4/28/2010
Posts: 13
Buon giornoooooooo
qualche giorno fa ho installato da questa pagina
http://www.ayrecovery.com/ayrecovery-professional/index.html

che ho poi cercato di disinstallare

ma nn me lo lasciava fare per cui con killbox ho eliminato i file e cartella

ma cio' nonostante il programma resta in esecuzione e ancor prima che venga avviato windows mi compare una schermata e l'inilizziazione del programma.
non so piu' cosa fare per cui se mi potete aiutare ve ne sarei molto grati

Anticipatamente ringrazio

ed ora ecco il LOG-------------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7.11.32, on 28/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AntiLogger\AntiLogger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\DeskSlide\DeskSlide.exe
C:\Programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Programmi\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmi\Prevx\prevx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuze.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Programmi\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [AntiLogger] "C:\Programmi\AntiLogger\AntiLogger.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DeskSlide] C:\Programmi\DeskSlide\DeskSlide.exe -logon -hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programmi\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259058299234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98AD1B35-E6BE-4090-BF09-2AFDA403846F}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programmi\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SHDSERV - Unknown owner - C:\Programmi\AyRecovery\shdserv.exe (file missing)
O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Programmi\AyRecovery\shieldclnt.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11722 bytes
Sponsor
Inviato: Wednesday, April 28, 2010 7:13:38 AM

 
shapiro
Inviato: Wednesday, April 28, 2010 9:26:07 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

apri hijackthis , seleziona do a systemscan only metti la spunta accanto a queste voci e premi fix checked

Code:
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll

    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuze.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuze.dll
    
O4 - HKLM\..\Run: [SearchSettings] C:\Programmi\pdfforge Toolbar\SearchSettings.exe

O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe






da pannello di controllo disinstalla tutte le toolbar che trovi


scarica malwarebytes

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
guido47
Inviato: Thursday, April 29, 2010 6:00:09 PM
Rank: Member

Iscritto dal : 4/28/2010
Posts: 13
ESEGUITA SCANSIONE CON MALWAREBYTES E NN CI SONO FILE INFETTI RISULTA TUTTO 0
shapiro
Inviato: Thursday, April 29, 2010 6:11:39 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
puoi postare il log? fai una scansione anche con combofix, credo che trovera' qualcosa

disattiva il tuo antivirus


scarica combofix da QUI

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
guido47
Inviato: Thursday, April 29, 2010 6:26:47 PM
Rank: Member

Iscritto dal : 4/28/2010
Posts: 13
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 4044

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/04/2010 12.05.02
mbam-log-2010-04-28 (12-05-02).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 188267
Tempo trascorso: 48 minuti, 37 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


OK GRAZIE APPENA POSSO PROVO
io ho timore che siano questi file che interferiscono ma ho paura a cancellarli


O23 - Service: SHDSERV - Unknown owner - C:\Programmi\AyRecovery\shdserv.exe (file missing)
O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Programmi\AyRecovery\shieldclnt.exe (file missing)
guido47
Inviato: Friday, April 30, 2010 6:54:36 AM
Rank: Member

Iscritto dal : 4/28/2010
Posts: 13
ComboFix 10-04-29.04 - Piana 30/04/2010 6.35.07.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.3062.2423 [GMT 2:00]
Eseguito da: c:\documents and settings\Piana\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\pdfforge Toolbar\SearchSettings.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Creati Da 2010-03-28 al 2010-04-30 )))))))))))))))))))))))))))))))))))
.

2010-04-30 04:40 . 2010-02-01 18:20 165240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-04-29 17:10 . 2010-02-03 09:00 84912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.003\NAVENG.SYS
2010-04-29 17:10 . 2010-02-03 09:00 1324720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.003\NAVEX15.SYS
2010-04-29 17:10 . 2009-12-09 09:00 2747440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.003\CCERASER.DLL
2010-04-29 17:10 . 2009-11-23 09:00 371248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.003\EECTRL.SYS
2010-04-29 17:10 . 2009-11-23 09:00 259440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.003\ECMSVR32.DLL
2010-04-29 17:10 . 2009-11-23 09:00 177520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.003\NAVENG32.DLL
2010-04-29 17:10 . 2009-11-23 09:00 1647984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.003\NAVEX32A.DLL
2010-04-29 17:10 . 2009-11-23 09:00 102448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.003\ERASER.SYS
2010-04-28 04:37 . 2010-04-28 04:37 388096 ----a-r- c:\documents and settings\Piana\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-28 04:37 . 2010-04-28 04:37 -------- d-----w- c:\programmi\Trend Micro
2010-04-27 04:41 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys
2010-04-27 04:41 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys
2010-04-27 04:41 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\Scxpx86.dll
2010-04-27 04:41 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSxpx86.dll
2010-04-27 04:41 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSviA64.sys
2010-04-27 04:31 . 2010-02-12 16:41 558448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-04-26 19:51 . 2010-04-26 19:51 52224 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-04-26 19:51 . 2010-04-26 19:51 101376 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-04-26 19:51 . 2010-04-26 19:51 -------- d-----w- c:\documents and settings\Piana\Impostazioni locali\Dati applicazioni\Conduit
2010-04-26 19:51 . 2010-04-27 04:36 -------- d-----w- c:\documents and settings\Piana\Impostazioni locali\Dati applicazioni\Vuze_Remote
2010-04-26 19:51 . 2010-04-26 19:51 -------- d-----w- c:\programmi\Conduit
2010-04-26 19:51 . 2010-04-26 19:51 -------- d-----w- c:\programmi\Vuze_Remote
2010-04-26 06:32 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-24 11:50 . 2010-04-24 11:55 -------- d-----w- c:\windows\system32\NtmsData
2010-04-23 13:22 . 2010-04-23 13:22 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{272486F2-83A4-415A-BA0F-6405C8DA731B}
2010-04-23 13:22 . 2010-04-21 13:17 2683088 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{272486F2-83A4-415A-BA0F-6405C8DA731B}\AntiLogger_Setup.exe
2010-04-18 05:31 . 2010-02-06 13:03 32640 ------w- c:\windows\system32\drivers\Shieldf.sys
2010-04-18 05:31 . 2010-02-06 13:03 32128 ------w- c:\windows\system32\drivers\Shieldm.sys
2010-04-18 05:31 . 2010-02-06 13:03 136064 ------w- c:\windows\system32\drivers\Shield.sys
2010-04-18 05:31 . 2010-02-06 13:03 10368 ------w- c:\windows\system32\drivers\Shdbus.sys
2010-04-18 05:30 . 2010-04-18 05:31 -------- d-----w- c:\windows\system32\configfix
2010-04-17 06:08 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-17 06:08 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-17 06:08 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-17 06:08 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-17 06:08 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSviA64.sys
2010-04-09 05:06 . 2010-04-09 05:18 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\PPTminimizer
2010-04-09 05:06 . 2010-04-13 05:38 -------- d-----w- c:\programmi\PPTminimizer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 04:38 . 2010-01-06 06:51 -------- d-----w- c:\programmi\pdfforge Toolbar
2010-04-28 10:07 . 2010-02-03 06:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-04-27 17:13 . 2010-03-05 06:47 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\vlc
2010-04-27 12:01 . 2009-11-22 15:02 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\Azureus
2010-04-26 19:56 . 2009-11-22 15:02 -------- d-----w- c:\programmi\Vuze
2010-04-26 17:52 . 2010-03-18 08:14 -------- d-----w- c:\programmi\Everything
2010-04-26 06:40 . 2010-03-08 07:12 -------- d-----w- c:\programmi\PeerBlock
2010-04-26 03:52 . 2009-09-18 17:06 1 ----a-w- c:\documents and settings\Piana\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-25 05:50 . 2010-02-03 06:50 60928 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-25 05:50 . 2010-02-03 06:50 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-25 05:50 . 2010-02-03 06:50 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-25 05:50 . 2010-02-03 06:50 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-25 05:50 . 2010-02-03 06:50 -------- d-----w- c:\programmi\Prevx
2010-04-25 05:49 . 2010-02-05 11:27 1030616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI\~PrevxCSIUpdate.exe
2010-04-24 08:09 . 2010-01-11 08:25 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-23 13:22 . 2010-01-30 06:57 28400 ----a-w- c:\windows\syscall.dat
2010-04-23 13:22 . 2010-01-30 06:57 -------- d-----w- c:\programmi\AntiLogger
2010-04-22 08:29 . 2009-09-17 07:15 69960 ----a-w- c:\documents and settings\Piana\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-13 13:40 . 2009-09-18 02:49 -------- d-----w- c:\programmi\ModelliFiscali
2010-04-09 16:22 . 2009-09-18 03:47 -------- d-----w- c:\programmi\eMule
2010-04-09 05:20 . 2008-04-14 12:00 78144 ----a-w- c:\windows\system32\perfc010.dat
2010-04-09 05:20 . 2008-04-14 12:00 475788 ----a-w- c:\windows\system32\perfh010.dat
2010-04-09 05:19 . 2010-03-05 06:20 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\FILEminimizerPictures
2010-04-09 04:51 . 2010-01-04 10:49 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-01 20:32 . 2009-09-20 00:34 -------- d-----w- c:\programmi\McAfee
2010-03-30 18:15 . 2010-03-29 06:54 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2010-03-30 17:59 . 2010-03-30 17:59 -------- d-----w- c:\programmi\File comuni\Java
2010-03-30 17:59 . 2010-03-30 17:59 503808 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c2bff45-n\msvcp71.dll
2010-03-30 17:59 . 2010-03-30 17:59 499712 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c2bff45-n\jmc.dll
2010-03-30 17:59 . 2010-03-30 17:59 348160 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c2bff45-n\msvcr71.dll
2010-03-30 17:59 . 2010-03-30 17:59 61440 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-641b15e4-n\decora-sse.dll
2010-03-30 17:59 . 2010-03-30 17:59 12800 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-641b15e4-n\decora-d3d.dll
2010-03-30 17:59 . 2009-09-18 17:03 -------- d-----w- c:\programmi\Java
2010-03-30 12:35 . 2010-01-04 04:35 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-30 12:35 . 2010-01-24 07:40 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 22:46 . 2010-01-04 04:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-01-04 04:35 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 06:55 . 2010-03-29 06:55 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-03-29 06:55 . 2010-03-29 06:55 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-03-29 06:55 . 2010-03-29 06:55 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\TuneUp Software
2010-03-29 06:54 . 2010-03-29 06:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-03-29 06:53 . 2010-03-29 06:53 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2010-03-15 22:32 . 2010-02-20 11:39 10 ----a-w- c:\windows\popcinfo.dat
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-09-18 17:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 06:32 . 2010-03-06 06:39 -------- d-----w- c:\programmi\FILEminimizer Pictures
2010-03-06 14:56 . 2010-01-04 10:51 117760 ----a-w- c:\documents and settings\Piana\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-06 06:24 . 2010-03-06 05:57 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\FILEminimizer
2010-02-25 06:16 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 08:16 . 2009-10-03 19:31 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 08:41 . 2010-02-20 08:41 10686001 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Azureus\plugins\azump\mplayer.exe
2010-02-16 19:05 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2008-04-13 18:55 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 17:34 . 2010-02-04 17:31 14 ----a-w- c:\windows\popcinfot.dat
2010-02-04 17:31 . 2010-02-04 17:31 0 ----a-w- c:\windows\popcreg.dat
2009-12-13 13:49 . 2009-09-18 04:01 48 --sh--w- c:\windows\S3E296BAE.tmp
2009-12-03 07:46 . 2009-12-03 07:46 23 --sha-w- c:\windows\system32\edacded0.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmi\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69D72956-317C-44bd-B369-8E44D4EF9801}]
2010-04-25 05:50 60928 ----a-w- c:\windows\system32\PxSecure.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-12-28 21:36 700416 ----a-w- c:\programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33 2515552 ----a-w- c:\programmi\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2009-12-28 700416]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmi\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\programmi\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"DeskSlide"="c:\programmi\DeskSlide\DeskSlide.exe" [2006-08-30 774144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"BrMfcWnd"="c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SearchSettings"="c:\programmi\pdfforge Toolbar\SearchSettings.exe" [2009-12-28 974848]
"AntiLogger"="c:\programmi\AntiLogger\AntiLogger.exe" [2010-04-21 2384744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PPort11reminder"="c:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Dati applicazioni\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\FlashCAD\\FlashCAD.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [15/01/2010 7.43.41 40560]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [03/02/2010 8.50.02 30320]
R0 Shdbus;Shdbus;c:\windows\system32\drivers\Shdbus.sys [18/04/2010 7.31.21 10368]
R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [18/04/2010 7.31.21 136064]
R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [18/04/2010 7.31.21 32640]
R0 Shieldm;Shieldm;c:\windows\system32\drivers\Shieldm.sys [18/04/2010 7.31.21 32128]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [03/02/2010 8.55.29 310320]
R1 AntiLog32;AntiLog32;c:\programmi\AntiLogger\AntiLog32.sys [21/04/2010 15.17.39 117608]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [03/02/2010 8.55.29 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [03/02/2010 8.55.29 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [27/04/2010 6.41.47 329592]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [16/12/2009 17.26.58 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 17.26.56 66632]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000.fcl [01/02/2008 17.24.04 41456]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [28/12/2009 20.55.32 380928]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [03/02/2010 8.50.01 6343368]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [20/09/2009 2.34.49 93320]
R2 N360;Norton 360;c:\programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [03/02/2010 8.55.21 117640]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [03/02/2010 8.50.02 54920]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24/04/2010 10.25.20 102448]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [03/02/2010 8.50.01 24400]
S2 ShieldClientService;Shield Client Service;c:\programmi\AyRecovery\shieldclnt.exe --> c:\programmi\AyRecovery\shieldclnt.exe [?]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
S3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [08/03/2010 9.12.33 18544]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 17.27.00 12872]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-23 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:38]

2010-04-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.repubblica.it/
uSearchURL,(Default) = hxxp://it.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - prefs.js: browser.startup.homepage - www.repubblica.it
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\programmi\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\programmi\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 06:41
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\programmi\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B6D8171166AC935581D78209E1CBCA0B6C96D0C6DB503F1D9A53ED91C60B0428A95ED9933D64C4191010CDCC25EC748C8A0903D9634D9A7A0FBE7A069E792334DE5E603090BC4DAD1DFCF782E70F1A9B7A9A9A703BC0D5E06CECC6148EF1AFCB7E86FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB3452429D7B2365BAD1367CC9D60AE788E8EF43C303A38254BCA6092460CFFC866328C017DF51507C617E683388BE3FC6F71AAA1E8251FE35FB390AFDC079E72FC131A2C1AF48466715F477357729A3D14900CF6152E7B875CE00A9C5690BDB02DD56305CCC7C8E45B3EAD36972810D605BC9E2274703F9570A9537B25A25926D86C8FAD781B2F45224C36FA1A9D3781BCF2F51BA1E9311132A29C42E75BECA5730CD545DF988C940737BFCDE330065A0EC7F521FF3DF50D3CE7F295583A2C615723B5345C5695FB2D49DF5DA88B85A031D9DDF86CB7E8BB7B86E7DF8AEEA4E760AFDD49EDA198EC41A4B16008686DEC86CFEB45B0BDE9D525161A01F088DAAB7D598F6AC0F3032823F3BDC6EEEC6006B8DAD54B87D3FE32BA0D7B381014E2C0FDA1D9C65A1182C6CDDB50E78E627CDD9D6C9036F50B5BF3CD7649E8DF2C6A424BF34EDF2B10F5C77B917332778AA5D744383498316A917F449AF896618E4E912D11A5435C3A8AC0EB65298B5902CC7126E22F3AE455AD3B8EAF4E35E906BD66A7F9F013DBECB098D5DEB4D1381D428FD1C7F965D3956E35DD88260015EEE4B30DDA765D17133DFC3D9FDA5E2FE2521F3318983AEAE04B730D1BA738B6A5AA95BA32DB96D8B6C26F87EB43A7C24F156A7374456F84A9AC4EDB897D8EF7FE9D7592EB9F83FA05C53E44051E66C6CE1703E5D4469C38FA8874B93228D52CCB0C0877CEE62A92A38E135B7AACC70BB719CD2F434E04BEB0E7AED0E7B548EE593D3BCB28178C3840BD10922284E7E55EE8A72F35220012C7E2172F655B2AF42CD823F98B803D5EE33A778DEC715BBE27FEF1FF3F0500981838065C177F3F83DEBC3CB1A710D618E65EA0AF39B0C85739B04CE33775F3B05FAA1CB04BCA4DE174F9212471BE4966CA526BB0AC664E9F68C056C135EFDA42F15939D7916980B712EEDB6D3BA1F5DF2D16A7EEE85912E4374B25599B4A107DFD567C38184E5DBD513575097E892CF74964B3712A24C4891C6D15C711D03D4D796B19D9DA0E462AD5BD66D8E51D9BB25F65FBF0A808F647FC92CC6E7CD1F38BE830E7E7695B563C939F58B59B453251D49C1E38D941D610E1A8C4E6F10380D1E9E182ED423395A5CB1C320BA66A441D73A14E47B67F8D3A228C4211D44D263E53C73E52A9A9672FD1ED3929A4F32FAB746797853176A8288B72962"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1360)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(6964)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\programmi\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\programmi\Brother\Brmfcmon\BrMfcmon.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-04-30 06:47:50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-30 04:43

Pre-Run: 365.837.774.848 byte disponibili
Post-Run: 365.741.719.552 byte disponibili

- - End Of File - - FA62C000C58EA8DA8FF501F2D13C49D2
shapiro
Inviato: Friday, April 30, 2010 3:43:02 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:


Code:
file::
c:\programmi\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
c:\programmi\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
c:\windows\S3E296BAE.tmp


folder::
c:\programmi\pdfforge Toolbar



registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[-HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-


salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.



analizza questo file su virus total

c:\windows\popcinfo.dat

fai un controllo anche su questo sito





guido47
Inviato: Saturday, May 01, 2010 3:28:59 PM
Rank: Member

Iscritto dal : 4/28/2010
Posts: 13
tutto come prima

cmq nn credo che le toolbar siano un problema perche' le avevo anche da prima

ma il problema e' quel maledetto AYRECOVERY che va in esecuzione ancora prima che compaia la schermata di avvio del sistema XP
shapiro
Inviato: Saturday, May 01, 2010 4:53:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
se vuoi tenere quella toolbar lo fai a tuo rischio e pericolo

le toolbar sono solamente veicoli per portare piu' rapidamente porcherie nel pc

prova a killare quel servizio

scarica Pserv
vai su "Services & Devices" - una volta individuato il programma clicca col tasto destro sul servizio e successivamente su Delete

fixa le due righe da hijackthis

O23 - Service: SHDSERV - Unknown owner - C:\Programmi\AyRecovery\shdserv.exe (file missing)
O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Programmi\AyRecovery\shieldclnt.exe (file missing)


riavvia il pc e controlla se il problema persiste

guido47
Inviato: Saturday, May 01, 2010 6:51:47 PM
Rank: Member

Iscritto dal : 4/28/2010
Posts: 13
fatto prova e come consigliato tolto anche toolbar ma nn cambia niente

ora ti chiedo un consiglio

se apro tuneup e controllo i file di registro cercando sto maledetto ayrecovery
mi trova delle voci -----posso cancellare le cartelle che li contiene?-------
oppure faccio dei danni irreparabili?
shapiro
Inviato: Saturday, May 01, 2010 7:42:52 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
guido47 perche' non segui lo specchietto che ti ho proposto???

puoi postarmi il log di combofix con le nuove eliminazioni?

hai killato il servizio come ti ho scritto nel post precedente?
guido47
Inviato: Sunday, May 02, 2010 8:48:04 AM
Rank: Member

Iscritto dal : 4/28/2010
Posts: 13
hai ragione scusa ----ecco ora il log come richiesto.....pero' se puoi mi faresti una cortesia se puoi rispondermi alla domanda che ti ho fatto sopra......ciaooooooo e grazie


ComboFix 10-04-29.04 - Piana 02/05/2010 8.39.55.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.3062.2312 [GMT 2:00]
Eseguito da: c:\documents and settings\Piana\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Piana\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\programmi\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll"
"c:\programmi\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll"
"c:\windows\S3E296BAE.tmp"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\S3E296BAE.tmp

.
((((((((((((((((((((((((( Files Creati Da 2010-04-02 al 2010-05-02 )))))))))))))))))))))))))))))))))))
.

2010-05-02 06:23 . 2010-02-01 18:20 165240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-05-01 20:41 . 2010-02-03 09:00 84912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.002\NAVENG.SYS
2010-05-01 20:41 . 2010-02-03 09:00 1324720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.002\NAVEX15.SYS
2010-05-01 20:41 . 2009-12-09 09:00 2747440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.002\CCERASER.DLL
2010-05-01 20:41 . 2009-11-23 09:00 371248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.002\EECTRL.SYS
2010-05-01 20:41 . 2009-11-23 09:00 259440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.002\ECMSVR32.DLL
2010-05-01 20:41 . 2009-11-23 09:00 177520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.002\NAVENG32.DLL
2010-05-01 20:41 . 2009-11-23 09:00 1647984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.002\NAVEX32A.DLL
2010-05-01 20:41 . 2009-11-23 09:00 102448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.002\ERASER.SYS
2010-05-01 16:42 . 2010-05-01 16:42 -------- d-----w- C:\jpgtmp
2010-05-01 15:03 . 2010-05-01 15:03 -------- d-----w- c:\programmi\p-nand-q.com
2010-05-01 13:36 . 2010-05-01 16:27 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\TuneUp Registry Editor
2010-05-01 08:46 . 2010-05-01 08:46 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-05-01 08:46 . 2010-05-01 08:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-01 07:28 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-30 20:09 . 2009-09-11 15:33 6 ----a-w- c:\documents and settings\Piana\Dati applicazioni\SYSTEM32.dll
2010-04-30 13:01 . 2010-04-30 13:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-30 13:01 . 2010-04-30 13:08 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-04-28 04:37 . 2010-04-28 04:37 388096 ----a-r- c:\documents and settings\Piana\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-28 04:37 . 2010-04-28 04:37 -------- d-----w- c:\programmi\Trend Micro
2010-04-27 04:41 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys
2010-04-27 04:41 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys
2010-04-27 04:41 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\Scxpx86.dll
2010-04-27 04:41 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSxpx86.dll
2010-04-27 04:41 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSviA64.sys
2010-04-27 04:31 . 2010-02-12 16:41 558448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-04-26 19:51 . 2010-04-26 19:51 52224 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-04-26 19:51 . 2010-04-26 19:51 101376 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-04-26 19:51 . 2010-04-26 19:51 -------- d-----w- c:\documents and settings\Piana\Impostazioni locali\Dati applicazioni\Conduit
2010-04-26 19:51 . 2010-04-26 19:51 -------- d-----w- c:\programmi\Conduit
2010-04-26 06:32 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-24 11:50 . 2010-04-24 11:55 -------- d-----w- c:\windows\system32\NtmsData
2010-04-23 13:22 . 2010-04-23 13:22 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{272486F2-83A4-415A-BA0F-6405C8DA731B}
2010-04-23 13:22 . 2010-04-21 13:17 2683088 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{272486F2-83A4-415A-BA0F-6405C8DA731B}\AntiLogger_Setup.exe
2010-04-18 05:31 . 2010-02-06 13:03 32640 ------w- c:\windows\system32\drivers\Shieldf.sys
2010-04-18 05:31 . 2010-02-06 13:03 32128 ------w- c:\windows\system32\drivers\Shieldm.sys
2010-04-18 05:31 . 2010-02-06 13:03 136064 ------w- c:\windows\system32\drivers\Shield.sys
2010-04-18 05:31 . 2010-02-06 13:03 10368 ------w- c:\windows\system32\drivers\Shdbus.sys
2010-04-18 05:30 . 2010-04-18 05:31 -------- d-----w- c:\windows\system32\configfix
2010-04-17 06:08 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-17 06:08 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-17 06:08 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-17 06:08 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-17 06:08 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSviA64.sys
2010-04-09 05:06 . 2010-04-09 05:18 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\PPTminimizer
2010-04-09 05:06 . 2010-04-13 05:38 -------- d-----w- c:\programmi\PPTminimizer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 18:02 . 2009-11-22 15:02 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\Azureus
2010-05-01 18:00 . 2010-03-18 08:14 -------- d-----w- c:\programmi\Everything
2010-05-01 16:42 . 2009-12-17 08:20 48 ----a-w- c:\documents and settings\Piana\Dati applicazioni\tigersetting.dll
2010-05-01 16:42 . 2009-12-17 08:20 48 ----a-w- c:\documents and settings\Piana\Dati applicazioni\tigersetting.dll
2010-05-01 16:27 . 2010-03-29 06:54 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2010-05-01 14:10 . 2010-02-03 06:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-05-01 09:08 . 2010-01-11 08:25 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-30 11:30 . 2010-03-05 06:20 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\FILEminimizerPictures
2010-04-27 17:13 . 2010-03-05 06:47 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\vlc
2010-04-26 19:56 . 2009-11-22 15:02 -------- d-----w- c:\programmi\Vuze
2010-04-26 06:40 . 2010-03-08 07:12 -------- d-----w- c:\programmi\PeerBlock
2010-04-26 03:52 . 2009-09-18 17:06 1 ----a-w- c:\documents and settings\Piana\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-25 05:50 . 2010-02-03 06:50 60928 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-25 05:50 . 2010-02-03 06:50 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-25 05:50 . 2010-02-03 06:50 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-25 05:50 . 2010-02-03 06:50 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-25 05:50 . 2010-02-03 06:50 -------- d-----w- c:\programmi\Prevx
2010-04-25 05:49 . 2010-02-05 11:27 1030616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI\~PrevxCSIUpdate.exe
2010-04-23 13:22 . 2010-01-30 06:57 28400 ----a-w- c:\windows\syscall.dat
2010-04-23 13:22 . 2010-01-30 06:57 -------- d-----w- c:\programmi\AntiLogger
2010-04-22 08:29 . 2009-09-17 07:15 69960 ----a-w- c:\documents and settings\Piana\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-13 13:40 . 2009-09-18 02:49 -------- d-----w- c:\programmi\ModelliFiscali
2010-04-09 16:22 . 2009-09-18 03:47 -------- d-----w- c:\programmi\eMule
2010-04-09 05:20 . 2008-04-14 12:00 78144 ----a-w- c:\windows\system32\perfc010.dat
2010-04-09 05:20 . 2008-04-14 12:00 475788 ----a-w- c:\windows\system32\perfh010.dat
2010-04-09 04:51 . 2010-01-04 10:49 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-01 20:32 . 2009-09-20 00:34 -------- d-----w- c:\programmi\McAfee
2010-03-30 17:59 . 2010-03-30 17:59 -------- d-----w- c:\programmi\File comuni\Java
2010-03-30 17:59 . 2010-03-30 17:59 503808 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c2bff45-n\msvcp71.dll
2010-03-30 17:59 . 2010-03-30 17:59 499712 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c2bff45-n\jmc.dll
2010-03-30 17:59 . 2010-03-30 17:59 348160 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c2bff45-n\msvcr71.dll
2010-03-30 17:59 . 2010-03-30 17:59 61440 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-641b15e4-n\decora-sse.dll
2010-03-30 17:59 . 2010-03-30 17:59 12800 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-641b15e4-n\decora-d3d.dll
2010-03-30 17:59 . 2009-09-18 17:03 -------- d-----w- c:\programmi\Java
2010-03-30 12:35 . 2010-01-04 04:35 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-30 12:35 . 2010-01-24 07:40 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 22:46 . 2010-01-04 04:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-01-04 04:35 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 06:55 . 2010-03-29 06:55 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-03-29 06:55 . 2010-03-29 06:55 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-03-29 06:55 . 2010-03-29 06:55 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\TuneUp Software
2010-03-29 06:54 . 2010-03-29 06:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-03-29 06:53 . 2010-03-29 06:53 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2010-03-15 22:32 . 2010-02-20 11:39 10 ----a-w- c:\windows\popcinfo.dat
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-09-18 17:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 06:32 . 2010-03-06 06:39 -------- d-----w- c:\programmi\FILEminimizer Pictures
2010-03-06 14:56 . 2010-01-04 10:51 117760 ----a-w- c:\documents and settings\Piana\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-06 06:24 . 2010-03-06 05:57 -------- d-----w- c:\documents and settings\Piana\Dati applicazioni\FILEminimizer
2010-02-25 06:16 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 08:16 . 2009-10-03 19:31 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 08:41 . 2010-02-20 08:41 10686001 ----a-w- c:\documents and settings\Piana\Dati applicazioni\Azureus\plugins\azump\mplayer.exe
2010-02-16 19:05 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2008-04-13 18:55 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 17:34 . 2010-02-04 17:31 14 ----a-w- c:\windows\popcinfot.dat
2010-02-04 17:31 . 2010-02-04 17:31 0 ----a-w- c:\windows\popcreg.dat
2009-12-03 07:46 . 2009-12-03 07:46 23 --sha-w- c:\windows\system32\edacded0.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-04-30_04.41.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-05-02 06:25 . 2010-05-02 06:25 16384 c:\windows\Temp\Perflib_Perfdata_478.dat
+ 2010-05-02 06:23 . 2010-05-02 06:23 16384 c:\windows\Temp\Perflib_Perfdata_3ac.dat
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69D72956-317C-44bd-B369-8E44D4EF9801}]
2010-04-25 05:50 60928 ----a-w- c:\windows\system32\PxSecure.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"DeskSlide"="c:\programmi\DeskSlide\DeskSlide.exe" [2006-08-30 774144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"BrMfcWnd"="c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AntiLogger"="c:\programmi\AntiLogger\AntiLogger.exe" [2010-04-21 2384744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PPort11reminder"="c:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Dati applicazioni\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\FlashCAD\\FlashCAD.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [15/01/2010 7.43.41 40560]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [03/02/2010 8.50.02 30320]
R0 Shdbus;Shdbus;c:\windows\system32\drivers\Shdbus.sys [18/04/2010 7.31.21 10368]
R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [18/04/2010 7.31.21 136064]
R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [18/04/2010 7.31.21 32640]
R0 Shieldm;Shieldm;c:\windows\system32\drivers\Shieldm.sys [18/04/2010 7.31.21 32128]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [03/02/2010 8.55.29 310320]
R1 AntiLog32;AntiLog32;c:\programmi\AntiLogger\AntiLog32.sys [21/04/2010 15.17.39 117608]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [03/02/2010 8.55.29 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [03/02/2010 8.55.29 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [27/04/2010 6.41.47 329592]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [16/12/2009 17.26.58 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 17.26.56 66632]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000.fcl [01/02/2008 17.24.04 41456]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [03/02/2010 8.50.01 6343368]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [20/09/2009 2.34.49 93320]
R2 N360;Norton 360;c:\programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [03/02/2010 8.55.21 117640]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [03/02/2010 8.50.02 54920]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24/04/2010 10.25.20 102448]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [03/02/2010 8.50.01 24400]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
S3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [08/03/2010 9.12.33 18544]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 17.27.00 12872]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-30 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:38]

2010-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.repubblica.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://it.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - prefs.js: browser.startup.homepage - www.repubblica.it
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Piana\Dati applicazioni\Mozilla\Firefox\Profiles\n7edqat9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 08:41
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\programmi\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B6D8171166AC935581D78209E1CBCA0B6C96D0C6DB503F1D9A53ED91C60B0428A95ED9933D64C4191010CDCC25EC748C8A0903D9634D9A7A0FBE7A069E792334DE5E603090BC4DAD1DFCF782E70F1A9B7A9A9A703BC0D5E06CECC6148EF1AFCB7E86FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB3452429D7B2365BAD1367CC9D60AE788E8EF43C303A38254BCA6092460CFFC866328C017DF51507C617E683388BE3FC6F71AAA1E8251FE35FB390AFDC079E72FC131A2C1AF48466715F477357729A3D14900CF6152E7B875CE00A9C5690BDB02DD56305CCC7C8E45B3EAD36972810D605BC9E2274703F9570A9537B25A25926D86C8FAD781B2F45224C36FA1A9D3781BCF2F51BA1E9311132A29C42E75BECA5730CD545DF988C940737BFCDE330065A0EC7F521FF3DF50D3CE7F295583A2C615723B5345C5695FB2D49DF5DA88B85A031D9DDF86CB7E8BB7B86E7DF8AEEA4E760AFDD49EDA198EC41A4B16008686DEC86CFEB45B0BDE9D525161A01F088DAAB7D598F6AC0F3032823F3BDC6EEEC6006B8DAD54B87D3FE32BA0D7B381014E2C0FDA1D9C65A1182C6CDDB50E78E627CDD9D6C9036F50B5BF3CD7649E8DF2C6A424BF34EDF2B10F5C77B917332778AA5D744383498316A917F449AF896618E4E912D11A5435C3A8AC0EB65298B5902CC7126E22F3AE455AD3B8EAF4E35E906BD66A7F9F013DBECB098D5DEB4D1381D428FD1C7F965D3956E35DD88260015EEE4B30DDA765D17133DFC3D9FDA5E2FE2521F3318983AEAE04B730D1BA738B6A5AA95BA32DB96D8B6C26F87EB43A7C24F156A7374456F84A9AC4EDB897D8EF7FE9D7592EB9F83FA05C53E44051E66C6CE1703E5D4469C38FA8874B93228D52CCB0C0877CEE62A92A38E135B7AACC70BB719CD2F434E04BEB0E7AED0E7B548EE593D3BCB28178C3840BD10922284E7E55EE8A72F35220012C7E2172F655B2AF42CD823F98B803D5EE33A778DEC715BBE27FEF1FF3F0500981838065C177F3F83DEBC3CB1A710D618E65EA0AF39B0C85739B04CE33775F3B05FAA1CB04BCA4DE174F9212471BE4966CA526BB0AC664E9F68C056C135EFDA42F15939D7916980B712EEDB6D3BA1F5DF2D16A7EEE85912E4374B25599B4A107DFD567C38184E5DBD513575097E892CF74964B3712A24C4891C6D15C711D03D4D796B19D9DA0E462AD5BD66D8E51D9BB25F65FBF0A808F647FC92CC6E7CD1F38BE830E7E7695B563C939F58B59B453251D49C1E38D941D610E1A8C4E6F10380D1E9E182ED423395A5CB1C320BA66A441D73A14E47B67F8D3A228C4211D44D263E53C73E52A9A9672FD1ED3929A4F32FAB746797853176A8288B72962"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1444)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-05-02 08:42:40
ComboFix-quarantined-files.txt 2010-05-02 06:42
ComboFix2.txt 2010-05-02 06:36
ComboFix3.txt 2010-04-30 04:47

Pre-Run: 365.220.995.072 byte disponibili
Post-Run: 365.211.443.200 byte disponibili

- - End Of File - - 3B7721BD3FE65EC95C1BA38BA4FD796C
shapiro
Inviato: Sunday, May 02, 2010 12:24:19 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai terminato il servizio con pserv ? hai fixato le due chiavi con hijackthis?
se non rispondi come faccio a rispondere alle tue domande?

fai queste pulizie pulizie



scarica ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica atf cleaner

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)


scarica virit

vai in modalita' provvisoria


esegui una scansione completa del pc e posta il rapporto finale








guido47
Inviato: Sunday, May 02, 2010 5:02:37 PM
Rank: Member

Iscritto dal : 4/28/2010
Posts: 13
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.49.50, on 02/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\VEXPLite\viritsvc.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AntiLogger\AntiLogger.exe
C:\VEXPLite\MONLITE.EXE
C:\Programmi\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\DeskSlide\DeskSlide.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AntiLogger] "C:\Programmi\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DeskSlide] C:\Programmi\DeskSlide\DeskSlide.exe -logon -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programmi\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259058299234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programmi\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Programmi\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 10635 bytes



77777777777777777777777777777777777777777777777777777777777777777777777777777777

fatto anche con virit cccleaner e atfcleaner il problema rimane
shapiro
Inviato: Sunday, May 02, 2010 6:16:39 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scarica RegSeeker

scompattalo

lancialo e scegli ''cerca voci inutili''

nel box bianco scrivi AyRecovery e avvia la scansione

quando finisce elmina tutto cio' che fa riferimento al programma
paolopa
Inviato: Sunday, May 02, 2010 6:30:26 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
@shapiro:scusa l intromissione,aspettavi il log di virit e non credo hai guardato quello di hijack,ci deve essere da fixare una voce,ma vedi tu.
shapiro
Inviato: Sunday, May 02, 2010 6:43:48 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
@ paolopa

si avevo notato quella voce ma volevo prima risolvere il suo problema....

@ guido 47

puoi postarmi il rapporto di virit?

c'e' anche questa voce sospetta

O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll


scarica malwarebytes

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
guido47
Inviato: Monday, May 03, 2010 7:28:40 AM
Rank: Member

Iscritto dal : 4/28/2010
Posts: 13
ho seguito tutti i tuoi consigli ma il problema rimane
credo che a questo punto nn mi resti che formattare
per cui ti ringrazio molto del tempo che mi hai
dedicato..............ciao e ancora grazie
shapiro
Inviato: Monday, May 03, 2010 8:21:47 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
guido47 posso vedere quello che malwarebytes ha trovato? se hai usato correttamente reg seeker deve aver portato via tutto, chiavi di registro comprese

invece di formattare prova invece a fare un ripristino di sistema
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.