sono trojan?

tonicacciavite · Messaggio da **tonicacciavite** » lun 12 nov 2012 7:19 pm

ciao
ho notato che spesso quando apro una pagina di internet mi si apre automaticamente un altra pagina di publicita.
ad esempio se vado in un sito di viaggi mi si apre un altrapagina di publicita....dovrebbero essere trojan?
come li elimino?

cicalo66 · Messaggio da **cicalo66** » lun 12 nov 2012 11:16 pm

scarica superantispyware.
Poi fai la scansione.

tonicacciavite · Messaggio da **tonicacciavite** » mar 13 nov 2012 1:05 pm

installato SUPERANTISPYWARE e fatta la scansione.
ho fatto la scansione tre volte nelle prime due ha trovato virus ,nella terza no solamente che i problemi rimangono.
audio che si sente molto ritardato e rovinato e pagine di publicita che si aprono.

cicalo66 · Messaggio da **cicalo66** » mar 13 nov 2012 1:20 pm

guarda, i programmi anti... spyware, malware, ad, virus... ce ne sono una marea, ma difficilmente uno fa tutto, e comunque non è da ricercare tra quelli free. Ciò non significa che non puoi trovare la soluzione. Puoi provare altri strumenti gratis. Basta fare una piccola googlata e ne verranno fuori.

Ad esempio...

https://addons.mozilla.org/it/firefox/a ... lock-plus/

https://addons.mozilla.org/it/firefox/a ... idehelper/

tonicacciavite · Messaggio da **tonicacciavite** » mar 13 nov 2012 1:35 pm

non vorrei pretenderre mah mi sembra logico che per fare una googolata non avrei aperto una discussione qua.
se ho creato questa discussione e per avere dei consigli che hanno comunque un esperienza dietro.
installare programmi tanto per provare ci sono capace da solo.

cicalo66 · Messaggio da **cicalo66** » mar 13 nov 2012 2:41 pm

Non ho messo quei link a caso. Io non li ho installati perchè al momento sono già protetto, ma un mio amico li ha sul PC e mi ha assicurato che i vari AD pubblicitari, li ammazza stecchiti.

Hai chiesto un aiuto, ci sto provando.

tonicacciavite · Messaggio da **tonicacciavite** » mar 13 nov 2012 7:20 pm

ho appena fatto la scansione con COMBOFIX ma i problemi rimangono .
eco il report:

ComboFix 12-11-12.03 - Toni 13/11/2012 18.47.39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.420 [GMT 1:00]
Eseguito da: c:\documents and settings\Toni\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Toni\Dati applicazioni\PriceGong
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\1.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\17781.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\2257.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\4488.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\4489.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\7031.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\a.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\b.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\c.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\d.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\e.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\f.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\g.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\h.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\i.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\j.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\k.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\l.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\m.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\n.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\o.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\p.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\q.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\r.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\s.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\t.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\u.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\v.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\w.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\wlu.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\x.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\y.txt
c:\documents and settings\Toni\Dati applicazioni\PriceGong\Data\z.txt
c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Savings Sidekick
c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Savings Sidekick\Chrome\Savings Sidekick.crx
c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\unins000.exe
c:\documents and settings\Toni\WINDOWS
c:\programmi\Savings Sidekick
c:\programmi\Savings Sidekick\ButtonUtil.dll
c:\programmi\Savings Sidekick\Savings Sidekick-bg.exe
c:\programmi\Savings Sidekick\Savings Sidekick.exe
c:\programmi\Savings Sidekick\Savings Sidekick.ico
c:\programmi\Savings Sidekick\Savings Sidekick.ini
c:\programmi\Savings Sidekick\Savings SidekickInstaller.log
c:\programmi\Savings Sidekick\Uninstall.exe
E:\viewDrive.exe
.
c:\windows\system32\odbcad32.exe . . . è infetto!!
.
c:\windows\system32\asycfilt.dll . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-13 al 2012-11-13 )))))))))))))))))))))))))))))))))))
.
.
2012-11-13 18:03 . 2012-11-13 18:03 -------- d-----w- c:\windows\system32\wbem\snmp
2012-11-13 18:03 . 2012-11-13 18:03 -------- d-----w- c:\windows\system32\xircom
2012-11-13 18:03 . 2012-11-13 18:03 -------- d-----w- c:\programmi\microsoft frontpage
2012-11-13 09:58 . 2012-11-13 09:58 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\SUPERAntiSpyware.com
2012-11-13 09:56 . 2012-11-13 09:58 -------- d-----w- c:\programmi\SUPERAntiSpyware
2012-11-13 09:56 . 2012-11-13 09:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2012-11-10 18:56 . 2012-11-10 19:50 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\PerformerSoft
2012-11-10 18:56 . 2012-03-14 14:47 17464 ----a-w- c:\windows\system32\roboot.exe
2012-11-10 18:55 . 2012-11-10 19:57 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\eType
2012-11-10 15:22 . 2012-11-10 15:22 -------- d-----w- c:\programmi\ESET
2012-11-10 15:22 . 2012-11-10 15:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2012-11-09 16:19 . 2012-11-09 16:19 -------- d-----w- c:\programmi\uTorrent
2012-11-09 16:15 . 2012-11-12 23:41 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\uTorrent
2012-11-06 15:03 . 2012-11-07 10:17 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\Apple Computer
2012-11-06 14:50 . 2012-11-06 14:50 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin7.dll
2012-11-06 14:50 . 2012-11-06 14:50 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin6.dll
2012-11-06 14:50 . 2012-11-06 14:50 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin5.dll
2012-11-06 14:50 . 2012-11-06 14:50 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin4.dll
2012-11-06 14:50 . 2012-11-06 14:50 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin3.dll
2012-11-06 14:50 . 2012-11-06 14:50 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin2.dll
2012-11-06 14:50 . 2012-11-06 14:50 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin.dll
2012-11-06 14:49 . 2012-11-06 14:50 -------- d-----w- c:\programmi\QuickTime
2012-11-06 14:49 . 2012-11-06 14:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2012-11-06 14:48 . 2012-11-06 14:48 -------- d-----w- c:\programmi\File comuni\Apple
2012-11-06 14:47 . 2012-11-06 14:47 -------- d-----w- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Apple
2012-11-06 14:47 . 2012-11-06 14:47 -------- d-----w- c:\programmi\Apple Software Update
2012-11-06 14:47 . 2012-11-06 14:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2012-11-06 14:46 . 2012-11-06 14:46 -------- d-----w- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Apple Computer
2012-11-05 17:42 . 2012-11-05 17:49 -------- d-----w- c:\programmi\PowerDataRecovery
2012-11-05 15:02 . 2012-11-05 15:02 -------- d-----w- c:\programmi\Simulatlas
2012-11-04 19:21 . 2012-11-06 15:09 -------- d-----w- c:\programmi\CD Recovery Toolbox Free
2012-11-04 17:13 . 2012-11-06 13:00 -------- d-----w- c:\programmi\Deamm
2012-11-04 17:12 . 2012-11-04 17:12 90112 ----a-w- c:\programmi\Internet Explorer\plugins\npqtplugin5.dll
2012-11-04 17:12 . 2012-11-04 17:12 90112 ----a-w- c:\programmi\Internet Explorer\plugins\npqtplugin4.dll
2012-11-04 17:12 . 2012-11-04 17:12 90112 ----a-w- c:\programmi\Internet Explorer\plugins\npqtplugin3.dll
2012-11-04 17:12 . 2012-11-04 17:12 90112 ----a-w- c:\programmi\Internet Explorer\plugins\npqtplugin2.dll
2012-11-04 17:12 . 2012-11-04 17:12 90112 ----a-w- c:\programmi\Internet Explorer\plugins\npqtplugin.dll
2012-11-04 17:12 . 2012-11-04 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\QuickTime
2012-11-04 16:30 . 2012-11-04 16:30 -------- d-----w- C:\Deamm
2012-11-04 11:33 . 2004-08-19 14:39 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-11-04 11:33 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-11-04 11:33 . 2001-08-30 22:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-11-03 15:07 . 2009-06-03 10:33 3482112 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2012-11-03 15:07 . 2009-02-11 12:45 27264 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2012-11-03 15:07 . 2007-07-04 16:28 176128 ----a-w- c:\windows\system32\csnp2uvc.dll
2012-11-03 15:07 . 2012-11-03 15:07 -------- dc----w- c:\windows\system32\DRVSTORE
2012-11-03 15:07 . 2008-08-20 17:04 291328 ----a-w- c:\windows\system32\vsnp2uvc.dll
2012-11-03 15:07 . 2008-08-01 15:10 675840 ----a-w- c:\windows\vsnp2uvc.exe
2012-11-03 15:07 . 2008-08-21 12:46 184320 ----a-w- c:\windows\system32\rsnp2uvc.dll
2012-11-03 15:07 . 2009-11-13 15:57 320512 ----a-w- c:\windows\tsnp2uvc.exe
2012-11-03 15:07 . 2012-11-03 15:07 -------- d-----w- c:\programmi\File comuni\SNP2UVC
2012-11-03 15:06 . 2008-08-21 12:19 188928 ----a-w- c:\windows\FixCamera.exe
2012-11-03 15:06 . 2004-08-09 16:43 94208 ----a-w- c:\windows\amcap.exe
2012-11-03 15:06 . 2012-11-03 15:06 -------- d--h--w- c:\programmi\InstallShield Installation Information
2012-11-03 15:05 . 2012-11-03 15:05 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\InstallShield
2012-11-02 16:05 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-11-02 16:05 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2012-11-02 16:04 . 2012-11-02 16:04 -------- d-----w- c:\programmi\Microsoft ActiveSync
2012-11-02 13:36 . 2012-11-02 13:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Browser Manager
2012-11-02 13:34 . 2012-11-02 13:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2012-11-02 13:34 . 2012-11-02 13:34 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\Babylon
2012-10-27 09:04 . 2012-10-27 09:04 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\ImTOO
2012-10-27 08:23 . 2012-10-27 08:23 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\Canneverbe Limited
2012-10-27 08:23 . 2012-10-27 08:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2012-10-27 08:22 . 2012-06-03 08:44 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-10-27 08:22 . 2012-10-27 08:22 -------- d-----w- c:\programmi\CDBurnerXP
2012-10-26 13:03 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-10-26 13:03 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-10-26 13:01 . 2012-10-26 13:01 -------- d-----w- c:\programmi\Microsoft Works
2012-10-26 12:57 . 2012-10-26 12:57 -------- d-----w- c:\programmi\Microsoft.NET
2012-10-26 12:54 . 2012-10-26 12:54 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2012-10-26 12:52 . 2012-11-02 16:04 -------- d-----w- c:\windows\SHELLNEW
2012-10-26 12:51 . 2012-10-26 12:51 -------- d-----w- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Microsoft Help
2012-10-26 12:51 . 2012-11-02 16:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2012-10-26 12:49 . 2012-10-26 12:49 -------- d-----r- C:\MSOCache
2012-10-26 12:28 . 2012-10-26 12:28 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\TuneUp Software
2012-10-26 12:27 . 2012-10-26 12:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2012-10-26 12:27 . 2012-10-26 12:27 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-26 12:27 . 2012-10-26 12:27 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\Common Files
2012-10-26 12:24 . 2012-10-26 12:24 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-26 12:24 . 2012-11-05 19:27 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\DAEMON Tools Pro
2012-10-26 12:23 . 2012-10-26 12:24 -------- d-----w- c:\programmi\DAEMON Tools Pro
2012-10-26 12:23 . 2012-10-26 12:24 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\OpenCandy
2012-10-26 12:23 . 2012-10-26 12:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Pro
2012-10-22 13:38 . 2012-10-22 13:38 -------- d-----w- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2012-10-16 20:45 . 2012-10-16 20:45 -------- d-----w- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\PowerOffer
2012-10-16 20:45 . 2012-10-17 07:57 -------- d-----w- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\ServUpdater
2012-10-16 20:45 . 2012-10-16 20:47 -------- d-----w- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\PosService
2012-10-16 20:45 . 2012-10-16 20:45 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Menu Avvio
2012-10-16 10:43 . 2012-11-09 15:57 -------- d-----w- c:\documents and settings\Toni\Dati applicazioni\EmoticoonsToolbar
2012-10-16 10:43 . 2012-10-16 20:46 -------- d-----w- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\SoftwareUpdater
2012-10-16 10:35 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-10-16 10:27 . 2012-10-16 10:34 -------- d-----w- c:\windows\system32\XPSViewer
2012-10-16 10:26 . 2012-10-26 13:01 -------- d-----w- c:\programmi\MSBuild
2012-10-16 10:25 . 2012-10-16 10:25 -------- d-----w- c:\programmi\Reference Assemblies
2012-10-16 10:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-10-16 10:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-10-16 10:21 . 2012-10-16 10:23 -------- d-----w- C:\1466d8f0b60253b91faa4e1c93
2012-10-16 10:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-10-16 10:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-10-16 10:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-10-16 10:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-10-16 10:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-10-16 10:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-10-16 10:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-10-16 10:15 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2012-10-16 10:00 . 2012-10-16 10:01 -------- d-----w- c:\programmi\MagicISO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 10:57 . 2012-07-03 09:07 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 10:57 . 2012-07-03 09:07 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 09:56 . 2012-09-26 11:38 261600 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
.
[7] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
.
[7] 2001-08-31 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
.
[7] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
.
[7] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
.
[7] 2001-08-31 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2007-01-03 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
[7] 2007-01-03 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll
.
[7] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
.
[7] 2007-01-03 . 1A794D21BC51EEA1F908505E918FCC4E . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
.
[7] 2004-08-19 13:39 . B979BBBA74F4F5DB69C3A5DFDC52828C . 845824 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
.
[7] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
.
[-] 2007-01-03 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\rpcss.dll
.
[7] 2004-08-19 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
.
[7] 2007-01-03 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
.
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
[7] 2007-01-03 10:52 . 72E60E90AD70854B60B7488EF898FE2F . 125208 . . [5.8.0.2469 built by: lab01_n(wmbla)] . . c:\windows\system32\wuauclt.exe
.
[7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[7] 2007-01-03 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2001-08-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2007-01-03 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
.
[-] 2007-01-03 10:48 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\es.dll
.
[7] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
.
[7] 2007-01-03 . 2B9211E320ABE9382D24BAC0766EF0FF . 1029632 . . [5.1.2600.2991] . . c:\windows\system32\kernel32.dll
.
[7] 2007-01-03 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\linkinfo.dll
.
[7] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
.
[7] 2007-01-03 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\system32\mshtml.dll
.
[7] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-19 . F1B3C3DE9374C4A7B29A92BD749404B5 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[7] 2001-08-31 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[7] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
.
[7] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
.
[7] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
.
[7] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
.
[7] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
.
[7] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
.
[7] 2007-01-03 . 9D6561AA09637E38E6449C711343CCAD . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
.
[7] 2007-01-03 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
.
[7] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
.
[7] 2007-01-03 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\system32\wininet.dll
.
[7] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
.
[7] 2004-08-19 . 0C1F495C1761C126BC820F4DE4C8B967 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
.
[7] 2007-01-03 . 65C5B72C274674B06403D209E6F4A54F . 1035776 . . [6.00.2900.2894] . . c:\windows\explorer.exe
.
[7] 2004-08-19 . 2452458A26C4DD00E68F060870317675 . 151552 . . [5.1.2600.2180] . . c:\windows\regedit.exe
.
[7] 2007-01-03 . 98934C63C9B7C2ED6BD2531DED425776 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\ole32.dll
.
[7] 2004-08-19 . D80FEA125DC5860E4BC786AE07DE6DB8 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
.
[7] 2004-08-19 . FBBB356A996903FFB831BF72FD2A3E85 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
.
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
.
[7] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
.
[7] 2004-08-19 . 51F309AA675B5B77D19C573B7E0BB253 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\msimg32.dll
.
[7] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
.
[7] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
.
[7] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
.
[7] 2004-08-19 . 75A0AECC55A3F0B9E2D54119FA4AAB6D . 729600 . . [5.1.2600.2180] . . c:\windows\system32\ntdll.dll
.
[7] 2004-08-19 . 29DE0B3FB6DEC623E2DC5E9C7C89CAB8 . 177152 . . [5.1.2600.2180] . . c:\windows\system32\MSCTFIME.IME
.
[7] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
.
[7] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
[7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[7] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
.
[7] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
.
[7] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
.
[-] 2007-01-03 . F959D929A6A22D78E3A6851A9361CE18 . 296960 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
.
[7] 2004-08-19 . 250D4F4E1E27543C121378268FE07208 . 346624 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
.
[7] 2004-08-19 . 00E50CD4D9247CB56EFC1360C32AB755 . 175104 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
.
[7] 2001-08-31 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2005-05-27 22:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
.
[7] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS
.
[7] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[7] 2001-08-31 11:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
.
[7] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
.
[7] 2007-01-03 10:53 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
[7] 2007-01-03 . 45667B9D57A4C600C51900DC3202F9B9 . 2062976 . . [5.1.2600.3023] . . c:\windows\system32\ntkrnlpa.exe
.
[7] 2004-08-19 13:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
.
[7] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
.
[7] 2004-08-19 . E99A5DF2A937580361D6C698E4620DBA . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
.
[7] 2004-08-19 . CC954D05B696D408EA1A962651FC6F83 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
.
[7] 2004-08-19 . 613E66ACE3FAE6523E6F1A0183AF7F2D . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
.
[7] 2004-08-19 13:39 . CB6B225CC6C85CDA0430EF12441EA5B6 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
.
[7] 2004-08-19 . 8058A9383E61C45D25B93B26605F2A80 . 40960 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
.
[7] 2004-08-19 . 9B5A59851D9A237C86210E07E2195A12 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
.
.
.
[7] 2007-01-03 . 28EB809770020C886A3E1C8A48D62E21 . 2185728 . . [5.1.2600.3023] . . c:\windows\system32\ntoskrnl.exe
.
[7] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
.
[7] 2004-08-19 . 8B97D00E5C6A593EBB605CE4B8A5CAA5 . 176640 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
.
[7] 2004-08-19 . 2BB718BB4252909C389B3966492B0F30 . 333824 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll
.
[7] 2004-08-19 . EAAA11BE5C162266E698F7658BD8A1DA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
.
[-] 2007-01-03 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll
.
[7] 2004-08-19 . 08B3A60A4DD7FAE800B552F8F8D5DEB0 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" [2012-07-28 138096]
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"Icon"="c:\windows\system32\drivers\Icon.exe" [2004-04-19 221184]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-11-13 320512]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-04-18 421888]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-01-03 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Toni^Menu Avvio^Programmi^Esecuzione automatica^My 190.lnk]
path=c:\documents and settings\Toni\Menu Avvio\Programmi\Esecuzione automatica\My 190.lnk
backup=c:\windows\pss\My 190.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-28 15:28 138096 ----atw- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2008-08-21 12:19 188928 ----a-w- c:\windows\FixCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-11-09 16:19 395264 ----a-w- c:\programmi\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Toni\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26/10/2012 13.24.47 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/03/2012 8.40.02 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/03/2012 8.40.04 104160]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17.27.02 12880]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22.55.22 67664]
R2 !SASCORE;SAS Core Service;c:\programmi\SUPERAntiSpyware\SASCore.exe [11/07/2012 19.54.49 116608]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [07/03/2012 15.40.34 913144]
R2 IBUpdaterService;Updater Service;c:\documents and settings\All Users\Dati applicazioni\IBUpdaterService\ibsvc.exe [10/11/2012 19.55.43 605952]
R2 MTC0005_MTCDIO;Wireless HotKey Driver;c:\windows\system32\drivers\MTCDIO.sys [03/07/2012 9.33.13 11316]
R2 PowerOffer Service;Pos Service;c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [16/10/2012 21.45.19 169472]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02/10/2012 12.13.44 3064000]
S2 MTCDIO;MTCDIO;c:\windows\system32\drivers\MTCDIO.sys [03/07/2012 9.33.13 11316]
S2 ServUpdater;Serv Updater;c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [16/10/2012 21.45.19 156160]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 12.28.36 160944]
S2 SoftwareUpd;Software Upd;c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [16/10/2012 11.43.26 161280]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 10:57]
.
2012-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-746137067-436374069-839522115-1003Core.job
- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-07-03 15:28]
.
2012-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-746137067-436374069-839522115-1003UA.job
- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-07-03 15:28]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-436374069-839522115-1003Core.job
- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-07-09 11:45]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-436374069-839522115-1003UA.job
- c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-07-09 11:45]
.
2012-11-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task abbbfad7-b83d-45a8-a0b3-a1974be256e5.job
- c:\programmi\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f4651c91-4698-47f8-b774-6bd592c1273f.job
- c:\programmi\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/?affID=117236&tt=4412_8&babsrc=HP_ss&mntrId=d88ca0600000000000000012f007a46b
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2D46611C-AF57-46AA-85DB-DBF56B215CC9}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{46DC7A3B-1A58-4EE2-81E1-FEE3C8A88811}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C877E606-63E7-48E7-991F-53DBDCE56592}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FB0F289C-6684-4267-B354-334D3E61801F}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\Toni\Dati applicazioni\Mozilla\Firefox\Profiles\nrwz7ip4.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
FF - ExtSQL: 2012-10-16 12:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2012-10-20 17:25; {d9babd10-47de-11df-9879-0800200c9a66}; c:\documents and settings\Toni\Dati applicazioni\Mozilla\Firefox\Profiles\nrwz7ip4.default\extensions\{d9babd10-47de-11df-9879-0800200c9a66}.xpi
FF - ExtSQL: 2012-11-01 20:12; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-11-02 16:07; helperframework@zonemedia.com; c:\documents and settings\Toni\Dati applicazioni\Mozilla\Firefox\Profiles\nrwz7ip4.default\extensions\helperframework@zonemedia.com.xpi
FF - ExtSQL: 2012-11-10 19:57; crossriderapp5060@crossrider.com; c:\documents and settings\Toni\Dati applicazioni\Mozilla\Firefox\Profiles\nrwz7ip4.default\extensions\crossriderapp5060@crossrider.com
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d88ca0600000000000000012f007a46b&q=
FF - user.js: extensions.BabylonToolbar.id - d88ca0600000000000000012f007a46b
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15646
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.814:35
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\documents and settings\Toni\Impostazioni locali\Dati applicazioni\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-13 19:05
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\CLBCATQ.DLL
.
- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll
.
- - - - - - - > 'explorer.exe'(3196)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\BatMeter.dll
c:\windows\system32\POWRPROF.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\System32\NETRAP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\PService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-13 19:11:27 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-13 18:11
.
Pre-Run: 9.197.989.888 byte disponibili
Post-Run: 12.048.535.552 byte disponibili
.
- - End Of File - - 8FAC1E632E4366EEA18789F514301456

tonicacciavite · Messaggio da **tonicacciavite** » mar 13 nov 2012 9:27 pm

con NOD 32 ho molti files in QUARANTENA.

cosa succede quando ho dei file in quarantena? li elimino dalla quarantena?

Messaggio da **mariobrossh** » mer 14 nov 2012 9:42 am

certo che ne becchi di visurs, chissà com'è che io col mio gratuito avira non
ne vedo uno che saranno anni mah ................comunque la quarantena
la puoi eliminare tranquillamente, in ogni caso il tuo problema non credo
sia legato ad un virus ma al browser, quali usi ? io con chrome +
better popup blocker ho risolto definitivamente il problema

tonicacciavite · Messaggio da **tonicacciavite** » mer 14 nov 2012 11:56 am

magari tu nn guardi pornazzi come me ....
cmq come browser uso firefox e come antivirus avevo installato eset.

ora sto facendo con eset la scansione in modalita provisoria ma a quanto sembra si e bloccato. essendo la prima volta che la faccio in modalita provisoria non so come finisce. ecco la foto di com e la situazione.

della quarantena non ho capito a cosa serva. quando i file infettati sono in quarantena se io li elimino dalla quarantena li ho eliminati del tutto?

Messaggio da **mariobrossh** » mer 14 nov 2012 12:18 pm

gli antivirus mettono i file ritenuti infetti in quarantena per consentire
all'utente di, eventualmente, recuperarli quando ad esempio un virus
ha infettato la tua tesi di laurea in scienze confuse.............

bepi · Messaggio da **bepi** » mer 14 nov 2012 12:41 pm

tonicacciavite ha scritto:magari tu nn guardi pornazzi come me ....

Ahahahahahh

Messaggio da **mariobrossh** » mer 14 nov 2012 12:50 pm

magari tu nn guardi pornazzi come me ....

in effetti preferisco fare l'attore principale.............

tonicacciavite · Messaggio da **tonicacciavite** » mer 14 nov 2012 1:25 pm

ok ma come risolvo?

Messaggio da **mariobrossh** » mer 14 nov 2012 1:39 pm

come già detto non credo si tratti di virus, prova allora, da tuo browser
ad eliminare tutti i file temporanei, tutti i cookie e tutta la cronologia di
navigazione