Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » ciao!IL MIO LOG HIJACK ...SOSPETTO PRESENZA VIRUS

3 pages: 1 2 [3]
ciao!IL MIO LOG HIJACK ...SOSPETTO PRESENZA VIRUS Opzioni
Topic Precedente · Topic Sucessivo
shapiro
Inviato: Wednesday, December 09, 2009 12:45:58 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non abbiamo finito...

fai una scansione con malwarebytes e una con questo programma e posta i risultati - le scansioni devi farle COMPLETE

http://software.aiutamici.com/software?ID=11397

EDIT

il naso lascialo, sei comunque carina ;)
Torna in alto
 
lacasinista
Inviato: Wednesday, December 09, 2009 6:49:41 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43

Grazie :)

mi ero un attimino "addormentata"...faccio le scansioni COMPLETE :) e ti posto il log

a dopo
Torna in alto
 
shapiro
Inviato: Wednesday, December 09, 2009 6:50:54 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
dobbiamo fare altre pulizie, lacasinista, non mi scomparire proprio adesso
Torna in alto
 
lacasinista
Inviato: Wednesday, December 09, 2009 7:46:10 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43

Non preoccuparti Shapiro, il mio nick dice tutto ma..non temere, non ti abbandonerò...vado un po' a rilento perchè sto lavorando col pc...intanto sto facendo la scansione con superantispyware... :)

a dopo

^________________^
Torna in alto
 
lacasinista
Inviato: Thursday, December 10, 2009 12:17:45 AM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43

Boo hoo! allora con il programmino ho fatto la scansione ma poi Anxious non sn riuscita a fare il log...

però sembrava ok

invece questo è il log di mwbts:

Malwarebytes' Anti-Malware 1.42
Versione del database: 3333
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

09/12/2009 23.09.43
mbam-log-2009-12-09 (23-09-43).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 195190
Tempo trascorso: 1 hour(s), 17 minute(s), 43 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
shapiro
Inviato: Thursday, December 10, 2009 10:39:43 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non ricordi se ha eliminato qualcosa superantisptware?

apri CCleaner, clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

vai in pannello di controllo e vedi se hai ancora AVG


rieseguimi combofix e posta il report che rilascia

lacasinista una cosa importamtissima

installa quanto prima il service pack 3 , e' un consiglio

qui per il download

http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=it
Torna in alto
 
lacasinista
Inviato: Thursday, December 10, 2009 11:07:03 AM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
Buongiorno! :)

allora: superantispwr non aveva trovato nè eliminato niente( credo...)

Faccio il resto e ti dico

Ciao ciao
Torna in alto
 
lacasinista
Inviato: Friday, December 11, 2009 5:01:01 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43

Ecco il log di combofix:

ComboFix 09-12-08.03 - Administrator 11/12/2009 16.32.51.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.510.159 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-11-11 al 2009-12-11 )))))))))))))))))))))))))))))))))))
.

2009-12-09 17:56 . 2009-12-09 21:03 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-09 17:54 . 2009-12-09 17:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-09 17:53 . 2009-12-09 17:53 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-09 17:53 . 2009-12-09 17:53 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2009-12-09 11:05 . 2009-12-09 11:27 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Trillian
2009-12-09 11:04 . 2009-12-10 23:15 -------- d-----w- c:\programmi\Trillian
2009-12-09 10:36 . 2009-12-09 10:40 -------- d-----w- c:\windows\system32\wbem\Repository.001
2009-12-08 17:57 . 2009-12-08 17:57 4844296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-08 16:22 . 2009-12-08 16:22 -------- d-----w- c:\programmi\Santa Claus in Trouble
2009-12-08 15:28 . 2009-12-08 15:28 -------- d-----w- c:\programmi\RocketDock
2009-12-08 13:15 . 2009-12-08 13:26 -------- d-----w- c:\windows\SevenMizer
2009-12-08 11:59 . 2009-12-08 11:59 -------- d-----w- c:\documents and settings\Administrator\.gstreamer-0.10
2009-12-01 18:34 . 2009-07-28 14:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-01 15:41 . 2004-08-03 21:29 28672 ------w- c:\windows\system32\drivers\atinsnxx.sys
2009-12-01 15:35 . 2009-12-01 15:35 -------- d-----w- c:\windows\ServicePackFiles
2009-12-01 12:44 . 2009-02-05 17:25 10633728 ----a-w- C:\WEB_InstallAliceMessenger_ver2.1.exe
2009-11-26 16:38 . 2002-09-10 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-11-26 16:37 . 2001-08-30 22:07 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-11-26 16:36 . 2002-09-10 12:00 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2009-11-26 16:35 . 2004-08-03 21:31 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2009-11-26 16:31 . 2004-08-19 12:00 379904 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2009-11-26 16:27 . 2004-08-19 14:39 290816 ----a-w- c:\windows\system32\adsiis.dll
2009-11-26 16:27 . 2004-08-19 14:39 98304 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-11-26 16:27 . 2004-08-19 14:39 145408 ----a-w- c:\windows\system32\wbem\wmisvc.dll
2009-11-26 16:27 . 2004-08-19 14:39 41472 ----a-w- c:\windows\system32\wbem\wmipsess.dll
2009-11-26 16:27 . 2004-08-19 14:39 218112 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-11-26 16:27 . 2004-08-19 14:39 437248 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-11-26 16:26 . 2004-08-19 14:39 144896 ----a-w- c:\windows\system32\wbem\wmiprov.dll
2009-11-26 16:26 . 2004-08-19 14:39 156672 ----a-w- c:\windows\system32\wbem\wmipcima.dll
2009-11-26 16:26 . 2004-08-19 14:39 140800 ----a-w- c:\windows\system32\wbem\wmidcprv.dll
2009-11-26 16:26 . 2004-08-19 14:39 60928 ----a-w- c:\windows\system32\wbem\wmicookr.dll
2009-11-26 16:26 . 2004-08-19 14:39 197120 ----a-w- c:\windows\system32\wbem\wbemupgd.dll
2009-11-26 16:26 . 2004-08-19 14:39 18944 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-11-26 16:26 . 2004-08-19 14:39 273920 ----a-w- c:\windows\system32\wbem\wbemess.dll
2009-11-26 16:26 . 2004-08-19 14:39 530944 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-11-26 16:26 . 2004-08-19 14:39 214528 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-11-26 16:26 . 2004-08-19 14:39 86528 ----a-w- c:\windows\system32\wbem\stdprov.dll
2009-11-26 16:25 . 2004-08-19 14:39 177152 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-11-26 16:25 . 2004-08-19 14:39 47104 ----a-w- c:\windows\system32\wbem\ncprov.dll
2009-11-26 16:25 . 2004-08-19 14:39 124416 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-11-26 16:25 . 2004-08-19 14:39 16896 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-11-26 16:25 . 2004-08-19 14:39 472064 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-11-26 16:24 . 2004-08-19 14:39 247808 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-11-26 16:24 . 2004-08-19 14:39 1352704 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2009-11-26 16:24 . 2004-08-19 14:39 58880 ----a-w- c:\windows\system32\licwmi.dll
2009-11-26 15:54 . 2004-08-19 14:39 150528 ----a-w- c:\windows\system32\irftp.exe
2009-11-26 15:54 . 2004-08-19 14:39 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-11-26 15:54 . 2004-08-19 14:39 28672 ----a-w- c:\windows\system32\irmon.dll
2009-11-26 15:54 . 2004-08-03 22:00 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2009-11-26 15:05 . 2004-08-03 22:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-11-26 15:05 . 2004-08-03 22:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-11-26 15:04 . 2004-08-19 14:24 58240 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-11-26 15:02 . 2004-08-19 14:39 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-11-26 15:01 . 2004-08-03 22:01 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-11-26 15:01 . 2004-08-19 14:39 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-11-26 15:01 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2009-11-26 14:59 . 2002-09-10 12:00 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2009-11-26 14:59 . 2002-09-10 12:00 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2009-11-26 14:59 . 2002-09-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2009-11-26 14:59 . 2002-09-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2009-11-26 14:59 . 2002-09-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2009-11-26 14:59 . 2002-09-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll
2009-11-26 14:59 . 2004-08-19 14:39 146944 ----a-w- c:\windows\system\winspool.drv
2009-11-26 14:59 . 2002-09-10 12:00 34816 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-11-26 14:59 . 2002-09-10 12:00 34816 ----a-w- c:\windows\system32\irclass.dll
2009-11-26 14:59 . 2002-09-10 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-11-26 14:59 . 2002-09-10 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-26 14:58 . 2004-08-19 14:39 77312 ----a-w- c:\windows\system32\storprop.dll
2009-11-11 17:06 . 2009-11-11 17:06 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 17:52 . 2007-09-24 15:20 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-09 10:37 . 2009-07-09 19:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2009-12-09 09:48 . 2009-03-14 22:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-09 09:06 . 2009-05-26 09:07 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2009-12-08 20:38 . 2009-11-07 13:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\HPAppData
2009-12-08 18:01 . 2009-11-09 21:02 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-08 15:28 . 2007-09-25 16:56 74704 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-08 13:26 . 2002-09-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-08 13:13 . 2007-09-24 18:38 -------- d-----w- c:\programmi\QuickTime
2009-12-08 10:46 . 2009-03-14 22:02 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-08 10:46 . 2009-03-14 22:02 -------- d-----w- c:\programmi\SpywareBlaster
2009-12-03 15:14 . 2009-11-09 21:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-11-09 21:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 21:40 . 2009-10-24 16:49 158749 ----a-w- c:\windows\hpoins30.dat
2009-11-19 16:47 . 2007-09-24 18:30 -------- d-----w- c:\programmi\Winamp
2009-11-11 17:52 . 2009-03-14 22:06 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-10 16:28 . 2009-11-09 15:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-11-09 15:47 . 2009-11-09 16:50 360584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2009-11-09 15:47 . 2009-11-09 16:47 610072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2009-11-09 15:47 . 2009-11-09 16:47 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-11-09 15:46 . 2009-11-09 15:46 -------- d-----w- c:\programmi\AVG
2009-11-07 16:23 . 2009-11-07 16:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\HP
2009-10-24 18:07 . 2009-10-24 18:07 689456 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{7059BDA7-E1DB-442C-B7A1-6144596720A4}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
2009-10-24 18:07 . 2008-10-09 15:42 -------- d-----w- c:\programmi\HP
2009-10-24 18:05 . 2009-10-24 18:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-10-24 18:04 . 2009-10-24 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2009-10-24 16:52 . 2009-10-24 16:52 -------- d-----w- c:\programmi\File comuni\HP
2009-10-24 16:52 . 2009-10-24 16:52 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2009-10-21 10:40 . 2009-10-21 10:40 45056 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2009-10-21 10:40 . 2009-10-21 10:40 -------- d-----w- c:\programmi\DevalVR
2009-10-21 10:39 . 2009-10-21 10:39 -------- d-----w- c:\programmi\ebstudio
2009-10-15 17:04 . 2009-07-14 20:09 -------- d-----w- c:\programmi\Pidgin
2009-10-15 17:04 . 2009-07-09 15:13 -------- d-----w- c:\programmi\Google
.

------- Sigcheck -------

[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\winlogon.exe
[-] 2004-08-19 . E6F62282EBAA63BA07FA2DC7198B8D0D . 544256 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\SevenMizer\old\winlogon.exe
[-] 2004-08-19 . E6F62282EBAA63BA07FA2DC7198B8D0D . 544256 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-09-10 . 850D073F0DD849DCE1AAAFC8BBD5EF1E . 519168 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\comctl32.dll
[7] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-19 . 6578BBDA4D044987C5D97F9793C1264C . 718848 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\SevenMizer\old\comctl32.dll
[-] 2004-08-19 . 6578BBDA4D044987C5D97F9793C1264C . 718848 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2002-09-10 . 64CEF7598D2C8F8C5086E305E9F85376 . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2009-01-16 . 0FB585ED87F8D0B0F19934EE1D733B24 . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\5b5f143c22f375dd64ae57a8d7c3e271\SP2GDR\mshtml.dll
[-] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\5b5f143c22f375dd64ae57a8d7c3e271\SP2QFE\mshtml.dll
[-] 2008-12-12 . 2F6A0AC99E7B9C537ACB7ED7C45C1A8B . 3081216 . . [6.00.2900.3492] . . c:\windows\ie7\mshtml.dll
[-] 2008-12-12 . 2F6A0AC99E7B9C537ACB7ED7C45C1A8B . 3081216 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\23afba64e3951090dd86708ce5a207b9\SP2GDR\mshtml.dll
[-] 2008-12-12 . 0FBB1E97F6F5CC45BDF897E076EBA31C . 3088384 . . [6.00.2900.3492] . . c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[-] 2008-12-12 . 0FBB1E97F6F5CC45BDF897E076EBA31C . 3088384 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\23afba64e3951090dd86708ce5a207b9\SP2QFE\mshtml.dll
[-] 2008-12-12 . 46E1D684E24EFE0EFCCD4D7D85FD4FC2 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . 46E1D684E24EFE0EFCCD4D7D85FD4FC2 . 3088896 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\23afba64e3951090dd86708ce5a207b9\SP3QFE\mshtml.dll
[-] 2008-12-12 . 88C1FE139BF3B61F521248F3ABCAA2D7 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-12-12 . 88C1FE139BF3B61F521248F3ABCAA2D7 . 3088896 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\23afba64e3951090dd86708ce5a207b9\SP3GDR\mshtml.dll
[-] 2008-10-16 . 09A8DFEE7EE15596FE69C9B808EC3FAD . 3080704 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2GDR\mshtml.dll
[-] 2008-10-16 . 7451CA579F6EE11093599D6F865D8585 . 3088384 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[-] 2008-10-16 . 7451CA579F6EE11093599D6F865D8585 . 3088384 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2QFE\mshtml.dll
[-] 2008-10-16 . 1100FFE5E67742680E220C8CAA14E73F . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . 1100FFE5E67742680E220C8CAA14E73F . 3088896 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3QFE\mshtml.dll
[-] 2008-10-16 . 8E1A6201CE2DA602CB90121144E18325 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-10-16 . 8E1A6201CE2DA602CB90121144E18325 . 3088896 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3GDR\mshtml.dll
[-] 2008-08-27 . BBB7E4E7A8A232AD5B995B8049B56711 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-08-27 . BBB7E4E7A8A232AD5B995B8049B56711 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\f8727cd5296684eef4ad43d8a045b694\SP2GDR\mshtml.dll
[-] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\f8727cd5296684eef4ad43d8a045b694\SP2QFE\mshtml.dll
[7] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2005-03-09 . 3B2C465B668C9990CDC968B224FE5AEB . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2004-09-29 . 748846DAF3ED3D991C39979DDDFE3810 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[-] 2004-08-19 . 130C2DC54915E9DF51D1641613BD48F1 . 3396096 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\SevenMizer\old\mshtml.dll
[-] 2004-08-19 . 130C2DC54915E9DF51D1641613BD48F1 . 3396096 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2002-09-10 . 8844B7FA09A9B3B1CF51EAD991D4AA78 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . DA01088AD01BF30A0AEBB62F99E04BC7 . 2184064 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2GDR\ntoskrnl.exe
[-] 2008-08-14 . 943548E50AB0443F1B1EC5F2C2867FCD . 2189696 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 943548E50AB0443F1B1EC5F2C2867FCD . 2189696 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3GDR\ntoskrnl.exe
[7] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-19 . 922E8D8C8C2466521BCB8D934F340744 . 2362496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2004-08-19 . 4591CF1F202181113DE2996E79A2905A . 2184704 . . [5.1.2600.2180] . . c:\windows\SevenMizer\old\ntoskrnl.exe
[-] 2004-08-19 . 922E8D8C8C2466521BCB8D934F340744 . 2362496 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[-] 2002-09-10 . 5C9903714483776B7764F2622961FA27 . 2045824 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\5b5f143c22f375dd64ae57a8d7c3e271\SP2QFE\wininet.dll
[-] 2008-12-20 . EF1520F95DD25F48C18502005F5EE995 . 826368 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\5b5f143c22f375dd64ae57a8d7c3e271\SP2GDR\wininet.dll
[-] 2008-10-16 . E746691A67C9349FFFF1BEF192FEE628 . 662016 . . [6.00.2900.3462] . . c:\windows\ie7\wininet.dll
[-] 2008-10-16 . E746691A67C9349FFFF1BEF192FEE628 . 662016 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2GDR\wininet.dll
[-] 2008-10-16 . 83BB1A4E231572574F0EF097C3B83BBA . 670208 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 . 83BB1A4E231572574F0EF097C3B83BBA . 670208 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2QFE\wininet.dll
[-] 2008-10-16 . BF40401A6E416E9E1CB9DDAEC7C319D4 . 669696 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . BF40401A6E416E9E1CB9DDAEC7C319D4 . 669696 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3QFE\wininet.dll
[-] 2008-10-16 . 98CB139F777B4A3101DB3642BFFFEB23 . 668672 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 . 98CB139F777B4A3101DB3642BFFFEB23 . 668672 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3GDR\wininet.dll
[-] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\f8727cd5296684eef4ad43d8a045b694\SP2QFE\wininet.dll
[-] 2008-08-26 . D590241CADEC69A1BC157DC0452C92D1 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-08-26 . D590241CADEC69A1BC157DC0452C92D1 . 826368 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\f8727cd5296684eef4ad43d8a045b694\SP2GDR\wininet.dll
[7] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2005-03-10 . C3BCD4313F62F6F22F06899FEC77D725 . 660480 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2004-09-29 . 5E44C65A8FDF34E023467B13C0305196 . 659456 . . [6.00.2900.2518] . . c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2004-08-19 . 2254F7D03D671C5D302ED0CA06811225 . 803840 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\SevenMizer\old\wininet.dll
[-] 2004-08-19 . 2254F7D03D671C5D302ED0CA06811225 . 803840 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2002-09-10 . DBAE94EEBE605EF96BDF0E73C260680E . 601600 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\explorer.exe
[-] 2004-08-19 . 88619BD00C86BCE2C1C1AD25BDCECBAB . 1560064 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-19 . 88619BD00C86BCE2C1C1AD25BDCECBAB . 1560064 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\SevenMizer\old\explorer.exe
[-] 2002-09-10 . BC97108A40677FCA4CB77D857D1A0819 . 1006592 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ctfmon.exe
[-] 2004-08-19 . 40DE117B6CCFC031D2DC8B73D82020CF . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\SevenMizer\old\ctfmon.exe
[-] 2004-08-19 . 40DE117B6CCFC031D2DC8B73D82020CF . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-09-10 . 177476265AD4FBFD151A27F74B8DA42F . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4220D4263C7D56A5C2EF425C36EEB8A7 . 2061440 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2GDR\ntkrnlpa.exe
[-] 2008-08-14 . B3D66020C1667D33C3429869B191BB13 . 2066688 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . B3D66020C1667D33C3429869B191BB13 . 2066688 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3GDR\ntkrnlpa.exe
[7] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-19 . 0FF10E541F675A332163C3E37D8DEBAC . 2238336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2004-08-19 . 4DC3A3626B02C39AA69AAE6F64BFBC2D . 2060544 . . [5.1.2600.2180] . . c:\windows\SevenMizer\old\ntkrnlpa.exe
[-] 2004-08-19 . 0FF10E541F675A332163C3E37D8DEBAC . 2238336 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[-] 2002-09-10 . BEF043D997D522C12AD79E7BF7B60D6B . 1951488 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"acerWireless"="c:\programmi\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"PRONoMgr.exe"="c:\programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 86016]
"LManager"="c:\programmi\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392]
"PCMService"="c:\programmi\Aspire Arcade\PCMService.exe" [2004-03-25 81920]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2007-09-24 921600]
"hpqSRMon"="c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 25088]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 14:48 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\\setup\\hpznui01.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8.43.30 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8.43.28 74480]
R1 SMBHC;Driver del controller host del bus di gestione sistema Microsoft;c:\windows\system32\drivers\smbhc.sys [17/08/2001 22.57.56 6784]
R3 SMBBATT;Driver di Microsoft Smart Battery;c:\windows\system32\drivers\smbbatt.sys [29/08/2002 2.09.02 16128]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21.22.06 34064]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8.43.30 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Scansione supplementare -------
.
LSP: c:\windows\system32\imon.dll
TCP: {0460488A-10BD-45D7-A28E-DE47F5FECB42} = 192.168.5.200,192.168.5.50
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\svo5kkn9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT556636&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - RadioItalia Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\svo5kkn9.default\extensions\{0aaeaede-aefd-4672-a764-5c5c037612a2}\components\FFExternalAlert.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 16:39
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LgNotify.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\CRYPT32.dll
c:\windows\system32\MSASN1.dll
c:\windows\System32\cscui.dll
c:\windows\System32\mshtml.dll
c:\windows\System32\shdoclc.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Ora fine scansione: 2009-12-11 16:43:43
ComboFix-quarantined-files.txt 2009-12-11 15:43
ComboFix2.txt 2009-12-08 22:43

Pre-Run: 8.831.266.816 byte disponibili
Post-Run: 8.807.452.672 byte disponibili

- - End Of File - - B56BF430643120698446CEE294141C76



E ORA???
Torna in alto
 
shapiro
Inviato: Saturday, December 12, 2009 10:06:33 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
lacasinista

dovresti togliere uno dei due antivirus, scegli tra il tuo nod 32 e avg, due rallentano il sistema e creano conflitto

hai scaricato il service pack 3 ? installalo al piu' presto

fai un po' di pulizia con ccleaner e controlla che sia tutto a posto

dimmi se riscontri ancora problemi e postami un log di hjt aggiornato
Torna in alto
 
lacasinista
Inviato: Saturday, December 12, 2009 11:48:16 AM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43

O.O ma...come faccio a togliere avg?IO non mi sono neanche accorta che fosse inserito... O.O

Voglio usare il nod perchè l'ho testato con eicar e ha funzionato...

help
Torna in alto
 
shapiro
Inviato: Saturday, December 12, 2009 11:52:54 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
O.O ma...come faccio a togliere avg?


prova a disinstallarlo da pannello di controllo
Torna in alto
 
lacasinista
Inviato: Saturday, December 12, 2009 12:51:33 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
ma in programmi non c'è avg!!! sono andata su pannello di controllo cambia rimuovi programmi ma non c'è
Torna in alto
 
shapiro
Inviato: Saturday, December 12, 2009 12:56:23 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
strano, nell'ultimo rapporto di combofix lo dava

puoi postarmi un log di hjt? ;)
Torna in alto
 
lacasinista
Inviato: Saturday, December 12, 2009 3:01:36 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
Brick wall ecco d'oh!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.00.56, on 12/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\acer\Wireless\Utility\WlanUtil.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Aspire Arcade\PCMService.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM303_STI.EXE
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trillian\trillian.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programmi\WOT\WOT.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programmi\WOT\WOT.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [acerWireless] C:\Programmi\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [hpqSRMon] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{0460488A-10BD-45D7-A28E-DE47F5FECB42}: NameServer = 192.168.5.200,192.168.5.50
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = aqp.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{0460488A-10BD-45D7-A28E-DE47F5FECB42}: NameServer = 192.168.5.200,192.168.5.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = aqp.it
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programmi\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Amministrazione di IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Pubblicazione sul Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)

--
End of file - 7942 bytes
Torna in alto
 
shapiro
Inviato: Saturday, December 12, 2009 5:56:05 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
visualizza i file nascosti

Tasto destro su Start–>Esplora–>Menù Strumenti–>Opzioni Cartella–>Visualizzazione
-Metti la spunta a ‘Visualizza tutti i files’ o “Visualizza cartelle e files nascosti
-Togli la spunta a ‘Non visualizzare cartelle e files di sistema’ o “Nascondi i files protetti di sistema”
controlla se nel pc hai questo file, anche se hjt me lo segnala come missing

C:\WINDOWS\system32\inetsrv\inetinfo.exe


vedi se lo trovi

http://www.processlibrary.com/it/directory/files/inetinfo/22495
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: 1 2 [3]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » ciao!IL MIO LOG HIJACK ...SOSPETTO PRESENZA VIRUS


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.