www.MegaLab.it

[mykyj]

Ieri sera improvisamente il pc a iniziato a spegnersi e riaccendersi in continuazione,allora sono entrato in modalità provvisoria e così ho fatto un ripristino configurazione di sistema prima però mi sono preso l'appunto dell'errore che mi dava e trai vari numeri risultava che l'errore era causato dal file wfsintwq.sys e cercando in internet questa voce sono capitato a questa pagina e infatti anche il mio antivirus che è Antivir è spento e anche se clicco apri non si apre( l'ombrello resta chiuso) come posso fare per vedere di eliminarlo definitivamente?
Vi metto il log Hijackthis che magari vi aiuta:

Logfile of HijackThis v1.99.1
Scan saved at 10.33.20, on 16/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programmi\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Net Command] C:\WINDOWS\system32\net.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Compila Modulo - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Personalizza - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Barra strumenti - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Salva Moduli - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229607782531
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41C1341A-FA70-420C-82B9-8487F8E30E95}: NameServer = 85.37.17.44 85.38.28.90
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Programmi\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: olMntrService - Olivetti - C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

[ste_95]

Scarica ComboFix ed esegui una scansione, le istruzioni le trovi in fondo a questo articolo.

[mykyj]

Ecco il log

ComboFix 09-03-15.01 - User 2009-03-17 13:20:07.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.510.235 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *disabled*
FW: Sunbelt Personal Firewall *enabled*
* Creato nuovo punto di ripristino

FILE ::
C:\FOUND.015
C:\FOUND.016
C:\FOUND.017
C:\FOUND.018
C:\FOUND.019
C:\FOUND.020
C:\FOUND.021
.

((((((((((((((((((((((((( Files Creati Da 2009-02-17 al 2009-03-17 )))))))))))))))))))))))))))))))))))
.

2009-03-16 21:00 . 2009-03-16 21:00 1,374 --a------ c:\windows\imsins.BAK
2009-03-16 17:00 . 2009-03-16 17:00 <DIR> d-------- c:\programmi\EsetOnlineScanner
2009-03-16 16:46 . 2009-03-16 16:46 5,305 --a------ C:\avexport.bat
2009-03-16 16:46 . 2009-03-16 16:46 1,690 --a------ C:\47.reg
2009-03-16 16:46 . 2009-03-16 16:46 1,690 --a------ C:\46.reg
2009-03-16 09:49 . 2009-03-16 09:49 <DIR> d-------- c:\programmi\Spyware Terminator
2009-03-16 09:49 . 2009-03-16 09:49 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Spyware Terminator
2009-03-16 09:49 . 2009-03-16 09:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-03-16 09:48 . 2009-03-16 09:48 <DIR> d-------- c:\programmi\ZipGenius 6
2009-03-16 09:48 . 2009-03-16 09:48 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\ZipGenius
2009-03-16 09:47 . 2009-03-16 09:47 <DIR> d-------- c:\programmi\Real Alternative
2009-03-16 09:47 . 2009-03-16 09:47 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Media Player Classic
2009-03-16 09:45 . 2009-03-16 09:46 <DIR> d-------- c:\programmi\MSN Messenger
2009-03-16 09:19 . 2009-03-16 09:19 <DIR> d--hs---- C:\FOUND.021
2009-03-16 09:12 . 2009-03-16 09:12 <DIR> d--hs---- C:\FOUND.020
2009-03-16 08:45 . 2009-03-16 08:45 <DIR> d--hs---- C:\FOUND.019
2009-03-16 08:31 . 2009-03-16 08:31 <DIR> d--hs---- C:\FOUND.018
2009-03-16 01:58 . 2009-03-16 01:58 <DIR> d--hs---- C:\FOUND.017
2009-03-14 17:23 . 2009-03-14 17:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NCH Software
2009-03-14 17:21 . 2009-03-14 17:22 <DIR> d-------- c:\programmi\NCH Software
2009-03-14 16:32 . 2009-03-14 16:32 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\GrabPro
2009-03-14 16:31 . 2009-03-14 16:31 <DIR> d-------- c:\programmi\Orbitdownloader
2009-03-14 16:31 . 2009-03-14 16:31 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Orbit
2009-03-14 16:10 . 2009-03-14 16:10 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\NeoDownloader
2009-03-11 18:11 . 2009-03-11 18:11 <DIR> d-------- c:\documents and settings\User\Tracing
2009-03-11 18:08 . 2009-03-11 18:08 <DIR> d-------- c:\programmi\Windows Live
2009-03-11 18:03 . 2009-03-11 18:03 <DIR> d-------- c:\programmi\File comuni\Windows Live
2009-03-11 15:18 . 2009-03-11 15:18 <DIR> d-------- c:\programmi\Real Alternative(2)
2009-03-11 15:10 . 2009-03-11 15:10 <DIR> d-------- c:\programmi\OpenOffice.org 3
2009-03-08 15:43 . 2009-03-08 15:43 <DIR> d-------- c:\programmi\Spyware Doctor
2009-03-08 15:37 . 2009-03-08 15:37 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-07 16:27 . 2009-03-07 16:27 <DIR> d-------- C:\Downloads
2009-03-07 16:01 . 2009-03-07 16:01 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\vlc
2009-03-06 15:08 . 2009-03-06 15:08 <DIR> d--hs---- C:\FOUND.016
2009-03-06 14:33 . 2009-03-06 14:33 <DIR> d-------- c:\programmi\SereneScreen
2009-03-04 22:04 . 2009-03-04 22:04 8,294,454 --a------ c:\windows\startup.bmp
2009-03-04 22:04 . 2008-04-14 03:13 219,648 --a------ c:\windows\system32\uxtheme.backup
2009-03-04 21:50 . 2009-03-04 21:50 <DIR> d-------- c:\windows\VistaMizer
2009-03-04 16:25 . 2009-03-04 16:25 <DIR> d-------- c:\windows\system32\VITrans
2009-03-04 16:23 . 2006-05-16 00:15 29,926 --a------ c:\windows\system32\osdrive.ico
2009-03-04 16:23 . 2005-10-16 01:38 311 --a------ c:\windows\system32\cleartmp.bat
2009-03-04 16:15 . 2009-03-04 16:15 <DIR> d-------- C:\Desktop
2009-03-04 15:27 . 2006-08-24 16:04 417,930 --a------ c:\windows\system32\vimc.exe
2009-03-04 15:24 . 2005-05-18 11:43 81,920 --a------ c:\windows\system32\closeapp.exe
2009-03-04 15:24 . 2009-03-04 15:24 23 --a------ c:\windows\icon.rc
2009-03-04 15:14 . 2009-03-04 15:14 <DIR> d-------- c:\programmi\Free Download Manager
2009-03-04 15:14 . 2009-03-04 15:14 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Free Download Manager
2009-03-03 22:00 . 2009-01-09 11:46 39,776 --a------ c:\windows\system32\DfSdkBt64.exe
2009-03-03 22:00 . 2009-01-09 11:46 33,632 --a------ c:\windows\system32\DfSdkBt.exe
2009-03-03 21:38 . 2009-03-03 21:38 221 --a------ c:\windows\hpdj460.his
2009-03-01 18:59 . 2009-03-01 18:59 <DIR> d--hs---- C:\FOUND.015
2009-02-28 20:32 . 2009-02-28 20:32 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-02-28 20:31 . 2009-02-28 20:31 <DIR> d--hs---- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}

[ste_95]

Hai tranciato il log?

[mykyj]

Penso di aver fatto confusione questo è il log originale

ComboFix 09-03-15.01 - User 2009-03-16 18:06:02.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.510.283 [GMT 1:00]
Eseguito da: c:\documents and settings\User\desktop\abc.exe
Opzioni usate :: /killall
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *disabled*
FW: Sunbelt Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\User\Dati applicazioni\inst.exe
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\parud.dat
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\parud.exe
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\parud_navps.dat
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\parud_navup.dat
C:\InfoSat.txt
c:\programmi\QUAD Utilities
c:\windows\system32\_003512_.tmp.dll
c:\windows\system32\_003513_.tmp.dll
c:\windows\system32\_003514_.tmp.dll
c:\windows\system32\_003515_.tmp.dll
c:\windows\system32\_003522_.tmp.dll
c:\windows\system32\_003523_.tmp.dll
c:\windows\system32\_003524_.tmp.dll
c:\windows\system32\_003526_.tmp.dll
c:\windows\system32\_003527_.tmp.dll
c:\windows\system32\_003530_.tmp.dll
c:\windows\system32\_003531_.tmp.dll
c:\windows\system32\_003533_.tmp.dll
c:\windows\system32\_003534_.tmp.dll
c:\windows\system32\_003535_.tmp.dll
c:\windows\system32\_003537_.tmp.dll
c:\windows\system32\_003540_.tmp.dll
c:\windows\system32\_003541_.tmp.dll
c:\windows\system32\_003545_.tmp.dll
c:\windows\system32\_003546_.tmp.dll
c:\windows\system32\_003548_.tmp.dll
c:\windows\system32\_003551_.tmp.dll
c:\windows\system32\_003553_.tmp.dll
c:\windows\system32\_003554_.tmp.dll
c:\windows\system32\_003555_.tmp.dll
c:\windows\system32\_003556_.tmp.dll
c:\windows\system32\_003559_.tmp.dll
c:\windows\system32\_003560_.tmp.dll
c:\windows\system32\_003561_.tmp.dll
c:\windows\system32\_003562_.tmp.dll
c:\windows\system32\_003563_.tmp.dll
c:\windows\system32\_003568_.tmp.dll
c:\windows\system32\_003570_.tmp.dll
c:\windows\system32\_005564_.tmp.dll
c:\windows\system32\_005565_.tmp.dll
c:\windows\system32\_005566_.tmp.dll
c:\windows\system32\_005567_.tmp.dll
c:\windows\system32\_005574_.tmp.dll
c:\windows\system32\_005575_.tmp.dll
c:\windows\system32\_005576_.tmp.dll
c:\windows\system32\_005577_.tmp.dll
c:\windows\system32\_005579_.tmp.dll
c:\windows\system32\_005580_.tmp.dll
c:\windows\system32\_005583_.tmp.dll
c:\windows\system32\_005584_.tmp.dll
c:\windows\system32\_005586_.tmp.dll
c:\windows\system32\_005587_.tmp.dll
c:\windows\system32\_005588_.tmp.dll
c:\windows\system32\_005590_.tmp.dll
c:\windows\system32\_005593_.tmp.dll
c:\windows\system32\_005594_.tmp.dll
c:\windows\system32\_005598_.tmp.dll
c:\windows\system32\_005599_.tmp.dll
c:\windows\system32\_005601_.tmp.dll
c:\windows\system32\_005604_.tmp.dll
c:\windows\system32\_005606_.tmp.dll
c:\windows\system32\_005607_.tmp.dll
c:\windows\system32\_005608_.tmp.dll
c:\windows\system32\_005609_.tmp.dll
c:\windows\system32\_005610_.tmp.dll
c:\windows\system32\_005613_.tmp.dll
c:\windows\system32\_005614_.tmp.dll
c:\windows\system32\_005615_.tmp.dll
c:\windows\system32\_005616_.tmp.dll
c:\windows\system32\_005617_.tmp.dll
c:\windows\system32\_005622_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-16 al 2009-03-16 )))))))))))))))))))))))))))))))))))
.

2009-03-16 17:00 . 2009-03-16 17:00 <DIR> d-------- c:\programmi\EsetOnlineScanner
2009-03-16 16:46 . 2009-03-16 16:46 5,305 --a------ C:\avexport.bat
2009-03-16 16:46 . 2009-03-16 16:46 1,690 --a------ C:\47.reg
2009-03-16 16:46 . 2009-03-16 16:46 1,690 --a------ C:\46.reg
2009-03-16 09:49 . 2009-03-16 09:49 <DIR> d-------- c:\programmi\Spyware Terminator
2009-03-16 09:49 . 2009-03-16 09:49 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Spyware Terminator
2009-03-16 09:49 . 2009-03-16 09:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-03-16 09:48 . 2009-03-16 09:48 <DIR> d-------- c:\programmi\ZipGenius 6
2009-03-16 09:48 . 2009-03-16 09:48 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\ZipGenius
2009-03-16 09:47 . 2009-03-16 09:47 <DIR> d-------- c:\programmi\Real Alternative
2009-03-16 09:47 . 2009-03-16 09:47 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Media Player Classic
2009-03-16 09:45 . 2009-03-16 09:46 <DIR> d-------- c:\programmi\MSN Messenger
2009-03-16 09:19 . 2009-03-16 09:19 <DIR> d--hs---- C:\FOUND.021
2009-03-16 09:12 . 2009-03-16 09:12 <DIR> d--hs---- C:\FOUND.020
2009-03-16 08:45 . 2009-03-16 08:45 <DIR> d--hs---- C:\FOUND.019
2009-03-16 08:31 . 2009-03-16 08:31 <DIR> d--hs---- C:\FOUND.018
2009-03-16 01:58 . 2009-03-16 01:58 <DIR> d--hs---- C:\FOUND.017
2009-03-14 17:23 . 2009-03-14 17:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NCH Software
2009-03-14 17:21 . 2009-03-14 17:22 <DIR> d-------- c:\programmi\NCH Software
2009-03-14 16:32 . 2009-03-14 16:32 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\GrabPro
2009-03-14 16:31 . 2009-03-14 16:31 <DIR> d-------- c:\programmi\Orbitdownloader
2009-03-14 16:31 . 2009-03-14 16:31 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Orbit
2009-03-14 16:10 . 2009-03-14 16:10 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\NeoDownloader
2009-03-11 18:11 . 2009-03-11 18:11 <DIR> d-------- c:\documents and settings\User\Tracing
2009-03-11 18:08 . 2009-03-11 18:08 <DIR> d-------- c:\programmi\Windows Live
2009-03-11 18:03 . 2009-03-11 18:03 <DIR> d-------- c:\programmi\File comuni\Windows Live
2009-03-11 15:18 . 2009-03-11 15:18 <DIR> d-------- c:\programmi\Real Alternative(2)
2009-03-11 15:10 . 2009-03-11 15:10 <DIR> d-------- c:\programmi\OpenOffice.org 3
2009-03-08 15:43 . 2009-03-08 15:43 <DIR> d-------- c:\programmi\Spyware Doctor
2009-03-08 15:37 . 2009-03-08 15:37 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-07 16:27 . 2009-03-07 16:27 <DIR> d-------- C:\Downloads
2009-03-07 16:01 . 2009-03-07 16:01 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\vlc
2009-03-06 15:08 . 2009-03-06 15:08 <DIR> d--hs---- C:\FOUND.016
2009-03-06 14:33 . 2009-03-06 14:33 <DIR> d-------- c:\programmi\SereneScreen
2009-03-04 22:04 . 2009-03-04 22:04 8,294,454 --a------ c:\windows\startup.bmp
2009-03-04 22:04 . 2008-04-14 03:13 219,648 --a------ c:\windows\system32\uxtheme.backup
2009-03-04 21:50 . 2009-03-04 21:50 <DIR> d-------- c:\windows\VistaMizer
2009-03-04 16:25 . 2009-03-04 16:25 <DIR> d-------- c:\windows\system32\VITrans
2009-03-04 16:23 . 2006-05-16 00:15 29,926 --a------ c:\windows\system32\osdrive.ico
2009-03-04 16:23 . 2005-10-16 01:38 311 --a------ c:\windows\system32\cleartmp.bat
2009-03-04 16:15 . 2009-03-04 16:15 <DIR> d-------- C:\Desktop
2009-03-04 15:27 . 2006-08-24 16:04 417,930 --a------ c:\windows\system32\vimc.exe
2009-03-04 15:24 . 2005-05-18 11:43 81,920 --a------ c:\windows\system32\closeapp.exe
2009-03-04 15:24 . 2009-03-04 15:24 23 --a------ c:\windows\icon.rc
2009-03-04 15:14 . 2009-03-04 15:14 <DIR> d-------- c:\programmi\Free Download Manager
2009-03-04 15:14 . 2009-03-04 15:14 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Free Download Manager
2009-03-03 22:00 . 2009-01-09 11:46 39,776 --a------ c:\windows\system32\DfSdkBt64.exe
2009-03-03 22:00 . 2009-01-09 11:46 33,632 --a------ c:\windows\system32\DfSdkBt.exe
2009-03-03 21:38 . 2009-03-03 21:38 221 --a------ c:\windows\hpdj460.his
2009-03-01 18:59 . 2009-03-01 18:59 <DIR> d--hs---- C:\FOUND.015
2009-02-28 20:32 . 2009-02-28 20:32 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-02-28 20:31 . 2009-02-28 20:31 <DIR> d--hs---- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 15:34 656 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-03-04 21:04 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-02-14 18:45 --------- d-----w c:\programmi\Hewlett-Packard
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-20 22:31 927,744 ----a-w c:\windows\system32\wininet.dll
2008-06-04 15:53 47,360 ----a-w c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2007-08-01 13:32 138,220 ----a-w c:\documents and settings\All Users\Dati applicazioni\firstlsp.reg.dat
2007-01-12 23:01 14 ----a-w c:\documents and settings\User\getfile.dat
2006-09-06 14:28 356,352 ----a-w c:\documents and settings\User\cwshredder.dll
2008-11-19 02:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008111920081120\index.dat
.

------- Sigcheck -------

2008-04-14 03:13 588800 3dbd6dc6d74c517d55a1b3aeca88ef48 c:\windows\system32\user32.dll
2005-03-02 19:20 578048 488019bfe2b0f9f8cd8394276d5b664a c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579072 bab4f995e526484a235a276e269aaf7f c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2008-04-14 03:13 579584 fa94696c0727bd59e517c674cd6e7c72 c:\windows\VistaMizer\old\user32.dll
2004-08-19 15:39 578048 08447bdfce5d1b1956f962602381f5c1 c:\windows\$NtUninstallKB890859$\user32.dll
2007-03-08 17:37 578560 9daa2190a18739b657b58f794acf2e47 c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-14 03:13 588800 3dbd6dc6d74c517d55a1b3aeca88ef48 c:\windows\ServicePackFiles\i386\user32.dll
2005-03-02 19:10 578048 14b5d6b20467dba209853d65d1f6a124 c:\windows\$NtUninstallKB925902$\user32.dll

2008-12-20 23:31 927744 e6d54db1f2470ab3c1142839850fa32a c:\windows\system32\wininet.dll
2005-10-21 04:39 664064 b94abc767831f875e95f7f23bd9db85d c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-01-09 18:59 664576 b404779b16eb2cd8c574fb343d277521 c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
2006-03-04 06:00 666112 55e5ee815e09f13902009d9338c11176 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 07:25 666112 0db0e3399be75bbc6448fcbff9ad55e3 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 13:25 667136 e189791bf401b57e3b4f6da28082ec82 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 09:36 667136 e7e30349db0e0e2203df5a4dd651db85 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 16:34 667136 2cde29a401b990086fc91969d3c6b66a c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-03-23 11:29 823296 bc9ea33fe795c9734b76198fa50ba0ab c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 10:27 823808 53e94666caf76fcbc79cfab8c296767a c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:13 824320 0c7d45e58e856198d7c4018976627e01 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:48 825344 69d5497609b4fb0981f17074671e072b c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 00:21 825344 714d8a2b05b2aaf0c6a39241a1ed914f c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 02:40 825344 39ccda0e9b778792b06c1b9d794a9776 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:34 827392 93db90be4a10ec784ddc9c8601a28aa6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 06:19 827392 fe184a2b736f216ccc22abeebb40787d c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-08-26 10:08 827904 8e694ec9da095e518d9447b3293208ea c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-10-16 20:32 827904 f303cfed3d8b8348a54f7a53ddc7cca0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2008-12-21 00:47 827904 3f7320e0f75f2b5a7a9ad32aea08bf21 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
2006-10-23 16:34 667136 2cde29a401b990086fc91969d3c6b66a c:\windows\ie7\wininet.dll
2006-03-04 05:34 660992 c205e8a347e4430f73aaa2def67a10e8 c:\windows\$NtUninstallKB916281$\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 15:21 822784 8164eded30e6625ac6af12a7d15b0fba c:\windows\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:37 822784 d34691a9ca8188c89f5a5fa47dc07f68 c:\windows\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:23 823808 2513eaeb6c4172c7d7b5148cc41f7222 c:\windows\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:57 824832 21aa12b75ce02358e0ad8c706680869f c:\windows\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:49 824832 419a6f3d56e469bcbe71128a78463da4 c:\windows\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 03:04 824832 ed2a73ab0eba3c4cb6794077cd09ec95 c:\windows\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:58 826368 61d4f43d26ec9d21beb6f38f22b396ab c:\windows\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 c1089010bcc3fd01056d26e9a36bbb79 c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 08:57 826368 d590241cadec69a1bc157dc0452c92d1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-10-16 21:04 826368 a4c79606c0d9835e8a5a8e5e5804ae60 c:\windows\ie7updates\KB961260-IE7\wininet.dll
2008-12-20 23:31 826368 ef1520f95dd25f48c18502005f5ee995 c:\windows\VistaMizer\old\wininet.dll
2004-08-19 15:39 658944 27966534a0820cd3bd988bd1517c8ff2 c:\windows\$NtUninstallKB905915$\wininet.dll
2004-08-19 15:39 658944 27966534a0820cd3bd988bd1517c8ff2 c:\windows\$NtServicePackUninstall$\wininet.dll
2005-10-21 04:40 660992 272fec11d51bff8e709ab4cbd2f7cb41 c:\windows\$NtUninstallKB912945$\wininet.dll
2006-01-09 19:01 660992 b196c4c7c33b1233fa005490be7d54f9 c:\windows\$NtUninstallKB912812$\wininet.dll
2008-12-20 23:31 927744 e6d54db1f2470ab3c1142839850fa32a c:\windows\ServicePackFiles\i386\wininet.dll
2006-05-10 07:23 660992 e9967b85c3b594b3556ec1c78a25ad06 c:\windows\$NtUninstallKB918899$\wininet.dll
2006-10-23 16:18 661504 db61007ade457193785e3d886381a994 c:\windows\$NtUninstallKB925454$\wininet.dll
2006-06-23 13:10 661504 ec8d1299c1fe0094afb125a9d89fe635 c:\windows\$NtUninstallKB922760$\wininet.dll
2006-09-14 09:38 661504 d1eca43c392b30527b16971b385c665f c:\windows\$NtUninstallKB925454_0$\wininet.dll

2008-04-14 03:14 549888 6dc43081c760eec1130d2c8c145df375 c:\windows\system32\winlogon.exe
2008-04-14 03:14 510464 9259170d29b5a256735fcb8b80280857 c:\windows\VistaMizer\old\winlogon.exe
2004-08-19 15:39 504832 4166454e2bcfcc20d1b8a5ac9feab243 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 03:14 549888 6dc43081c760eec1130d2c8c145df375 c:\windows\ServicePackFiles\i386\winlogon.exe

2008-08-14 14:22 2327040 6019e2a90d584b4aa41397d4b5b4469a c:\windows\system32\ntkrnlpa.exe
2005-03-02 19:06 2060544 8f485cf9683f1220ba27d10281052fce c:\windows\system32\_VITrans\ntkrnlpa.exe
2005-03-02 19:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 19:44 2063104 0943f29440085d86a1b9b9c2356b45b4 c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:06 2063104 f89d8e24fbe047506d60b850d00bdee3 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-08-14 14:37 2066688 b3d66020c1667d33c3429869b191bb13 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 19:25 2069760 c812d8551fd3b6acdbf7eb6b18b1b992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\VistaMizer\old\ntkrnlpa.exe
2004-08-19 15:34 2060544 4dc3a3626b02c39aa69aae6f64bfbc2d c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
2008-08-14 14:42 2061440 4220d4263c7d56a5c2ef425c36eeb8a7 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-08-14 14:22 2327040 6019e2a90d584b4aa41397d4b5b4469a c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2005-03-02 19:06 2061568 c0e6208c7742d631af7fa4576cdc2db3 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 19:22 2061312 7373bd87175412862cf9e534c6aa5ec9 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2061312 49baea1d9379df8cd897aff9f49bc9de c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
2008-04-14 02:54 2069632 5e95f445b70adcf8876d1203852262a1 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

2008-08-14 14:22 2450176 d401a34fe3e57df330ac44916eaf7dfd c:\windows\system32\ntoskrnl.exe
2005-03-02 19:07 2183040 84e6643db22c06128576afbf89dfee70 c:\windows\system32\_VITrans\ntoskrnl.exe
2005-03-02 19:12 2183296 c120a33c71e706545cf26d6276bc0344 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 19:44 2185728 ecb771f4cc4b5cd2b19b294fbd56f75d c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 14:37 2189696 943548e50ab0443f1b1ec5f2c2867fcd c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 19:25 2192896 0ee73494680235d59f4e57301d7ad580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\VistaMizer\old\ntoskrnl.exe
2004-08-19 15:34 2184704 4591cf1f202181113de2996e79a2905a c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
2008-08-14 14:43 2184064 da01088ad01bf30a0aebb62f99e04bc7 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-08-14 14:22 2450176 d401a34fe3e57df330ac44916eaf7dfd c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2005-03-02 19:07 2184064 150c1058434bd6780f245fb9479fc7e1 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 19:22 2184064 b33a2a0e76d3a2faa044b197e345458c c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2184064 5ec517cc0865808df80d2184b0131d27 c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
2008-04-14 02:55 2192768 7d804c28404e94f57967de3394201d55 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

2008-04-14 03:14 1554944 287b3020f1324e99f313c9e7fcfccccc c:\windows\explorer.exe
2004-08-19 15:39 1034752 178d42bd8fc34a9837417a6ce1d6bb7b c:\windows\system32\_VITrans\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-14 03:14 1036288 70d7f99d95615c3c278367756287db71 c:\windows\VistaMizer\old\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:14 1554944 287b3020f1324e99f313c9e7fcfccccc c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-19 15:39 1248256 871cffc520c7679a53b1c4596ebcbb34 c:\windows\$NtUninstallKB938828$\explorer.exe

2008-04-14 03:14 25088 91b6aac828f8bbe1796275424e44dfb0 c:\windows\system32\ctfmon.exe
2008-04-14 03:14 15360 f53cddef33a4c41336a782be3d170158 c:\windows\VistaMizer\old\ctfmon.exe
2004-08-19 15:39 15360 5b33b4265966ee063c7fbea28958d9c2 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:14 25088 91b6aac828f8bbe1796275424e44dfb0 c:\windows\ServicePackFiles\i386\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Net Command"="c:\windows\system32\net.exe" [2008-04-14 42496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2002-11-15 126976]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2002-11-18 561152]
"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-17 292152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 25088]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Trend Micro Anti-Spyware.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^Eurobarre.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:14 25088 c:\windows\system32\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Outlook Express"=c:\programmi\Outlook Express\msimn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\programmi\RSS Reader\RSSReader.exe"= c:\programmi\RSS Reader\RSSReader.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-10-15 141312]
R2 olMntrService;olMntrService;c:\programmi\Olivetti\ANY_WAY\olMntrService.exe [2006-01-03 69632]
R2 SPF4;Sunbelt Personal Firewall 4;c:\programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 DfSdkS;Defragmentation-Service;c:\programmi\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2009-03-03 410976]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2003-08-28 173184]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Compila Modulo - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Personalizza - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Barra strumenti - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Salva Moduli - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
TCP: {41C1341A-FA70-420C-82B9-8487F8E30E95} = 85.37.17.44 85.38.28.90
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\o0ppfcbl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#Generale
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\o0ppfcbl.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_27.dll
FF - component: c:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: ui.submenuDelay - 8
FF - user.js: content.switch.threshold - 1000000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 19:44:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\SHDOCVW.dll
c:\programmi\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\windows\system32\oodag.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-16 19:48:43 - Il pc è stato riavviato [User]
ComboFix-quarantined-files.txt 2009-03-16 18:48:34

Pre-Run: 5,135,892,480 byte disponibili
Post-Run: 5,034,885,120 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

398 --- E O F --- 2009-02-25 20:00:54

Quello che ho messo prima è il secondo che ho fatto seguendo una procedura che mi hanno detto su un'altro forum

[ste_95]

Prova a reinstallare Antivir.

[mykyj]

Gia fatto e sembra funzionare,sono riuscito ad eliminare il virus?

[[Claudio]]

Disattiva il Ripristino configurazione di sistema:
Start
tasto destro del mouse sull'icona Risorse del Computer
seleziona la voce Proprietà
apri la scheda Ripristino configurazione di sistema
spunta la voce Disattiva Ripristino configurazione di sistema
conferma, la modifica, con Applica e, poi OK

Esegui una scansione completa del sistema con Avira ed allega il report che verrà rilasciato al termine della scansione.

[mykyj]

Ecco il log di Antivir a vedere qua sembra tutto ok anche facendo una scansione online con Nod32

Avira AntiVir Personal
Report file date: 2009-03-19 10:59

Scanning for 1306790 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ACER-01VDCN9BDZ

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 2009-03-16 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 08:21:28
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 07:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 11:30:38
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2009-02-11 14:45:00
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 2009-03-11 14:45:02
ANTIVIR3.VDF : 7.1.2.187 212480 Bytes 2009-03-18 14:44:36
Engineversion : 8.2.0.116
AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-03-17 14:45:12
AESCRIPT.DLL : 8.1.1.63 364923 Bytes 2009-03-17 14:45:10
AESCN.DLL : 8.1.1.8 127346 Bytes 2009-03-17 14:45:10
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 13:58:40
AEPACK.DLL : 8.1.3.10 397686 Bytes 2009-03-17 14:45:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2009-03-17 14:45:08
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 2009-03-17 14:45:08
AEHELP.DLL : 8.1.2.2 119158 Bytes 2009-03-17 14:45:06
AEGEN.DLL : 8.1.1.29 336245 Bytes 2009-03-17 14:45:06
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 10:05:58
AECORE.DLL : 8.1.6.6 176501 Bytes 2009-03-17 14:45:04
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 10:05:58
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 12:02:16
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 13:34:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2009-03-19 10:59

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'SP_RSSER.EXE' - '1' Module(s) have been scanned
Scan process 'WinPatrol.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'olMntrService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <ACERDATA>


End of the scan: 2009-03-19 11:31
Used time: 32:14 Minute(s)

The scan has been done completely.

6707 Scanning directories
283675 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
283673 Files not concerned
7230 Archives were scanned
2 Warnings
0 Notes

[ste_95]

Dovresti essere a posto. Dai una passata con Bagle Restore per riportare le cose alla normalità:
http://MegaLab.it/4089/bagle-restore

[mykyj]

Ok grazie 1000

Siamo sicuri che funzioni bene questo programma?perché io l'ho scaricato e lanciato dopo 2 secondi mi ha detto tutto ok,invece adesso se io vado C:\documenti e setting\user e cerco di aprire qualsiasi cartella anche se ci clicco una volta sola con il dx mi si impalla il pc e devo spegnerlo con il tasto che si usa per accendere il pc,invece prima di lanciare questo programma andava tutto. qualche soluzione ???

Scusami ma non è stato "Bagle Restore" a provacarmi il problema ma Antivir 9 l'ultima versione che crea dei problemi al menù contestuale,ho risolto cercando in internet e ho visto che non sono l'unico che l'installazione dell'ultima versione a creato questo problema.