Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi controllate il log? Opzioni
r16
Inviato: Saturday, February 20, 2010 4:29:17 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Come antivirus, io preferisco questo: (parere personale)
Avira:
http://www.aiutamici.com/software?ID=10908

Lo configuri esattamente come in questa guida, in formato PDF:

http://www.zeusnews.it/zz_upload/PSV/Guida%20completa%20di%20%20AVIRA%20Antivir%209.pdf

Le voci indicate nella prima immagine a pagina 11 della Guida, spuntale tutte (nell'immagine non lo sono).

Poi, io, (sempre parere personale) disistallerei Comodo (completamente) e installerei un firewall più leggero, e meno rognoso da configurare, ma abbastanza valido:
http://www.aiutamici.com/software?ID=80361
Vedi tu.....i miei, sono pareri, chi deve decidere poi, sei tu.

Dimenticavo:
Elimina queste cartelle in rosso:
C:\AVGTemp
c:\programmi\ESET

stimpli
Inviato: Saturday, February 20, 2010 7:40:48 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Controordine. Sono stato lontano dal pc per quasi un'ora, poi quando sono tornato non navigava anche se connesso. Mi dice "impossibile visualizzare la pagina". Più tentativi, poi ho messo "ripristina" sull'icona di connessione in basso ed è ripartito.
r16
Inviato: Saturday, February 20, 2010 8:40:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Devi rifarmi una scansione con Combofix, per vedere se alcune chiavi si sono rigenerate.
Comunque, non credo si tratti di virus.
Da quello che ho capito, ti cade la connessione.
stimpli
Inviato: Saturday, February 20, 2010 10:23:41 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Ho un portatile connesso wifi con il modem di alice che non mi dà mai problemi mentre il fisso collegato via ethernet sì. Per questo non riesco a capire da cosa dipenda, magari dalla scheda di rete di rete, non lo so. Ora eseguo il combofix e posto il log.
stimpli
Inviato: Saturday, February 20, 2010 10:45:45 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
ComboFix 10-02-20.03 - Administrator 20/02/2010 22.29.49.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1567 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-01-20 al 2010-02-20 )))))))))))))))))))))))))))))))))))
.

2010-02-20 17:49 . 2009-04-06 10:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-02-20 17:49 . 2009-02-10 15:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-02-20 17:47 . 2009-02-18 16:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-02-20 17:47 . 2010-02-20 17:47 -------- d-----w- c:\programmi\Agnitum
2010-02-20 17:46 . 2010-02-20 17:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2010-02-20 17:27 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-20 17:27 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-20 17:27 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-20 17:27 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-20 17:27 . 2010-02-20 17:27 -------- d-----w- c:\programmi\Avira
2010-02-20 17:27 . 2010-02-20 17:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-02-19 20:41 . 2010-02-19 20:42 -------- dc-h--w- c:\windows\ie8
2010-02-18 13:42 . 2010-02-18 13:42 -------- d-----w- C:\ERDNT
2010-02-18 10:22 . 2007-02-13 15:17 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-02-17 10:15 . 2010-02-17 10:16 -------- d-----w- c:\programmi\Motive
2010-02-16 09:15 . 2010-02-16 09:15 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Motive
2010-02-03 17:36 . 2010-02-17 10:17 -------- d-----w- c:\windows\Motive
2010-02-03 17:36 . 2010-02-17 10:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2010-02-03 17:36 . 2010-02-03 17:36 -------- d-----w- c:\programmi\File comuni\Motive
2010-02-03 17:36 . 2010-02-03 17:36 -------- d-----w- c:\programmi\Common Files
2010-02-03 17:35 . 2010-02-17 10:17 -------- d-----w- c:\programmi\Alice ti aiuta
2010-02-03 17:35 . 2002-10-17 19:44 46352 ----a-w- c:\windows\setdebug.exe
2010-02-03 17:35 . 2002-10-17 19:44 171280 ----a-w- c:\windows\system32\jit.dll
2010-02-03 17:35 . 2002-10-17 19:44 139536 ----a-w- c:\windows\system32\javaee.dll
2010-02-03 17:35 . 2002-10-17 18:08 6550 ----a-w- c:\windows\jautoexp.dat
2010-02-03 17:35 . 2002-10-17 18:07 313856 ----a-w- c:\windows\system32\dx3j.dll
2010-02-03 17:32 . 2010-02-03 17:47 -------- d-----w- c:\programmi\Telecom Italia
2010-02-02 20:10 . 2005-08-25 16:48 27136 ----a-w- c:\windows\system32\GsiDi32.dll
2010-01-29 22:10 . 2010-01-29 22:10 -------- d-----w- c:\programmi\File comuni\DirectX
2010-01-29 21:52 . 2010-01-29 22:09 -------- d-----w- c:\programmi\Microsoft Games for Windows - LIVE
2010-01-29 21:26 . 2010-01-30 14:42 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Rockstar Games
2010-01-29 21:25 . 2010-01-31 09:17 -------- d-----w- c:\programmi\Rockstar Games
2010-01-27 19:31 . 2010-01-27 19:31 -------- d-----w- c:\programmi\EA GAMES
2010-01-26 21:45 . 2010-01-26 21:45 -------- d-----w- C:\found.000
2010-01-25 14:44 . 2010-01-25 14:44 -------- d-sh--w- c:\windows\ftpcache
2010-01-22 16:33 . 2010-02-18 11:58 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\KeePass
2010-01-22 16:30 . 2010-01-22 16:30 -------- d-----w- c:\programmi\KeePass Password Safe 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 18:34 . 2009-11-04 16:26 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spider Player
2010-02-20 17:45 . 2009-10-18 12:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-02-20 17:04 . 2009-07-24 13:49 -------- d-----w- c:\programmi\COMODO
2010-02-20 16:47 . 2009-07-24 08:29 71216 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-20 16:43 . 2009-07-24 15:59 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-02-20 16:42 . 2009-07-24 15:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-20 16:24 . 2009-10-14 17:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-02-20 15:04 . 2009-10-14 17:06 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-02-20 14:57 . 2009-07-24 13:47 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-02-19 21:02 . 2010-02-01 18:37 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-19 21:02 . 2009-07-24 16:06 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-19 19:58 . 2009-08-18 17:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-02-18 20:11 . 2009-11-04 15:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-18 14:19 . 2009-07-24 16:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-18 14:16 . 2009-07-24 16:07 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-17 18:34 . 2009-10-18 12:54 -------- d-----w- c:\programmi\uTorrent
2010-02-16 09:11 . 2009-10-14 21:10 1006848 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-02-12 22:10 . 2009-07-24 09:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-12 17:34 . 2009-12-05 18:29 -------- d-----w- c:\programmi\Free Video Converter
2010-02-11 20:02 . 2009-07-24 16:04 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-02-10 13:57 . 2006-03-02 12:00 80382 ----a-w- c:\windows\system32\perfc010.dat
2010-02-10 13:57 . 2006-03-02 12:00 482022 ----a-w- c:\windows\system32\perfh010.dat
2010-02-08 14:52 . 2009-08-03 17:09 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2010-02-06 20:30 . 2009-07-24 13:51 -------- d-----w- c:\programmi\Google
2010-02-03 17:47 . 2009-07-24 07:49 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-03 17:35 . 2010-02-03 17:35 2232 ----a-w- c:\windows\java\Packages\Data\175R5ZFJ.DAT
2010-02-03 17:35 . 2010-02-03 17:35 155995 ----a-w- c:\windows\java\Packages\XJT3L3XR.ZIP
2010-02-03 17:35 . 2010-02-03 17:35 2678 ----a-w- c:\windows\java\Packages\Data\P3D7FFJL.DAT
2010-02-03 17:35 . 2010-02-03 17:35 2678 ----a-w- c:\windows\java\Packages\Data\3F1VBXJ1.DAT
2010-02-03 17:34 . 2010-02-03 17:34 2678 ----a-w- c:\windows\java\Packages\Data\ES86D357.DAT
2010-02-03 17:34 . 2010-02-03 17:34 2678 ----a-w- c:\windows\java\Packages\Data\UE9BH3BB.DAT
2010-02-03 17:34 . 2010-02-03 17:34 2678 ----a-w- c:\windows\java\Packages\Data\5NZJTF97.DAT
2010-01-30 15:48 . 2009-10-15 14:12 -------- d-----w- c:\programmi\eMule
2010-01-27 17:06 . 2010-01-09 17:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Bioshock
2010-01-25 14:33 . 2009-07-24 13:45 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESTsoft
2010-01-22 15:53 . 2009-07-24 13:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Estsoft
2010-01-21 18:28 . 2009-11-28 19:39 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-17 09:27 . 2009-07-25 17:45 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2010-01-15 15:04 . 2009-07-31 14:40 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-14 17:42 . 2010-01-14 17:42 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2010-01-14 10:12 . 2009-10-04 13:05 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-09 17:16 . 2010-01-09 17:16 -------- d-----w- c:\programmi\7-Zip
2010-01-07 15:07 . 2009-07-24 16:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-07-24 16:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 13:21 . 2010-01-06 13:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\GARMIN
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 20:36 . 2009-12-25 20:36 -------- d-----w- c:\programmi\Mp3 Knife
2009-12-24 23:14 . 2009-12-08 13:53 -------- d-----w- c:\programmi\3 Internet
2009-12-18 16:30 . 2009-12-18 16:30 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-12-18 16:30 . 2009-12-18 16:30 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-12-18 16:30 . 2009-12-18 16:30 129784 ------w- c:\windows\system32\pxafs.dll
2009-12-18 16:30 . 2009-12-18 16:30 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-12-18 16:30 . 2009-12-18 16:30 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-12-18 16:30 . 2009-12-18 16:30 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-12-14 07:08 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2006-03-02 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-08-19 15:39 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-30 23:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-03-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-19 15:39 48128 ----a-w- c:\windows\system32\iyuv_32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"OutpostMonitor"="c:\programmi\Agnitum\Outpost Firewall\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43 67488 ----a-w- c:\programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\programmi\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\programmi\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 14:14 147456 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 17:14 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
2008-08-06 10:16 159744 ----a-w- c:\programmi\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-05-16 04:11 648504 ----a-w- c:\programmi\File comuni\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-13 15:32 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-11 16:41 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-02-17 15:09 319280 ----a-w- c:\programmi\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdAgent"=2 (0x2)
"acssrv"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/11/2009 16.06.32 721904]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [20/02/2010 18.49.09 704384]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2009 10.43.28 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 10.43.28 55024]
R2 LinksysUpdater;Linksys Updater;c:\programmi\Linksys\Linksys Updater\bin\LinksysUpdater.exe [26/06/2008 13.52.42 204800]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [03/02/2010 18.47.55 8192]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 18.19.58 13592]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [20/02/2010 18.47.19 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [20/02/2010 18.49.00 257432]
S2 gupdate1ca1aa48ebc7b9a;Servizio di Google Update (gupdate1ca1aa48ebc7b9a);c:\programmi\Google\Update\GoogleUpdate.exe [11/08/2009 17.55.27 133104]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 10.43.30 7408]
S4 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [20/02/2010 18.47.17 1195008]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-11 16:41]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-11 16:54]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-11 16:54]

2010-02-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-02-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\nqv3kvfr.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\Common Files\Motive\npMotive.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
Notify-avgrsstarter - (no file)
MSConfigStartUp-SpybotSD TeaTimer - c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-ESET Online Scanner - c:\programmi\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 22:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spfb.sys hal.dll >>UNKNOWN [0x8A6EC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: NIC Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> NDIS.sys @ 0xf7b3bbd4
PacketIndicateHandler -> NDIS.sys @ 0xf7b29a0d
SendHandler -> NDIS.sys @ 0xf7b3db40
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:98,fc,1a,e4,f5,77,20,50,ee,3e,d0,9a,b7,2f,61,13,a3,2b,f2,b8,c7,17,b2,
2e,84,3f,f3,d0,ad,dd,05,08,61,0c,bb,3f,34,03,5f,06,d9,ff,1c,30,78,10,c4,b8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1409082233-287218729-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:3a,a5,79,0d,cc,13,81,f0,d2,27,8c,b3,8d,98,59,f4,d2,d5,89,3f,06,
4d,ae,ee,af,66,8f,f8,9e,bf,b1,17,42,72,6f,fc,f3,ab,1e,d9,72,95,55,af,b4,76,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3060)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\java.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\programmi\File comuni\Pure Networks Shared\Platform\nmsrvc.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-20 22:42:44 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-20 21:42

Pre-Run: 125.109.739.520 byte disponibili
Post-Run: 124.987.961.344 byte disponibili

- - End Of File - - 92AC9ECC6C0909F0EE02A67411F51399
stimpli
Inviato: Saturday, February 20, 2010 10:51:33 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Ho disintallato comodo firewall, ma mi sembra ancora attivo, come faccio a disabilitarlo del tutto?
r16
Inviato: Saturday, February 20, 2010 10:56:44 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Che bello......nel frattempo ti sei anche preso un rootkit nel MBR.
Vediamo se Combofix lo ha riparato sul serio.
Scarica MBR.EXE direttamente nella Directory C:\ (è importante che venga scaricato in C:\ )
http://www2.gmer.net/mbr/mbr.exe
Avvia il Pc in modalità provvisoria

Fai: Start - Esegui - copia-incolla questo comando: C:\mbr.exe -f e clicca su OK
Non digitare quel comando; FAI il copia-incolla.(si deve rispettare uno spazio che c'è dopo exe )
Posta il log, che troverai, dove hai scaricato il Tool, ovvero in C:\
Comodo con che cosa lo hai disistallato?
stimpli
Inviato: Monday, February 22, 2010 11:30:13 AM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Allora, ricapitolo quello che è successo in questi ultimi due giorni. Stavo iniziando a fare le ultime operazioni che mi avevi chiesto ma tra un riavvio e l'altro non mi sono più potuto connettere: mi è scomparsa la connessione lan e mi dava errore la scheda di rete con il punto esclamativo giallo. Quando ripristinavo mi dava errore dicendo che era impossibile ripristinare perchè non riconosceva il protocollo internet TCP/IP. Ho provato a disintallare il driver della scheda di rete, ma niente. Insomma, era tutto bloccato, la connessione non sono riuscito a ripristinarla. Così ho deciso di formattare.
Finora ho installato soltanto l'antivirus e il firewall che mi hai detto tu. Subito ho notato dei miglioramenti, la connessione è molto più veloce di prima ma dopo un pò ho notato che il difetto di mancata navigazione non è affatto svanito.
Il modem di alice non può essere perchè la connessione con portatile via wifi funziona, (l'ho provato nello stesso momento in cui non andava sul pc fisso). Ho provato anche con un altro router e ho cambiato il cavo ethernet, senza nessun cambiamemento. L'errore è sempre lo stesso, non visualizza le pagine web. Ancora non ho provato ad accendere il torrent. A questo punto mi rimane solo la scheda di rete, o almeno penso.
r16
Inviato: Monday, February 22, 2010 12:48:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prima di pensare alla scheda di rete, fai quella scansione, per vedere se l'MBR (Master Boot Record) è a posto.
Alle volte, se l'MBR, è infetto da rootkit, la formattazione semplice, non basta ad eliminarlo.
La scansione dura pochi secondi.
stimpli
Inviato: Monday, February 22, 2010 7:27:30 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
ecco il log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


comunque è assurdo. mi sono fatto prestare una scheda di rete nuova ma continua a fare i capricci. ho provato simultaneamente a navigare sul fisso e sul portatile. Sul primo non andava, sul secondo sì. Perciò non è neanche un problema di connessione. Ora sta andando, ma chissà per quanto.
r16
Inviato: Monday, February 22, 2010 8:14:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
L'MBR è a posto.
Lo scherzetto, lo ha fatto anche dopo la scansione, con il tooll che ti ho indicato?
Se dopo il format, hai ancora quel problema, bisogna pensare ad un problema hardware.
Se vuoi, prova a postare un nuovo log di Combofix.

stimpli
Inviato: Monday, February 22, 2010 8:26:32 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
ora sembra andare. faccio comunque un combofix
stimpli
Inviato: Sunday, February 28, 2010 11:28:24 AM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Vorrei eseguire combofix, ma quando avvio il programma
mi dice che ha rilevato il seguente scanner in realtime attivo: Antivir Desktop. Eppure l'ho disattivato, sull'icona in basso a destra, e andando
nell'utilità di configurazione ho tolto la spunta ad avira antivir scheduler e avira antivr guard.
Che faccio, proseguo lo stesso, o devo proprio disinstallarlo per eseguire combofix?
r16
Inviato: Sunday, February 28, 2010 2:00:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prosegui lo stesso.
stimpli
Inviato: Monday, March 01, 2010 12:13:57 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
ComboFix 10-02-28.03 - Administrator 01/03/2010 12.03.15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1709 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MCC16.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-02-01 al 2010-03-01 )))))))))))))))))))))))))))))))))))
.

2010-02-27 16:38 . 2010-02-27 16:38 -------- d-----w- c:\programmi\ESET
2010-02-27 11:24 . 2010-02-27 11:24 -------- d-----w- c:\programmi\Innovative Solutions
2010-02-27 10:48 . 2010-02-27 10:48 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Foxit Software
2010-02-27 10:35 . 2010-02-27 10:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2010-02-27 10:35 . 2010-02-27 10:35 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Innovative Solutions
2010-02-27 09:23 . 2010-02-27 17:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\AIMP
2010-02-27 09:23 . 2010-02-27 09:23 -------- d-----w- c:\programmi\AIMP2
2010-02-26 18:19 . 2007-02-13 15:17 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-02-26 16:48 . 2010-02-26 16:48 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\KeePass
2010-02-26 16:34 . 2010-02-26 16:34 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-26 16:34 . 2010-02-28 10:33 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-26 16:33 . 2010-02-26 16:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-02-26 16:12 . 2010-02-26 16:12 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-02-26 16:12 . 2010-02-26 16:12 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2010-02-26 16:12 . 2010-02-26 16:12 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-02-26 11:39 . 2002-08-29 18:00 1703936 ----a-w- c:\windows\system32\gdiplus.dll
2010-02-26 11:39 . 2010-02-26 11:40 -------- d-----w- c:\programmi\PIXresizer
2010-02-26 11:39 . 2000-05-01 22:02 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2010-02-26 10:30 . 2010-02-28 16:19 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-02-26 10:30 . 2010-02-26 10:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-26 10:29 . 2010-02-28 16:27 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-02-26 10:29 . 2010-02-26 10:29 -------- d-----w- c:\programmi\File comuni\Skype
2010-02-26 10:29 . 2010-02-26 10:29 -------- d-----r- c:\programmi\Skype
2010-02-26 10:29 . 2010-02-26 10:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-02-26 10:24 . 2010-02-26 10:24 -------- d-----w- c:\windows\Sun
2010-02-26 09:58 . 2010-02-26 09:58 -------- d-----w- c:\programmi\MSECache
2010-02-26 09:41 . 2010-02-28 21:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\BitTorrent
2010-02-26 09:41 . 2010-02-26 09:41 -------- d-----w- c:\programmi\BitTorrent
2010-02-23 21:42 . 2010-02-23 21:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-23 21:41 . 2004-08-19 14:39 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-02-23 21:30 . 2006-12-08 11:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-02-23 21:30 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-23 21:30 . 2006-11-15 10:38 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-02-23 21:30 . 2006-09-28 15:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2010-02-23 21:30 . 2006-09-28 15:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2010-02-23 21:30 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-02-23 21:30 . 2006-07-28 08:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-02-23 21:18 . 2010-02-23 21:18 -------- d-----w- c:\programmi\Alcohol Soft
2010-02-23 19:45 . 2010-02-23 19:45 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-02-23 19:45 . 2010-02-23 19:45 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-23 19:43 . 2010-02-23 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-23 19:35 . 2010-02-24 21:45 -------- d-----w- c:\windows\ie8updates
2010-02-23 19:31 . 2010-02-23 19:34 -------- dc-h--w- c:\windows\ie8
2010-02-23 19:31 . 2010-02-23 19:33 -------- d-----w- c:\windows\system32\it-IT
2010-02-23 19:28 . 2010-02-23 19:28 -------- d-----w- c:\programmi\KeePass Password Safe 2
2010-02-22 21:04 . 2010-02-22 21:04 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-22 21:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-22 21:04 . 2010-02-22 21:04 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-22 21:04 . 2010-02-22 21:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-22 21:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-22 20:20 . 2010-02-27 08:57 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2010-02-22 20:12 . 2010-02-22 20:12 -------- d-----w- c:\windows\SHELLNEW
2010-02-22 20:09 . 2010-02-22 20:09 -------- d-----w- c:\programmi\Microsoft Works
2010-02-22 20:09 . 2010-02-22 20:09 -------- d-----w- c:\programmi\Microsoft.NET
2010-02-22 20:07 . 2010-02-22 20:07 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-02-22 20:07 . 2010-02-22 20:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-22 20:07 . 2010-02-22 20:07 -------- d-----r- C:\MSOCache
2010-02-22 19:49 . 2010-02-22 19:49 6868368 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip7_52.exe
2010-02-22 19:49 . 2010-02-22 19:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Estsoft
2010-02-22 19:48 . 2010-02-23 20:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-22 19:48 . 2010-02-22 19:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-02-22 19:48 . 2010-02-26 11:40 -------- d-----w- c:\programmi\QT Lite
2010-02-22 19:40 . 2010-02-22 19:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESTsoft
2010-02-22 19:40 . 2010-02-22 19:40 -------- d-----w- c:\programmi\ESTsoft
2010-02-22 19:37 . 2010-02-22 19:37 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-717b275f-n\msvcp71.dll
2010-02-22 19:37 . 2010-02-22 19:37 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-717b275f-n\jmc.dll
2010-02-22 19:37 . 2010-02-22 19:37 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-717b275f-n\msvcr71.dll
2010-02-22 19:37 . 2010-02-22 19:37 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32dde739-n\decora-sse.dll
2010-02-22 19:37 . 2010-02-22 19:37 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32dde739-n\decora-d3d.dll
2010-02-22 18:07 . 2010-02-22 18:07 77312 ----a-w- C:\mbr.exe
2010-02-22 15:02 . 2010-02-22 15:02 -------- d-----w- c:\programmi\MSXML 6.0
2010-02-22 14:36 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-22 14:36 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-22 14:36 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-22 14:36 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-22 14:36 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-22 14:36 . 2009-12-21 19:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-22 14:36 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-22 14:32 . 2004-08-30 20:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-22 14:27 . 2010-02-22 14:27 -------- d-----w- c:\windows\ServicePackFiles
2010-02-22 14:04 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-22 14:04 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-02-22 14:03 . 2009-12-09 10:25 2061440 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-22 14:03 . 2009-12-09 10:24 2139648 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-22 14:03 . 2009-12-09 10:25 2184064 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-22 14:03 . 2009-12-09 10:24 2019328 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-22 13:49 . 2009-01-07 17:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-02-22 13:49 . 2010-02-28 11:56 -------- d--h--w- c:\windows\$hf_mig$
2010-02-22 13:13 . 2010-02-22 13:13 -------- d-----w- c:\programmi\CCleaner
2010-02-21 21:39 . 2004-08-03 22:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-21 21:28 . 2010-02-22 18:35 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-21 21:28 . 2010-02-21 21:28 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org
2010-02-21 21:27 . 2010-02-22 20:24 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-02-21 21:27 . 2010-02-21 21:27 -------- d-----w- c:\programmi\File comuni\Java
2010-02-21 21:27 . 2010-02-21 21:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-21 21:26 . 2010-02-21 21:26 -------- d-----w- c:\programmi\Java
2010-02-21 21:02 . 2003-08-05 13:23 266240 ----a-w- c:\windows\CMIUninstall.exe
2010-02-21 21:02 . 2010-02-21 21:02 -------- d-----w- c:\programmi\C-Media 3D Audio
2010-02-21 21:02 . 2003-07-22 10:15 225280 ----a-w- c:\windows\CmiRmRedundDir.exe
2010-02-21 21:02 . 2002-10-18 14:56 28672 ----a-w- c:\windows\CMIRmDriver.dll
2010-02-21 21:01 . 2000-03-29 14:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-02-21 20:46 . 2010-02-27 18:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spider Player
2010-02-21 20:44 . 2010-02-28 09:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-02-21 20:43 . 2010-02-21 20:43 -------- d-----w- c:\programmi\VideoLAN
2010-02-21 19:56 . 2010-02-21 19:56 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-02-21 19:51 . 2010-02-21 19:51 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-02-21 19:50 . 2010-02-23 19:44 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google
2010-02-21 19:50 . 2010-02-22 20:30 -------- d-----w- c:\programmi\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 10:02 . 2010-02-28 10:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2010-02-28 10:02 . 2010-02-28 10:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Canneverbe Limited
2010-02-28 10:01 . 2010-02-28 10:01 -------- d-----w- c:\programmi\CDBurnerXP
2010-02-26 18:19 . 2010-02-21 18:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2010-02-24 17:48 . 2004-08-30 20:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-02-24 17:48 . 2004-08-30 20:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-02-23 21:42 . 2010-02-23 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-23 21:42 . 2010-02-23 21:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-23 21:29 . 2010-02-23 21:29 -------- d-----w- c:\programmi\KONAMI
2010-02-23 21:29 . 2010-02-23 21:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\KONAMI
2010-02-22 20:57 . 2010-02-21 18:09 28568 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-22 16:42 . 2003-08-13 14:27 65280 ----a-w- c:\windows\system32\drivers\Rtlnic51.sys
2010-02-22 15:04 . 2010-02-22 15:04 -------- d-----w- c:\programmi\MSBuild
2010-02-22 15:04 . 2010-02-22 15:04 -------- d-----w- c:\programmi\Reference Assemblies
2010-02-21 21:06 . 2010-02-21 18:07 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-21 21:06 . 2010-02-21 18:06 -------- d-----w- c:\programmi\Telecom Italia
2010-02-21 20:49 . 2010-02-21 17:51 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-21 18:58 . 2010-02-21 18:58 -------- d-----w- c:\programmi\Avira
2010-02-21 18:58 . 2010-02-21 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-02-21 18:55 . 2010-02-21 18:55 0 ----a-w- c:\windows\nsreg.dat
2010-02-21 18:54 . 2010-02-21 18:54 -------- d-----w- c:\programmi\Foxit Software
2010-02-21 18:54 . 2010-02-21 18:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Foxit
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ATI
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ATI
2010-02-21 18:41 . 2010-02-21 18:41 10134 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{F4B265CB-59BF-CCB2-F606-B8D16EE2D8ED}\ARPPRODUCTICON.exe
2010-02-21 18:40 . 2010-02-21 18:40 10134 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{252E8DB0-E036-1BFD-D1BA-0434C3B66B41}\ARPPRODUCTICON.exe
2010-02-21 18:40 . 2010-02-21 18:06 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-02-21 18:39 . 2010-02-21 18:39 9158 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{5399ACAF-7B15-43D5-9233-4E797B184FD2}\ARPPRODUCTICON.exe
2010-02-21 18:39 . 2010-02-21 18:39 -------- d-----w- c:\programmi\File comuni\ATI Technologies
2010-02-21 18:07 . 2010-02-21 18:07 -------- d-----w- c:\programmi\File comuni\Motive
2010-02-21 18:07 . 2010-02-21 18:07 -------- d-----w- c:\programmi\Common Files
2010-02-21 18:07 . 2010-02-21 18:07 2232 ----a-w- c:\windows\java\Packages\Data\FVRFTVJ3.DAT
2010-02-21 18:07 . 2010-02-21 18:07 155995 ----a-w- c:\windows\java\Packages\FN73XRZ3.ZIP
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\DBVZRP7F.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\2RJJ1BRL.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\JNF93BH3.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\FPZBHZNR.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\8DRHVDJ5.DAT
2010-02-21 17:51 . 2010-02-21 17:51 -------- d-----w- c:\programmi\microsoft frontpage
2010-02-21 17:50 . 2010-02-21 17:50 -------- d-----w- c:\programmi\Servizi in linea
2010-02-21 17:48 . 2010-02-21 17:48 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 16:14 . 2004-08-30 20:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2004-08-30 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:58 . 2010-02-21 17:47 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-30 20:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:24 . 2004-08-30 20:00 2139648 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:24 . 2004-08-19 15:34 2019328 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-30 20:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-01-11 12:59 9068960 ----a-w- c:\programmi\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-21 19:50 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10.15.58 66632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/02/2010 20.48.46 691696]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [21/02/2010 20.50.59 135664]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [21/02/2010 22.06.35 8192]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\Administrator\Desktop\Programmi\everestultimate_build_2034\kerneld.wnt --> c:\documents and settings\Administrator\Desktop\Programmi\everestultimate_build_2034\kerneld.wnt [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10.15.58 12872]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-21 19:50]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-21 19:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\rs3k6l1a.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - plugin: c:\programmi\Common Files\Motive\npMotive.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Administrator\Desktop\Programmi\everestultimate_build_2034\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-515967899-776561741-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,5a,c2,9e,5a,be,24,4e,8a,5c,39,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,5a,c2,9e,5a,be,24,4e,8a,5c,39,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-03-01 12:08:38
ComboFix-quarantined-files.txt 2010-03-01 11:08

Pre-Run: 171.064.246.272 byte disponibili
Post-Run: 171.104.583.680 byte disponibili

- - End Of File - - A5DDE0B52B94C9FE75CCD076DB70622A
r16
Inviato: Monday, March 01, 2010 9:29:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::
Folder::
c:\programmi\ESET

RegLock::
[HKEY_USERS\S-1-5-21-515967899-776561741-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
stimpli
Inviato: Tuesday, March 02, 2010 9:48:43 AM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
ComboFix 10-02-28.03 - Administrator 02/03/2010 9.37.10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1717 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\ESET
c:\programmi\ESET\ESET Online Scanner\esets_apiA.dll
c:\programmi\ESET\ESET Online Scanner\esets_apiW.dll
c:\programmi\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\programmi\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\programmi\ESET\ESET Online Scanner\log.txt
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod10C2.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod1EB8.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod2195.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod3CD5.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod3F6B.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod4B25.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod4BFF.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod4E41.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod597C.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod5AE1.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod5BDD.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod6260.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod67F5.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod6B4E.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod70BA.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod7161.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\programmi\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\programmi\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\programmi\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\programmi\ESET\ESET Online Scanner\OnlineScanner.inf
c:\programmi\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\programmi\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\programmi\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\programmi\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\programmi\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\programmi\ESET\ESET Online Scanner\unicows.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-02-02 al 2010-03-02 )))))))))))))))))))))))))))))))))))
.

2010-03-01 11:59 . 2004-08-03 22:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2010-03-01 11:59 . 2004-08-03 22:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-02-28 10:02 . 2010-02-28 10:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2010-02-28 10:02 . 2010-02-28 10:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Canneverbe Limited
2010-02-28 10:01 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-02-28 10:01 . 2010-02-28 10:01 -------- d-----w- c:\programmi\CDBurnerXP
2010-02-27 11:24 . 2010-02-27 11:24 -------- d-----w- c:\programmi\Innovative Solutions
2010-02-27 10:48 . 2010-02-27 10:48 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Foxit Software
2010-02-27 10:35 . 2010-02-27 10:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2010-02-27 10:35 . 2010-02-27 10:35 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Innovative Solutions
2010-02-27 09:23 . 2010-03-01 16:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\AIMP
2010-02-27 09:23 . 2010-02-27 09:23 -------- d-----w- c:\programmi\AIMP2
2010-02-26 18:19 . 2007-02-13 15:17 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-02-26 16:48 . 2010-03-01 17:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\KeePass
2010-02-26 16:34 . 2010-02-26 16:34 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-26 16:34 . 2010-02-28 10:33 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-26 16:33 . 2010-02-26 16:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-02-26 16:12 . 2010-02-26 16:12 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-02-26 16:12 . 2010-02-26 16:12 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2010-02-26 16:12 . 2010-02-26 16:12 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-02-26 11:39 . 2002-08-29 18:00 1703936 ----a-w- c:\windows\system32\gdiplus.dll
2010-02-26 11:39 . 2010-02-26 11:40 -------- d-----w- c:\programmi\PIXresizer
2010-02-26 11:39 . 2000-05-01 22:02 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2010-02-26 10:30 . 2010-03-01 15:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-02-26 10:30 . 2010-02-26 10:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-26 10:29 . 2010-03-01 16:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-02-26 10:29 . 2010-02-26 10:29 -------- d-----w- c:\programmi\File comuni\Skype
2010-02-26 10:29 . 2010-02-26 10:29 -------- d-----r- c:\programmi\Skype
2010-02-26 10:29 . 2010-02-26 10:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-02-26 10:24 . 2010-02-26 10:24 -------- d-----w- c:\windows\Sun
2010-02-26 09:58 . 2010-02-26 09:58 -------- d-----w- c:\programmi\MSECache
2010-02-26 09:41 . 2010-03-01 14:59 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\BitTorrent
2010-02-26 09:41 . 2010-02-26 09:41 -------- d-----w- c:\programmi\BitTorrent
2010-02-23 21:42 . 2010-02-23 21:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-23 21:41 . 2004-08-19 14:39 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-02-23 21:30 . 2006-12-08 11:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-02-23 21:30 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-23 21:30 . 2006-11-15 10:38 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-02-23 21:30 . 2006-09-28 15:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2010-02-23 21:30 . 2006-09-28 15:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2010-02-23 21:30 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-02-23 21:30 . 2006-07-28 08:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-02-23 21:18 . 2010-02-23 21:18 -------- d-----w- c:\programmi\Alcohol Soft
2010-02-23 19:45 . 2010-02-23 19:45 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-02-23 19:45 . 2010-02-23 19:45 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-23 19:43 . 2010-02-23 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-23 19:35 . 2010-02-24 21:45 -------- d-----w- c:\windows\ie8updates
2010-02-23 19:31 . 2010-02-23 19:34 -------- dc-h--w- c:\windows\ie8
2010-02-23 19:31 . 2010-02-23 19:33 -------- d-----w- c:\windows\system32\it-IT
2010-02-23 19:28 . 2010-02-23 19:28 -------- d-----w- c:\programmi\KeePass Password Safe 2
2010-02-22 21:04 . 2010-02-22 21:04 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-22 21:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-22 21:04 . 2010-02-22 21:04 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-22 21:04 . 2010-02-22 21:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-22 21:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-22 20:20 . 2010-02-27 08:57 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2010-02-22 20:12 . 2010-02-22 20:12 -------- d-----w- c:\windows\SHELLNEW
2010-02-22 20:09 . 2010-02-22 20:09 -------- d-----w- c:\programmi\Microsoft Works
2010-02-22 20:09 . 2010-02-22 20:09 -------- d-----w- c:\programmi\Microsoft.NET
2010-02-22 20:07 . 2010-02-22 20:07 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-02-22 20:07 . 2010-02-22 20:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-22 20:07 . 2010-02-22 20:07 -------- d-----r- C:\MSOCache
2010-02-22 19:49 . 2010-02-22 19:49 6868368 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip7_52.exe
2010-02-22 19:49 . 2010-02-22 19:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Estsoft
2010-02-22 19:48 . 2010-02-23 20:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-22 19:48 . 2010-02-22 19:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-02-22 19:48 . 2010-02-26 11:40 -------- d-----w- c:\programmi\QT Lite
2010-02-22 19:40 . 2010-02-22 19:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESTsoft
2010-02-22 19:40 . 2010-02-22 19:40 -------- d-----w- c:\programmi\ESTsoft
2010-02-22 19:37 . 2010-02-22 19:37 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-717b275f-n\msvcp71.dll
2010-02-22 19:37 . 2010-02-22 19:37 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-717b275f-n\jmc.dll
2010-02-22 19:37 . 2010-02-22 19:37 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-717b275f-n\msvcr71.dll
2010-02-22 19:37 . 2010-02-22 19:37 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32dde739-n\decora-sse.dll
2010-02-22 19:37 . 2010-02-22 19:37 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32dde739-n\decora-d3d.dll
2010-02-22 18:07 . 2010-02-22 18:07 77312 ----a-w- C:\mbr.exe
2010-02-22 15:02 . 2010-02-22 15:02 -------- d-----w- c:\programmi\MSXML 6.0
2010-02-22 14:36 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-22 14:36 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-22 14:36 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-22 14:36 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-22 14:36 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-22 14:36 . 2009-12-21 19:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-22 14:36 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-22 14:32 . 2004-08-30 20:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-22 14:27 . 2010-02-22 14:27 -------- d-----w- c:\windows\ServicePackFiles
2010-02-22 14:04 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-22 14:04 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-02-22 14:03 . 2009-12-09 10:25 2061440 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-22 14:03 . 2009-12-09 10:24 2139648 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-22 14:03 . 2009-12-09 10:25 2184064 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-22 14:03 . 2009-12-09 10:24 2019328 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-22 13:49 . 2009-01-07 17:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-02-22 13:49 . 2010-02-28 11:56 -------- d--h--w- c:\windows\$hf_mig$
2010-02-22 13:13 . 2010-02-22 13:13 -------- d-----w- c:\programmi\CCleaner
2010-02-21 21:39 . 2004-08-03 22:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-21 21:28 . 2010-02-22 18:35 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-21 21:28 . 2010-02-21 21:28 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org
2010-02-21 21:27 . 2010-02-22 20:24 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-02-21 21:27 . 2010-02-21 21:27 -------- d-----w- c:\programmi\File comuni\Java
2010-02-21 21:27 . 2010-02-21 21:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-21 21:26 . 2010-02-21 21:26 -------- d-----w- c:\programmi\Java
2010-02-21 21:02 . 2003-08-05 13:23 266240 ----a-w- c:\windows\CMIUninstall.exe
2010-02-21 21:02 . 2010-02-21 21:02 -------- d-----w- c:\programmi\C-Media 3D Audio
2010-02-21 21:02 . 2003-07-22 10:15 225280 ----a-w- c:\windows\CmiRmRedundDir.exe
2010-02-21 21:02 . 2002-10-18 14:56 28672 ----a-w- c:\windows\CMIRmDriver.dll
2010-02-21 21:01 . 2000-03-29 14:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-02-21 20:46 . 2010-02-27 18:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spider Player
2010-02-21 20:44 . 2010-02-28 09:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-02-21 20:43 . 2010-02-21 20:43 -------- d-----w- c:\programmi\VideoLAN
2010-02-21 19:56 . 2010-02-21 19:56 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-02-21 19:51 . 2010-02-21 19:51 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-02-21 19:50 . 2010-02-23 19:44 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google
2010-02-21 19:50 . 2010-02-22 20:30 -------- d-----w- c:\programmi\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 11:59 . 2004-08-30 20:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-03-01 11:59 . 2004-08-30 20:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-02-26 18:19 . 2010-02-21 18:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2010-02-23 21:42 . 2010-02-23 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-23 21:42 . 2010-02-23 21:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-23 21:29 . 2010-02-23 21:29 -------- d-----w- c:\programmi\KONAMI
2010-02-23 21:29 . 2010-02-23 21:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\KONAMI
2010-02-22 20:57 . 2010-02-21 18:09 28568 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-22 16:42 . 2003-08-13 14:27 65280 ----a-w- c:\windows\system32\drivers\Rtlnic51.sys
2010-02-22 15:04 . 2010-02-22 15:04 -------- d-----w- c:\programmi\MSBuild
2010-02-22 15:04 . 2010-02-22 15:04 -------- d-----w- c:\programmi\Reference Assemblies
2010-02-21 21:06 . 2010-02-21 18:07 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-21 21:06 . 2010-02-21 18:06 -------- d-----w- c:\programmi\Telecom Italia
2010-02-21 20:49 . 2010-02-21 17:51 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-21 18:58 . 2010-02-21 18:58 -------- d-----w- c:\programmi\Avira
2010-02-21 18:58 . 2010-02-21 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-02-21 18:55 . 2010-02-21 18:55 0 ----a-w- c:\windows\nsreg.dat
2010-02-21 18:54 . 2010-02-21 18:54 -------- d-----w- c:\programmi\Foxit Software
2010-02-21 18:54 . 2010-02-21 18:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Foxit
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ATI
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ATI
2010-02-21 18:41 . 2010-02-21 18:41 10134 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{F4B265CB-59BF-CCB2-F606-B8D16EE2D8ED}\ARPPRODUCTICON.exe
2010-02-21 18:40 . 2010-02-21 18:40 10134 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{252E8DB0-E036-1BFD-D1BA-0434C3B66B41}\ARPPRODUCTICON.exe
2010-02-21 18:40 . 2010-02-21 18:06 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-02-21 18:39 . 2010-02-21 18:39 9158 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{5399ACAF-7B15-43D5-9233-4E797B184FD2}\ARPPRODUCTICON.exe
2010-02-21 18:39 . 2010-02-21 18:39 -------- d-----w- c:\programmi\File comuni\ATI Technologies
2010-02-21 18:07 . 2010-02-21 18:07 -------- d-----w- c:\programmi\File comuni\Motive
2010-02-21 18:07 . 2010-02-21 18:07 -------- d-----w- c:\programmi\Common Files
2010-02-21 18:07 . 2010-02-21 18:07 2232 ----a-w- c:\windows\java\Packages\Data\FVRFTVJ3.DAT
2010-02-21 18:07 . 2010-02-21 18:07 155995 ----a-w- c:\windows\java\Packages\FN73XRZ3.ZIP
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\DBVZRP7F.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\2RJJ1BRL.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\JNF93BH3.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\FPZBHZNR.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\8DRHVDJ5.DAT
2010-02-21 17:51 . 2010-02-21 17:51 -------- d-----w- c:\programmi\microsoft frontpage
2010-02-21 17:50 . 2010-02-21 17:50 -------- d-----w- c:\programmi\Servizi in linea
2010-02-21 17:48 . 2010-02-21 17:48 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 16:14 . 2004-08-30 20:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2004-08-30 20:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:58 . 2010-02-21 17:47 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-30 20:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:24 . 2004-08-30 20:00 2139648 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:24 . 2004-08-19 15:34 2019328 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-30 20:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-01_11.07.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-02 08:43 . 2010-03-02 08:43 16384 c:\windows\temp\Perflib_Perfdata_618.dat
+ 2004-08-30 20:00 . 2010-03-01 11:59 67312 c:\windows\system32\perfc009.dat
- 2004-08-30 20:00 . 2010-02-24 17:48 67312 c:\windows\system32\perfc009.dat
+ 2010-02-21 20:42 . 2010-03-01 17:25 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2010-02-21 20:42 . 2010-02-21 20:42 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-01 11:58 . 2004-08-19 14:39 28672 c:\windows\system32\irmon.dll
+ 2010-03-01 11:58 . 2004-08-03 22:10 59648 c:\windows\system32\drivers\rfcomm.sys
+ 2010-03-01 11:58 . 2004-08-03 22:10 18944 c:\windows\system32\drivers\BTHUSB.SYS
+ 2010-03-01 11:58 . 2004-08-03 22:10 17024 c:\windows\system32\drivers\BthEnum.sys
+ 2010-03-01 11:58 . 2004-08-03 22:10 59648 c:\windows\system32\dllcache\rfcomm.sys
+ 2010-03-01 11:58 . 2004-08-19 14:39 28672 c:\windows\system32\dllcache\irmon.dll
+ 2010-03-01 11:58 . 2004-08-03 22:10 18944 c:\windows\system32\dllcache\bthusb.sys
+ 2010-03-01 11:58 . 2004-08-03 22:10 17024 c:\windows\system32\dllcache\bthenum.sys
+ 2010-03-01 11:58 . 2004-08-19 14:39 8192 c:\windows\system32\wshirda.dll
+ 2010-03-01 11:58 . 2004-08-19 14:39 8192 c:\windows\system32\dllcache\wshirda.dll
+ 2004-08-30 20:00 . 2010-03-01 11:59 432356 c:\windows\system32\perfh009.dat
- 2004-08-30 20:00 . 2010-02-24 17:48 432356 c:\windows\system32\perfh009.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-01 11:58 . 2004-08-19 14:39 153600 c:\windows\system32\irftp.exe
+ 2010-03-01 11:58 . 2004-08-03 21:58 100992 c:\windows\system32\drivers\bthpan.sys
+ 2010-03-01 11:58 . 2004-08-19 14:39 153600 c:\windows\system32\dllcache\irftp.exe
+ 2010-03-01 11:58 . 2004-08-03 21:58 100992 c:\windows\system32\dllcache\bthpan.sys
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-30 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\programmi\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\programmi\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-01-11 12:59 9068960 ----a-w- c:\programmi\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-21 19:50 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/02/2010 20.48.46 691696]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10.15.58 66632]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [21/02/2010 22.06.35 8192]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\Administrator\Desktop\Programmi\everestultimate_build_2034\kerneld.wnt --> c:\documents and settings\Administrator\Desktop\Programmi\everestultimate_build_2034\kerneld.wnt [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10.15.58 12872]
S4 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [21/02/2010 20.50.59 135664]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-21 19:50]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-21 19:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\rs3k6l1a.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - plugin: c:\programmi\Common Files\Motive\npMotive.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-ESET Online Scanner - c:\programmi\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Administrator\Desktop\Programmi\everestultimate_build_2034\kerneld.wnt"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\rundll32.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-02 09:46:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-02 08:46
ComboFix2.txt 2010-03-01 11:08

Pre-Run: 170.560.331.776 byte disponibili
Post-Run: 170.585.202.688 byte disponibili

- - End Of File - - 3C97988FB1C996614CDA7DFD9CFD0595
r16
Inviato: Tuesday, March 02, 2010 1:51:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vedi se il problema persiste.
stimpli
Inviato: Tuesday, March 02, 2010 5:29:47 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Per il momento va bene, non mi ha dato più problemi di disconnessione. L'unica cosa è che quando accendo il pc o apro il browser dopo molti minuti in cui è stato chiuso, mi dice che è impossibile visualizzare la pagina. Ma è un attimo, clicco su "refresh" e naviga tranquillamente. E poi non si blocca più.
stimpli
Inviato: Saturday, March 27, 2010 4:30:22 PM
Rank: AiutAmico

Iscritto dal : 2/18/2003
Posts: 42
Eccomi di nuovo, volevo segnalare due cose. La prima è che mi fa sempre di più il difetto che ho segnalato un mese fa, e cioè che quanto apro il browser appena acceso il pc o dopo molti minuti non navigo, mi dice che è impossibile visualizzare la pagina. Clicco su "refresh" e solo dopo due tre volte, ricomincia a navigare. Devo postare il log?
L'altra cosa è che - mi è successo tre, quattro volte al massimo nell'ultimo mese - quando accendo il pc non fa il solito bip e lo schermo rimane nero, quindi devo spingere di nuovo il tasto di accensione per riavviare la macchina. Cosa può essere? E' un avviso che si sta rompendo qualcosa?

P.S. Non so se devo aprire un nuovo topic per questi dubbi oppure continuare qui.

Grazie
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.