ciao R16, un piacere ritrovarti, e grazie della disponibilità.
in Task Manager non appare più,all'inizio , due settimane fà, c'era ; quando riesco a cancellare la cartella con Canc
a volte dice DESKTOP è un programma. ti posto i log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.40.07, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Mostra Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Utente\Dati applicazioni\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Utente\Dati applicazioni\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136087819843O17 - HKLM\System\CCS\Services\Tcpip\..\{5E79B3C2-77AB-4FE5-B7C9-E68FC1645FEC}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas
www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 9571 bytes
ComboFix 08-06-09.7 - Utente 2008-06-14 22.37.15.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.524 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Creati Da 2008-05-14 al 2008-06-14 )))))))))))))))))))))))))))))))))))
.
2008-06-12 19:32 . 2008-06-12 19:33 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 19:10 . 2008-04-14 17:51 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:10 . 2008-04-14 17:51 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-30 21:46 . 2008-05-30 21:46 <DIR> d-------- C:\_OTMoveIt
2008-05-26 23:55 . 2006-01-01 02:10 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-05-26 23:55 . 2006-01-01 02:10 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-05-26 23:55 . 2006-01-01 02:10 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-05-26 23:55 . 2006-01-01 01:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-05-26 23:55 . 2006-01-01 02:10 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-05-26 23:55 . 2008-06-14 22:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-05-26 23:55 . 2006-01-01 02:10 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-05-26 23:55 . 2008-05-15 19:47 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
2008-05-26 23:55 . 2008-05-30 22:29 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-05-26 23:55 . 2008-05-26 23:55 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-26 23:30 . 2008-05-26 23:30 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-21 21:09 . 2008-05-21 21:09 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-05-21 21:07 . 2008-05-24 11:29 <DIR> d-------- C:\Programmi\Norton Internet Security
2008-05-21 21:06 . 2008-06-01 23:00 <DIR> d-------- C:\Programmi\Symantec
2008-05-21 21:06 . 2008-06-01 23:00 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-21 21:06 . 2008-06-01 23:00 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-21 21:06 . 2008-06-01 23:00 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-21 21:06 . 2008-06-01 23:00 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-20 00:25 . 2008-05-20 00:25 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Yahoo!
2008-05-19 23:09 . 2008-06-14 22:36 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2008-05-15 23:52 . 2008-05-23 22:43 16,636 --a------ C:\WINDOWS\system32\drivers\hosts
2008-05-15 23:31 . 2008-05-22 22:09 <DIR> d-------- C:\password
2008-05-15 22:50 . 2008-05-15 23:21 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Symantec
2008-05-15 19:03 . 2008-06-14 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-05-15 00:51 . 2008-05-15 00:51 <DIR> d-------- C:\Programmi\CCleaner
2008-05-14 21:53 . 2008-05-21 20:58 <DIR> d-------- C:\Programmi\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 20:34 --------- d-----w C:\Programmi\eMule
2008-06-10 18:57 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-01 21:17 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Skype
2008-05-30 22:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-19 22:44 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-05-15 21:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-05-14 18:02 --------- d-----w C:\Programmi\Google
2008-05-13 18:02 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-13 17:57 --------- d-----w C:\Programmi\IKEA HomePlanner
2008-05-13 17:55 --------- d-----w C:\Programmi\NETGEAR
2008-05-12 20:40 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-26 14:32 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-21 07:01 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-11-24 18:58 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.
((((((((((((((((((((((((((((( snapshot@2008-05-31_ 0.01.24,53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-21 06:55:59 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:55:59 151,552 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:55:59 1,056,256 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:00 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:00 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:00 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:00 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:00 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:00 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:01 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:02 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:02 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:02 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:02 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:04 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:04 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-17 11:03:49 367,104 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\spru0410.dll
+ 2008-04-21 06:56:05 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:05 669,184 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-21 06:43:09 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:43:10 668,672 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:50 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:50 669,184 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:40 18,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:40 233,848 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:38 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:40 402,296 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:31 1,293,312 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:10:16 1,293,312 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:21 1,293,312 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:19:29 18,808 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:19:29 233,848 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:19:25 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:40 402,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-05-30 20:39:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 20:32:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 15:51:57 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 09:01:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:01:13 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:01:18 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:01:14 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:01:18 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:01:15 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:01:18 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:01:13 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:01:18 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:01:14 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:01:18 1,056,256 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:01:15 1,056,256 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:01:18 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:01:15 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:01:18 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:01:15 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:01:18 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:01:15 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:01:18 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:01:15 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:01:18 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:01:16 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:01:19 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:01:16 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:31:22 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:01:20 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:01:21 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:01:20 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:01:21 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:01:20 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:01:21 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:01:21 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:01:21 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:01:21 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:42:50 1,292,800 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:14:42 1,292,800 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:01:22 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:01:23 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:01:23 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:01:23 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:01:23 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:01:24 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:01:23 662,016 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:01:24 662,016 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:01:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:01:15 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:01:18 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:01:15 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:01:18 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:01:15 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:01:18 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:01:15 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:01:18 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:01:16 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:01:19 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:01:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-02-16 22:31:22 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:01:20 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:01:21 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:01:20 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:01:21 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:01:20 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:01:21 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:01:21 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:01:21 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:01:21 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:01:22 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:01:23 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:01:23 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:01:23 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:29 18,808 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:01:23 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:01:24 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-15 23:03:16 367,104 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:49 367,104 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-24 11:05 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-03-30 13:34 25263144]
"eMuleAutoStart"="C:\Programmi\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 15:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 15:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 15:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 15:07 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 02:37 57344]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-01-22 22:47 185896]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 17:28 172032]
"HPHUPD06"="C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-07-14 02:07 49152]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-07-14 01:58 659456]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"NWEReboot"="" []
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Programmi\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-06-13 18:31 245760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Utente\Dati applicazioni\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 12:43:54 11000]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Programmi\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-01-21 13:14:02 745472]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\File comuni\\Symantec Shared\\NPC\\npcLUStb.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-06-10 20:57]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 08:23]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 12:43]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-06-13 18:31]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-16 12:39]
*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-12 20:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-14 17:43:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe
"2008-05-26 19:47:41 C:\WINDOWS\Tasks\Norton Internet Security - Scansione completa sistema - Utente.job"
- C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exei/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-14 22:38:56
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-14 22.39.34
ComboFix-quarantined-files.txt 2008-06-14 20:39:23
ComboFix2.txt 2008-06-10 19:49:28
ComboFix3.txt 2008-06-01 20:54:50
ComboFix4.txt 2008-05-30 22:01:48
35 Directory 124,888,657,920 byte disponibili
38 Directory 124,880,011,264 byte disponibili
311 --- E O F --- 2008-06-12 17:34:04
