Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo log hijackthis please! Opzioni
shapiro
Inviato: Friday, January 01, 2010 1:57:08 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ma li ha messi in quarantena? non vedo nessuna azione...

hai copiato il log per intero?
bio.org
Inviato: Friday, January 01, 2010 2:24:53 PM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
Ultimata la scasione ho proceduto con "ripara". Questo è il log per intero appena terminata la riparazione. Il log salvato è per intero quello che ho postato, A questo punto non so però se l'ho salvato correttamente.
shapiro
Inviato: Friday, January 01, 2010 3:44:05 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova a vedere se recuperi il rapporto per intero, non penso che te lo ha dato senza notifica

apri avira,vai sulla sinistra e trovi ''reports''- sulla destra trovi la lista- un solo click su scan e premi F3
bio.org
Inviato: Friday, January 01, 2010 4:04:22 PM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
perfettamente uguale:




Avira AntiVir Personal
Data del file di report: giovedì 31 dicembre 2009 20:06

Ricerca di 1492539 virus e programmi indesiderati.

Concesso in licenza a : Avira AntiVir Personal - FREE Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : BIO_ORG

Informazioni sulla versione:
BUILD.DAT : 9.0.0.21 21699 Bytes 04/12/2009 14:20:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:42
AVSCAN.DLL : 9.0.3.0 47873 Bytes 03/03/2009 10:14:30
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:58
LUKERES.DLL : 9.0.2.0 12545 Bytes 03/03/2009 10:15:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 12:29:28
VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 12:29:28
VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 12:29:28
VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 12:29:28
VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 12:29:28
VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 12:29:28
VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 12:29:28
VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 12:29:28
VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 12:29:28
VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 12:29:28
VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 12:29:28
VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 12:29:28
VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 12:29:30
VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 12:29:30
VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 12:29:30
VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 12:29:32
VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 12:29:32
VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 12:31:06
VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 12:40:02
VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 17:33:40
VBASE021.VDF : 7.10.2.94 2048 Bytes 29/12/2009 17:33:40
VBASE022.VDF : 7.10.2.95 2048 Bytes 29/12/2009 17:33:40
VBASE023.VDF : 7.10.2.96 2048 Bytes 29/12/2009 17:33:40
VBASE024.VDF : 7.10.2.97 2048 Bytes 29/12/2009 17:33:40
VBASE025.VDF : 7.10.2.98 2048 Bytes 29/12/2009 17:33:40
VBASE026.VDF : 7.10.2.99 2048 Bytes 29/12/2009 17:33:40
VBASE027.VDF : 7.10.2.100 2048 Bytes 29/12/2009 17:33:40
VBASE028.VDF : 7.10.2.101 2048 Bytes 29/12/2009 17:33:40
VBASE029.VDF : 7.10.2.102 2048 Bytes 29/12/2009 17:33:40
VBASE030.VDF : 7.10.2.103 2048 Bytes 29/12/2009 17:33:42
VBASE031.VDF : 7.10.2.110 77312 Bytes 31/12/2009 18:45:40
Motore : 8.2.1.122
AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52
AESCRIPT.DLL : 8.1.3.4 586105 Bytes 23/12/2009 12:31:14
AESCN.DLL : 8.1.3.0 127348 Bytes 21/12/2009 12:29:42
AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 21/12/2009 12:29:42
AEPACK.DLL : 8.2.0.3 422261 Bytes 08/11/2009 06:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38
AEHEUR.DLL : 8.1.0.189 2195833 Bytes 23/12/2009 12:31:12
AEHELP.DLL : 8.1.9.0 237943 Bytes 21/12/2009 12:29:36
AEGEN.DLL : 8.1.1.82 369014 Bytes 23/12/2009 12:31:08
AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 21/12/2009 12:29:36
AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:04
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:08
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:30
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:25:12
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:46
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:14
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:40
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:41:30
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 13:11:52
RCTEXT.DLL : 9.0.73.0 87809 Bytes 03/11/2009 07:16:44

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, D:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio
Categorie irregolari delle minacce..........: +APPL,+GAME,-HIDDENEXT,+JOKE,+PFS,

Avvio della scansione: giovedì 31 dicembre 2009 20:06

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
Sono stati esaminati '34321' oggetti, sono stati rilevati '0' oggetti nascosti.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'firefox.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'WMIAPSRV.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'WMIPRVSE.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ALG.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ATKOSD.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'RegSrvc.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'PSIService.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'OProtSvc.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'JQS.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'EOUWiz.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'iFrmewrk.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'mDNSResponder.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'AVGNT.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'CTFMON.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ISSCH.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'JUSCHED.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ATIPTAXX.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SynTPEnh.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SynTPLpr.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'WCOURIER.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'BatteryLife.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ALU.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'RTHDCPL.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'HControl.exe' - '1' modulo(i) scansionato(i)
Scansione processo '1XConfig.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'EXPLORER.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ATI2EVXX.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ZCfgSvc.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SCHED.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SPOOLSV.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'S24EvMon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'EvtEng.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ATI2EVXX.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'LSASS.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SERVICES.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'WINLOGON.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'CSRSS.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SMSS.EXE' - '1' modulo(i) scansionato(i)
47 processi scansionati con '47' Moduli

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!
Record di avvio 'D:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 63 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\pagefile.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\hiberfil.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\WINDOWS\system32\wmisqtu.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/CryptoVB.BN.1
C:\WINDOWS\system32\sqpeml.dll
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[AVVISO] Impossibile aprire il file!
C:\WINDOWS\system32\wmistri.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/CryptoVB.BN.1
C:\WINDOWS\system32\drivers\zcnhimnc.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[AVVISO] Impossibile aprire il file!
C:\WINDOWS\system32\drivers\ezmsppqs.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
C:\FOUND.007\FILE0001.CHK
[RILEVAMENTO] Contiene il modello di rilevamento del Rootkit RKIT/Conficker.A
C:\Documents and Settings\All Users\Documenti\nqbulx.exe
[RILEVAMENTO] Contiene il modello di rilevamento del Dropper DR/Autoit.TC.156
C:\Documents and Settings\Bio.org\Desktop\combofix.zip
[0] Tipo di archivio: ZIP
--> combofix/ComboFix.exe
--> combofix/ComboFix.exe
[1] Tipo di archivio: RAR SFX (self extracting)
--> 327882R2FWJFW\NirCmd.cfexe
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
--> 327882R2FWJFW\nircmd.com
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
--> 327882R2FWJFW\NirCmdC.cfexe
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.1.B
--> 327882R2FWJFW\psexec.cfexe
[2] Tipo di archivio: RSRC
--> Object
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/PsExec.E
C:\Documents and Settings\Nu faciti dannu!\iyn.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\Documents and Settings\Nu faciti dannu!\idw.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019803.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019804.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019805.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019806.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019807.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019808.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019809.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019810.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019811.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019824.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019855.exe

[0] Tipo di archivio: RAR SFX (self extracting)
--> 327882R2FWJFW\NirCmd.cfexe
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
--> 327882R2FWJFW\nircmd.com
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
--> 327882R2FWJFW\NirCmdC.cfexe
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.1.B
--> 327882R2FWJFW\psexec.cfexe
[1] Tipo di archivio: RSRC
--> Object
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/PsExec.E
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019874.com
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
Inizia con la scansione di 'D:\'

Avvio della disinfezione:
shapiro
Inviato: Friday, January 01, 2010 4:21:59 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
se hai una chiavetta o dispositivo esterno, prima di inserirlo tieni premuto il tasto SHIFT , e' in basso a sinistra della tastiera e rilascia il tasto dopo circa 10 secondi


Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
bio.org
Inviato: Friday, January 01, 2010 4:39:55 PM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
ComboFix 09-12-31.A1 - Bio.org 01/01/2010 16.30.10.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1098 [GMT 1:00]
Eseguito da: c:\documents and settings\Bio.org\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Passthru


((((((((((((((((((((((((( Files Creati Da 2009-12-01 al 2010-01-01 )))))))))))))))))))))))))))))))))))
.

2010-01-01 03:23 . 2010-01-01 03:23 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-01-01 03:23 . 2010-01-01 03:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-31 12:18 . 2009-12-31 12:18 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-31 12:17 . 2009-12-31 12:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Intel
2009-12-31 12:17 . 2004-10-15 09:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2009-12-31 00:46 . 2009-12-31 00:46 -------- d-----w- c:\programmi\CCleaner
2009-12-30 23:45 . 2009-12-30 23:45 -------- d-----w- C:\FOUND.009
2009-12-30 23:42 . 2009-12-30 23:42 -------- d-----w- C:\FOUND.008
2009-12-30 17:10 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 17:10 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 16:21 . 2009-12-30 16:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-30 16:15 . 2009-12-30 16:15 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Malwarebytes
2009-12-30 16:15 . 2009-12-30 16:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-30 12:21 . 2009-12-30 12:21 -------- d-----w- C:\FOUND.007
2009-12-30 12:17 . 2009-12-30 12:17 -------- d-----w- C:\FOUND.006
2009-12-29 12:57 . 2008-04-13 18:14 398336 ----a-w- c:\windows\system32\CF31661.exe
2009-12-28 21:33 . 2009-12-28 21:33 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Apple Computer
2009-12-28 21:02 . 2009-12-28 21:02 40128 ----a-w- c:\windows\system32\drivers\zcnhimnc.sys
2009-12-28 18:55 . 2009-12-28 18:55 -------- d-----w- C:\FOUND.005
2009-12-28 18:48 . 2009-12-28 18:48 -------- d-----w- C:\FOUND.004
2009-12-28 18:43 . 2009-12-28 18:43 -------- d-----w- C:\FOUND.003
2009-12-28 14:00 . 2009-12-28 14:00 -------- d-----w- C:\FOUND.002
2009-12-28 11:34 . 2009-12-28 11:34 -------- d-sh--w- c:\documents and settings\Nu faciti dannu!\IECompatCache
2009-12-27 13:21 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Ahead
2009-12-27 13:20 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Ahead
2009-12-27 13:18 . 2009-12-27 13:18 -------- d-----w- c:\programmi\Nero
2009-12-27 13:18 . 2009-12-27 13:18 -------- d-----w- c:\programmi\File comuni\Ahead
2009-12-27 11:29 . 2009-12-27 11:29 -------- d-----w- C:\FOUND.001
2009-12-26 18:43 . 2009-12-26 18:43 -------- d-sh--w- c:\documents and settings\Nu faciti dannu!\PrivacIE
2009-12-23 18:53 . 2009-12-23 18:53 -------- d-----w- C:\FOUND.000
2009-12-22 14:08 . 2009-12-22 14:08 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\dvdcss
2009-12-22 13:02 . 2008-04-13 10:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-21 12:27 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-21 12:27 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-21 12:27 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\programmi\Avira
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-20 14:24 . 2000-03-29 13:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-12-20 12:10 . 2009-12-20 12:10 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Tracing
2009-12-19 22:04 . 2009-12-19 22:04 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-12-19 21:29 . 2009-12-19 21:29 -------- d-----w- C:\VideoSec
2009-12-19 16:55 . 2009-12-19 16:56 46080 ----a-w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-18 20:38 . 2009-12-18 20:38 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Adobe
2009-12-18 14:41 . 2009-12-18 14:41 8 --sh--r- c:\windows\system32\8484AA5D05.sys
2009-12-18 14:41 . 2009-12-18 14:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Corel
2009-12-18 14:41 . 2009-12-18 14:41 65536 ----a-r- c:\documents and settings\Bio.org\Dati applicazioni\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-12-18 14:41 . 2009-12-18 14:41 10134 ----a-r- c:\documents and settings\Bio.org\Dati applicazioni\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-12-18 14:41 . 2009-12-18 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\programmi\File comuni\Protexis
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\programmi\File comuni\Corel
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Corel
2009-12-18 14:27 . 2009-12-27 18:01 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-18 14:26 . 2009-12-18 14:26 -------- d-----w- c:\programmi\Corel
2009-12-18 14:19 . 2009-12-18 14:19 -------- d-----w- c:\programmi\Bonjour
2009-12-18 14:09 . 2009-12-18 14:09 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-12-17 14:48 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-17 14:48 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-17 14:48 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-17 14:48 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-17 14:48 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-17 14:48 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-17 14:48 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-17 14:48 . 2009-02-09 18:56 67584 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-17 14:48 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-17 14:48 . 2009-12-17 14:48 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-12-17 10:37 . 2004-08-19 13:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-16 21:52 . 2009-12-16 21:52 -------- d-----w- c:\programmi\eMule
2009-12-16 20:50 . 2009-12-16 20:50 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-12-16 17:46 . 2009-12-16 17:46 -------- d-----w- c:\documents and settings\Bio.org\Tracing
2009-12-16 17:45 . 2009-12-16 17:45 -------- d-----w- c:\programmi\Microsoft
2009-12-16 17:44 . 2009-12-16 17:44 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-16 17:42 . 2009-12-16 17:42 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-16 17:41 . 2009-12-16 17:41 -------- d-----w- c:\documents and settings\Bio.org\Contacts
2009-12-16 17:40 . 2009-12-16 17:40 -------- d-----w- c:\windows\system32\DRVSTORE
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-sh--w- c:\programmi\File comuni\WindowsLiveInstaller
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-----w- c:\programmi\Windows Live
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2009-12-16 17:28 . 2009-12-16 17:28 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\vlc
2009-12-16 17:28 . 2009-12-16 17:28 -------- d-----w- c:\programmi\VideoLAN
2009-12-16 16:29 . 2009-12-16 16:29 152576 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 16:27 . 2009-12-16 16:29 79488 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-16 16:17 . 2009-12-16 16:17 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Media Player Classic
2009-12-16 00:22 . 2009-12-16 00:22 -------- d-----w- c:\programmi\uTorrent
2009-12-16 00:22 . 2009-12-16 00:22 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\uTorrent
2009-12-15 20:52 . 2009-12-15 20:52 -------- d-----w- c:\windows\Sun
2009-12-15 20:52 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 20:52 . 2009-12-15 20:52 -------- d-----w- c:\programmi\Java
2009-12-15 20:51 . 2009-12-15 20:51 152576 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_12\lzma.dll
2009-12-15 17:40 . 2009-12-15 17:40 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\pdf995
2009-12-15 13:51 . 2009-12-15 13:51 -------- d-----w- c:\programmi\QuickTime
2009-12-15 13:51 . 2009-12-15 13:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-12-15 13:46 . 2009-12-15 13:46 -------- d-----w- c:\programmi\File comuni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\programmi\Apple Software Update
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Apple Computer
2009-12-15 11:35 . 2009-12-15 11:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-12-15 11:03 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-15 11:03 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-12-14 20:05 . 2009-12-14 20:05 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-14 00:52 . 2009-12-14 00:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-14 00:44 . 2009-12-14 00:44 -------- d-----w- c:\windows\EHome
2009-12-13 21:14 . 2009-12-13 21:14 -------- d-----w- c:\programmi\Axon Data
2009-12-13 21:11 . 2009-12-13 21:11 -------- d-----w- c:\programmi\PowerQuest
2009-12-13 21:10 . 2009-12-18 14:41 46080 ----a-w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-13 21:10 . 2009-12-15 17:41 59 ----a-w- c:\windows\wpd99.drv
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\pdf995
2009-12-13 21:10 . 2009-12-13 21:10 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-12-13 21:10 . 2009-12-13 21:10 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\programmi\pdf995
2009-12-13 21:07 . 2009-12-13 21:07 -------- d-sh--w- c:\documents and settings\Bio.org\IECompatCache
2009-12-13 20:46 . 2009-08-14 15:12 1850624 ------w- c:\windows\system32\dllcache\win32k.sys
2009-12-13 19:52 . 2009-12-13 19:52 -------- d--h--w- c:\windows\$hf_mig$
2009-12-13 19:45 . 2009-12-13 19:45 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-13 19:41 . 2009-12-13 19:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-12-13 19:36 . 2009-12-13 19:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 19:33 . 2009-12-13 19:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-12-13 19:31 . 2009-12-13 19:31 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Adobe
2009-12-13 19:28 . 2009-12-13 19:28 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 19:28 . 2009-12-13 19:28 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-13 19:12 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-13 18:50 . 2009-12-13 18:50 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-12-13 18:49 . 2009-12-13 18:49 -------- d-----w- c:\windows\system32\LogFiles
2009-12-13 18:49 . 2009-12-13 18:49 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-13 18:37 . 2009-12-13 18:37 -------- d-sh--w- c:\documents and settings\Bio.org\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 23:42 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP523d.tmp
2009-12-29 17:47 . 2009-12-29 17:47 4096 ----a-w- c:\windows\system32\01.tmp
2009-12-29 17:46 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP64c4.tmp
2009-12-28 18:50 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP6949.tmp
2009-12-28 18:45 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP44ee.tmp
2009-12-28 18:40 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP4e35.tmp
2009-12-28 13:44 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP71d4.tmp
2009-12-26 15:47 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP57f3.tmp
2009-12-24 14:39 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP74a3.tmp
2009-12-22 12:28 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP7b98.tmp
2009-12-14 01:04 . 2004-09-16 14:31 48012 ----a-w- c:\windows\system32\perfc010.dat
2009-12-14 01:04 . 2004-09-16 14:31 345620 ----a-w- c:\windows\system32\perfh010.dat
2009-12-14 00:55 . 2009-12-13 13:18 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-13 13:47 . 2009-12-13 13:47 -------- d-----w- c:\programmi\Toshiba
2009-12-13 13:46 . 2009-12-14 20:04 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Dati applicazioni\Intel
2009-12-13 13:46 . 2009-12-13 17:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Intel
2009-12-13 13:46 . 2009-12-13 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Intel
2009-12-13 13:44 . 2009-12-13 13:44 503808 ----a-w- c:\windows\Asus_A6_ScreenSaver.scr
2009-12-13 13:44 . 2009-12-13 13:44 606848 ----a-w- c:\windows\flashax.exe
2009-12-13 13:44 . 2009-12-13 13:44 12288 ----a-w- c:\windows\impborl.dll
2009-12-13 13:42 . 2009-12-13 13:42 -------- d-----w- c:\programmi\ATI Technologies
2009-12-13 13:42 . 2009-12-13 13:41 -------- d-----w- c:\programmi\CONEXANT
2009-12-13 13:36 . 2009-12-14 20:04 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Dati applicazioni\Symantec
2009-12-13 13:36 . 2009-12-13 17:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Symantec
2009-12-13 13:36 . 2009-12-13 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Symantec
2009-12-13 13:35 . 2009-12-13 13:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-13 13:33 . 2009-12-13 13:33 -------- d-----w- c:\programmi\Intel
2009-12-13 13:31 . 2009-12-13 13:31 -------- d-----w- c:\programmi\Synaptics
2009-12-13 13:28 . 2009-12-13 13:28 -------- d-----w- c:\programmi\ASUS
2009-12-13 13:26 . 2009-12-13 13:26 -------- d-----w- c:\programmi\Realtek
2009-12-13 13:26 . 2009-12-13 13:26 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-13 13:26 . 2009-12-13 13:26 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-13 13:24 . 2009-12-13 13:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SBSI
2009-12-13 13:19 . 2009-12-13 13:19 -------- d-----w- c:\programmi\microsoft frontpage
2009-12-13 13:17 . 2009-12-13 13:17 -------- d-----w- c:\programmi\Servizi in linea
2009-12-13 13:17 . 2009-12-13 13:17 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2008-04-13 18:13 . 2004-09-16 14:31 163185 --sh--r- c:\windows\system32\sqpeml.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-05-11 102400]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-24 14477312]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]
"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-03-02 57344]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 10:27 110592 ----a-w- c:\programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7994:TCP"= 7994:TCP:iayvgfy

R0 R592;R592;c:\windows\system32\drivers\R592.sys [13/12/2009 13.57.00 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [13/12/2009 13.57.00 27264]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [13/12/2009 14.27.40 702326]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [13/12/2009 14.27.39 4790]
S0 ezmsppqs;ezmsppqs;c:\windows\system32\Drivers\ezmsppqs.sys --> c:\windows\system32\Drivers\ezmsppqs.sys [?]
S0 hubemkeb;hubemkeb;c:\windows\system32\Drivers\hubemkeb.sys --> c:\windows\system32\Drivers\hubemkeb.sys [?]
S0 zcnhimnc;zcnhimnc;c:\windows\system32\drivers\zcnhimnc.sys [28/12/2009 22.02.17 40128]
S2 fsogikkr;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [16/09/2004 15.31.20 14336]
S3 psgtngftj;psgtngftj;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fsogikkr
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bio.org\Dati applicazioni\Mozilla\Firefox\Profiles\yyxnlc1u.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966 - c:\programmi\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\programmi\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 16:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psgtngftj]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsogikkr]
"ServiceDll"="c:\windows\system32\sqpeml.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
c:\programmi\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\programmi\File comuni\Microsoft Shared\Web Components\10\1040\OWCI10.DLL
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\programmi\File comuni\Microsoft Shared\Web Components\11\1040\OWCI11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Intel\Wireless\Bin\OProtSvc.exe
c:\programmi\File comuni\Protexis\License Service\PSIService.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-01 16:37:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-01 15:37

Pre-Run: 11.989.893.120 byte disponibili
Post-Run: 11.908.022.272 byte disponibili

- - End Of File - - BF63FAE4FB033206F627BF2AF76DD8C7
shapiro
Inviato: Friday, January 01, 2010 6:01:10 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
bio.org

conosci il contenuto di queste cartelle? le hai archiviate tu? se la risposta e' no, non toccarle


C:\FOUND.009
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001
C:\FOUND.000


bio.org
Inviato: Friday, January 01, 2010 8:28:08 PM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
Assolutamente! non le ho archiviate io. quindi?
shapiro
Inviato: Friday, January 01, 2010 9:08:53 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
esegui questi passaggi nell'ordine con cui te li descrivo, avira ha funzionato a meta' oppure non hai lasciato finire la disinfezione

Installa Ccleaner se non lo hai nel pc

http://www.aiutamici.com/software?ID=11223

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica http://www.atribune.org/ccount/click.php?id=1

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)



apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

Code:
file::
c:\windows\system32\01.tmp
c:\windows\system32\02.tmp
c:\windows\system32\sqpeml.dll
C:\WINDOWS\system32\wmisqtu.exe
c:\windows\system32\Drivers\hubemkeb.sys
c:\windows\system32\CF31661.exe
C:\WINDOWS\system32\drivers\ezmsppqs.sys
c:\windows\system32\drivers\zcnhimnc.sys
C:\WINDOWS\system32\wmistri.exe
c:\windows\system32\8484AA5D05.sys


folder::
C:\FOUND.009
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001
C:\FOUND.000

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psgtngftj]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsogikkr]







salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix.




Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.
bio.org
Inviato: Sunday, January 03, 2010 1:25:37 PM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
ComboFix 10-01-02.04 - Bio.org 03/01/2010 12.55.31.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1111 [GMT 1:00]
Eseguito da: d:\kecco\ComboFix.exe
Opzioni usate :: d:\kecco\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\01.tmp"
"c:\windows\system32\02.tmp"
"c:\windows\system32\8484AA5D05.sys"
"c:\windows\system32\CF31661.exe"
"c:\windows\system32\drivers\ezmsppqs.sys"
"c:\windows\system32\Drivers\hubemkeb.sys"
"c:\windows\system32\drivers\zcnhimnc.sys"
"c:\windows\system32\sqpeml.dll"
"c:\windows\system32\wmisqtu.exe"
"c:\windows\system32\wmistri.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
c:\found.000\FILE0000.CHK
c:\found.000\FILE0001.CHK
c:\found.000\FILE0002.CHK
c:\found.000\FILE0003.CHK
c:\found.000\FILE0004.CHK
c:\found.000\FILE0005.CHK
c:\found.000\FILE0006.CHK
c:\found.000\FILE0007.CHK
c:\found.000\FILE0008.CHK
c:\found.000\FILE0009.CHK
c:\found.000\FILE0010.CHK
c:\found.000\FILE0011.CHK
c:\found.000\FILE0012.CHK
c:\found.000\FILE0013.CHK
c:\found.000\FILE0014.CHK
c:\found.000\FILE0015.CHK
c:\found.000\FILE0016.CHK
c:\found.000\FILE0017.CHK
c:\found.000\FILE0018.CHK
c:\found.000\FILE0019.CHK
c:\found.000\FILE0020.CHK
c:\found.000\FILE0021.CHK
c:\found.000\FILE0022.CHK
C:\FOUND.001
c:\found.001\FILE0000.CHK
c:\found.001\FILE0001.CHK
c:\found.001\FILE0002.CHK
c:\found.001\FILE0004.CHK
c:\found.001\FILE0005.CHK
c:\found.001\FILE0006.CHK
c:\found.001\FILE0007.CHK
C:\FOUND.002
c:\found.002\FILE0000.CHK
c:\found.002\FILE0001.CHK
C:\FOUND.003
c:\found.003\FILE0000.CHK
c:\found.003\FILE0001.CHK
c:\found.003\FILE0002.CHK
c:\found.003\FILE0003.CHK
c:\found.003\FILE0004.CHK
c:\found.003\FILE0005.CHK
c:\found.003\FILE0006.CHK
c:\found.003\FILE0007.CHK
c:\found.003\FILE0008.CHK
c:\found.003\FILE0009.CHK
c:\found.003\FILE0010.CHK
c:\found.003\FILE0011.CHK
C:\FOUND.004
c:\found.004\FILE0000.CHK
c:\found.004\FILE0001.CHK
C:\FOUND.005
c:\found.005\FILE0000.CHK
c:\found.005\FILE0001.CHK
C:\FOUND.006
c:\found.006\FILE0000.CHK
C:\FOUND.007
c:\found.007\FILE0000.CHK
C:\FOUND.008
c:\found.008\FILE0000.CHK
C:\FOUND.009
c:\found.009\FILE0000.CHK
c:\windows\system32\01.tmp
c:\windows\system32\8484AA5D05.sys
c:\windows\system32\CF31661.exe
c:\windows\system32\drivers\zcnhimnc.sys
c:\windows\system32\sqpeml.dll . . . . Eliminazione Fallita

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fsogikkr
-------\Legacy_zcnhimnc
-------\Service_fsogikkr
-------\Service_zcnhimnc


((((((((((((((((((((((((( Files Creati Da 2009-12-03 al 2010-01-03 )))))))))))))))))))))))))))))))))))
.

2010-01-01 03:23 . 2010-01-01 03:23 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-01-01 03:23 . 2010-01-01 03:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-31 12:18 . 2009-12-31 12:18 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-31 12:17 . 2009-12-31 12:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Intel
2009-12-31 12:17 . 2004-10-15 09:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2009-12-31 00:46 . 2009-12-31 00:46 -------- d-----w- c:\programmi\CCleaner
2009-12-30 17:10 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 17:10 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 16:21 . 2009-12-30 16:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-30 16:15 . 2009-12-30 16:15 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Malwarebytes
2009-12-30 16:15 . 2009-12-30 16:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-28 21:33 . 2009-12-28 21:33 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Apple Computer
2009-12-28 11:34 . 2009-12-28 11:34 -------- d-sh--w- c:\documents and settings\Nu faciti dannu!\IECompatCache
2009-12-27 13:21 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Ahead
2009-12-27 13:20 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Ahead
2009-12-27 13:18 . 2009-12-27 13:18 -------- d-----w- c:\programmi\Nero
2009-12-27 13:18 . 2009-12-27 13:18 -------- d-----w- c:\programmi\File comuni\Ahead
2009-12-26 18:43 . 2009-12-26 18:43 -------- d-sh--w- c:\documents and settings\Nu faciti dannu!\PrivacIE
2009-12-22 14:08 . 2009-12-22 14:08 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\dvdcss
2009-12-22 13:02 . 2008-04-13 10:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-21 12:27 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-21 12:27 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-21 12:27 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\programmi\Avira
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-20 14:24 . 2000-03-29 13:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-12-20 12:10 . 2009-12-20 12:10 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Tracing
2009-12-19 22:04 . 2009-12-19 22:04 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-12-19 21:29 . 2009-12-19 21:29 -------- d-----w- C:\VideoSec
2009-12-19 16:55 . 2009-12-19 16:56 46080 ----a-w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-18 20:38 . 2009-12-18 20:38 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Adobe
2009-12-18 14:41 . 2009-12-18 14:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Corel
2009-12-18 14:41 . 2009-12-18 14:41 65536 ----a-r- c:\documents and settings\Bio.org\Dati applicazioni\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-12-18 14:41 . 2009-12-18 14:41 10134 ----a-r- c:\documents and settings\Bio.org\Dati applicazioni\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-12-18 14:41 . 2009-12-18 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\programmi\File comuni\Protexis
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\programmi\File comuni\Corel
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Corel
2009-12-18 14:27 . 2009-12-27 18:01 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-18 14:26 . 2009-12-18 14:26 -------- d-----w- c:\programmi\Corel
2009-12-18 14:19 . 2009-12-18 14:19 -------- d-----w- c:\programmi\Bonjour
2009-12-18 14:09 . 2009-12-18 14:09 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-12-17 14:48 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-17 14:48 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-17 14:48 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-17 14:48 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-17 14:48 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-17 14:48 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-17 14:48 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-17 14:48 . 2009-02-09 18:56 67584 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-17 14:48 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-17 14:48 . 2009-12-17 14:48 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-12-17 10:37 . 2004-08-19 13:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-16 21:52 . 2009-12-16 21:52 -------- d-----w- c:\programmi\eMule
2009-12-16 20:50 . 2009-12-16 20:50 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-12-16 17:46 . 2009-12-16 17:46 -------- d-----w- c:\documents and settings\Bio.org\Tracing
2009-12-16 17:45 . 2009-12-16 17:45 -------- d-----w- c:\programmi\Microsoft
2009-12-16 17:44 . 2009-12-16 17:44 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-16 17:42 . 2009-12-16 17:42 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-16 17:41 . 2009-12-16 17:41 -------- d-----w- c:\documents and settings\Bio.org\Contacts
2009-12-16 17:40 . 2009-12-16 17:40 -------- d-----w- c:\windows\system32\DRVSTORE
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-sh--w- c:\programmi\File comuni\WindowsLiveInstaller
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-----w- c:\programmi\Windows Live
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2009-12-16 17:28 . 2009-12-16 17:28 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\vlc
2009-12-16 17:28 . 2009-12-16 17:28 -------- d-----w- c:\programmi\VideoLAN
2009-12-16 16:29 . 2009-12-16 16:29 152576 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 16:27 . 2009-12-16 16:29 79488 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-16 16:17 . 2009-12-16 16:17 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Media Player Classic
2009-12-16 00:22 . 2009-12-16 00:22 -------- d-----w- c:\programmi\uTorrent
2009-12-16 00:22 . 2009-12-16 00:22 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\uTorrent
2009-12-15 20:52 . 2009-12-15 20:52 -------- d-----w- c:\windows\Sun
2009-12-15 20:52 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 20:52 . 2009-12-15 20:52 -------- d-----w- c:\programmi\Java
2009-12-15 20:51 . 2009-12-15 20:51 152576 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_12\lzma.dll
2009-12-15 17:40 . 2009-12-15 17:40 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\pdf995
2009-12-15 13:51 . 2009-12-15 13:51 -------- d-----w- c:\programmi\QuickTime
2009-12-15 13:51 . 2009-12-15 13:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-12-15 13:46 . 2009-12-15 13:46 -------- d-----w- c:\programmi\File comuni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\programmi\Apple Software Update
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Apple Computer
2009-12-15 11:35 . 2009-12-15 11:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-12-15 11:03 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-15 11:03 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-12-14 20:05 . 2009-12-14 20:05 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-14 00:52 . 2009-12-14 00:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-14 00:44 . 2009-12-14 00:44 -------- d-----w- c:\windows\EHome
2009-12-13 21:14 . 2009-12-13 21:14 -------- d-----w- c:\programmi\Axon Data
2009-12-13 21:11 . 2009-12-13 21:11 -------- d-----w- c:\programmi\PowerQuest
2009-12-13 21:10 . 2009-12-18 14:41 46080 ----a-w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-13 21:10 . 2009-12-15 17:41 59 ----a-w- c:\windows\wpd99.drv
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\pdf995
2009-12-13 21:10 . 2009-12-13 21:10 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-12-13 21:10 . 2009-12-13 21:10 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\programmi\pdf995
2009-12-13 21:07 . 2009-12-13 21:07 -------- d-sh--w- c:\documents and settings\Bio.org\IECompatCache
2009-12-13 20:46 . 2009-08-14 15:12 1850624 ------w- c:\windows\system32\dllcache\win32k.sys
2009-12-13 19:52 . 2009-12-13 19:52 -------- d--h--w- c:\windows\$hf_mig$
2009-12-13 19:45 . 2009-12-13 19:45 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-13 19:41 . 2009-12-13 19:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-12-13 19:36 . 2009-12-13 19:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 19:33 . 2009-12-13 19:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-12-13 19:31 . 2009-12-13 19:31 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Adobe
2009-12-13 19:28 . 2009-12-13 19:28 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 19:28 . 2009-12-13 19:28 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-13 19:12 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-13 18:50 . 2009-12-13 18:50 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-12-13 18:49 . 2009-12-13 18:49 -------- d-----w- c:\windows\system32\LogFiles
2009-12-13 18:49 . 2009-12-13 18:49 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-13 18:37 . 2009-12-13 18:37 -------- d-sh--w- c:\documents and settings\Bio.org\PrivacIE
2009-12-13 18:36 . 2009-12-13 18:36 -------- d-sh--w- c:\documents and settings\Bio.org\IETldCache
2009-12-13 18:33 . 2009-12-13 18:33 -------- d--h--w- c:\windows\ie8
2009-12-13 18:33 . 2009-12-13 18:33 -------- d-----w- c:\windows\system32\it-IT
2009-12-13 18:27 . 2009-12-13 18:27 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Toshiba
2009-12-13 18:27 . 2009-12-13 18:27 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Toshiba
2009-12-13 18:26 . 2001-08-30 19:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-13 18:26 . 2001-08-30 19:41 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-12-13 18:20 . 2009-12-13 18:20 -------- d-sh--w- c:\documents and settings\Bio.org\UserData
2009-12-13 18:18 . 2009-12-13 18:18 -------- d-----w- c:\programmi\Trend Micro
2009-12-13 18:14 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-13 18:14 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-12-13 18:14 . 2009-12-13 18:14 -------- d-----w- c:\programmi\Microsoft.NET
2009-12-13 18:13 . 2009-12-13 18:13 -------- d-----w- c:\windows\SHELLNEW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 23:42 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP523d.tmp
2009-12-29 17:46 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP64c4.tmp
2009-12-28 18:50 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP6949.tmp
2009-12-28 18:45 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP44ee.tmp
2009-12-28 18:40 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP4e35.tmp
2009-12-28 13:44 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP71d4.tmp
2009-12-26 15:47 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP57f3.tmp
2009-12-24 14:39 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP74a3.tmp
2009-12-22 12:28 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP7b98.tmp
2009-12-14 01:04 . 2004-09-16 14:31 48012 ----a-w- c:\windows\system32\perfc010.dat
2009-12-14 01:04 . 2004-09-16 14:31 345620 ----a-w- c:\windows\system32\perfh010.dat
2009-12-14 00:55 . 2009-12-13 13:18 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-13 13:47 . 2009-12-13 13:47 -------- d-----w- c:\programmi\Toshiba
2009-12-13 13:46 . 2009-12-14 20:04 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Dati applicazioni\Intel
2009-12-13 13:46 . 2009-12-13 17:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Intel
2009-12-13 13:46 . 2009-12-13 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Intel
2009-12-13 13:44 . 2009-12-13 13:44 503808 ----a-w- c:\windows\Asus_A6_ScreenSaver.scr
2009-12-13 13:44 . 2009-12-13 13:44 606848 ----a-w- c:\windows\flashax.exe
2009-12-13 13:44 . 2009-12-13 13:44 12288 ----a-w- c:\windows\impborl.dll
2009-12-13 13:42 . 2009-12-13 13:42 -------- d-----w- c:\programmi\ATI Technologies
2009-12-13 13:42 . 2009-12-13 13:41 -------- d-----w- c:\programmi\CONEXANT
2009-12-13 13:36 . 2009-12-14 20:04 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Dati applicazioni\Symantec
2009-12-13 13:36 . 2009-12-13 17:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Symantec
2009-12-13 13:36 . 2009-12-13 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Symantec
2009-12-13 13:35 . 2009-12-13 13:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-13 13:33 . 2009-12-13 13:33 -------- d-----w- c:\programmi\Intel
2009-12-13 13:31 . 2009-12-13 13:31 -------- d-----w- c:\programmi\Synaptics
2009-12-13 13:28 . 2009-12-13 13:28 -------- d-----w- c:\programmi\ASUS
2009-12-13 13:26 . 2009-12-13 13:26 -------- d-----w- c:\programmi\Realtek
2009-12-13 13:26 . 2009-12-13 13:26 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-13 13:26 . 2009-12-13 13:26 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-13 13:24 . 2009-12-13 13:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SBSI
2009-12-13 13:19 . 2009-12-13 13:19 -------- d-----w- c:\programmi\microsoft frontpage
2009-12-13 13:17 . 2009-12-13 13:17 -------- d-----w- c:\programmi\Servizi in linea
2009-12-13 13:17 . 2009-12-13 13:17 21840 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-01_15.35.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-03 12:00 . 2010-01-03 12:00 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2009-12-13 13:22 . 2010-01-02 19:17 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-13 13:22 . 2009-12-28 19:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-13 13:22 . 2010-01-02 19:17 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-12-13 13:22 . 2009-12-28 19:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2010-01-02 19:17 . 2010-01-02 19:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-12-13 13:22 . 2009-12-28 19:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-05-11 102400]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-24 14477312]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]
"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-03-02 57344]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 10:27 110592 ----a-w- c:\programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7994:TCP"= 7994:TCP:iayvgfy

R0 R592;R592;c:\windows\system32\drivers\R592.sys [13/12/2009 13.57.00 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [13/12/2009 13.57.00 27264]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [13/12/2009 14.27.40 702326]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [13/12/2009 14.27.39 4790]
S0 ezmsppqs;ezmsppqs;c:\windows\system32\Drivers\ezmsppqs.sys --> c:\windows\system32\Drivers\ezmsppqs.sys [?]
S0 hubemkeb;hubemkeb;c:\windows\system32\Drivers\hubemkeb.sys --> c:\windows\system32\Drivers\hubemkeb.sys [?]
S2 fsogikkr;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [16/09/2004 15.31.20 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fsogikkr
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bio.org\Dati applicazioni\Mozilla\Firefox\Profiles\yyxnlc1u.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 13:22
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsogikkr]
"ServiceDll"="c:\windows\system32\sqpeml.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
c:\programmi\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Intel\Wireless\Bin\OProtSvc.exe
c:\programmi\File comuni\Protexis\License Service\PSIService.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-03 13:24:22 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-03 12:24
ComboFix2.txt 2010-01-01 15:37

Pre-Run: 11.839.455.232 byte disponibili
Post-Run: 11.753.684.992 byte disponibili

- - End Of File - - 6F3B0DC6D67AE6BF340460EE769D3BC1
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.