Lista Utenti taggati

Risultati da 1 a 9 di 9

Discussione: Analisi Log Hijackthis, probabile virus

  1. 11-02-2012, 13:46 #1
    Giuggiola83
    Giuggiola83 è offline
    Utente
    Data Registrazione
    11-02-12
    Messaggi
    6
    Specifiche del sistema
    Ringraziamenti / Mi Piace
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Predefinito Analisi Log Hijackthis, probabile virus

    Salve a tutti. Mi sono appena iscritta perchè ho visto che ci sono persone molto esperte con HijackThis e spero possiate aiutarmi. Ho l'impressione che ci sia un virus nel pc. Ecco il log di HijackThis
    Codice:
    Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.44.55, on 11/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5551g&r=27360610y915l0474z1k5t45m2l375
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5551g&r=27360610y915l0474z1k5t45m2l375
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5551g&r=27360610y915l0474z1k5t45m2l375
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Servizio Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13427 bytes
    Rispondi Citando Rispondi Citando
  2.  
    Stanco della Pubblicità? Registrati
  3. 11-02-2012, 14:43 #2
    FDAC
    FDAC è offline
    Utente Attivo
    Data Registrazione
    28-01-10
    Messaggi
    1,144
    Specifiche del sistema
    Ringraziamenti / Mi Piace
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Predefinito Re: Analisi Log Hijackthis, probabile virus

    Ciao il PC è infetto,
    Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ● posiziona il file scaricato sul Desktop
    disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
    disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

    Eseguiti i passaggi indicati sopra:
    ● lancia ComboFix con un doppio click
    ● segui le istruzioni che verranno rilasciate per eseguire la scansione
    ● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
    senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

    Note - durante la scansione:
    ● potrebbero comparire alcuni file sul Desktop, e poi eliminati
    ● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
    ● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
    ● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
    ● potrebbe apparire sul Desktop l'icona di Internet Explorer

    Quando ComboFix avrà concluso l'operazione di scansione:
    ● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
    ● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

    Nota - riguardo al programma:
    ● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
    sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato da te dopo l'utilizzo del software stesso.
    Lo stesso vale per me; questo tool non è un giocattolo e non è destinato all'utilizzo quotidiano. Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
    ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, sarai costretto ad avviarla dalle Risorse del computer. Una precauzione in più, una possibile minaccia in meno
    Rispondi Citando Rispondi Citando
  4. 11-02-2012, 15:43 #3
    Giuggiola83
    Giuggiola83 è offline
    Utente
    Data Registrazione
    11-02-12
    Messaggi
    6
    Specifiche del sistema
    Ringraziamenti / Mi Piace
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Predefinito Re: Analisi Log Hijackthis, probabile virus

    Ecco il log di Combofix

    Codice:
    ComboFix 12-02-11.02 - Vale 11/02/2012  15.10.40.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.4091.2092 [GMT 1:00]
Eseguito da: c:\users\Vale\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Vale\AppData\Local\Windows Server
c:\users\Vale\AppData\Local\Windows Server\admin.txt
c:\users\Vale\AppData\Local\Windows Server\server.dat
c:\users\Vale\AppData\Roaming\chrtmp
c:\windows\IsUn0410.exe
c:\windows\SysWow64\cc32100mt.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DHCP Client
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-01-11 al 2012-02-11  )))))))))))))))))))))))))))))))))))
.
.
2012-02-11 14:27 . 2012-02-11 14:27    --------    d--h--w-    c:\windows\AxInstSV
2012-02-11 14:25 . 2012-02-11 14:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-02-10 22:18 . 2012-02-10 22:18    --------    d-----w-    c:\users\Vale\AppData\Roaming\gtk-2.0
2012-02-05 21:25 . 2012-02-05 21:25    --------    d-----w-    c:\program files\Recuva
2012-02-05 20:39 . 2012-02-08 08:10    --------    d-----w-    c:\program files (x86)\HDD Regenerator
2012-02-05 20:28 . 2012-02-05 20:28    971360    ----a-w-    c:\windows\system32\drivers\timntr.sys
2012-02-05 20:28 . 2012-02-05 20:28    210016    ----a-w-    c:\windows\system32\drivers\vididr.sys
2012-02-05 20:28 . 2012-02-05 20:28    141920    ----a-w-    c:\windows\system32\drivers\vsflt53.sys
2012-02-05 20:28 . 2012-02-05 20:28    275552    ----a-w-    c:\windows\system32\drivers\snapman.sys
2012-02-05 20:28 . 2012-02-05 20:28    --------    d-----w-    c:\program files (x86)\Acronis
2012-02-05 20:28 . 2012-02-05 20:28    --------    d-----w-    c:\program files (x86)\Common Files\Acronis
2012-02-05 14:52 . 2012-02-05 14:52    --------    d-----w-    c:\program files (x86)\Western Digital Corporation
2012-02-03 20:24 . 2012-02-03 20:25    --------    d-----w-    c:\users\Vale\AppData\Roaming\GetRightToGo
2012-02-03 20:14 . 2012-02-03 20:14    --------    d-----w-    c:\users\Vale\AppData\Local\MPlayer
2012-02-03 20:13 . 2012-02-03 20:13    237    ----a-w-    C:\user.js
2012-02-03 20:13 . 2012-02-03 20:15    --------    d-----w-    c:\users\Vale\.3gpplayer
2012-02-01 12:52 . 2004-04-18 22:40    69715    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-02-01 12:52 . 2004-04-18 22:39    266240    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-02-01 12:52 . 2004-04-18 22:39    172032    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-02-01 12:52 . 2012-02-01 12:52    180356    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-02-01 12:52 . 2004-04-18 22:42    733184    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-02-01 12:52 . 2004-04-18 22:39    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-02-01 12:52 . 2012-02-01 12:52    303236    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-02-01 12:50 . 2012-02-01 12:50    --------    d-----w-    C:\LGP500
2012-02-01 12:49 . 2011-05-10 12:37    568832    ----a-w-    c:\windows\SysWow64\msvcp90.dll
2012-02-01 12:49 . 2011-05-10 12:37    224768    ----a-w-    c:\windows\SysWow64\msvcm90.dll
2012-02-01 12:49 . 2011-05-10 12:37    655872    ----a-w-    c:\windows\SysWow64\msvcr90.dll
2012-02-01 12:49 . 2006-05-04 07:33    53248    ----a-w-    c:\windows\SysWow64\CommonDL.dll
2012-02-01 12:49 . 2012-02-01 12:49    --------    d-----w-    c:\programdata\LGMOBILEAX
2012-02-01 12:48 . 2010-12-07 13:23    34304    ----a-w-    c:\windows\system32\drivers\lgandmodem64.sys
2012-02-01 12:48 . 2010-12-07 13:23    27648    ----a-w-    c:\windows\system32\drivers\lganddiag64.sys
2012-02-01 12:48 . 2010-12-07 13:23    27136    ----a-w-    c:\windows\system32\drivers\lgandgps64.sys
2012-02-01 12:48 . 2010-12-07 13:22    19456    ----a-w-    c:\windows\system32\drivers\lgandbus64.sys
2012-02-01 12:48 . 2012-02-01 12:53    --------    d-----w-    c:\program files (x86)\LG Electronics
2012-01-31 09:05 . 2012-01-31 09:06    --------    d-----w-    c:\program files\Tracker Software
2012-01-30 10:14 . 2012-01-30 10:14    --------    d-----w-    c:\programdata\ATI
2012-01-30 10:14 . 2012-01-30 10:14    --------    d-----w-    c:\program files (x86)\AMD APP
2012-01-19 18:43 . 2012-01-19 18:43    --------    d-----w-    c:\users\Vale\AppData\Local\Proxure
2012-01-19 18:43 . 2012-01-19 18:43    --------    d-----w-    c:\programdata\ClubSanDisk
2012-01-18 14:51 . 2012-01-18 14:51    --------    d-----w-    c:\users\Vale\AppData\Local\DDMSettings
2012-01-18 14:45 . 2012-01-18 14:49    --------    d-----w-    c:\programdata\DivX
2012-01-18 14:39 . 2012-01-26 16:15    --------    d-----w-    c:\programdata\NCH Software
2012-01-18 14:38 . 2012-01-31 09:37    --------    d-----w-    c:\program files (x86)\NCH Software
2012-01-18 14:38 . 2012-01-31 09:37    --------    d-----w-    c:\users\Vale\AppData\Roaming\NCH Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 18:54 . 2011-06-17 12:36    414368    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 00:48 . 2012-01-04 00:48    354176    ----a-w-    c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-26 08:45 . 2011-03-28 17:36    18328    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-10 14:24 . 2010-12-11 21:28    23152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-12-06 03:45 . 2011-12-06 03:45    10720256    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18    25371136    ----a-w-    c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17    159744    ----a-w-    c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-05-25 03:07    778752    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2010-08-04 01:54    933888    ----a-w-    c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12    466944    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12    494080    ----a-w-    c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11    235520    ----a-w-    c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10    423424    ----a-w-    c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10    360448    ----a-w-    c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10    278528    ----a-w-    c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09    21504    ----a-w-    c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-11-10 03:06    6159872    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56    19125760    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2010-03-29 12:04    7520768    ----a-w-    c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39    1113088    ----a-w-    c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39    1828864    ----a-w-    c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39    4072960    ----a-w-    c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34    51200    ----a-w-    c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34    46080    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34    44544    ----a-w-    c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34    44032    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34    13738496    ----a-w-    c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33    5919232    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29    11484672    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28    4206592    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24    7511040    ----a-w-    c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2010-03-29 12:04    58880    ----a-w-    c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2010-03-29 12:04    509952    ----a-w-    c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12    356352    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12    17408    ----a-w-    c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12    14336    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12    14336    ----a-w-    c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12    39936    ----a-w-    c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12    33280    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12    327168    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2010-03-29 12:04    42496    ----a-w-    c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-11-10 02:11    33280    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11    39936    ----a-w-    c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11    29696    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10    54784    ----a-w-    c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10    54784    ----a-w-    c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10    53760    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10    53760    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2011-12-05 21:04 . 2011-12-05 21:04    69632    ----a-w-    c:\windows\system32\OpenVideo64.dll
2011-12-05 21:04 . 2011-12-05 21:04    59904    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2011-12-05 21:03 . 2011-12-05 21:03    61952    ----a-w-    c:\windows\system32\OVDecode64.dll
2011-12-05 21:03 . 2011-12-05 21:03    54784    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2011-12-05 21:03 . 2011-12-05 21:03    17580544    ----a-w-    c:\windows\system32\amdocl64.dll
2011-12-05 21:03 . 2011-12-05 21:03    14499328    ----a-w-    c:\windows\SysWow64\amdocl.dll
2011-12-05 19:47 . 2011-12-05 19:47    95248    ----a-w-    c:\windows\system32\drivers\AtihdW76.sys
2011-12-01 16:55 . 2011-12-16 09:40    27760    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2011-12-01 16:55 . 2011-12-16 09:40    130760    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2011-12-01 16:55 . 2011-12-16 09:40    97312    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2011-11-24 04:52 . 2011-12-16 09:25    3145216    ----a-w-    c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-10 18:07    77312    ----a-w-    c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-10 18:07    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-10 18:08    152432    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:49 . 2012-01-10 18:08    95600    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:44 . 2012-01-10 18:08    459232    ----a-w-    c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-10 18:08    1731920    ----a-w-    c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-10 18:08    395776    ----a-w-    c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-10 18:08    136192    ----a-w-    c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-10 18:08    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-10 18:08    340992    ----a-w-    c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-10 18:08    28160    ----a-w-    c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-10 18:08    1447936    ----a-w-    c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-10 18:08    31232    ----a-w-    c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-10 18:08    1292080    ----a-w-    c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-10 18:08    314880    ----a-w-    c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-10 18:08    224768    ----a-w-    c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-10 18:08    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-10 18:08    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2011-11-15 16:58 . 2011-11-15 16:58    146432    ----a-w-    c:\windows\system32\SlotMaximizerAg.dll
2011-11-15 16:58 . 2011-11-15 16:58    3507712    ----a-w-    c:\windows\system32\SlotMaximizerBe.dll
2011-11-15 16:57 . 2011-11-15 16:57    2463744    ----a-w-    c:\windows\SysWow64\SlotMaximizerBe.dll
2011-11-15 16:57 . 2011-11-15 16:57    122880    ----a-w-    c:\windows\SysWow64\SlotMaximizerAg.dll
2006-05-03 11:06    163328    --sha-r-    c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47    31232    --sha-r-    c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30    216064    --sha-r-    c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00    107520    --sha-r-    c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-07-08 2666384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
R4 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 135664]
R4 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 135664]
R4 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2008-12-02 120168]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-01 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 17:34]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 17:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"Servizio Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-07-08 395720]
"combofix"="c:\combofix\CF27709.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5551g&r=27360610y915l0474z1k5t45m2l375
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Aggiungi a PDF esistente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Profiles\eyckuq4b.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - ecc6477c0000000000000017c4f176ae
FF - user.js: extensions.BabylonToolbar_i.hardId - ecc6477c0000000000000017c4f176ae
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15373
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:13
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Ora fine scansione: 2012-02-11  15:34:47 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-02-11 14:34
.
Pre-Run: 52.109.451.264 byte disponibili
Post-Run: 51.794.587.648 byte disponibili
.
- - End Of File - - FEB5D0C8903B0BEC6ED555C16816B8DA
    Rispondi Citando Rispondi Citando
  5. 12-02-2012, 10:39 #4
    FDAC
    FDAC è offline
    Utente Attivo
    Data Registrazione
    28-01-10
    Messaggi
    1,144
    Specifiche del sistema
    Ringraziamenti / Mi Piace
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Predefinito Re: Analisi Log Hijackthis, probabile virus

    Ciao, ora il pc come va?
    Scarica Malwarebytes' Anti-Malware - Free Edition: Malwarebytes : Free anti-malware, anti-virus and spyware removal download
    ● doppio click su mbam-setup.exe per avviare il setup
    ● in fase di installazione, lascia la spunta alle voci b]Aggiorna Malwarebytes' Anti-Malware[/b] e Avvia Malwarebytes' Anti-Malware

    Una volta eseguiti i passaggi indicati sopra:
    ● collega tutte le periferiche esterne che possiedi ( Chiavette USB, HDD Esterni, Lettori MP3... )
    ● verrà mostrata la schermata principale del tool: al messaggio che appare, clicca sul pulsante No
    ● clicca sul pulsante Scansione completa, e conferma cliccando il pulsante Scansione
    ● verrà richiesto quali drive scansionare; selezionali tutti, e clicca nuovamente su Scansione
    ● attendi pazientemente il termine della scansione
    ● una volta terminata, clicca sul pulsante OK e Mostra Risultati per visionare il Report
    ● verrà rilasciato automaticamente un file di testo: salvalo sul Desktop ed allegalo
    ● assicurati che tutte le voci siano selezionate, e clicca sul pulsante Rimuovi selezionati, in basso a sinistra
    ● il log può essere visionati cliccando sul tab Log dall'interfaccia principale del programma

    Nota - riguardo al programma:
    ● se MalwareBytes incontrasse delle difficoltà nel rimuovere alcuni file, verranno mostrate delle finestre aggiuntive: clicca sul pulsante OK, e lascia procedere il programma alla disinfezione. Se MalwareBytes chiedesse di riavviare il sistema, fallo immediatamente
    Rispondi Citando Rispondi Citando
  6. 12-02-2012, 11:03 #5
    Giuggiola83
    Giuggiola83 è offline
    Utente
    Data Registrazione
    11-02-12
    Messaggi
    6
    Specifiche del sistema
    Ringraziamenti / Mi Piace
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Predefinito Re: Analisi Log Hijackthis, probabile virus

    Ciao. Al momento non ho notato miglioramenti particolari, e la scansione con malwarebyte l'avevo già fatta prima e non mi ha mai trovato niente. Comunque la sto rifacendo come hai detto tu. Ci vorrà un po' perchè finisca. Vedremo che succede....
    Rispondi Citando Rispondi Citando
  7. 12-02-2012, 16:36 #6
    Giuggiola83
    Giuggiola83 è offline
    Utente
    Data Registrazione
    11-02-12
    Messaggi
    6
    Specifiche del sistema
    Ringraziamenti / Mi Piace
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Predefinito Re: Analisi Log Hijackthis, probabile virus

    Ecco il log di Malwarebyte. A quanto pare non ha trovato niente.

    Codice:
    Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.02.12.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vale :: PORTATILE [amministratore]

Protezione: Attivata

12/02/2012 11.01.44
mbam-log-2012-02-12 (11-01-44).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 607130
Tempo impiegato: 4 ore, 39 minuti, 13 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
    Rispondi Citando Rispondi Citando
  8. 12-02-2012, 16:56 #7
    tecnico24
    tecnico24 è offline
    L'avatar di tecnico24
    Utente Attivo
    Data Registrazione
    26-05-07
    Località
    Naples
    Messaggi
    6,155
    Specifiche del sistema
    Ringraziamenti / Mi Piace
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Predefinito Re: Analisi Log Hijackthis, probabile virus

    Sarebbe opportuno presentarti al forum:
    Presentati alla Community
    Poi il controllo di Hijackthis per cosa?se non si riscontrano problemi o non si hanno infezioni inutile procedere con soluzioni drastiche.

    NO ai messaggi privati , utilizziamo il forum , grazie per l'attenzione.
    Rispondi Citando Rispondi Citando
  9. 13-02-2012, 14:26 #8
    FDAC
    FDAC è offline
    Utente Attivo
    Data Registrazione
    28-01-10
    Messaggi
    1,144
    Specifiche del sistema
    Ringraziamenti / Mi Piace
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Predefinito Re: Analisi Log Hijackthis, probabile virus

    Ora il PC è pulito.
    Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
    ● posiziona il tool sul Desktop
    termina tutti i programmi attivi, comprese le pagine Internet
    ● avvia il tool con un doppio click
    ● clicca, in basso a sinistra, sul pulsante Start
    scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
    ● attendi pazientemente il termine delle operazioni
    ● clicca, in basso a destra, sul pulsante Exit
    ● una volta terminate le operazioni, chiudi il programma

    Nota - riguardo al programma:
    TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente


    Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
    ● posiziona il tool sul Desktop
    ● chiudi tutti i programmi attivi
    ● avvia il tool con un doppio click
    ● clicca sul pulsante CleanUp!
    ● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

    Nota - riguardo al programma:
    OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale
    Rispondi Citando Rispondi Citando
  10. 13-02-2012, 20:28 #9
    Giuggiola83
    Giuggiola83 è offline
    Utente
    Data Registrazione
    11-02-12
    Messaggi
    6
    Specifiche del sistema
    Ringraziamenti / Mi Piace
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Predefinito Re: Analisi Log Hijackthis, probabile virus

    Ciao, ho seguito le istruzioni. Ho notato un leggero rallentamento stasera, ma aspetto di vedere se si ripresenta per lanciare l'allarme, magari era solo...chessò, l'antivirus che si aggiornava in sottofondo....In ogni caso quando torno a casa (perchè sono fuori e quindi senza appoggio per fare una cosa del genere -> ) farò un bel format e buonanotte.
    Rispondi Citando Rispondi Citando
  11.  
    Stanco della Pubblicità? Registrati
« Discussione Precedente | Discussione Successiva »

Informazioni Discussione

Utenti che Stanno Visualizzando Questa Discussione

Ci sono attualmente 1 utenti che stanno visualizzando questa discussione. (0 utenti e 1 ospiti)

Permessi di Scrittura

  • Tu non puoi inviare nuove discussioni
  • Tu non puoi inviare risposte
  • Tu non puoi inviare allegati
  • Tu non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Torna Su