Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

combofix Opzioni
fdaccc
Inviato: Sunday, April 11, 2010 10:28:30 AM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
ComboFix 10-04-09.06 - Metallo 10/04/2010 16.32.09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1143 [GMT 2:00]
Eseguito da: c:\documents and settings\Metallo\Documenti\Download\ComboFix.exe
Opzioni usate :: c:\documents and settings\Metallo\Desktop\CFScript.txt
AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\programmi\Ask.com\GenericAskToolbar.dll"
"c:\programmi\Ask.com\UpdateTask.exe"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Metallo\Dati applicazioni\AskToolbar
c:\documents and settings\Metallo\Dati applicazioni\AskToolbar\UTorrent.config
c:\programmi\Ask.com
c:\programmi\Ask.com\cobrand.ico
c:\programmi\Ask.com\config.xml
c:\programmi\Ask.com\favicon.ico
c:\programmi\Ask.com\GenericAskToolbar.dll
c:\programmi\Ask.com\mupcfg.xml
c:\programmi\Ask.com\SaUpdate.exe
c:\programmi\Ask.com\UpdateTask.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((( Files Creati Da 2010-03-10 al 2010-04-10 )))))))))))))))))))))))))))))))))))
.

2010-04-10 14:20 . 2010-04-10 14:20 77312 ----a-w- C:\mbr.exe
2010-04-10 12:34 . 2010-04-10 12:34 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Yahoo!
2010-04-09 18:59 . 2010-04-09 18:59 -------- d-----w- c:\programmi\Sophos
2010-04-09 17:42 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-09 17:41 . 2010-04-09 17:41 -------- d-----w- c:\programmi\Panda Security
2010-04-09 11:55 . 2010-04-09 11:55 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Unity
2010-04-09 10:40 . 2010-04-09 10:40 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Nero
2010-04-09 10:38 . 2010-04-09 10:39 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Nero
2010-04-08 19:44 . 2010-04-08 19:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-08 11:20 . 2010-04-08 11:20 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Malwarebytes
2010-04-08 11:19 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 11:19 . 2010-04-08 11:20 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-08 11:19 . 2010-04-08 11:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-08 11:19 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 11:03 . 2010-04-08 11:03 -------- d-----w- c:\programmi\MSXML 4.0
2010-04-08 00:37 . 2010-04-08 00:37 -------- d-----w- c:\programmi\Cakewalk
2010-04-08 00:37 . 2010-04-08 00:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Cakewalk
2010-04-07 23:43 . 2010-04-07 23:43 -------- d-----w- c:\programmi\ASIO4ALL v2
2010-04-07 23:42 . 2010-04-08 00:37 -------- d-----w- c:\programmi\VstPlugins
2010-04-07 23:42 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-04-07 23:42 . 2010-04-07 23:42 -------- d-----w- c:\programmi\Outsim
2010-04-07 23:40 . 2010-04-07 23:43 -------- d-----w- c:\programmi\Image-Line
2010-04-07 23:06 . 2010-04-08 11:15 -------- d-----w- c:\documents and settings\Metallo\Tracing
2010-04-07 23:02 . 2010-04-07 23:02 -------- d-----w- c:\programmi\Microsoft
2010-04-07 23:02 . 2010-04-07 23:02 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-04-07 23:02 . 2010-04-07 23:03 -------- d-----w- c:\programmi\Windows Live
2010-04-07 22:44 . 2010-04-07 22:44 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-04-07 22:08 . 2010-04-07 22:19 -------- d-----w- c:\programmi\Nero
2010-04-07 22:08 . 2010-04-07 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-04-07 22:08 . 2010-04-07 22:16 -------- d-----w- c:\programmi\File comuni\Nero
2010-04-07 15:09 . 2010-04-07 15:09 52224 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-07 15:09 . 2010-04-07 15:09 117760 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-06 20:54 . 2010-02-25 10:00 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-06 20:54 . 2010-02-25 09:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-06 20:54 . 2010-04-06 20:54 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\TuneUp Software
2010-04-06 20:53 . 2010-04-06 20:54 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-04-06 20:53 . 2010-04-06 20:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-04-06 20:51 . 2010-04-06 20:51 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-06 10:47 . 2010-04-06 10:47 -------- d-----w- c:\programmi\SEGA
2010-04-05 22:26 . 2010-04-05 22:26 -------- d-----w- c:\windows\Sun
2010-04-05 11:54 . 2008-04-13 09:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-04 19:50 . 2010-04-04 19:50 50354 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\uninstall.exe
2010-04-04 19:50 . 2010-04-04 19:50 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Facebook
2010-04-04 17:27 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-04 17:03 . 2010-04-05 22:45 138880 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-04-04 16:20 . 2010-04-04 16:20 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-04 15:41 . 2010-04-04 17:45 -------- d-----w- c:\programmi\Thief - Deadly Shadows
2010-04-03 23:32 . 2010-04-03 23:32 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-04-03 23:01 . 2010-04-03 23:01 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-04-03 23:00 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-03 22:50 . 2010-04-03 22:50 -------- d-----w- c:\programmi\Electronic Arts
2010-04-03 15:54 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-03 14:17 . 2010-04-03 14:17 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Activision
2010-04-03 13:32 . 2010-04-03 13:32 -------- d-----w- c:\programmi\Activision
2010-04-03 13:30 . 2010-04-03 13:30 -------- d-sh--w- c:\windows\ftpcache
2010-04-03 13:18 . 2010-04-03 13:18 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-03 13:18 . 2010-04-03 13:18 -------- d-----w- c:\programmi\OpenAL
2010-04-03 13:18 . 2010-04-03 13:18 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-03 13:00 . 2010-04-04 19:46 -------- d-----w- c:\programmi\I'm Not Alone
2010-04-03 12:13 . 2010-04-03 12:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-04-03 12:11 . 2010-04-03 12:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-03 12:09 . 2010-04-03 13:30 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\DAEMON Tools Lite
2010-04-03 12:09 . 2010-04-03 12:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-04-03 11:11 . 2010-04-03 11:11 -------- d-sh--w- c:\documents and settings\Metallo\PrivacIE
2010-04-03 11:09 . 2010-04-03 11:09 -------- d-----w- c:\programmi\CCleaner
2010-04-03 11:05 . 2010-04-03 11:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-03 04:38 . 2010-04-03 04:38 -------- d-----w- c:\windows\system32\Lang
2010-04-03 04:37 . 2010-04-03 04:37 -------- d-sh--w- c:\documents and settings\Metallo\IETldCache
2010-04-03 04:27 . 2010-04-03 04:27 -------- d-----w- c:\windows\system32\RTCOM
2010-04-03 04:01 . 2010-04-10 14:15 -------- d-----w- c:\programmi\JDownloader
2010-04-03 04:01 . 2010-04-03 04:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-03 04:00 . 2010-04-03 04:00 -------- d-----w- c:\programmi\Java
2010-04-03 04:00 . 2010-04-03 04:00 152576 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2010-04-03 03:24 . 2010-02-25 06:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-03 03:24 . 2010-02-25 06:16 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-03 03:24 . 2010-02-25 06:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-03 03:24 . 2010-02-25 09:46 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-04-03 03:24 . 2010-02-25 06:16 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-03 03:24 . 2010-02-25 06:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-03 03:24 . 2010-04-04 01:02 -------- d-----w- c:\windows\ie8updates
2010-04-03 03:24 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-03 03:22 . 2010-04-03 03:24 -------- dc-h--w- c:\windows\ie8
2010-04-03 03:21 . 2010-04-03 03:21 0 ----a-w- c:\windows\nsreg.dat
2010-04-03 03:21 . 2010-04-03 03:21 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Mozilla
2010-04-03 03:17 . 2010-04-03 03:17 -------- d-----w- c:\windows\Logs
2010-04-03 03:08 . 2010-04-03 03:08 -------- d-----w- c:\programmi\ATI
2010-04-03 03:07 . 2010-04-03 03:07 -------- d-----w- C:\ATI
2010-04-03 02:52 . 2010-04-03 02:52 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\KRX
2010-04-03 02:52 . 2010-04-08 10:58 13304 ----a-w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-03 02:44 . 2010-04-03 02:45 -------- d-----w- C:\32cd1ce6810e9b04986218
2010-04-03 02:44 . 2010-04-03 02:50 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\programmi\MSBuild
2010-04-03 02:29 . 2010-04-03 02:48 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\programmi\Reference Assemblies
2010-04-03 02:29 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-03 02:29 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-03 02:16 . 2010-04-03 02:16 -------- d-----w- c:\windows\system32\KB905474
2010-04-03 02:16 . 2009-03-10 20:26 1437568 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-03 02:16 . 2009-03-10 20:18 454016 ----a-w- c:\windows\system32\KB905474\wgasetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 14:45 . 2010-04-03 00:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-04-08 14:39 . 2008-04-13 09:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-04-08 11:45 . 2010-04-03 01:14 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\uTorrent
2010-04-06 21:05 . 2004-08-19 11:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-04-06 10:47 . 2010-04-03 00:51 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-03 22:18 . 2010-04-02 23:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 04:38 . 2004-08-19 11:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-04-03 04:38 . 2004-08-19 11:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-04-03 04:26 . 2010-04-03 04:26 -------- d-----w- c:\programmi\Realtek
2010-04-03 04:25 . 2010-04-03 00:51 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-04-03 01:36 . 2010-04-03 01:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2010-04-03 01:15 . 2010-04-03 01:15 -------- d-----w- c:\programmi\uTorrent
2010-04-03 00:39 . 2010-04-03 00:39 10134 ----a-r- c:\documents and settings\Metallo\Dati applicazioni\Microsoft\Installer\{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}\ARPPRODUCTICON.exe
2010-04-03 00:37 . 2010-04-03 00:36 -------- d-----w- c:\programmi\Driver Cleaner Pro
2010-04-03 00:14 . 2010-04-03 00:14 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-03 00:11 . 2010-04-03 00:11 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-03 00:11 . 2010-04-03 00:11 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-03 00:11 . 2010-04-03 00:11 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-03 00:11 . 2010-04-03 00:11 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-03 00:11 . 2010-04-03 00:11 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-03 00:06 . 2010-04-03 00:06 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-03 00:06 . 2010-04-03 00:06 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-03 00:05 . 2010-04-03 00:05 -------- d-----w- c:\programmi\File comuni\InfoWatch
2010-04-03 00:05 . 2010-04-03 00:05 -------- d-----w- c:\programmi\Kaspersky Lab
2010-04-03 00:04 . 2010-04-03 00:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2010-04-02 23:31 . 2010-04-02 23:31 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-02 23:30 . 2010-04-02 23:30 -------- d-----w- c:\programmi\Servizi in linea
2010-04-02 23:28 . 2010-04-02 23:28 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-26 16:21 . 2010-04-03 04:26 5883936 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-03-26 16:01 . 2010-04-03 04:26 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-26 16:01 . 2010-04-03 04:26 358944 ----a-w- c:\windows\vncutil.exe
2010-03-26 16:01 . 2010-04-03 04:26 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-26 16:01 . 2010-04-03 04:26 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-26 16:01 . 2010-04-03 04:26 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-26 16:01 . 2010-04-03 04:26 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-26 16:01 . 2010-04-03 04:26 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-26 16:01 . 2010-04-03 04:26 19522592 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-26 16:01 . 2010-04-03 04:26 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-26 16:01 . 2010-04-03 04:26 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-03-26 16:01 . 2010-04-03 04:26 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-22 12:22 . 2010-04-03 04:26 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
2010-03-03 04:21 . 2010-04-03 00:14 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2010-04-03 00:52 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2010-04-03 00:14 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2010-04-03 00:14 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2010-04-03 00:14 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2010-04-03 00:14 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-04-03 00:14 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2010-04-03 00:14 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2010-04-03 00:14 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2007-12-21 02:59 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2010-04-03 00:14 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2007-12-21 02:59 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-04-03 00:14 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-04-03 00:14 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2007-12-21 02:59 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2007-12-21 02:59 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2010-04-03 00:14 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2007-12-21 02:57 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2007-12-21 02:56 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:20 . 2010-04-03 00:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 03:16 . 2010-04-03 00:14 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2010-04-03 00:14 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2007-12-21 02:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2010-04-03 00:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2010-04-03 00:14 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2007-12-21 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2010-04-03 00:14 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2010-04-03 00:14 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-25 19:55 . 2010-04-03 00:52 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:16 . 2008-04-13 17:13 916480 ------w- c:\windows\system32\wininet.dll
2010-02-12 10:50 . 2010-02-12 10:50 64048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky PURE 9.0.0.192\Italian\setup.exe
2010-02-04 08:01 . 2010-04-03 03:19 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-04-03 03:19 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-04-03 03:19 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-04-03 03:19 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-10_12.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-10 14:44 . 2010-04-10 14:44 16384 c:\windows\temp\Perflib_Perfdata_530.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 14:42 129552 ----a-w- c:\programmi\Kaspersky Lab\Kaspersky PURE\shellex.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"muBlinder"="c:\documents and settings\Metallo\Desktop\muBlinder.exe" [2010-03-28 1462784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [03/04/2010 2.05.47 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [09/04/2010 19.42.19 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/04/2010 14.11.13 691696]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [03/04/2010 2.05.49 39352]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R2 CSObjectsSrv;Servizio di controllo CryptoStorage;c:\programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17.34.38 743992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 11.57.22 1047880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 10.18.08 10064]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03/04/2010 6.26.36 1691480]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\102.tmp --> c:\windows\system32\102.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi ad Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\Metallo\Dati applicazioni\Mozilla\Firefox\Profiles\bcwzse2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Metallo\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 16:45
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\102.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1316)
c:\windows\system32\WININET.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(1448)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1656)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wpabaln.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-10 16:51:23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-10 14:51
ComboFix2.txt 2010-04-10 12:14

Pre-Run: 43.037.376.512 byte disponibili
Post-Run: 43.028.152.320 byte disponibili

- - End Of File - - DAA78F0252E8770E792F2D759039D1AB
Sponsor
Inviato: Sunday, April 11, 2010 10:28:30 AM

 
fdaccc
Inviato: Sunday, April 11, 2010 10:29:26 AM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x950e4c1 size 0x1e4 !
meme1580
Inviato: Sunday, April 11, 2010 11:15:08 AM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
lo script creato ha fatto il suo lavoro (poi r16 saprà dirtelo meglio),intanto posta un log hijackthis e fai una scansione completa con MBAN dopo che lo hai aggiornato

Sembra tu abbia l'MBR con un rootkit.

L'ultimo log con Stealth MBR rootkit detector come lo hai creato????

Questo è il procedimento corretto:
Scaricate MBR.EXE mettetelo direttamente nella Directory C:\
Riavviate il Pc in modalità provvisoria F8
Da Start - Esegui - digitate C:\mbr.exe -f e cliccate su OK
riposta il log

Infine una scansione rapida poi completa con Drweb Cureit!
ciao
paolopa
Inviato: Sunday, April 11, 2010 11:19:50 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
r16 per fargli eseguire lo script dovrebbe avere combofix sul desktop,visto che è in download non credo propio che potra' farlo.sarebbe il caso disinstallare combofix,scaricarlo correttamente e rifare la scansione.
fdaccc
Inviato: Sunday, April 11, 2010 11:22:40 AM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
IL pc è di un amico.

Gli faccio fare combofix, MBAM e MBR?
meme1580
Inviato: Sunday, April 11, 2010 11:23:31 AM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
ma questo è già uno script se non sbaglio, fdacc dovrebbe aver aperto un'altro post dopo i consgli di r16.


EDIT DI ME MEDESIMO

http://forum.aiutamici.com/yaf_postst68742_log-combo-amico.aspx

ecco l'altro post, io credo che sia inutile aprire molti post per lo stesso problema, ci mandi solo in confusione.
paolopa
Inviato: Sunday, April 11, 2010 11:26:01 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
si,è vero,hai ragione,mi ero limitato a guardare la prima riga...ha aperto due post evidentemente.
fdaccc
Inviato: Sunday, April 11, 2010 12:35:38 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
scusate, a breve riposto il log.
fdaccc
Inviato: Sunday, April 11, 2010 4:15:36 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
ComboFix 10-04-10.02 - Metallo 11/04/2010 13.54.53.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1136 [GMT 2:00]
Eseguito da: c:\documents and settings\Metallo\Desktop\ComboFix.exe
AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-03-11 al 2010-04-11 )))))))))))))))))))))))))))))))))))
.

2010-04-10 14:20 . 2010-04-10 14:20 77312 ----a-w- C:\mbr.exe
2010-04-10 12:34 . 2010-04-10 12:34 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Yahoo!
2010-04-09 18:59 . 2010-04-09 18:59 -------- d-----w- c:\programmi\Sophos
2010-04-09 17:42 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-09 17:41 . 2010-04-09 17:41 -------- d-----w- c:\programmi\Panda Security
2010-04-09 11:55 . 2010-04-09 11:55 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Unity
2010-04-09 10:40 . 2010-04-09 10:40 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Nero
2010-04-09 10:38 . 2010-04-09 10:39 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Nero
2010-04-08 19:44 . 2010-04-08 19:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-08 11:20 . 2010-04-08 11:20 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Malwarebytes
2010-04-08 11:19 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 11:19 . 2010-04-08 11:20 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-08 11:19 . 2010-04-08 11:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-08 11:19 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 11:03 . 2010-04-08 11:03 -------- d-----w- c:\programmi\MSXML 4.0
2010-04-08 00:37 . 2010-04-08 00:37 -------- d-----w- c:\programmi\Cakewalk
2010-04-08 00:37 . 2010-04-08 00:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Cakewalk
2010-04-07 23:43 . 2010-04-07 23:43 -------- d-----w- c:\programmi\ASIO4ALL v2
2010-04-07 23:42 . 2010-04-08 00:37 -------- d-----w- c:\programmi\VstPlugins
2010-04-07 23:42 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-04-07 23:42 . 2010-04-07 23:42 -------- d-----w- c:\programmi\Outsim
2010-04-07 23:40 . 2010-04-07 23:43 -------- d-----w- c:\programmi\Image-Line
2010-04-07 23:06 . 2010-04-08 11:15 -------- d-----w- c:\documents and settings\Metallo\Tracing
2010-04-07 23:02 . 2010-04-07 23:02 -------- d-----w- c:\programmi\Microsoft
2010-04-07 23:02 . 2010-04-07 23:02 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-04-07 23:02 . 2010-04-07 23:03 -------- d-----w- c:\programmi\Windows Live
2010-04-07 22:44 . 2010-04-07 22:44 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-04-07 22:08 . 2010-04-07 22:19 -------- d-----w- c:\programmi\Nero
2010-04-07 22:08 . 2010-04-07 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-04-07 22:08 . 2010-04-07 22:16 -------- d-----w- c:\programmi\File comuni\Nero
2010-04-07 15:09 . 2010-04-07 15:09 52224 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-07 15:09 . 2010-04-07 15:09 117760 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-06 20:54 . 2010-02-25 10:00 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-06 20:54 . 2010-02-25 09:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-06 20:54 . 2010-04-06 20:54 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\TuneUp Software
2010-04-06 20:53 . 2010-04-06 20:54 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-04-06 20:53 . 2010-04-06 20:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-04-06 20:51 . 2010-04-06 20:51 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-06 10:47 . 2010-04-06 10:47 -------- d-----w- c:\programmi\SEGA
2010-04-05 22:26 . 2010-04-05 22:26 -------- d-----w- c:\windows\Sun
2010-04-05 11:54 . 2008-04-13 09:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-04 19:50 . 2010-04-04 19:50 50354 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\uninstall.exe
2010-04-04 19:50 . 2010-04-04 19:50 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Facebook
2010-04-04 17:27 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-04 17:03 . 2010-04-11 11:29 203144 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-04-04 16:20 . 2010-04-04 16:20 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-04 15:41 . 2010-04-04 17:45 -------- d-----w- c:\programmi\Thief - Deadly Shadows
2010-04-03 23:32 . 2010-04-03 23:32 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-04-03 23:01 . 2010-04-03 23:01 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-04-03 23:00 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-03 22:50 . 2010-04-03 22:50 -------- d-----w- c:\programmi\Electronic Arts
2010-04-03 15:54 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-03 14:17 . 2010-04-03 14:17 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Activision
2010-04-03 13:32 . 2010-04-03 13:32 -------- d-----w- c:\programmi\Activision
2010-04-03 13:30 . 2010-04-03 13:30 -------- d-sh--w- c:\windows\ftpcache
2010-04-03 13:18 . 2010-04-03 13:18 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-03 13:18 . 2010-04-03 13:18 -------- d-----w- c:\programmi\OpenAL
2010-04-03 13:18 . 2010-04-03 13:18 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-03 13:00 . 2010-04-04 19:46 -------- d-----w- c:\programmi\I'm Not Alone
2010-04-03 12:13 . 2010-04-03 12:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-04-03 12:11 . 2010-04-03 12:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-03 12:09 . 2010-04-03 13:30 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\DAEMON Tools Lite
2010-04-03 12:09 . 2010-04-03 12:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-04-03 11:11 . 2010-04-03 11:11 -------- d-sh--w- c:\documents and settings\Metallo\PrivacIE
2010-04-03 11:09 . 2010-04-03 11:09 -------- d-----w- c:\programmi\CCleaner
2010-04-03 11:05 . 2010-04-03 11:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-03 04:38 . 2010-04-03 04:38 -------- d-----w- c:\windows\system32\Lang
2010-04-03 04:37 . 2010-04-03 04:37 -------- d-sh--w- c:\documents and settings\Metallo\IETldCache
2010-04-03 04:27 . 2010-04-03 04:27 -------- d-----w- c:\windows\system32\RTCOM
2010-04-03 04:01 . 2010-04-10 14:15 -------- d-----w- c:\programmi\JDownloader
2010-04-03 04:01 . 2010-04-03 04:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-03 04:00 . 2010-04-03 04:00 -------- d-----w- c:\programmi\Java
2010-04-03 04:00 . 2010-04-03 04:00 152576 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2010-04-03 03:24 . 2010-02-25 06:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-03 03:24 . 2010-02-25 06:16 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-03 03:24 . 2010-02-25 06:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-03 03:24 . 2010-02-25 09:46 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-04-03 03:24 . 2010-02-25 06:16 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-03 03:24 . 2010-02-25 06:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-03 03:24 . 2010-04-04 01:02 -------- d-----w- c:\windows\ie8updates
2010-04-03 03:24 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-03 03:22 . 2010-04-03 03:24 -------- dc-h--w- c:\windows\ie8
2010-04-03 03:21 . 2010-04-03 03:21 0 ----a-w- c:\windows\nsreg.dat
2010-04-03 03:21 . 2010-04-03 03:21 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Mozilla
2010-04-03 03:17 . 2010-04-03 03:17 -------- d-----w- c:\windows\Logs
2010-04-03 03:08 . 2010-04-03 03:08 -------- d-----w- c:\programmi\ATI
2010-04-03 03:07 . 2010-04-03 03:07 -------- d-----w- C:\ATI
2010-04-03 02:52 . 2010-04-03 02:52 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\KRX
2010-04-03 02:52 . 2010-04-11 11:30 13304 ----a-w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-03 02:44 . 2010-04-03 02:45 -------- d-----w- C:\32cd1ce6810e9b04986218
2010-04-03 02:44 . 2010-04-03 02:50 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\programmi\MSBuild
2010-04-03 02:29 . 2010-04-03 02:48 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\programmi\Reference Assemblies
2010-04-03 02:29 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-03 02:29 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-03 02:16 . 2010-04-03 02:16 -------- d-----w- c:\windows\system32\KB905474
2010-04-03 02:16 . 2009-03-10 20:26 1437568 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-03 02:16 . 2009-03-10 20:18 454016 ----a-w- c:\windows\system32\KB905474\wgasetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 11:31 . 2010-04-03 00:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-04-10 16:00 . 2010-04-03 01:14 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\uTorrent
2010-04-08 14:39 . 2008-04-13 09:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-04-06 21:05 . 2004-08-19 11:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-04-06 10:47 . 2010-04-03 00:51 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-03 22:18 . 2010-04-02 23:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 04:38 . 2004-08-19 11:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-04-03 04:38 . 2004-08-19 11:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-04-03 04:26 . 2010-04-03 04:26 -------- d-----w- c:\programmi\Realtek
2010-04-03 04:25 . 2010-04-03 00:51 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-04-03 01:36 . 2010-04-03 01:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2010-04-03 01:15 . 2010-04-03 01:15 -------- d-----w- c:\programmi\uTorrent
2010-04-03 00:39 . 2010-04-03 00:39 10134 ----a-r- c:\documents and settings\Metallo\Dati applicazioni\Microsoft\Installer\{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}\ARPPRODUCTICON.exe
2010-04-03 00:37 . 2010-04-03 00:36 -------- d-----w- c:\programmi\Driver Cleaner Pro
2010-04-03 00:14 . 2010-04-03 00:14 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-03 00:11 . 2010-04-03 00:11 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-03 00:11 . 2010-04-03 00:11 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-03 00:11 . 2010-04-03 00:11 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-03 00:11 . 2010-04-03 00:11 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-03 00:11 . 2010-04-03 00:11 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-03 00:06 . 2010-04-03 00:06 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-03 00:06 . 2010-04-03 00:06 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-03 00:05 . 2010-04-03 00:05 -------- d-----w- c:\programmi\File comuni\InfoWatch
2010-04-03 00:05 . 2010-04-03 00:05 -------- d-----w- c:\programmi\Kaspersky Lab
2010-04-03 00:04 . 2010-04-03 00:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2010-04-02 23:31 . 2010-04-02 23:31 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-02 23:30 . 2010-04-02 23:30 -------- d-----w- c:\programmi\Servizi in linea
2010-04-02 23:28 . 2010-04-02 23:28 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-26 16:21 . 2010-04-03 04:26 5883936 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-03-26 16:01 . 2010-04-03 04:26 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-26 16:01 . 2010-04-03 04:26 358944 ----a-w- c:\windows\vncutil.exe
2010-03-26 16:01 . 2010-04-03 04:26 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-26 16:01 . 2010-04-03 04:26 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-26 16:01 . 2010-04-03 04:26 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-26 16:01 . 2010-04-03 04:26 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-26 16:01 . 2010-04-03 04:26 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-26 16:01 . 2010-04-03 04:26 19522592 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-26 16:01 . 2010-04-03 04:26 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-26 16:01 . 2010-04-03 04:26 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-03-26 16:01 . 2010-04-03 04:26 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-22 12:22 . 2010-04-03 04:26 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
2010-03-03 04:21 . 2010-04-03 00:14 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2010-04-03 00:52 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2010-04-03 00:14 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2010-04-03 00:14 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2010-04-03 00:14 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2010-04-03 00:14 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-04-03 00:14 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2010-04-03 00:14 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2010-04-03 00:14 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2007-12-21 02:59 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2010-04-03 00:14 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2007-12-21 02:59 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-04-03 00:14 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-04-03 00:14 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2007-12-21 02:59 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2007-12-21 02:59 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2010-04-03 00:14 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2007-12-21 02:57 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2007-12-21 02:56 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:20 . 2010-04-03 00:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 03:16 . 2010-04-03 00:14 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2010-04-03 00:14 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2007-12-21 02:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2010-04-03 00:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2010-04-03 00:14 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2007-12-21 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2010-04-03 00:14 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2010-04-03 00:14 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-25 19:55 . 2010-04-03 00:52 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:16 . 2008-04-13 17:13 916480 ------w- c:\windows\system32\wininet.dll
2010-02-12 10:50 . 2010-02-12 10:50 64048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky PURE 9.0.0.192\Italian\setup.exe
2010-02-04 08:01 . 2010-04-03 03:19 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-04-03 03:19 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-04-03 03:19 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-04-03 03:19 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 14:42 129552 ----a-w- c:\programmi\Kaspersky Lab\Kaspersky PURE\shellex.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"muBlinder"="c:\documents and settings\Metallo\Desktop\muBlinder.exe" [2010-03-28 1462784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%­windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%­windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [03/04/2010 2.05.47 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [09/04/2010 19.42.19 28552]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [03/04/2010 2.05.49 39352]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R2 CSObjectsSrv;Servizio di controllo CryptoStorage;c:\programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17.34.38 743992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 11.57.22 1047880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 10.18.08 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/04/2010 14.11.13 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03/04/2010 6.26.36 1691480]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\102.tmp --> c:\windows\system32\102.tmp [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
FF - ProfilePath - c:\documents and settings\Metallo\Dati applicazioni\Mozilla\Firefox\Profiles\bcwzse2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Metallo\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net
Rootkit scan 2010-04-11 14:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x88F47AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74dbf28
\Driver\ACPI -> ACPI.sys @ 0xf743ecb8
\Driver\atapi -> atapi.sys @ 0xf73bc852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Scheda Fast Ethernet VIA compatibile -> SendCompleteHandler -> NDIS.sys @ 0xf72c8bb0
PacketIndicateHandler -> NDIS.sys @ 0xf72b7a0d
SendHandler -> NDIS.sys @ 0xf72cbb40
user & kernel MBR OK
malicious code @ sector 0x950e4c1 size 0x1e4 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\102.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\WININET.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-04-11 14:07:58
ComboFix-quarantined-files.txt 2010-04-11 12:07

Pre-Run: 42.951.393.280 byte disponibili
Post-Run: 42.925.891.584 byte disponibili

- - End Of File - - 8E41ECC48DD8A1DF8128E8AF74240040
simo95
Inviato: Sunday, April 11, 2010 7:34:12 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Quell'MBR...

Mi sa che bisogna provvedere a ripristinarlo tramite la Recovery Console. Chiedi al tuo amico se possiede il CD di installazione.

Comunque, se lo ha, fagli fare queste operazioni:

Inserisci nel lettore il CD di installazione di XP.
Riavvia il pc, e se il bios è impostato per far partire da CD, si riavvierà da CD. Lascia caricare i Driver e tutto all'installaer. Ad un certo punto dell'installazione ti viene chiesto se procedere con INVIO o con R

Premi R

Ti verrà chiesta una pwd di Admin, (al 99% dei casi non c'è) dai semplicemente INVIO, se invece c'è, inseriscila.
Scegli con i tasti numerici sopra le lettere, non quelli del tastierino numerico, l'installazione di windows che vuoi riparare, ad es, se è

1 C:\Windows


devi selezionare 1

Poi, dai questi comandi (per impartirlo, dopo averlo digitato, dai invio):

fixmbr

E, dato che ci sei, fai anche un bello scandisk approfondito con:

CHKDSK C: /R

Aspetti, anche un bel po'.
Quando finisce, digita exit per riavviare il pc.
Togli il CD dal cassettino, prima che venga caricato il BIOS, e il pc caricherà il SO da HDD.
fdaccc
Inviato: Monday, April 12, 2010 12:20:15 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
grazie simo, ti aggiorno sulla situazione.
R16 puoi far eseguire uno script?
fdaccc
Inviato: Tuesday, April 13, 2010 2:17:37 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
r16
mi fai uno script da eseguire?
fdaccc
Inviato: Tuesday, April 13, 2010 4:17:36 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
r16
mi fai uno script da eseguire?
r16
Inviato: Tuesday, April 13, 2010 4:41:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
fdaccc ha scritto:
r16
mi fai uno script da eseguire?

Non c'è nessuno script da eseguire.
L'unica cosa che ti posso suggerire, è di eseguire le indicazioni di simo95 .
fdaccc
Inviato: Wednesday, April 14, 2010 2:49:15 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
già provato, la siutazione non cambia.
paolopa
Inviato: Wednesday, April 14, 2010 3:05:42 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
scusa,ma quale situazione?se magari dici anche cosa c è che non va....
fdaccc
Inviato: Wednesday, April 14, 2010 3:20:40 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
ecco le risposta del mio amico.

eccomi allora ho fatto una scansione con kaspesky rescue system ma non ha cancellato quel virus anche se è apparso scritto "deleted" , il virus è infatti è ancora presente in system memory... comunque ora faccio uno scandisk e lo programmo da windows dato che non c'è il comando "R" nel mio cd di windows Xp...


niente ho fatto lo scandisk con la correzione degli errori e ripristino dei settori danneggiati...ma il virus e sempre presente, ma è sempre e solo quello infatti non mi trova altro... avevo letto su un forum di installare windows su un'altra partizione ed eseguire una scansione perchè solo così veniva eliminato...ma dato che non voglio arrivare a reinstallare windows, cosa faccio?
simo95
Inviato: Wednesday, April 14, 2010 3:30:49 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Eh, ti credo...Non ha fatto il fixmbr , la cosa più importante....

Probabilmente, ha usato nlite per modificare il CD di XP, e quindi automaticamente viene rimossa la conosole di ripristino.
Non disperare....la installiamo direttamente nel pc:

Segui queste istruzioni: http://www.bleepingcomputer.com/tutorials/tutorial117.html


Poi, fai le stesse identiche cose che avevo scritto nel post precedente, solo che al posto che far partire il sistema da CD, quando riavvia il PC digli che scelga Console di Riprisitno Microsoft (o qualcosa di simile).
r16
Inviato: Wednesday, April 14, 2010 3:31:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
@fdaccc :
Dopo la spiegazione che hai dato, sei convinto che si capisca di più?
Ma è tanto difficile, scrivere il nome di questo virus?
Scrivere il percorso, che kaspesky rescue lo trova?
Scrivere DOVE lo trova?
Senza informazioni più precise, è impossibile capire di cosa si tratta.

P.S:
Se poi non hai eseguito per intero, le indicazioni di simo95: buonanotte.
Potresti avere ancora l'MBR infetto.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.