Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

ciao!IL MIO LOG HIJACK ...SOSPETTO PRESENZA VIRUS Opzioni
lacasinista
Inviato: Tuesday, December 08, 2009 5:38:04 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43

Ciao ragazzi!

Il mio pc sembra ok ma quando vado nel centro sicurezza pc mi dice che l'antivirus non lo trova, nonostante io abbia il nod attivato e pare che si aggiorni regolarmente. Inoltre ho provato a scaricare la versione di aiutamici di avira , ma anche con questo antivirus mi dà lo stesso problema.

Malwarebytes e spybot stentano ad aggiornarsi...

Qualcuno mi aiuta???Pray




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.31.47, on 08/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\acer\Wireless\Utility\WlanUtil.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Aspire Arcade\PCMService.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.lphant.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.aqp.it/secret/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [acerWireless] C:\Programmi\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [hpqSRMon] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-117609710-1202660629-1343024091-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-117609710-1202660629-1343024091-500\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{0460488A-10BD-45D7-A28E-DE47F5FECB42}: NameServer = 192.168.5.200,192.168.5.50
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = aqp.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{0460488A-10BD-45D7-A28E-DE47F5FECB42}: NameServer = 192.168.5.200,192.168.5.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = aqp.it
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Amministrazione di IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Pubblicazione sul Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)

--
End of file - 8269 bytes
Sponsor
Inviato: Tuesday, December 08, 2009 5:38:04 PM

 
shapiro
Inviato: Tuesday, December 08, 2009 6:21:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao lacasinista

volevo chiederti se prima del nod 32 avevi installato un altro antivirus, potrebbero esserci delle vecchie chiavi che creano questo problema

nel frattempo fai un po' di pulizia

se non lo hai installato, Installa Ccleaner,

http://www.aiutamici.com/software?ID=11223


durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia".

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.


controlla se Il centro sicurezza PC risponde ad i tuoi comandi e accetta delle modifiche


Vai su Start, >>> Pannello di controllo e clicca sull'icona Centro sicurezza PC. Nella finestra a sinistra dove e' scritto Risorse clicca sul link Cambiate le modalità con cui il Centro sicurezza PC avvisa l'utente. A questo punto deseleziona le caselle relative agli avvisi che non vuoi vengano più visualizzati sullo schermo.
Riavvia il PC.

Controlla se il problema persiste
lacasinista
Inviato: Tuesday, December 08, 2009 6:25:58 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
Ciao! =) Ccleaner lo ho già...no io avevo nod poi avevo installato avira (disattivando nod) ma poi ho visto che il problema persisteva e quindi ho disinstallato avira e ho lasciato nod 32...
shapiro
Inviato: Tuesday, December 08, 2009 6:28:51 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
nel frattempo fai le pulizie con ccleaner e prova a costruire l'operazione che ti ho indicato, vediamo se il centro sicurezza risponde ai comandi
lacasinista
Inviato: Tuesday, December 08, 2009 6:41:09 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
Fatto tutto! Ma il problema persiste! ='''''''( continua a dire PROTEZIONE DA VIRUS: NON TROVATO
shapiro
Inviato: Tuesday, December 08, 2009 6:46:00 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
proviamo a vedere se c'e' qualche problema nel registro acccompagnato da qualche visitatore

Scarica e installa malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere niente
lacasinista
Inviato: Tuesday, December 08, 2009 6:57:07 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43

Malwarebytes già lo ho ma sto provando a riaggiornarlo ma non lo aggiorna ... O.O ...

Lo lancio ugualmente? Dovrei cmq avere una versione abbastanza recente... -.-''
shapiro
Inviato: Tuesday, December 08, 2009 7:08:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



fixa questa riga con hijackthis

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.lphant.com/sidebar.html?src=ssb

prova a fare una scansione online con kaspersky

http://www.kaspersky.com/virusscanner

clicca su "kaspersky online scanner"
clicca su "accept"
--- verrà eseguito il download dei componenti necessari alla scansione
quando è terminato clicca su "my computer" (finestra a sinistra)
avvia la scansione
--- da questo punto in poi, puoi anche disconnettere il pc da internet
quando finisce la scansione, salva e posta il rapporto.







lacasinista
Inviato: Tuesday, December 08, 2009 7:10:29 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
Falso allarme!Malwerebytes si è aggiornato all'ultima versione 3322...quindi ho lanciato la scansione completa! :) a dopo
shapiro
Inviato: Tuesday, December 08, 2009 7:13:00 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
bene...fai la scansione COMPLETA e posta il rapporto
lacasinista
Inviato: Tuesday, December 08, 2009 8:42:35 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43

Ecco il log di malwarebytes:


Malwarebytes' Anti-Malware 1.42
Versione del database: 3322
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

08/12/2009 20.40.36
mbam-log-2009-12-08 (20-39-59).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 196599
Tempo trascorso: 1 hour(s), 26 minute(s), 17 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 3
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


shapiro
Inviato: Tuesday, December 08, 2009 8:54:35 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
con le caselle spuntate accanto alle voci, riavvia malwarebytes ed elimina tutto
lacasinista
Inviato: Tuesday, December 08, 2009 9:13:11 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
Il problema persiste c'è lo scudettino rosso nella barra e nel security center:firewall attivato, aggiornamenti attivati, ma protezione antivirus ancora non trovato.
shapiro
Inviato: Tuesday, December 08, 2009 9:19:32 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova a riavviare il pc e controlla se e' ancora cosi'
lacasinista
Inviato: Tuesday, December 08, 2009 9:45:53 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
ho riavviato ma è sempre così scudettino rosso e.. antivirus non trovato
shapiro
Inviato: Tuesday, December 08, 2009 9:52:07 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ma l'antivirus e' aggiornato? e' una licenza o e' free? hai provato a vedere se funziona? prova a scaricare questo programma(non eseguirlo, e' solo una prova) e vedi se scatta l'allert

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb


se non funziona te ne accorgi subito

Il Centro di Sicurezza di Windows non impedisce il corretto funzionamento dell'Antivirus, ne monitora semplicemente la presenza- se non lo rileva ma l'antivirus funziona, non hai problemi





lacasinista
Inviato: Tuesday, December 08, 2009 11:01:23 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
non è successo niente dopo aver scaricato il file. Quello che posso dirti è che l'antivirus Nod esiste da molto tempo di più non so dirti anche perchè in origine non era il mio pc. Il nod sembra aggiornarsi ma poi non so se lo è effettivamente. Intanto quando ho provato a usare avira free il problema persisteva......nonostante l'icona avira nella finestra del centro sicurezza vicino all'icona del firewall
shapiro
Inviato: Tuesday, December 08, 2009 11:04:21 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai provato a disinstalarlo e reinstallarlo pulito? potrebbe essere corrotto

nel frattempo fai questa scansione


http://download.bleepingcomputer.com/sUBs/ComboFix.exe , avvialo e quindi premi 1 per avviare la scansione. Alla fine della scansione ti verrà rilasciato un file chiamato combofix.txt nella cartella c:\combofix, allegami tale file nel prossimo messaggio. ;)


lacasinista
Inviato: Tuesday, December 08, 2009 11:48:25 PM

Rank: AiutAmico

Iscritto dal : 1/30/2009
Posts: 43
ecco il log ...con combofix che faccio disinstallo??

ComboFix 09-12-08.03 - Administrator 08/12/2009 23.25.56.2.1 - x86
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ycwkesu.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ycwkesu_nav.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ycwkesu_navps.dat
c:\windows\system32\msconfig.exe

La copia infetta di c:\windows\system32\midimap.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\midimap.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-11-08 al 2009-12-08 )))))))))))))))))))))))))))))))))))
.

2009-12-08 17:57 . 2009-12-08 17:57 4844296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-08 16:22 . 2009-12-08 16:22 -------- d-----w- c:\programmi\Santa Claus in Trouble
2009-12-08 15:28 . 2009-12-08 15:28 -------- d-----w- c:\programmi\RocketDock
2009-12-08 13:15 . 2009-12-08 13:26 -------- d-----w- c:\windows\SevenMizer
2009-12-08 11:59 . 2009-12-08 11:59 -------- d-----w- c:\documents and settings\Administrator\.gstreamer-0.10
2009-12-01 18:34 . 2009-07-28 14:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-01 15:41 . 2004-08-03 21:29 28672 ------w- c:\windows\system32\drivers\atinsnxx.sys
2009-12-01 15:35 . 2009-12-01 15:35 -------- d-----w- c:\windows\ServicePackFiles
2009-12-01 12:44 . 2009-02-05 17:25 10633728 ----a-w- C:\WEB_InstallAliceMessenger_ver2.1.exe
2009-11-26 16:38 . 2002-09-10 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-11-26 16:37 . 2001-08-30 22:07 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-11-26 16:36 . 2002-09-10 12:00 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2009-11-26 16:35 . 2004-08-03 21:31 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2009-11-26 16:31 . 2004-08-19 12:00 379904 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2009-11-26 16:27 . 2004-08-19 14:39 290816 ----a-w- c:\windows\system32\adsiis.dll
2009-11-26 16:27 . 2004-08-19 14:39 98304 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-11-26 16:27 . 2004-08-19 14:39 145408 ----a-w- c:\windows\system32\wbem\wmisvc.dll
2009-11-26 16:27 . 2004-08-19 14:39 41472 ----a-w- c:\windows\system32\wbem\wmipsess.dll
2009-11-26 16:27 . 2004-08-19 14:39 218112 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-11-26 16:27 . 2004-08-19 14:39 437248 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-11-26 16:26 . 2004-08-19 14:39 144896 ----a-w- c:\windows\system32\wbem\wmiprov.dll
2009-11-26 16:26 . 2004-08-19 14:39 156672 ----a-w- c:\windows\system32\wbem\wmipcima.dll
2009-11-26 16:26 . 2004-08-19 14:39 140800 ----a-w- c:\windows\system32\wbem\wmidcprv.dll
2009-11-26 16:26 . 2004-08-19 14:39 60928 ----a-w- c:\windows\system32\wbem\wmicookr.dll
2009-11-26 16:26 . 2004-08-19 14:39 197120 ----a-w- c:\windows\system32\wbem\wbemupgd.dll
2009-11-26 16:26 . 2004-08-19 14:39 18944 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-11-26 16:26 . 2004-08-19 14:39 273920 ----a-w- c:\windows\system32\wbem\wbemess.dll
2009-11-26 16:26 . 2004-08-19 14:39 530944 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-11-26 16:26 . 2004-08-19 14:39 214528 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-11-26 16:26 . 2004-08-19 14:39 86528 ----a-w- c:\windows\system32\wbem\stdprov.dll
2009-11-26 16:25 . 2004-08-19 14:39 177152 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-11-26 16:25 . 2004-08-19 14:39 47104 ----a-w- c:\windows\system32\wbem\ncprov.dll
2009-11-26 16:25 . 2004-08-19 14:39 124416 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-11-26 16:25 . 2004-08-19 14:39 16896 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-11-26 16:25 . 2004-08-19 14:39 472064 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-11-26 16:24 . 2004-08-19 14:39 247808 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-11-26 16:24 . 2004-08-19 14:39 1352704 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2009-11-26 16:24 . 2004-08-19 14:39 58880 ----a-w- c:\windows\system32\licwmi.dll
2009-11-26 15:54 . 2004-08-19 14:39 150528 ----a-w- c:\windows\system32\irftp.exe
2009-11-26 15:54 . 2004-08-19 14:39 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-11-26 15:54 . 2004-08-19 14:39 28672 ----a-w- c:\windows\system32\irmon.dll
2009-11-26 15:54 . 2004-08-03 22:00 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2009-11-26 15:05 . 2004-08-03 22:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-11-26 15:05 . 2004-08-03 22:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-11-26 15:04 . 2004-08-19 14:24 58240 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-11-26 15:02 . 2004-08-19 14:39 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-11-26 15:01 . 2004-08-03 22:01 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-11-26 15:01 . 2004-08-19 14:39 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-11-26 15:01 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2009-11-26 14:59 . 2002-09-10 12:00 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2009-11-26 14:59 . 2002-09-10 12:00 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2009-11-26 14:59 . 2002-09-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2009-11-26 14:59 . 2002-09-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2009-11-26 14:59 . 2002-09-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2009-11-26 14:59 . 2002-09-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll
2009-11-26 14:59 . 2004-08-19 14:39 146944 ----a-w- c:\windows\system\winspool.drv
2009-11-26 14:59 . 2002-09-10 12:00 34816 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-11-26 14:59 . 2002-09-10 12:00 34816 ----a-w- c:\windows\system32\irclass.dll
2009-11-26 14:59 . 2002-09-10 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-11-26 14:59 . 2002-09-10 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-26 14:58 . 2004-08-19 14:39 77312 ----a-w- c:\windows\system32\storprop.dll
2009-11-11 17:06 . 2009-11-11 17:06 -------- d-----w- c:\windows\system32\NtmsData
2009-11-09 21:02 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 21:02 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 21:02 . 2009-12-08 18:01 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-09 16:50 . 2009-11-09 15:47 360584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2009-11-09 16:47 . 2009-11-09 15:47 610072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2009-11-09 16:47 . 2009-11-09 15:47 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-11-09 15:48 . 2009-11-09 15:48 -------- d-----w- C:\$AVG
2009-11-09 15:46 . 2009-11-09 15:46 -------- d-----w- c:\programmi\AVG
2009-11-09 15:46 . 2009-11-10 16:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 22:37 . 2009-07-09 19:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2009-12-08 20:38 . 2009-11-07 13:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\HPAppData
2009-12-08 17:37 . 2009-05-26 09:07 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2009-12-08 15:28 . 2007-09-25 16:56 74704 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-08 13:26 . 2002-09-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-08 13:13 . 2007-09-24 18:38 -------- d-----w- c:\programmi\QuickTime
2009-12-08 10:52 . 2009-03-14 22:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-08 10:46 . 2009-03-14 22:02 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-08 10:46 . 2009-03-14 22:02 -------- d-----w- c:\programmi\SpywareBlaster
2009-11-23 21:40 . 2009-10-24 16:49 158749 ----a-w- c:\windows\hpoins30.dat
2009-11-19 16:47 . 2007-09-24 18:30 -------- d-----w- c:\programmi\Winamp
2009-11-11 17:52 . 2009-03-14 22:06 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-07 16:23 . 2009-11-07 16:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\HP
2009-10-24 18:07 . 2009-10-24 18:07 689456 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{7059BDA7-E1DB-442C-B7A1-6144596720A4}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
2009-10-24 18:07 . 2008-10-09 15:42 -------- d-----w- c:\programmi\HP
2009-10-24 18:05 . 2009-10-24 18:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-10-24 18:04 . 2009-10-24 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2009-10-24 16:52 . 2009-10-24 16:52 -------- d-----w- c:\programmi\File comuni\HP
2009-10-24 16:52 . 2009-10-24 16:52 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2009-10-21 10:40 . 2009-10-21 10:40 45056 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2009-10-21 10:40 . 2009-10-21 10:40 -------- d-----w- c:\programmi\DevalVR
2009-10-21 10:39 . 2009-10-21 10:39 -------- d-----w- c:\programmi\ebstudio
2009-10-15 17:04 . 2009-07-14 20:09 -------- d-----w- c:\programmi\Pidgin
2009-10-15 17:04 . 2009-07-09 15:13 -------- d-----w- c:\programmi\Google
.

------- Sigcheck -------

[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\winlogon.exe
[-] 2004-08-19 . E6F62282EBAA63BA07FA2DC7198B8D0D . 544256 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\SevenMizer\old\winlogon.exe
[-] 2004-08-19 . E6F62282EBAA63BA07FA2DC7198B8D0D . 544256 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-09-10 . 850D073F0DD849DCE1AAAFC8BBD5EF1E . 519168 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\comctl32.dll
[7] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-19 . 6578BBDA4D044987C5D97F9793C1264C . 718848 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\SevenMizer\old\comctl32.dll
[-] 2004-08-19 . 6578BBDA4D044987C5D97F9793C1264C . 718848 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2002-09-10 . 64CEF7598D2C8F8C5086E305E9F85376 . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2009-01-16 . 0FB585ED87F8D0B0F19934EE1D733B24 . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\5b5f143c22f375dd64ae57a8d7c3e271\SP2GDR\mshtml.dll
[-] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\5b5f143c22f375dd64ae57a8d7c3e271\SP2QFE\mshtml.dll
[-] 2008-12-12 . 2F6A0AC99E7B9C537ACB7ED7C45C1A8B . 3081216 . . [6.00.2900.3492] . . c:\windows\ie7\mshtml.dll
[-] 2008-12-12 . 2F6A0AC99E7B9C537ACB7ED7C45C1A8B . 3081216 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\23afba64e3951090dd86708ce5a207b9\SP2GDR\mshtml.dll
[-] 2008-12-12 . 0FBB1E97F6F5CC45BDF897E076EBA31C . 3088384 . . [6.00.2900.3492] . . c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[-] 2008-12-12 . 0FBB1E97F6F5CC45BDF897E076EBA31C . 3088384 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\23afba64e3951090dd86708ce5a207b9\SP2QFE\mshtml.dll
[-] 2008-12-12 . 46E1D684E24EFE0EFCCD4D7D85FD4FC2 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . 46E1D684E24EFE0EFCCD4D7D85FD4FC2 . 3088896 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\23afba64e3951090dd86708ce5a207b9\SP3QFE\mshtml.dll
[-] 2008-12-12 . 88C1FE139BF3B61F521248F3ABCAA2D7 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-12-12 . 88C1FE139BF3B61F521248F3ABCAA2D7 . 3088896 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\23afba64e3951090dd86708ce5a207b9\SP3GDR\mshtml.dll
[-] 2008-10-16 . 09A8DFEE7EE15596FE69C9B808EC3FAD . 3080704 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2GDR\mshtml.dll
[-] 2008-10-16 . 7451CA579F6EE11093599D6F865D8585 . 3088384 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[-] 2008-10-16 . 7451CA579F6EE11093599D6F865D8585 . 3088384 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2QFE\mshtml.dll
[-] 2008-10-16 . 1100FFE5E67742680E220C8CAA14E73F . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . 1100FFE5E67742680E220C8CAA14E73F . 3088896 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3QFE\mshtml.dll
[-] 2008-10-16 . 8E1A6201CE2DA602CB90121144E18325 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-10-16 . 8E1A6201CE2DA602CB90121144E18325 . 3088896 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3GDR\mshtml.dll
[-] 2008-08-27 . BBB7E4E7A8A232AD5B995B8049B56711 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-08-27 . BBB7E4E7A8A232AD5B995B8049B56711 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\f8727cd5296684eef4ad43d8a045b694\SP2GDR\mshtml.dll
[-] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\f8727cd5296684eef4ad43d8a045b694\SP2QFE\mshtml.dll
[7] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2005-03-09 . 3B2C465B668C9990CDC968B224FE5AEB . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2004-09-29 . 748846DAF3ED3D991C39979DDDFE3810 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[-] 2004-08-19 . 130C2DC54915E9DF51D1641613BD48F1 . 3396096 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\SevenMizer\old\mshtml.dll
[-] 2004-08-19 . 130C2DC54915E9DF51D1641613BD48F1 . 3396096 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2002-09-10 . 8844B7FA09A9B3B1CF51EAD991D4AA78 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . DA01088AD01BF30A0AEBB62F99E04BC7 . 2184064 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2GDR\ntoskrnl.exe
[-] 2008-08-14 . 943548E50AB0443F1B1EC5F2C2867FCD . 2189696 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 943548E50AB0443F1B1EC5F2C2867FCD . 2189696 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3GDR\ntoskrnl.exe
[7] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-19 . 922E8D8C8C2466521BCB8D934F340744 . 2362496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2004-08-19 . 4591CF1F202181113DE2996E79A2905A . 2184704 . . [5.1.2600.2180] . . c:\windows\SevenMizer\old\ntoskrnl.exe
[-] 2004-08-19 . 922E8D8C8C2466521BCB8D934F340744 . 2362496 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[-] 2002-09-10 . 5C9903714483776B7764F2622961FA27 . 2045824 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\5b5f143c22f375dd64ae57a8d7c3e271\SP2QFE\wininet.dll
[-] 2008-12-20 . EF1520F95DD25F48C18502005F5EE995 . 826368 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\5b5f143c22f375dd64ae57a8d7c3e271\SP2GDR\wininet.dll
[-] 2008-10-16 . E746691A67C9349FFFF1BEF192FEE628 . 662016 . . [6.00.2900.3462] . . c:\windows\ie7\wininet.dll
[-] 2008-10-16 . E746691A67C9349FFFF1BEF192FEE628 . 662016 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2GDR\wininet.dll
[-] 2008-10-16 . 83BB1A4E231572574F0EF097C3B83BBA . 670208 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 . 83BB1A4E231572574F0EF097C3B83BBA . 670208 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP2QFE\wininet.dll
[-] 2008-10-16 . BF40401A6E416E9E1CB9DDAEC7C319D4 . 669696 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . BF40401A6E416E9E1CB9DDAEC7C319D4 . 669696 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3QFE\wininet.dll
[-] 2008-10-16 . 98CB139F777B4A3101DB3642BFFFEB23 . 668672 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 . 98CB139F777B4A3101DB3642BFFFEB23 . 668672 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\88ebc3059d41a0cce4bf827a273a1c2f\SP3GDR\wininet.dll
[-] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\f8727cd5296684eef4ad43d8a045b694\SP2QFE\wininet.dll
[-] 2008-08-26 . D590241CADEC69A1BC157DC0452C92D1 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-08-26 . D590241CADEC69A1BC157DC0452C92D1 . 826368 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\f8727cd5296684eef4ad43d8a045b694\SP2GDR\wininet.dll
[7] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2005-03-10 . C3BCD4313F62F6F22F06899FEC77D725 . 660480 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2004-09-29 . 5E44C65A8FDF34E023467B13C0305196 . 659456 . . [6.00.2900.2518] . . c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2004-08-19 . 2254F7D03D671C5D302ED0CA06811225 . 803840 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\SevenMizer\old\wininet.dll
[-] 2004-08-19 . 2254F7D03D671C5D302ED0CA06811225 . 803840 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2002-09-10 . DBAE94EEBE605EF96BDF0E73C260680E . 601600 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\explorer.exe
[-] 2004-08-19 . 88619BD00C86BCE2C1C1AD25BDCECBAB . 1560064 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-19 . 88619BD00C86BCE2C1C1AD25BDCECBAB . 1560064 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\SevenMizer\old\explorer.exe
[-] 2002-09-10 . BC97108A40677FCA4CB77D857D1A0819 . 1006592 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ctfmon.exe
[-] 2004-08-19 . 40DE117B6CCFC031D2DC8B73D82020CF . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\SevenMizer\old\ctfmon.exe
[-] 2004-08-19 . 40DE117B6CCFC031D2DC8B73D82020CF . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-09-10 . 177476265AD4FBFD151A27F74B8DA42F . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4220D4263C7D56A5C2EF425C36EEB8A7 . 2061440 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2GDR\ntkrnlpa.exe
[-] 2008-08-14 . B3D66020C1667D33C3429869B191BB13 . 2066688 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . B3D66020C1667D33C3429869B191BB13 . 2066688 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\860fd2882d5382dfdbd9b8629634dfa0\SP3GDR\ntkrnlpa.exe
[7] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-19 . 0FF10E541F675A332163C3E37D8DEBAC . 2238336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2004-08-19 . 4DC3A3626B02C39AA69AAE6F64BFBC2D . 2060544 . . [5.1.2600.2180] . . c:\windows\SevenMizer\old\ntkrnlpa.exe
[-] 2004-08-19 . 0FF10E541F675A332163C3E37D8DEBAC . 2238336 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[-] 2002-09-10 . BEF043D997D522C12AD79E7BF7B60D6B . 1951488 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-06-26 25604904]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"acerWireless"="c:\programmi\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"PRONoMgr.exe"="c:\programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 86016]
"LManager"="c:\programmi\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392]
"PCMService"="c:\programmi\Aspire Arcade\PCMService.exe" [2004-03-25 81920]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2007-09-24 921600]
"hpqSRMon"="c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 25088]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 14:48 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\\setup\\hpznui01.exe"=
"c:\\Programmi\\aMSN\\bin\\wish.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S1 SMBHC;Driver del controller host del bus di gestione sistema Microsoft;c:\windows\system32\DRIVERS\SMBHC.sys [2002-09-10 6784]
S3 SMBBATT;Driver di Microsoft Smart Battery;c:\windows\system32\DRIVERS\SMBBATT.sys [2004-08-03 16128]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - HELPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Scansione supplementare -------
.
LSP: c:\windows\system32\imon.dll
TCP: {0460488A-10BD-45D7-A28E-DE47F5FECB42} = 192.168.5.200,192.168.5.50
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\svo5kkn9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT556636&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - RadioItalia Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\svo5kkn9.default\extensions\{0aaeaede-aefd-4672-a764-5c5c037612a2}\components\FFExternalAlert.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administrator\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 23:36
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\LgNotify.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(3028)
c:\windows\system32\CRYPT32.dll
c:\windows\system32\MSASN1.dll
c:\programmi\RocketDock\RocketDock.dll
c:\windows\System32\cscui.dll
c:\windows\System32\mshtml.dll
c:\windows\System32\shdoclc.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\LINKINFO.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\acer\eManager\anbmServ.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ZCfgSvc.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Eset\nod32krn.exe
c:\windows\system32\RegSrvc.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\1XConfig.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-08 23:43:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-08 22:43

Pre-Run: 9.131.180.032 byte disponibili
Post-Run: 9.006.243.840 byte disponibili

- - End Of File - - B7405A4C8EB520749EA18633BD134B47
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.