|
| Precedente :: Successivo |
| Autore |
Messaggio |
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
 Inviato: 19 Ott 2008 19:14 Oggetto: Internet lento... |
 |
|
Ciao ragazzi!!
Ho diversi problemi co il mio pc.. Internet si è rallentato di colpo,non si aprono le pagine e i file video si bloccano in continuazione. Ultimamente mi compare anche una sritta: "Errore nello script della pagina,continuare ad eseguire lo script?" Ho provato a cliccare sia si che no, ma ricompare sempre. Non so cosa sia.
Il sistema operativo che uso e' windows xp 2002 service pack 2. Come antivirus ho avg 8.0 che faciendo la scansione non trova nessuna infezione. Di seguito riporto il log della scansione che ho fatto con hijackthis,ComboFix e Virt.
Vi ringrazio in anticipo per il tempo dedicatomi... 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.41.54, on 19/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\Programmi\Lexmark 4300 Series\lxcemon.exe
C:\Programmi\Lexmark 4300 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/indexbb.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.mrk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Programmi\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programmi\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C7F939A-A0D8-4670-AE07-2E74B55156BC}: NameServer = 192.168.1.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 10645 bytes
ComboFix 08-10-18.03 - Utente 2008-10-19 18:29:20.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.248 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.EXE
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2008-09-19 al 2008-10-19 )))))))))))))))))))))))))))))))))))
.
2008-10-05 22:24 . 2008-10-05 22:24 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Nokia Multimedia Player
2008-10-05 20:39 . 2008-10-05 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-10-05 20:38 . 2008-10-05 20:38 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-10-05 20:38 . 2008-10-05 20:38 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-10-05 20:38 . 2008-10-05 20:38 <DIR> d-------- C:\Programmi\DIFX
2008-10-05 20:38 . 2008-10-05 20:39 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\PC Suite
2008-10-05 20:38 . 2008-10-05 20:44 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Nokia
2008-10-05 20:37 . 2008-10-05 20:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-05 20:37 . 2008-10-05 20:37 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-10-05 20:37 . 2008-10-05 20:38 <DIR> d-------- C:\Programmi\Nokia
2008-10-05 20:37 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-10-05 20:37 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-10-05 20:37 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-10-05 20:37 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-10-05 20:37 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-10-05 20:37 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-10-05 20:36 . 2008-10-05 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-09-30 21:09 . 2008-09-30 21:18 <DIR> d-------- C:\Programmi\uTorrent
2008-09-27 22:06 . 2008-10-13 10:29 <DIR> d-------- C:\Programmi\BitTorrent
2008-09-27 22:06 . 2008-10-19 18:30 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\DNA
2008-09-27 20:42 . 2008-09-27 22:06 <DIR> d-------- C:\Programmi\DNA
2008-09-27 20:42 . 2008-09-27 20:42 <DIR> d-------- C:\Programmi\BitTorrent_DNA
2008-09-27 20:42 . 2008-09-27 20:42 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\BitTorrent DNA
2008-09-27 20:42 . 2008-09-30 21:18 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\BitTorrent
2008-09-21 18:40 . 2008-09-21 18:48 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 16:34 --------- d-----w C:\Programmi\Lx_cats
2008-10-17 16:51 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\SACore
2008-10-15 15:44 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\uTorrent
2008-10-15 15:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-09-11 01:12 --------- d-----w C:\Programmi\McAfee
2008-09-10 17:40 --------- d-----w C:\Programmi\File comuni\McAfee
2008-09-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-09-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-19 11:18 --------- d-----w C:\Programmi\Java
.
((((((((((((((((((((((((((((( snapshot_2008-10-15_17.50.36.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 09:08:35 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:36 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 16:21:53 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:43 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:44 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:44 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:48:10 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:48:15 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:48:08 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:49:24 390,880 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2008-06-23 16:15:47 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:15:47 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:15:47 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:15:47 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:15:47 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:22:17 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:15:47 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:15:47 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:15:47 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:15:47 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:15:48 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:15:48 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:15:48 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:22:32 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:15:48 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:15:48 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:15:48 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 08:15:50 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:15:49 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:15:49 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:15:49 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:15:49 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:15:49 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:48:15 215,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:15:49 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:15:49 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:15:49 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:15:49 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-09-11 01:04:10 593,920 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-10-16 18:19:04 593,920 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-09-11 01:04:10 12,288 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-10-16 18:19:04 12,288 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-11 01:04:10 86,016 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-10-16 18:19:04 86,016 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-09-11 01:04:09 135,168 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-16 18:19:03 135,168 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-11 01:04:10 11,264 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-16 18:19:04 11,264 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-09-11 01:04:10 27,136 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-16 18:19:04 27,136 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-11 01:04:10 4,096 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-10-16 18:19:04 4,096 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-11 01:04:10 794,624 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-10-16 18:19:04 794,624 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-09-11 01:04:10 249,856 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-16 18:19:04 249,856 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-09-11 01:04:10 61,440 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-16 18:19:03 61,440 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-09-11 01:04:10 23,040 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-10-16 18:19:04 23,040 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-09-11 01:04:09 286,720 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-16 18:19:03 286,720 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-09-11 01:04:09 409,600 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-16 18:19:03 409,600 ----a-r C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-06-23 16:15:47 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 07:57:14 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-06-23 16:15:47 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 07:57:14 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 16:15:47 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:57:14 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:15:47 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:57:14 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:15:47 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 07:57:14 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:15:47 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 07:57:14 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 09:22:17 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:15:47 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:57:14 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:15:47 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:57:15 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:15:47 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:57:15 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:15:47 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:57:15 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:15:48 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 16:58:43 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:15:48 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 07:57:17 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:15:48 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 07:57:17 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 09:22:32 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:15:48 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:57:18 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:15:48 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:57:18 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:15:48 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:57:18 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-24 08:15:50 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 08:57:22 3,593,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:15:49 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:57:20 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:15:49 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 07:57:21 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:15:49 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 07:57:21 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-02-28 16:06:10 2,141,184 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:37:10 2,146,304 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 06:06:18 2,063,104 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:37:13 2,066,688 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:06:10 2,020,864 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:37:08 2,024,448 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:06:16 2,185,856 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 13:37:11 2,189,696 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:15:49 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 07:57:21 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:15:49 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:57:21 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2008-06-23 16:15:49 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 07:57:21 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:15:49 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 07:57:22 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:15:49 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 07:57:22 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-20 08:06:49 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-09-15 15:38:29 1,846,016 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2008-06-23 16:15:49 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 07:57:22 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-06-23 16:15:47 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 07:57:14 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:15:47 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 07:57:14 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:15:47 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 07:57:14 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-05-02 15:52:44 411,880 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-16 18:21:33 411,880 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-06-23 16:15:47 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 07:57:14 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:22:17 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:39:58 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:15:47 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 07:57:14 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:15:47 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 07:57:15 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:15:47 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 07:57:15 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:15:47 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 07:57:15 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:15:48 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 16:58:43 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:15:48 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 07:57:17 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:15:48 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 07:57:17 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:15:48 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 07:57:18 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-06-23 16:15:48 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 07:57:18 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:15:48 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 07:57:18 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-24 08:15:50 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 08:57:22 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:15:49 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 07:57:20 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:15:49 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 07:57:21 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:15:49 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 07:57:21 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2007-02-28 16:06:10 2,020,864 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2008-08-14 13:37:08 2,024,448 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2007-02-28 16:06:10 2,141,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2008-08-14 13:37:10 2,146,304 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2008-06-23 16:15:49 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 07:57:21 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-08-17 15:17:59 65,044 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-16 18:36:44 65,044 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-17 15:17:59 78,242 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-10-16 18:36:44 78,242 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-08-17 15:17:59 410,574 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-16 18:36:44 410,574 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-17 15:17:59 457,864 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-10-16 18:36:44 457,864 ----a-w C:\WINDOWS\system32\perfh010.dat
- 2008-06-23 16:15:49 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 07:57:21 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-30 12:39:40 18,808 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:29 18,808 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-23 16:15:49 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 07:57:21 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:15:49 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 07:57:22 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:15:49 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 07:57:22 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-20 08:06:49 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-09-15 15:38:29 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
- 2008-06-23 16:15:49 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-08-26 07:57:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-09-27 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"FaxCenterServer"="C:\Programmi\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 320168]
"SmartDefrag"="C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 1870592]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 936960]
"lxcemon.exe"="C:\Programmi\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="C:\Programmi\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-26 1235736]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-05-01 217088]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-05-02 124400]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Autodesk\\Autodesk DWF Viewer\\DWFViewer.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\Programmi\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Programmi\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Programmi\\D-Link\\AirPlus G\\D-Link Wizard.exe"=
"C:\\Programmi\\BitTorrent_DNA\\dna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
"4662:UDP"= 4662:UDP:eMule_UDP_Port
"4672:TCP"= 4672:TCP:eMule_TCP_Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-23 12936]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-08-03 39808]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-26 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-26 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-23 76040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Programmi\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-10-06 57344]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
S2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys [ ]
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [ ]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 19200]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f6cc271-1845-11dd-a3bc-000272523120}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-15 C:\WINDOWS\Tasks\OGADaily.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]
2008-10-19 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]
2008-10-05 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-04-17 14:51]
2008-10-05 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Programmi\IObit\IObit SmartDefrag\ [2008-05-02 17:59]
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://virgilio.alice.it/indexbb.html
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://*.mrk/
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{9C7F939A-A0D8-4670-AE07-2E74B55156BC}: NameServer = 192.168.1.2
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 18:33:14
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESSO: C:\WINDOWS\explorer.exe
-> C:\Programmi\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-19 18:35:55 - macchina è stato riavviato [Utente]
ComboFix-quarantined-files.txt 2008-10-19 16:35:50
ComboFix2.txt 2008-06-14 10:12:46
ComboFix3.txt 2008-06-14 08:37:49
ComboFix4.txt 2008-06-13 18:06:07
ComboFix5.txt 2008-10-15 15:40:59
Pre-Run: 46,578,782,208 byte disponibili
Post-Run: 46,596,042,752 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
458 --- E O F --- 2008-10-19 15:57:30
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
02/06/2008 - 14:42:40
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
02/06/2008 - 14:56:30
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\BitTorrent Fastest Tool\BitP.exe Infetto da Adware.Mobiswing.A
* * * RIMOSSO * * *
C:\System Volume Information\_restore{ACE97513-B7B5-4931-BECF-F35009AB2891}\RP41\A0010757.exe Infetto da Adware.Mobiswing.A
* * * RIMOSSO * * *
C:\System Volume Information\_restore{ACE97513-B7B5-4931-BECF-F35009AB2891}\RP41\A0010767.exe Infetto da Adware.Mobiswing.A
* * * RIMOSSO * * *
C:\System Volume Information\_restore{ACE97513-B7B5-4931-BECF-F35009AB2891}\RP66\A0015781.exe Infetto da Adware.Mobiswing.A
* * * RIMOSSO * * *
Chiavi Registro infette: 0.
Files Infetti: 4.
Files Sospetti: 0.
Files Analizzati: 60523.
Files Totali: 60523.
Chiavi Registro rimosse: 0.
Virus Rimossi: 4.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
02/06/2008 - 20:53:27
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 61392.
Files Totali: 61392.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
03/06/2008 - 23:29:11
[SCANSIONE DEL REGISTRO]
OK
[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 43.
Files Totali: 43.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
03/06/2008 - 23:29:29
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 49344.
Files Totali: 49344.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
catchme - \??\C:\COMBO-FIX\catchme.sys
OK
--------------------------------------------------------
04/06/2008 - 00:05:34
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 47977.
Files Totali: 47977.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
05/06/2008 - 22:07:03
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 50352.
Files Totali: 50352.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
05/06/2008 - 22:26:42
[SCANSIONE DEL REGISTRO]
OK
[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 52.
Files Totali: 52.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
05/06/2008 - 22:26:58
[SCANSIONE DEL REGISTRO]
OK
[C:\COMBO-FIX]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 93.
Files Totali: 93.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
05/06/2008 - 22:28:54
[SCANSIONE DEL REGISTRO]
OK
[C:\Documents and Settings\All Users\Dati applicazioni]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 993.
Files Totali: 993.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
13/06/2008 - 21:25:01
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 50073.
Files Totali: 50073.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
21/06/2008 - 17:20:36
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 52239.
Files Totali: 52239.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
28/06/2008 - 15:39:38
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 542.
Files Totali: 542.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
28/06/2008 - 15:40:40
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 51995.
Files Totali: 51995.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
06/07/2008 - 12:47:05
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 56292.
Files Totali: 56292.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
21/07/2008 - 17:55:54
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 53618.
Files Totali: 53618.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
30/07/2008 - 22:30:36
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 54005.
Files Totali: 54005.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
30/07/2008 - 22:57:39
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 8075.
Files Totali: 8075.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
03/08/2008 - 15:34:35
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 56258.
Files Totali: 56258.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
16/08/2008 - 13:10:53
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 55982.
Files Totali: 55982.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
17/08/2008 - 18:36:41
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 55817.
Files Totali: 55817.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
31/08/2008 - 10:48:35
[SCANSIONE DEL REGISTRO]
OK
[C:\VALUEADD]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 54.
Files Totali: 54.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
31/08/2008 - 10:50:03
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 59885.
Files Totali: 59885.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
17/09/2008 - 21:29:08
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 58016.
Files Totali: 58016.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
18/09/2008 - 12:36:15
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 59845.
Files Totali: 59845.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
22/09/2008 - 20:07:25
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 62405.
Files Totali: 62405.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
26/09/2008 - 21:33:11
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 59310.
Files Totali: 59310.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
30/09/2008 - 21:08:53
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
06/10/2008 - 20:47:21
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 60294.
Files Totali: 60294.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
15/10/2008 - 17:03:14
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 61192.
Files Totali: 61192.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
15/10/2008 - 21:13:36
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
19/10/2008 - 17:57:37
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe Infetto da Trojan.Win32.Agent.BBF
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 61107.
Files Totali: 61107.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0. |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 20 Ott 2008 09:13 Oggetto: |
|
|
Ciao ALEK-J 
Hai tracce di almeno tre antivirus installati; vanno in conflitto tre antivirus contemporanei; disinstallali tutti e installane uno solo, cioè Avira Antivir;
Per disinstallare Norton utilizza questo tool
Fai anche queste operazioni:
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Segui le istruzioni di questo topic per usare MBAM.
- Segui le istruzioni di questo topic per postare il log di HiJackThis.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 20 Ott 2008 23:43 Oggetto: |
|
|
Ciao Sante62  Grazie per l'aiuto...
Mi scrivevi che ho ben 3 antivirus, strano,io ho installato solo avg,può essere che si sono installati da soli? Magari sono andato a cliccare dove non dovevo... Agv 8.0 me lo avevano consigliato tempo fa e così l'ho acquistato..secondo te è un buon antivirus o è meglio Avira Antivir...
Seguo il tuo consiglio...io non sono pratico.
IL toll che mi hai indicato per disinstallare norton(che non sapevo neanche di avere) è in inglese, non potresti indicarmi i passaggi che devo eseguire? E scusami ancora.. Per disistallare gli altri antivirus come faccio? Oltre a avg,norton, quale è il terzo? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 21 Ott 2008 17:16 Oggetto: |
|
|
| ALEK-J ha scritto: |
Agv 8.0 me lo avevano consigliato tempo fa e così l'ho acquistato..secondo te è un buon antivirus o è meglio Avira Antivir...
|
Se l'hai acquistato per adesso puoi lasciarlo, nel caso ti dia problemi lo sostituisci;
| ALEK-J ha scritto: |
IL toll che mi hai indicato per disinstallare norton(che non sapevo neanche di avere) è in inglese, non potresti indicarmi i passaggi che devo eseguire? |
A dirti la verità non l'ho mai utilizzato; comunque una volta individuato quello adatto alla versione non dovrebbe essere complicato l'utilizzo..
| ALEK-J ha scritto: |
Per disistallare gli altri antivirus come faccio? |
[/quote]
Dal pannello di controllo->installazione applicazioni;
| ALEK-J ha scritto: |
Oltre a avg,norton, quale è il terzo? |
Il terzo è Virit... |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 21 Ott 2008 19:18 Oggetto: |
|
|
Ok-! Ho eliminato virt, per eliminare norton ho dei problemi...  non riesco a risalire a che versione ho istallato, non lo trovo da nessuna parte. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 21 Ott 2008 19:50 Oggetto: |
|
|
| ALEK-J ha scritto: | | Ok-! Ho eliminato virt, per eliminare norton ho dei problemi... non riesco a risalire a che versione ho istallato, non lo trovo da nessuna parte. |
Purtroppo neanch'io lo posso sapere...
Prova uno dei tool e vedi se va a buon fine, magari non proprio quello recente...
Poi vedo anche tracce di MacAfee...
E' un pò pasticciato il tuo PC....comunque andiamo un pò per volta;
Avvia il PC in modalità provvisoria
Vai su Start->esegui e digita regedit;
Si aprirà il registro di sistema;
Naviga con i "+" attraverso questa chiave:
| Citazione: | | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | BitTorrent DNA |
Individua nella finestra di destra la chiave segnata in grassetto;
clic col destro->elimina;
Sempre dalla modalità provvisoria, cerca ed elimina questo file/cartella:
| Citazione: | C:\Programmi\DNA\btdna.exe
|
Riavvia alla modalità normale e procedi con le scansioni che ti ho consigliato sopra; poi vedremo di ripulire il pc per bene. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 21 Ott 2008 22:47 Oggetto: |
|
|
Grazie Bdoriano.. Ho seguito le istruzioni, spero di aver risolto il problema.
Ora continuo a seguire le istruzioni di Sante62... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 21 Ott 2008 23:09 Oggetto: |
|
|
Grazie.... 
L'avevo visto solo che non l'ho memorizzato; ora ho provveduto... |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 22 Ott 2008 21:34 Oggetto: |
|
|
Non riesco più a connettermi, la connessione va via... ecco i log..
Malwarebytes' Anti-Malware 1.29
Versione del database: 1298
Windows 5.1.2600 Service Pack 2
22/10/2008 19.02.45
mbam-log-2008-10-22 (19-02-45).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 98194
Tempo trascorso: 19 minute(s), 58 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.24.55, on 22/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/indexbb.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.mrk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Programmi\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programmi\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C7F939A-A0D8-4670-AE07-2E74B55156BC}: NameServer = 192.168.1.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8388 bytes
Malwarebytes' Anti-Malware 1.29
Versione del database: 1298
Windows 5.1.2600 Service Pack 2
20/10/2008 19.54.56
mbam-log-2008-10-20 (19-54-56).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 106104
Tempo trascorso: 21 minute(s), 53 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 1
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
C:\Programmi\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
File infetti:
C:\Programmi\BitDownload\session.store (Trojan.Lop) -> Quarantined and deleted successfully.
se non riesco piu a connettermi come posso fare a risolvere il problema...? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 23 Ott 2008 02:20 Oggetto: |
|
|
Probabilmente c'è dell'altro....MBAM ha trovato poco;
E' necessario che continui con le scansioni;
Manca il log di Combofix....
Se non riesci proprio a connetterti, prova a riconfigurare la connessione...
Hijackthis mostra troppi programmi caricati all'avvio;
quando il pc sarà pulito, toglieremo dall'avvio un pò di questi programmi. |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 23 Ott 2008 09:43 Oggetto: |
|
|
Ecco il log di ComboFix...
ComboFix 08-10-22.05 - Utente 2008-10-23 9.28.35.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.318 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\COMBO-FIX.EXE..EXE
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2008-09-23 al 2008-10-23 )))))))))))))))))))))))))))))))))))
.
2008-10-22 19:16 . 2008-10-22 19:16 401,720 --a------ C:\Programmi\HiJackThis.exe
2008-10-21 20:22 . 2008-10-21 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NortonInstaller
2008-10-20 19:27 . 2008-10-20 19:27 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-20 19:27 . 2008-10-20 19:27 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Malwarebytes
2008-10-20 19:27 . 2008-10-20 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-20 19:27 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-20 19:27 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 22:24 . 2008-10-05 22:24 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Nokia Multimedia Player
2008-10-05 20:39 . 2008-10-05 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-10-05 20:38 . 2008-10-05 20:38 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-10-05 20:38 . 2008-10-05 20:38 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-10-05 20:38 . 2008-10-05 20:38 <DIR> d-------- C:\Programmi\DIFX
2008-10-05 20:38 . 2008-10-05 20:39 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\PC Suite
2008-10-05 20:38 . 2008-10-05 20:44 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Nokia
2008-10-05 20:37 . 2008-10-05 20:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-05 20:37 . 2008-10-05 20:37 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-10-05 20:37 . 2008-10-05 20:38 <DIR> d-------- C:\Programmi\Nokia
2008-10-05 20:37 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-10-05 20:37 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-10-05 20:37 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-10-05 20:37 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-10-05 20:37 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-10-05 20:37 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-10-05 20:36 . 2008-10-05 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-09-30 21:09 . 2008-09-30 21:18 <DIR> d-------- C:\Programmi\uTorrent
2008-09-27 22:06 . 2008-10-13 10:29 <DIR> d-------- C:\Programmi\BitTorrent
2008-09-27 22:06 . 2008-10-21 22:54 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\DNA
2008-09-27 20:42 . 2008-10-21 23:10 <DIR> d-------- C:\Programmi\DNA
2008-09-27 20:42 . 2008-09-27 20:42 <DIR> d-------- C:\Programmi\BitTorrent_DNA
2008-09-27 20:42 . 2008-09-27 20:42 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\BitTorrent DNA
2008-09-27 20:42 . 2008-09-30 21:18 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\BitTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 07:33 --------- d-----w C:\Programmi\Lx_cats
2008-10-23 07:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-10-22 17:24 8,389 ----a-w C:\Programmi\hijackthis.log
2008-10-21 18:23 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-10-20 16:56 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\SACore
2008-10-19 18:48 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\uTorrent
2008-09-11 01:12 --------- d-----w C:\Programmi\McAfee
2008-09-10 17:40 --------- d-----w C:\Programmi\File comuni\McAfee
2008-09-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-09-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"FaxCenterServer"="C:\Programmi\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 320168]
"SmartDefrag"="C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 1870592]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 936960]
"lxcemon.exe"="C:\Programmi\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="C:\Programmi\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-26 1235736]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-05-01 217088]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Autodesk\\Autodesk DWF Viewer\\DWFViewer.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\Programmi\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Programmi\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Programmi\\D-Link\\AirPlus G\\D-Link Wizard.exe"=
"C:\\Programmi\\BitTorrent_DNA\\dna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
"4662:UDP"= 4662:UDP:eMule_UDP_Port
"4672:TCP"= 4672:TCP:eMule_TCP_Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-23 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-26 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-26 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-23 76040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Programmi\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
S2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys [ ]
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [ ]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 19200]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f6cc271-1845-11dd-a3bc-000272523120}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-15 C:\WINDOWS\Tasks\OGADaily.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]
2008-10-23 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]
2008-10-05 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-04-17 14:51]
2008-10-05 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Programmi\IObit\IObit SmartDefrag\ [2008-05-02 17:59]
.
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://virgilio.alice.it/indexbb.html
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://*.mrk/
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{9C7F939A-A0D8-4670-AE07-2E74B55156BC}: NameServer = 192.168.1.2
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 09:32:38
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-23 9:34:41 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-23 07:34:38
ComboFix2.txt 2008-10-19 16:35:57
ComboFix3.txt 2008-06-14 10:12:46
ComboFix4.txt 2008-06-14 08:37:49
ComboFix5.txt 2008-10-23 07:28:04
Pre-Run: 49.401.692.160 byte disponibili
Post-Run: 49,432,158,208 byte disponibili
202 --- E O F --- 2008-10-23 07:19:41 |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 23 Ott 2008 22:54 Oggetto: |
|
|
Ecco le scansioni che ho fatto e ho caricato su wikisend...http://wikisend.com/download/950786/ActiveScan.txt
http://wikisend.com/download/313448/log kaspersky.html
Sembra che le cansioni hanno trovato un bel po' di schifezze... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 24 Ott 2008 14:06 Oggetto: |
|
|
Bene, pulisci i cookie traccianti con Spybot o Sperantispyware;
Cerca questi file ed eliminali:
| Citazione: | C:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army\gram data.exe
C:\Documents and Settings\Utente\Dati applicazioni\blehupload\frqxgmia.exe
C:\Documents and Settings\Utente\Dati applicazioni\blehupload\zpmjpwzj.exe
C:\Programmi\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe |
La cartella Dati Applicazioni in genere è nascosta, quindi abilita tale visualizzazione;
Infine, disattiva il ripristino di sistema e poi riattivalo nuovamente...
Disinstalla Combofix così:
Start->Esegui e digita Combofix /u (rispetta gli spazi).
Posta un nuovo log di Hijackthis per un ultimo controllo. |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 24 Ott 2008 20:34 Oggetto: |
|
|
| Scusa Sante, dove lo posso scaricare Spybot? Giusto per non andare a finire in qualche sito strano.... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 24 Ott 2008 23:33 Oggetto: |
|
|
da quì
Eventualmente Leggi quì le istruzioni per l'uso.. |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 26 Ott 2008 12:51 Oggetto: |
|
|
| Ecco fatto Sante.. Vediamo se le cose vanno un po' meglio. Ecco il log di Hijackthis: http://wikisend.com/download/559960/hijackthis.log |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 26 Ott 2008 15:00 Oggetto: |
|
|
Bene, adesso eliminiamo un pò di programmi dall'avvio del sistema;
E' importante che Hijackthis sia installato in una cartella tutta sua, non temporanea e non sul desktop, così è possibile ripristinare qualche processo in caso di problemi, quindi, dalla modalità provvisoria, avvia HJT, seleziona queste righe e clicca poi su fix Cheched:
| Citazione: | O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName |
Riavia il PC e rifai il log.. |
|
| Top |
|
|
ALEK-J
Eroe in grazia degli dei
Registrato: 31/05/08 13:52
Messaggi: 142
|
| Inviato: 26 Ott 2008 15:15 Oggetto: |
 |
|
Ciao Sante Ho una vaga idea di come fare per far si che Hijackthis sia installato in una cartella tutta sua,ma se me lo spieghi è meglio... Prima che faccio qualche casino, come al solito 
Scusa se sono un po' gnukko..ma ho poca esperienza...  |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
