Condividi:        

aiuto non ne posso più!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: aiuto non ne posso più!!

Postdi Misaki » 02/09/08 15:08

salve a tutti
sono nuovo del forum e anch'io ho lo stesso problema.....
questo è lo scan con combofix,aiutatemi per favore,o butto il pc dalla finestra!!!(e si farebbe un bel volo dato che abito al terzo piano) :lol:




ComboFix 08-09-01.01 - luciana62 2008-09-02 14.03.33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.157 [GMT 2:00]
Eseguito da: C:\Documents and Settings\luciana62\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\luciana62\Dati applicazioni\BITS
C:\Documents and Settings\luciana62\Dati applicazioni\BITS\BITS.ini
C:\Documents and Settings\luciana62\Dati applicazioni\BITS\DHTTable.dat
C:\Documents and Settings\luciana62\Dati applicazioni\DriveCleaner 2006
C:\Documents and Settings\luciana62\Dati applicazioni\DriveCleaner 2006\activator_info.txt
C:\Documents and Settings\luciana62\Dati applicazioni\DriveCleaner 2006\Logs\Activate.log
C:\Programmi\FlashGet Network
C:\Programmi\FlashGet Network\Flashget\btcore.dll
C:\Programmi\FlashGet Network\Flashget\btwrap.dll
C:\Programmi\FlashGet Network\Flashget\cd1.ico
C:\Programmi\FlashGet Network\Flashget\ComDlls\Bhoall.htm
C:\Programmi\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
C:\Programmi\FlashGet Network\Flashget\ComDlls\Bhocfg.ini
C:\Programmi\FlashGet Network\Flashget\ComDlls\Bholink.htm
C:\Programmi\FlashGet Network\Flashget\ComDlls\ComDlls.ini
C:\Programmi\FlashGet Network\Flashget\ComDlls\flashget.xpi
C:\Programmi\FlashGet Network\Flashget\ComDlls\FlashgetXpi.dll
C:\Programmi\FlashGet Network\Flashget\ComDlls\IFlashgetXpi.xpt
C:\Programmi\FlashGet Network\Flashget\CrashRpt.dll
C:\Programmi\FlashGet Network\Flashget\dbghelp.dll
C:\Programmi\FlashGet Network\Flashget\DBTrans.dll
C:\Programmi\FlashGet Network\Flashget\DBTransC.exe
C:\Programmi\FlashGet Network\Flashget\ed2kwrap.dll
C:\Programmi\FlashGet Network\Flashget\fgoption.ini
C:\Programmi\FlashGet Network\Flashget\FGVer.dll
C:\Programmi\FlashGet Network\Flashget\flashget.exe
C:\Programmi\FlashGet Network\Flashget\gt.exe
C:\Programmi\FlashGet Network\Flashget\hashgen.dll
C:\Programmi\FlashGet Network\Flashget\Help\LICENSE.TXT
C:\Programmi\FlashGet Network\Flashget\Help\Readme.txt
C:\Programmi\FlashGet Network\Flashget\Help\WHATSNEW.TXT
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\AddBatchLinksDlg.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\AddBTTask.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\AddEMTask.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\AddHpFpLink.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\AddLinksDlg.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\AddLinksDlgEx.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\AddLinksModern.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\BTOption.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\CategoryView.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\ComfirmWhenExitDialog.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\CommonDlg.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\ConfirmInvalidLinks.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\ContextMenu.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\DefaultDownloadsDialog.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\DeleteFilesDialog.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\EMOption.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\EMServers.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\ExtensionRuleDlg.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\FileRemovedDialog.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\FindTaskDialog.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\GarageLoginDialog.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\GarageView.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\HotResource.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\HpFpOption.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\Info.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\LogsOutput.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\MainMenu.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\MainToolbar.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\MonitorOption.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\NormalOption.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\Option.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\SearchBar.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\Security.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\SecurityOption.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\SecurityScan.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\SecurityToolbar.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\Shutdown.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\StatusBar.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\TaskDefOption.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\TaskListView.ini
C:\Programmi\FlashGet Network\Flashget\Langs\FGXL_CHS\XpEnhance.ini
C:\Programmi\FlashGet Network\Flashget\LiveUpdate.exe
C:\Programmi\FlashGet Network\Flashget\LiveUpdateEx.exe
C:\Programmi\FlashGet Network\Flashget\LiveUpdateUI.dll
C:\Programmi\FlashGet Network\Flashget\modules\ComHelper\ComHelper.dll
C:\Programmi\FlashGet Network\Flashget\modules\ComHelper\Info.ini
C:\Programmi\FlashGet Network\Flashget\modules\Downstat\Downstat.dll
C:\Programmi\FlashGet Network\Flashget\modules\Downstat\Info.ini
C:\Programmi\FlashGet Network\Flashget\modules\garage\garage.dll
C:\Programmi\FlashGet Network\Flashget\modules\garage\Info.ini
C:\Programmi\FlashGet Network\Flashget\modules\P4pclient\caption.ini
C:\Programmi\FlashGet Network\Flashget\modules\P4pclient\Info.ini
C:\Programmi\FlashGet Network\Flashget\modules\P4pclient\P4pclient.dll
C:\Programmi\FlashGet Network\Flashget\modules\plugintest\plugintest.dll
C:\Programmi\FlashGet Network\Flashget\modules\SearchTop\Info.ini
C:\Programmi\FlashGet Network\Flashget\modules\SearchTop\SearchTop.dll
C:\Programmi\FlashGet Network\Flashget\modules\Security\FunctionalRepair.bmp
C:\Programmi\FlashGet Network\Flashget\modules\Security\Info.ini
C:\Programmi\FlashGet Network\Flashget\modules\Security\Scanning.bmp
C:\Programmi\FlashGet Network\Flashget\modules\Security\Security.bmp
C:\Programmi\FlashGet Network\Flashget\modules\Security\SECURITY.dll
C:\Programmi\FlashGet Network\Flashget\modules\Security\Security.xml
C:\Programmi\FlashGet Network\Flashget\modules\Security\SystemFix.bmp
C:\Programmi\FlashGet Network\Flashget\modules\SnapShot\Info.ini
C:\Programmi\FlashGet Network\Flashget\modules\SnapShot\SnapShot.dll
C:\Programmi\FlashGet Network\Flashget\modules\SoBar\Info.ini
C:\Programmi\FlashGet Network\Flashget\modules\SoBar\SoBar.dll
C:\Programmi\FlashGet Network\Flashget\modules\TaskNotifier\Info.ini
C:\Programmi\FlashGet Network\Flashget\modules\TaskNotifier\tasknotifier.dll
C:\Programmi\FlashGet Network\Flashget\P2PCfg.ini
C:\Programmi\FlashGet Network\Flashget\P2PCore.dll
C:\Programmi\FlashGet Network\Flashget\p2pprot.dll
C:\Programmi\FlashGet Network\Flashget\P2PShare.dat
C:\Programmi\FlashGet Network\Flashget\P2PSP.dat
C:\Programmi\FlashGet Network\Flashget\p2snetio.dll
C:\Programmi\FlashGet Network\Flashget\p2spmgr.dll
C:\Programmi\FlashGet Network\Flashget\p2spmgr.ini
C:\Programmi\FlashGet Network\Flashget\p2sprot.dll
C:\Programmi\FlashGet Network\Flashget\p2spwrap.dll
C:\Programmi\FlashGet Network\Flashget\p4spmgr.ini
C:\Programmi\FlashGet Network\Flashget\Profiles\config.dat
C:\Programmi\FlashGet Network\Flashget\Profiles\tasks.dat
C:\Programmi\FlashGet Network\Flashget\RdOldDB.dll
C:\Programmi\FlashGet Network\Flashget\setup.exe
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\CategoryTreeCT\Available.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\CategoryTreeCT\CategoryTreeCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\CategoryTreeCT\Downloaded.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\CategoryTreeCT\Downloading.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\CategoryTreeCT\Favorite.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\CategoryTreeCT\Flashget.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\CategoryTreeCT\Release.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\CategoryTreeCT\Rubbish.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\CategoryTreeCT\Search.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\GlobalOptionCT\BT.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\GlobalOptionCT\EM.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\GlobalOptionCT\GlobalOptionCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\GlobalOptionCT\HpFp.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\GlobalOptionCT\Monitor.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\GlobalOptionCT\Normal.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\GlobalOptionCT\TaskDef.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\About.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\DeleteTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\MainMenuCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\MoveDownTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\MoveUpTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\NewTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\Option.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\PauseTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\StartTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainMenuCT\TaskProperties.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\About.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\DeleteTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\Folder.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\MainToolbarCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\MoveDownTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\MoveUpTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\NewTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\Open.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\Option.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\PauseTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\Resource.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\StartTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarCT\TaskProperties.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\About.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\DeleteTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\Folder.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\MainToolbarDisableCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\MoveDownTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\MoveUpTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\NewTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\Open.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\Option.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\PauseTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\Resource.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\StartTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\MainToolbarDisableCT\TaskProperties.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\OutpuLogCT\Down.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\OutpuLogCT\Error.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\OutpuLogCT\Normal.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\OutpuLogCT\OutpuLogCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\OutpuLogCT\Up.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\All.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\Book.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\Bt.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\Game.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\Movie.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\Music.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\Phone.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\Picture.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\SobarIconCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\SobarIconCT\Software.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\TaskListCT\Error.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\TaskListCT\OK.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\TaskListCT\Pause.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\TaskListCT\Pin.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\TaskListCT\Schedule.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\TaskListCT\Start.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\TaskListCT\TaskListCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\TaskListCT\Upload.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\Modern\TaskListCT\Wait.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\notify.wav
C:\Programmi\FlashGet Network\Flashget\Skins\notify_board.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\notify_icon.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\Info.ini
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\MoveDownTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\MoveUpTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\MoveDownTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\MoveUpTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
C:\Programmi\FlashGet Network\Flashget\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
C:\Programmi\FlashGet Network\Flashget\storage.dll
C:\Programmi\FlashGet Network\Flashget\testwrap.dll
C:\Programmi\FlashGet Network\Flashget\uninst.exe
C:\Programmi\FlashGet Network\Flashget\zlib.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2008-08-02 al 2008-09-02 )))))))))))))))))))))))))))))))))))
.

2008-09-02 13:40 . 2008-09-02 13:40 <DIR> d-------- C:\Programmi\CCleaner
2008-09-02 08:35 . 2008-09-02 14:10 299,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-02 08:35 . 2008-09-02 14:10 2,780 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-02 08:30 . 2008-09-02 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-09-02 08:30 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-09-02 08:30 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-09-02 08:30 . 2008-09-02 08:34 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-09-02 08:28 . 2008-09-02 08:28 <DIR> d-------- C:\Programmi\Zone Labs
2008-09-02 08:26 . 2008-09-02 14:11 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-09-02 08:25 . 2008-09-02 08:25 <DIR> d-------- C:\Programmi\Avira
2008-09-02 08:25 . 2008-09-02 08:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-09-02 03:24 . 2008-09-02 03:24 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-09-02 00:11 . 2008-09-02 00:11 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-09-02 00:11 . 2008-09-02 00:11 <DIR> d-------- C:\WINDOWS\system32\it
2008-09-02 00:11 . 2008-09-02 00:11 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-02 00:11 . 2008-09-02 00:11 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-02 00:08 . 2008-09-02 00:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-02 00:01 . 2008-09-02 00:01 <DIR> d-------- C:\WINDOWS\EHome
2008-09-01 23:50 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-01 23:50 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-09-01 23:50 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-09-01 23:50 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-09-01 23:32 . 2008-06-14 19:32 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-01 23:29 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-01 23:29 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-01 23:29 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-01 23:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-01 14:23 . 2008-09-01 14:23 0 --ah----- C:\WINDOWS\.security
2008-09-01 14:23 . 2008-09-01 14:23 0 --ah----- C:\.security
2008-09-01 14:06 . 2008-09-01 14:06 <DIR> d-------- C:\Programmi\ggexamd
2008-09-01 14:06 . 2008-09-01 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\xgpinkle
2008-09-01 14:06 . 2008-09-01 14:06 90,112 --a------ C:\WINDOWS\system32\pubyxyxa.exe
2008-08-25 20:06 . 2008-09-01 14:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-25 20:06 . 2008-08-25 20:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-24 19:43 . 2008-08-24 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 12:11 639,527 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-02 07:28 --------- d-----w C:\Programmi\Babylon Pro Setup
2008-09-02 06:35 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-09-02 06:10 --------- d-----w C:\Programmi\Lavasoft
2008-09-02 06:10 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-09-02 06:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-09-02 01:27 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-09-01 23:35 --------- d-----w C:\Programmi\eMule
2008-09-01 23:20 --------- d-----w C:\Programmi\AdunanzA
2008-08-28 23:10 --------- d-----w C:\Documents and Settings\luciana62\Dati applicazioni\OpenOffice.org2
2008-08-24 17:43 --------- d-----w C:\Documents and Settings\luciana62\Dati applicazioni\Lavasoft
2008-08-24 11:16 --------- d-----w C:\Programmi\mIRC6.21-Italiano-TuttoIRC
2008-08-24 11:14 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-24 11:13 --------- d-----w C:\Programmi\iTunes
2008-08-24 11:13 --------- d-----w C:\Programmi\iPod
2008-08-24 11:12 --------- d-----w C:\Programmi\Apple Software Update
2008-08-23 16:33 --------- d-----w C:\Programmi\3D Kit Builder
2008-07-03 18:26 --------- d-----w C:\Documents and Settings\luciana62\Dati applicazioni\Nokia Multimedia Player
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 24,576 2003-05-02 09:31:50 C:\APPS\ABOARD\bak\ABoard.exe

----a-w 110,740 2005-01-28 09:10:32 C:\APPS\Powercinema\bak\PCMService.exe

----a-w 163,576 2006-11-20 17:41:25 C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe

----a-w 32,881 2004-06-03 20:05:08 C:\Programmi\Java\j2re1.4.2_05\bin\bak\jusched.exe

----a-w 892,928 2004-03-18 08:33:26 C:\Programmi\Logitech\iTouch\bak\iTouch.exe

----a-w 208,952 2004-08-19 12:00:00 C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-08-19 12:00:00 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 02:14:03 C:\WINDOWS\system32\ctfmon.exe

----a-w 455,168 2004-08-19 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-08-19 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"MntComUtil"="C:\WINDOWS\system32\pubyxyxa.exe" [2008-09-01 14:06 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Programmi\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:14 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:14 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Lv3pVE8LJN"="C:\Documents and Settings\luciana62\Desktop\AdobeFlashPlayerHD.exe" [N/A]

C:\Documents and Settings\luciana62\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-01 14:23:55 0]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
.security [2008-09-01 14:23:55 0]
ZDWlan.lnk - C:\Programmi\ZyXEL Technology Corporation\ZyAIR G-220 Utility\ZDWlan.exe [2007-02-24 15:19:01 1093632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ChkActStr"= {25A62BDE-2CFF-9F31-8E4F-03479A3ECCA5} - C:\Programmi\ggexamd\ChkActStr.dll [2008-09-01 14:06 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2007-09-26 13:20 286016 C:\Programmi\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programmi\iTunes\iTunesHelper.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:14 1695232 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 21:16 286720 C:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"LmHosts"=2 (0x2)
"iPod Service"=3 (0x3)
"BthServ"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Apple Mobile Device"=3 (0x3)
"wscsvc"=2 (0x2)
"SwPrv"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"Spooler"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"IDriverT"=3 (0x3)
"odserv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\BitTorrent_DNA\\dna.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\PPStream\\PPStream.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 17:02]
S3 lg3gbus;LGE KU580 driver (WDM);C:\WINDOWS\system32\DRIVERS\lg3gbus.sys []
S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\lg3gmdfl.sys []
S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\lg3gmdm.sys []
S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lg3gmgmt.sys []
S3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-08-03 16:55]
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\luciana62\Dati applicazioni\Mozilla\Firefox\Profiles\fx3nhgi5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - C:\Documents and Settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmi\BitTorrent_DNA\npbtdna.dll
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 14:12:39
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-02 14:20:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 12:19:58

Pre-Run: 652,906,496 byte disponibili
Post-Run: 644,354,048 byte disponibili

534 --- E O F --- 2008-09-02 08:32:46
Misaki
Newbie
 
Post: 6
Iscritto il: 02/09/08 15:03

Sponsor
 

Re: aiuto non ne posso più!!

Postdi Luke57 » 02/09/08 16:46

Ciao, scarica avenger da qui:
http://swandog46.geekstogo.com/avenger2/download.php

scompatta il file.zip, estrai avenger.exe sul desktgop, avvialo, lascia selezionata solamente l'opzione "scan for rootkits", nello spazio bianco copie e incolla il seguente scritp:

Files to delete:
C:\WINDOWS\system32\pubyxyxa.exe

Folders to delete:
C:\Programmi\ggexamd
C:\Documents and Settings\All Users\Dati applicazioni\xgpinkle

Files to move:
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\APPS\Powercinema\bak\PCMService.exe
| C:\APPS\Powercinema\PCMService.exe
C:\Programmi\Logitech\iTouch\bak\iTouch.exe
| C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
| C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
C:\WINDOWS\system32\bak\ctfmon.exe
| C:\WINDOWS\system32\ctfmon.exe
C:\APPS\ABOARD\bak\ABoard.exe
| C:\APPS\ABOARD\ABoard.exe
C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE
| C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE


Premi il tasto Execute, il computer si riavvierà, posta il report prodotto in C:avenger.txt.

Disistalla quella versiuone della java antidiluviana ormai ;)
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi Misaki » 02/09/08 21:31

non mi funziona....
quando premo il tasto execute mi dice:
Error:invalid syntax in command:
"|C:\APPS\Powercinema\PCMservice.exe"
skipping line. (file move mode)

che faccio??? :cry:
Misaki
Newbie
 
Post: 6
Iscritto il: 02/09/08 15:03

Re: aiuto non ne posso più!!

Postdi Luke57 » 03/09/08 07:52

Ciao, elimina dallo script:
C:\APPS\Powercinema\bak\PCMService.exe
| C:\APPS\Powercinema\PCMService.exe
lasciando invariato tutto il resto e riprova a eseguire l'operazione.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi Misaki » 03/09/08 12:04

no,non funziona....
eliminando quello che mi hai detto,mi fa lo stesso col programma scritto sotto....e se cancello anche quello sotto me lo fa con quello sotto ancora.......mhhhh.....
non so che fare!!!
Misaki
Newbie
 
Post: 6
Iscritto il: 02/09/08 15:03

Re: aiuto non ne posso più!!

Postdi Luke57 » 03/09/08 15:58

Misaki ha scritto:no,non funziona....
eliminando quello che mi hai detto,mi fa lo stesso col programma scritto sotto....e se cancello anche quello sotto me lo fa con quello sotto ancora.......mhhhh.....
non so che fare!!!

Prova questo:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\pubyxyxa.exe

Folders to delete:
C:\Programmi\ggexamd
C:\Documents and Settings\All Users\Dati applicazioni\xgpinkle

Files to move:
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\APPS\Powercinema\bak\PCMService.exe| C:\APPS\Powercinema\PCMService.exe
C:\Programmi\Logitech\iTouch\bak\iTouch.exe| C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE | C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
C:\WINDOWS\system32\bak\ctfmon.exe| C:\WINDOWS\system32\ctfmon.exe
C:\APPS\ABOARD\bak\ABoard.exe| C:\APPS\ABOARD\ABoard.exe
C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE | C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE


N.B. Devi scrivere all'inizio di ogni rigo sempre la prima parte vale a dire:
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe e così via.
Prima di premere il tasto Execute controlla l'esattezza di quello che hai scritto
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi Misaki » 03/09/08 16:27

ora ha funzionatooo!!!!!!! ^^
questo è il resoconto:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Sep 02 22:27:00 2008

22:26:52: Error: Invalid syntax in command:
"C:\APPS\Powercinema\bak\PCMService.exe"
Skipping line. (File move mode)
22:26:56: Error: Invalid syntax in command:
"| C:\APPS\Powercinema\PCMService.exe"
Skipping line. (File move mode)
22:26:57: Error: Invalid syntax in command:
"C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
Skipping line. (File move mode)
22:26:59: Error: Invalid syntax in command:
"| C:\Programmi\Logitech\iTouch\iTouch.exe"
Skipping line. (File move mode)
22:27:00: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Sep 02 22:27:10 2008

22:27:03: Error: Invalid syntax in command:
"C:\APPS\Powercinema\bak\PCMService.exe"
Skipping line. (File move mode)
22:27:08: Error: Invalid syntax in command:
"| C:\APPS\Powercinema\PCMService.exe"
Skipping line. (File move mode)
22:27:10: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Sep 02 22:54:04 2008

22:27:50: Error: Invalid syntax in command:
"C:\APPS\Powercinema\bak\PCMService.exe"
Skipping line. (File move mode)
22:54:00: Error: Invalid syntax in command:
"| C:\APPS\Powercinema\PCMService.exe"
Skipping line. (File move mode)
22:54:01: Error: Invalid syntax in command:
"C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
Skipping line. (File move mode)
22:54:02: Error: Invalid syntax in command:
"| C:\Programmi\Logitech\iTouch\iTouch.exe"
Skipping line. (File move mode)
22:54:04: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Sep 02 22:54:38 2008

22:54:31: Error: Invalid syntax in command:
"C:\APPS\Powercinema\bak\PCMService.exe"
Skipping line. (File move mode)
22:54:36: Error: Invalid syntax in command:
"| C:\APPS\Powercinema\PCMService.exe"
Skipping line. (File move mode)
22:54:37: Error: Invalid syntax in command:
"C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
Skipping line. (File move mode)
22:54:38: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Sep 03 13:02:11 2008

13:02:09: Error: Invalid syntax in command:
"C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
Skipping line. (File move mode)
13:02:10: Error: Invalid syntax in command:
"| C:\Programmi\Logitech\iTouch\iTouch.exe"
Skipping line. (File move mode)
13:02:11: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Sep 03 13:02:35 2008

13:02:32: Error: Invalid syntax in command:
"C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
Skipping line. (File move mode)
13:02:34: Error: Invalid syntax in command:
"| C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE"
Skipping line. (File move mode)
13:02:35: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Sep 03 13:04:17 2008

13:04:16: Error: Invalid syntax in command:
"C:\APPS\Powercinema\bak\PCMService.exe"
Skipping line. (File move mode)
13:04:17: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Sep 03 13:05:58 2008

13:05:56: Error: Invalid syntax in command:
"C:\APPS\Powercinema\bak\PCMService.exe"
Skipping line. (File move mode)
13:05:58: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Sep 03 13:06:26 2008

13:06:23: Error: Invalid syntax in command:
"C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe"
Skipping line. (File move mode)
13:06:24: Error: Invalid syntax in command:
"| C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
Skipping line. (File move mode)
13:06:26: Error: Execution aborted by user!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\pubyxyxa.exe" deleted successfully.
Folder "C:\Programmi\ggexamd" deleted successfully.
Folder "C:\Documents and Settings\All Users\Dati applicazioni\xgpinkle" deleted successfully.
File move operation "C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" completed successfully.
File move operation "C:\APPS\Powercinema\bak\PCMService.exe|C:\APPS\Powercinema\PCMService.exe" completed successfully.
File move operation "C:\Programmi\Logitech\iTouch\bak\iTouch.exe|C:\Programmi\Logitech\iTouch\iTouch.exe" completed successfully.
File move operation "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE|C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\APPS\ABOARD\bak\ABoard.exe|C:\APPS\ABOARD\ABoard.exe" completed successfully.
File move operation "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE|C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE" completed successfully.

Completed script processing.

*******************

Finished! Terminate.





ora che faccio???
Misaki
Newbie
 
Post: 6
Iscritto il: 02/09/08 15:03

Re: aiuto non ne posso più!!

Postdi Luke57 » 03/09/08 17:17

Hai sempre problemi?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi musetta » 03/09/08 21:17

ciao a tutti, sono nuova e...con lostesso problema...trojan clicker... + n mila virus. :cry:
Ho eseguito come da post combo. Ecco il risultato:

ComboFix 08-09-01.05 - musetta 2008-09-03 22.03.42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1376 [GMT 2:00]
Eseguito da: C:\Documents and Settings\musetta\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
Os seguintes ficheiros foram desabilitados durante a rodagem:
C:\Programmi\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\gina\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\actskn43.ocx
C:\Documents and Settings\gegè\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2008-08-03 al 2008-09-03 )))))))))))))))))))))))))))))))))))
.

2008-09-02 23:26 . 2008-09-02 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-09-02 23:08 . 2008-09-02 23:08 90,112 --a------ C:\WINDOWS\system32\knqbydsv.exe
2008-09-02 22:53 . 2008-09-02 22:53 102,400 --a------ C:\WINDOWS\system32\efitkvyd.exe
2008-09-02 22:45 . 2008-09-02 22:45 <DIR> d-------- C:\Programmi\Yahoo!
2008-09-02 22:44 . 2008-09-02 23:21 <DIR> d-------- C:\Programmi\CCleaner
2008-09-02 22:24 . 2008-09-02 22:24 409 --a------ C:\Collegamento a sqmdata06.sqm.lnk
2008-09-02 20:24 . 2008-09-02 20:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-02 20:18 . 2008-09-02 20:18 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-09-02 20:14 . 2008-09-02 20:14 102,400 --a------ C:\WINDOWS\system32\jetilypw.exe
2008-09-02 19:56 . 2008-09-02 19:56 94,208 --a------ C:\WINDOWS\system32\tcnujgzu.exe
2008-09-02 19:13 . 2008-09-02 19:13 94,208 --a------ C:\WINDOWS\system32\lwtedqjs.exe
2008-09-02 02:43 . 2008-09-02 02:43 81,920 --a------ C:\WINDOWS\system32\sfghsrsl.exe
2008-09-02 02:28 . 2008-09-02 19:22 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-02 02:28 . 2008-09-02 02:28 <DIR> d-------- C:\Documents and Settings\musetta\Dati applicazioni\Malwarebytes
2008-09-02 02:28 . 2008-09-02 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-02 02:28 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-02 02:28 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 01:15 . 2008-09-01 00:49 203,776 --------- C:\WINDOWS\system32\trzB.tmp
2008-09-01 00:50 . 2008-09-01 00:50 <DIR> d-------- C:\Programmi\ccppjed
2008-09-01 00:50 . 2008-09-01 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\twnatgji
2008-09-01 00:50 . 2008-09-01 00:50 90,112 --a------ C:\WINDOWS\system32\jodarofk.exe
2008-08-25 00:45 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-20 01:07 . 2008-09-02 23:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-20 01:07 . 2008-08-20 01:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-06 18:17 . 2008-08-06 18:17 <DIR> d-------- C:\Programmi\ArcaPro
2008-08-06 09:45 . 2008-08-06 09:45 <DIR> d-------- C:\Arca Professional 1.2008_b1120

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 20:08 --------- d-----w C:\Programmi\PCHealthCenter
2008-09-02 21:23 --------- d-----w C:\Programmi\Mozilla Firefox 3 Beta 5
2008-09-02 21:22 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-31 23:35 --------- d-----w C:\Programmi\LabelCommand
2008-08-06 16:17 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-07-29 22:28 --------- d-----w C:\Programmi\File comuni\Adobe
2008-07-27 18:20 --------- d-----w C:\Programmi\Interwise
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-14 19:20 --------- d-----w C:\Programmi\PoigpsGo
2007-09-02 22:00 66,536 ----a-w C:\Documents and Settings\musetta\Dati applicazioni\GDIPFONTCACHEV1.DAT
.
Codice: Seleziona tutto
<pre>
----a-w            79,224 2007-12-04 13:00:23  C:\Programmi\Alwil Software\Avast4\ashDisp .exe
----a-w           847,872 2008-01-23 13:47:10  C:\Programmi\Enigma Software Group\SpyHunter\spyhunter3 .exe
----a-w            64,512 2005-08-17 21:40:06  C:\WINDOWS\ehome\ehtray .exe
----a-w            15,360 2004-09-07 13:00:00  C:\WINDOWS\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 24,576 2003-05-02 09:31:50 C:\APPS\ABOARD\bak\ABoard.exe

----a-w 975,360 2005-12-08 15:39:08 C:\APPS\SMP\bak\SmpSys.exe

----a-w 19,148 2002-11-13 07:18:32 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FRT
----a-w 19,148 2002-11-13 07:18:32 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FRT

----a-w 44,604 2002-11-13 07:18:32 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FRX
----a-w 44,604 2002-11-13 07:18:32 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FRX

----a-w 706 2003-02-28 16:00:58 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FXP
----a-w 706 2003-02-28 16:00:58 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FXP

----a-w 634 2003-02-28 16:00:44 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.PRG
----a-w 634 2003-02-28 16:00:44 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.PRG

----a-w 1,620 2007-01-02 12:50:00 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\BAK\MAGEXT.FXP
----a-w 1,620 2007-01-02 12:50:00 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\MAGEXT.FXP

----a-w 1,792 2007-01-02 12:50:10 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\BAK\MAGEXT.PRG
----a-w 1,792 2007-01-02 12:50:10 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\MAGEXT.PRG

----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2008-01-11 20:16:38 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 78,008 2008-07-19 14:38:34 C:\Programmi\Alwil Software\Avast4\ashDisp.exe

----a-w 90,112 2006-05-10 10:12:06 C:\Programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe

----a-w 185,896 2007-03-31 23:12:48 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

----a-w 3,293,184 2007-04-19 05:40:28 C:\Programmi\Google\Google Talk\bak\googletalk.exe

----a-w 68,856 2007-06-18 22:31:29 C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 310,272 2004-10-04 12:03:18 C:\Programmi\Goto Software\Vade Retro\bak\Vaderetro_oe.exe

----a-w 36,975 2005-06-03 02:52:54 C:\Programmi\Java\jre1.5.0_04\bin\bak\jusched.exe

----a-w 102,400 2005-10-20 05:15:00 C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\bak\DetectorApp.exe

----a-w 3,977,128 2008-02-14 10:58:08 C:\Programmi\TomTom HOME\bak\TomTomHOME.exe

----a-w 462,848 2006-12-28 18:01:17 C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTb.exe

----a-w 19,148 2002-11-13 07:18:32 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FRT
----a-w 19,148 2002-11-13 07:18:32 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FRT

----a-w 44,604 2002-11-13 07:18:32 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FRX
----a-w 44,604 2002-11-13 07:18:32 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FRX

----a-w 706 2003-02-28 16:00:58 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FXP
----a-w 706 2003-02-28 16:00:58 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FXP

----a-w 634 2003-02-28 16:00:44 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.PRG
----a-w 634 2003-02-28 16:00:44 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.PRG

----a-w 1,620 2007-01-02 12:50:00 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\BAK\MAGEXT.FXP
----a-w 1,620 2007-01-02 12:50:00 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\MAGEXT.FXP

----a-w 1,792 2007-01-02 12:50:10 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\BAK\MAGEXT.PRG
----a-w 1,792 2007-01-02 12:50:10 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\MAGEXT.PRG

----a-w 67,584 2005-09-29 13:01:14 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-17 21:40:06 C:\WINDOWS\ehome\ehtray.exe

----a-w 208,952 2004-09-07 13:00:00 C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-09-07 13:00:00 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

----a-w 15,360 2004-09-07 13:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 13:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 455,168 2004-09-07 13:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-09-07 13:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

----a-w 99,840 2003-09-12 03:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I0K2.EXE

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B8DCA8F-2A9D-4E85-BDBE-476DE2AA6B65}]
2004-09-07 15:00 91648 --a------ C:\WINDOWS\system32\bthser.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 15360]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"CmdMon"="C:\WINDOWS\system32\jodarofk.exe" [2008-09-01 90112]
"uicfgapi"="C:\WINDOWS\system32\sfghsrsl.exe" [2008-09-02 81920]
"ProcHlp"="C:\WINDOWS\system32\lwtedqjs.exe" [2008-09-02 94208]
"commonchk"="C:\WINDOWS\system32\tcnujgzu.exe" [2008-09-02 94208]
"comshhlp"="C:\WINDOWS\system32\jetilypw.exe" [2008-09-02 102400]
"cfgdsccmd"="C:\WINDOWS\system32\efitkvyd.exe" [2008-09-02 102400]
"HlpSmart"="C:\WINDOWS\system32\knqbydsv.exe" [2008-09-02 90112]
"ccleaner"="C:\Programmi\CCleaner\CCleaner.exe" [2008-08-22 1234160]
"DscProcCfg"="C:\WINDOWS\system32\jwpatodq.exe" [2008-09-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 237568]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SpyHunter Security Suite"="C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 851968]
"lphcv64j0e95e"="C:\WINDOWS\system32\lphcv64j0e95e.exe" [2008-09-03 203776]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NCahe9Lawq"="C:\Documents and Settings\All Users\Dati applicazioni\twnatgji\bedcbgno.exe" [2008-09-01 61440]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Push Client.LNK - C:\Programmi\Interwise\Participant\pull.exe [2008-07-27 843776]
Windows Desktop Search.lnk - C:\Programmi\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"strchkinfo"= {5022CED1-CAA5-491E-1294-026797114DC0} - C:\Programmi\ccppjed\strchkinfo.dll [2008-09-01 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-09-02 17200]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 882688]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 7040]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2006-12-28 60288]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2006-12-28 646400]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2006-12-28 108771]
S3 OKYWEB2;Driver for M-Live - OKYWEB2;C:\WINDOWS\system32\Drivers\OKYWEB2.sys [2007-02-25 10413]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25217769-e26b-11dc-a3d5-001617e852ea}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\musetta\Dati applicazioni\Mozilla\Firefox\Profiles\nzzmgghi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.libero.it/
FF -: plugin - C:\Programmi\Mozilla Firefox 3 Beta 5\plugins\npLegitCheckPlugin.dll
FF -: plugin - C:\Programmi\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll
FF -: plugin - C:\Programmi\Mozilla Firefox 3 Beta 5\plugins\nppdf32.dll
FF -: plugin - C:\Programmi\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - C:\Programmi\Yahoo!\Common\npyaxmpb.dll
.
.
------- File Associations (Beta) -------
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 22:07:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\WINDOWS\system32\jwpatodq.exe 86016 bytes executable
C:\WINDOWS\system32\phcv64j0e95e.bmp 625208 bytes
C:\WINDOWS\system32\blphcv64j0e95e.scr 118784 bytes executable
C:\WINDOWS\system32\lphcv64j0e95e.exe 203776 bytes executable

Scansione completata con successo
Files nascosti: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\WGATray.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\lphcv64j0e95e.exeses\Search.GatherNotify\
C:\WINDOWS\system32\searchfilterhost.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-03 22:13:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-03 20:12:57

Pre-Run: 278,555,361,280 byte disponibili
Post-Run: 278,962,098,176 byte disponibili

264 --- E O F --- 2008-09-02 19:44:56



Grazie dei tanti consigli e aiuti...
musetta
Newbie
 
Post: 5
Iscritto il: 03/09/08 20:51

Re: aiuto non ne posso più!!

Postdi Misaki » 03/09/08 21:40

Luke57 ha scritto:Hai sempre problemi?


no,sembra non appaia più quella finestra coi trojan....però il computer mi va sempre lento....prima era una scheggia!!!
ora ogni volta che premo qualcosa,carica,carica....boh!!!
Misaki
Newbie
 
Post: 6
Iscritto il: 02/09/08 15:03

Re: aiuto non ne posso più!!

Postdi Misaki » 03/09/08 22:17

Misaki ha scritto:
Luke57 ha scritto:Hai sempre problemi?


no,sembra non appaia più quella finestra coi trojan....però il computer mi va sempre lento....prima era una scheggia!!!
ora ogni volta che premo qualcosa,carica,carica....boh!!!



sarà che ho cambiato firewall e antivirus....
prima avevo avast che mi faceva tutto....ora ho antivir e zone alarm....
Misaki
Newbie
 
Post: 6
Iscritto il: 02/09/08 15:03

Re: aiuto non ne posso più!!

Postdi Luke57 » 04/09/08 08:19

@Musetta
Ciao, adesso apri un file di testo (dal blocco note di windows), copia questo codice:


Codice: Seleziona tutto
File::
C:\WINDOWS\system32\knqbydsv.exe
C:\WINDOWS\system32\efitkvyd.exe
C:\WINDOWS\system32\jetilypw.exe
C:\WINDOWS\system32\tcnujgzu.exe
C:\WINDOWS\system32\lwtedqjs.exe
C:\WINDOWS\system32\sfghsrsl.exe
C:\WINDOWS\system32\jodarofk.exe
C:\WINDOWS\system32\jwpatodq.exe
C:\WINDOWS\system32\phcv64j0e95e.bmp
C:\WINDOWS\system32\blphcv64j0e95e.scr
C:\WINDOWS\system32\lphcv64j0e95e.exe

Folder::
C:\Programmi\ccppjed
C:\Documents and Settings\All Users\Dati applicazioni\twnatgji

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B8DCA8F-2A9D-4E85-BDBE-476DE2AA6B65}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmdMon"=-
"uicfgapi"=-
"ProcHlp"=-
"commonchk"=-
"comshhlp"=-
"cfgdsccmd"=-
"HlpSmart"=-
"DscProcCfg"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphcv64j0e95e"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NCahe9Lawq"=-



incollalo nel file di testo, salva il file nella stessa direzione di combofix, chiamandolo obbligatoriamente CFScript.txt trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione . Riavvia il computer e Posta il nuovo report, se prodotto (C:\combofix.txt).
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi musetta » 04/09/08 18:19

CIao Luke, grazie della risposta.
Ho lanicato il nuovo codice ed ecco il risultato:

ComboFix 08-09-03.06 - musetta 2008-09-04 19.06.06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1496 [GMT 2:00]
Eseguito da: C:\Documents and Settings\musetta\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\twnatgji
C:\Documents and Settings\All Users\Dati applicazioni\twnatgji\bedcbgno.exe
C:\Programmi\ccppjed
C:\Programmi\ccppjed\strchkinfo.dll
C:\Programmi\PCHealthCenter
C:\Programmi\PCHealthCenter\0.exe
C:\Programmi\PCHealthCenter\0.gif
C:\Programmi\PCHealthCenter\1.exe
C:\Programmi\PCHealthCenter\1.gif
C:\Programmi\PCHealthCenter\1.ico
C:\Programmi\PCHealthCenter\2.exe
C:\Programmi\PCHealthCenter\2.gif
C:\Programmi\PCHealthCenter\2.ico
C:\Programmi\PCHealthCenter\3.exe
C:\Programmi\PCHealthCenter\3.gif
C:\Programmi\PCHealthCenter\4.exe
C:\Programmi\PCHealthCenter\5.exe
C:\Programmi\PCHealthCenter\7.exe
C:\WINDOWS\system32\bthser.dll
C:\WINDOWS\system32\efitkvyd.exe
C:\WINDOWS\system32\jetilypw.exe
C:\WINDOWS\system32\jodarofk.exe
C:\WINDOWS\system32\jwpatodq.exe
C:\WINDOWS\system32\knqbydsv.exe
C:\WINDOWS\system32\lwtedqjs.exe
C:\WINDOWS\system32\sfghsrsl.exe
C:\WINDOWS\system32\tcnujgzu.exe
C:\Documents and Settings\gegè\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2008-08-04 al 2008-09-04 )))))))))))))))))))))))))))))))))))
.

2008-09-04 19:04 . 2008-09-04 19:04 90,112 --a------ C:\WINDOWS\system32\odgzqxuj.exe
2008-09-04 00:37 . 2008-09-04 00:37 106,496 --a------ C:\WINDOWS\system32\khwjsnav.exe
2008-09-03 22:13 . 2008-09-03 22:13 <DIR> d-------- C:\Documents and Settings\gegè
2008-09-03 22:13 . <DIR> C:\Documents and Settings\gegÞ\Impostazioni locali
2008-09-03 22:13 . <DIR> C:\Documents and Settings\gegÞ\Impostazioni locali
2008-09-02 23:26 . 2008-09-02 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-09-02 22:45 . 2008-09-02 22:45 <DIR> d-------- C:\Programmi\Yahoo!
2008-09-02 22:44 . 2008-09-02 23:21 <DIR> d-------- C:\Programmi\CCleaner
2008-09-02 22:24 . 2008-09-02 22:24 409 --a------ C:\Collegamento a sqmdata06.sqm.lnk
2008-09-02 20:24 . 2008-09-02 20:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-02 20:18 . 2008-09-02 20:18 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-09-02 02:28 . 2008-09-02 19:22 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-02 02:28 . 2008-09-02 02:28 <DIR> d-------- C:\Documents and Settings\musetta\Dati applicazioni\Malwarebytes
2008-09-02 02:28 . 2008-09-02 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-02 02:28 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-02 02:28 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 01:15 . 2008-09-01 00:49 203,776 --------- C:\WINDOWS\system32\trzB.tmp
2008-08-25 00:45 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-20 01:07 . 2008-09-02 23:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-20 01:07 . 2008-08-20 01:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-06 18:17 . 2008-08-06 18:17 <DIR> d-------- C:\Programmi\ArcaPro
2008-08-06 09:45 . 2008-08-06 09:45 <DIR> d-------- C:\Arca Professional 1.2008_b1120

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 21:23 --------- d-----w C:\Programmi\Mozilla Firefox 3 Beta 5
2008-09-02 21:22 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-31 23:35 --------- d-----w C:\Programmi\LabelCommand
2008-08-06 16:17 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-07-29 22:28 --------- d-----w C:\Programmi\File comuni\Adobe
2008-07-27 18:20 --------- d-----w C:\Programmi\Interwise
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-14 19:20 --------- d-----w C:\Programmi\PoigpsGo
2007-09-02 22:00 66,536 ----a-w C:\Documents and Settings\musetta\Dati applicazioni\GDIPFONTCACHEV1.DAT
.
Codice: Seleziona tutto
<pre>
----a-w            79,224 2007-12-04 13:00:23  C:\Programmi\Alwil Software\Avast4\ashDisp .exe
----a-w           847,872 2008-01-23 13:47:10  C:\Programmi\Enigma Software Group\SpyHunter\spyhunter3 .exe
----a-w            64,512 2005-08-17 21:40:06  C:\WINDOWS\ehome\ehtray .exe
----a-w            15,360 2004-09-07 13:00:00  C:\WINDOWS\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((( snapshot@2008-09-03_22.12.32.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-04 17:09:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 24,576 2003-05-02 09:31:50 C:\APPS\ABOARD\bak\ABoard.exe

----a-w 975,360 2005-12-08 15:39:08 C:\APPS\SMP\bak\SmpSys.exe

----a-w 19,148 2002-11-13 07:18:32 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FRT
----a-w 19,148 2002-11-13 07:18:32 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FRT

----a-w 44,604 2002-11-13 07:18:32 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FRX
----a-w 44,604 2002-11-13 07:18:32 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FRX

----a-w 706 2003-02-28 16:00:58 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FXP
----a-w 706 2003-02-28 16:00:58 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FXP

----a-w 634 2003-02-28 16:00:44 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.PRG
----a-w 634 2003-02-28 16:00:44 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.PRG

----a-w 1,620 2007-01-02 12:50:00 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\BAK\MAGEXT.FXP
----a-w 1,620 2007-01-02 12:50:00 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\MAGEXT.FXP

----a-w 1,792 2007-01-02 12:50:10 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\BAK\MAGEXT.PRG
----a-w 1,792 2007-01-02 12:50:10 C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\MAGEXT.PRG

----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2008-01-11 20:16:38 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 78,008 2008-07-19 14:38:34 C:\Programmi\Alwil Software\Avast4\ashDisp.exe

----a-w 90,112 2006-05-10 10:12:06 C:\Programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe

----a-w 185,896 2007-03-31 23:12:48 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

----a-w 3,293,184 2007-04-19 05:40:28 C:\Programmi\Google\Google Talk\bak\googletalk.exe

----a-w 68,856 2007-06-18 22:31:29 C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 310,272 2004-10-04 12:03:18 C:\Programmi\Goto Software\Vade Retro\bak\Vaderetro_oe.exe

----a-w 36,975 2005-06-03 02:52:54 C:\Programmi\Java\jre1.5.0_04\bin\bak\jusched.exe

----a-w 102,400 2005-10-20 05:15:00 C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\bak\DetectorApp.exe

----a-w 3,977,128 2008-02-14 10:58:08 C:\Programmi\TomTom HOME\bak\TomTomHOME.exe

----a-w 462,848 2006-12-28 18:01:17 C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTb.exe

----a-w 19,148 2002-11-13 07:18:32 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FRT
----a-w 19,148 2002-11-13 07:18:32 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FRT

----a-w 44,604 2002-11-13 07:18:32 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FRX
----a-w 44,604 2002-11-13 07:18:32 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FRX

----a-w 706 2003-02-28 16:00:58 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FXP
----a-w 706 2003-02-28 16:00:58 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FXP

----a-w 634 2003-02-28 16:00:44 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.PRG
----a-w 634 2003-02-28 16:00:44 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.PRG

----a-w 1,620 2007-01-02 12:50:00 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\BAK\MAGEXT.FXP
----a-w 1,620 2007-01-02 12:50:00 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\MAGEXT.FXP

----a-w 1,792 2007-01-02 12:50:10 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\BAK\MAGEXT.PRG
----a-w 1,792 2007-01-02 12:50:10 C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\MAGEXT.PRG

----a-w 67,584 2005-09-29 13:01:14 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-17 21:40:06 C:\WINDOWS\ehome\ehtray.exe

----a-w 208,952 2004-09-07 13:00:00 C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-09-07 13:00:00 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

----a-w 15,360 2004-09-07 13:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 13:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 455,168 2004-09-07 13:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-09-07 13:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

----a-w 99,840 2003-09-12 03:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I0K2.EXE

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 15360]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"ccleaner"="C:\Programmi\CCleaner\CCleaner.exe" [2008-08-22 1234160]
"ComUtilMsg"="C:\WINDOWS\system32\khwjsnav.exe" [2008-09-04 106496]
"AplAdm"="C:\WINDOWS\system32\odgzqxuj.exe" [2008-09-04 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 237568]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SpyHunter Security Suite"="C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 851968]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Push Client.LNK - C:\Programmi\Interwise\Participant\pull.exe [2008-07-27 843776]
Windows Desktop Search.lnk - C:\Programmi\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-09-02 17200]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 882688]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 7040]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2006-12-28 60288]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2006-12-28 646400]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2006-12-28 108771]
S3 OKYWEB2;Driver for M-Live - OKYWEB2;C:\WINDOWS\system32\Drivers\OKYWEB2.sys [2007-02-25 10413]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25217769-e26b-11dc-a3d5-001617e852ea}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÇOS REMOVIDOS - - - -

SSODL-strchkinfo-{5022CED1-CAA5-491E-1294-026797114DC0} - C:\Programmi\ccppjed\strchkinfo.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 19:10:04
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\WGATray.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-04 19:14:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 17:14:12
ComboFix2.txt 2008-09-03 20:13:16

Pre-Run: 279,040,749,568 byte disponibili
Post-Run: 279,033,913,344 byte disponibili

248 --- E O F --- 2008-09-02 19:44:56



Ora non ho più le icone vicino allostart (tipo avvio veloce) e pare che non abbia più avast, il mio antivirus che è sempre stato aggiornato. Come mai?
E come mai pur avendo windows defender, avast è successo tutto sto ambaradan?
CHe antivirus o cosa mi consigli dopo se, e dico se,..ne esco fuori???
Sono molto fiduciosa e GRAZIEEEEEEEEEEEEEEEEEEEEEEEEEEEEE.
musetta
Newbie
 
Post: 5
Iscritto il: 03/09/08 20:51

Re: aiuto non ne posso più!!

Postdi Luke57 » 04/09/08 18:59

@Musetta
Ciao, scarica avenger da qui:
http://swandog46.geekstogo.com/avenger2/download.php

scompatta il file.zip, estrai avenger.exe sul desktgop, avvialo, lascia selezionata solamente l'opzione "scan for rootkits", nello spazio bianco copie e incolla il seguente scritp:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\odgzqxuj.exe
C:\WINDOWS\system32\khwjsnav.exe

Files to move:
C:\APPS\ABOARD\bak\ABoard.exe | C:\APPS\ABOARD\ABoard.exe
C:\APPS\SMP\bak\SmpSys.exe | C:\APPS\SMP\SmpSys.exe
C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FRT | C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FRT
C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FXP | C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FXP
C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FRX | C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FRX
C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.PRG | C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.PRG
C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\BAK\MAGEXT.FXP | C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\MAGEXT.FXP
C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\BAK\MAGEXT.PRG | C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\MAGEXT.PRG
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe
 | C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Google\Google Talk\bak\googletalk.exe | C:\Programmi\Google\Google Talk\googletalk.exe
C:\Programmi\Goto Software\Vade Retro\bak\Vaderetro_oe.exe | C:\Programmi\Goto Software\Vade Retro\Vaderetro_oe.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\bak\DetectorApp.exe | C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Programmi\TomTom HOME\bak\TomTomHOME.exe | C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTb.exe | C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FRT | C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FRT
C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FRX | C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FRX
C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FXP | C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FXP
C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.PRG | C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.PRG
C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\BAK\MAGEXT.FXP | C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\MAGEXT.FXP
C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\BAK\MAGEXT.PRG | C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\MAGEXT.PRG
C:\WINDOWS\ehome\bak\ehtray.exe | C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE | C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE | C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I0K2.EXE | C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0K2.EXE



Premi il tasto Execute.
Il ciomputer si riavvierà, al riavvio posta il report C:\avenger.txt.

N:B:Disistalla la versione antidiluviana delle JRE e naviga con firefox.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi musetta » 04/09/08 19:14

Ciao,
ho scaricato come hai detto tu il programma , ma loanciando execute mi evidenzia questo errore:
errore syntaxin command:
"C:\ATI technologies\ATI.ACE\bak\CLIStart.exe"
skipping line (File move code) :cry:

nel frattempo rilanciando qualche trojanino è uscito ..
musetta
Newbie
 
Post: 5
Iscritto il: 03/09/08 20:51

Re: aiuto non ne posso più!!

Postdi musetta » 04/09/08 19:21

Pardon...misono fatta prendere un po' dalla disperation :)
ecco il file

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Sep 04 20:09:39 2008

20:09:32: Error: Invalid syntax in command:
"C:\Programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
Skipping line. (File move mode)
20:09:36: Error: Invalid syntax in command:
"| C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
Skipping line. (File move mode)
20:09:39: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Sep 04 20:14:58 2008

20:14:56: Error: Invalid syntax in command:
"C:\Programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
Skipping line. (File move mode)
20:14:58: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Sep 04 20:15:04 2008

20:13:33: Error: Invalid syntax in command:
"C:\Programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
Skipping line. (File move mode)
20:15:04: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Sep 04 20:16:48 2008

20:16:38: Error: Invalid syntax in command:
"C:\Programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
Skipping line. (File move mode)
20:16:44: Error: Invalid syntax in command:
"| C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
Skipping line. (File move mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\odgzqxuj.exe" deleted successfully.
File "C:\WINDOWS\system32\khwjsnav.exe" deleted successfully.
File move operation "C:\APPS\ABOARD\bak\ABoard.exe|C:\APPS\ABOARD\ABoard.exe" completed successfully.
File move operation "C:\APPS\SMP\bak\SmpSys.exe|C:\APPS\SMP\SmpSys.exe" completed successfully.
File move operation "C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FRT|C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FRT" completed successfully.
File move operation "C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FXP|C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FXP" completed successfully.
File move operation "C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.FRX|C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.FRX" completed successfully.
File move operation "C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\BAK\U_DISEGNO.PRG|C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\MODULI\U_DISEGNO.PRG" completed successfully.
File move operation "C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\BAK\MAGEXT.FXP|C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\MAGEXT.FXP" completed successfully.
File move operation "C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\BAK\MAGEXT.PRG|C:\Documents and Settings\musetta\Desktop\DITTE PER ARCA\Copia di TUBISTYL\PROGS\MAGEXT.PRG" completed successfully.
File move operation "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe|C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" completed successfully.
File move operation "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe" completed successfully.
File move operation "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe|C:\Programmi\File comuni\Real\Update_OB\realsched.exe" completed successfully.
File move operation "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" completed successfully.
File move operation "C:\Programmi\Google\Google Talk\bak\googletalk.exe|C:\Programmi\Google\Google Talk\googletalk.exe" completed successfully.
File move operation "C:\Programmi\Goto Software\Vade Retro\bak\Vaderetro_oe.exe|C:\Programmi\Goto Software\Vade Retro\Vaderetro_oe.exe" completed successfully.
File move operation "C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\bak\DetectorApp.exe|C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" completed successfully.
File move operation "C:\Programmi\TomTom HOME\bak\TomTomHOME.exe|C:\Programmi\TomTom HOME\TomTomHOME.exe" completed successfully.
File move operation "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTb.exe|C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" completed successfully.
File move operation "C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FRT|C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FRT" completed successfully.
File move operation "C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FRX|C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FRX" completed successfully.
File move operation "C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.FXP|C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.FXP" completed successfully.
File move operation "C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\BAK\U_DISEGNO.PRG|C:\Programmi\_ArcaPro\Ditte\TUBISTYL\MODULI\U_DISEGNO.PRG" completed successfully.
File move operation "C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\BAK\MAGEXT.FXP|C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\MAGEXT.FXP" completed successfully.
File move operation "C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\BAK\MAGEXT.PRG|C:\Programmi\_ArcaPro\Ditte\TUBISTYL\PROGS\MAGEXT.PRG" completed successfully.
File move operation "C:\WINDOWS\ehome\bak\ehtray.exe|C:\WINDOWS\ehome\ehtray.exe" completed successfully.
File move operation "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE|C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE|C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" completed successfully.
File move operation "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I0K2.EXE|C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0K2.EXE" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

anche se ti leggo da pochissimo .misa che in molti ti farebbero un monumento...
musetta
Newbie
 
Post: 5
Iscritto il: 03/09/08 20:51

Re: aiuto non ne posso più!!

Postdi desdemonia » 05/09/08 14:35

ciao...anche io ho lo stesso problema....ecco il resoconto di COMBOFIX
:undecided: HELPPPPPP!!!




ComboFix 08-09-04.09 - marcomichi 2008-09-05 15:08:23.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1541 [GMT 2:00]
Eseguito da: C:\Users\marcomichi\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\marcomichi\AppData\Local\qesew.dat
C:\Users\marcomichi\AppData\Local\qesew_nav.dat
C:\Users\marcomichi\AppData\Local\qesew_navps.dat
C:\Users\marcomichi\AppData\Roaming\.#
C:\Users\marcomichi\AppData\Roaming\.#\MBX@350@1C2990.###
C:\Users\marcomichi\AppData\Roaming\.#\MBX@350@1C29C0.###
C:\Users\marcomichi\AppData\Roaming\.#\MBX@350@1C29F0.###
C:\Windows\308.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-08-05 al 2008-09-05 )))))))))))))))))))))))))))))))))))
.

2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 13:39 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-05 13:39 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-05 12:04 . 2008-09-05 12:04 <DIR> d-------- C:\Users\marcomichi\DoctorWeb
2008-09-05 07:19 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-05 07:19 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-05 07:19 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-05 07:19 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-05 07:19 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-05 07:19 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-05 07:18 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-05 07:18 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-05 07:18 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-04 18:56 . 2008-09-04 18:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 18:56 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-04 12:32 . 2008-09-04 12:32 <DIR> d-------- C:\Users\All Users\AplSh
2008-09-04 12:32 . 2008-09-04 12:32 <DIR> d-------- C:\ProgramData\AplSh
2008-09-04 10:55 . 2008-09-04 10:55 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-04 10:54 . 2008-09-04 10:54 <DIR> d-------- C:\Program Files\iPod
2008-09-04 10:52 . 2008-09-04 10:52 <DIR> d-------- C:\Program Files\Bonjour
2008-09-04 09:59 . 2008-09-04 09:59 <DIR> d-------- C:\Users\All Users\shstr
2008-09-04 09:59 . 2008-09-04 09:59 <DIR> d-------- C:\ProgramData\shstr
2008-09-04 09:58 . 2008-09-04 09:58 <DIR> d-------- C:\Users\All Users\SysChk
2008-09-04 09:58 . 2008-09-04 09:58 <DIR> d-------- C:\ProgramData\SysChk
2008-09-03 15:30 . 2008-09-03 15:32 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-03 15:30 . 2008-09-03 15:32 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-03 15:30 . 2008-09-03 15:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-03 15:29 . 2008-09-03 15:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 14:00 . 2008-09-03 14:00 <DIR> d-------- C:\Program Files\CleanUp!
2008-09-03 09:28 . 2008-09-03 09:28 <DIR> d-------- C:\Users\All Users\MsgWin
2008-09-03 09:28 . 2008-09-03 09:28 <DIR> d-------- C:\ProgramData\MsgWin
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\Users\All Users\webgen
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\Users\All Users\ChkProc
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\ProgramData\webgen
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\ProgramData\ChkProc
2008-09-02 12:00 . 2008-09-05 13:19 1,524 --a------ C:\Windows\wininit.ini
2008-09-02 11:19 . 2008-09-02 15:38 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-02 11:19 . 2008-09-02 15:38 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-02 11:19 . 2008-09-02 15:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-02 10:33 . 2008-09-02 10:33 <DIR> d-------- C:\Users\All Users\hlpstr
2008-09-02 10:33 . 2008-09-02 10:33 <DIR> d-------- C:\ProgramData\hlpstr
2008-09-02 07:18 . 2008-09-02 07:18 <DIR> d-------- C:\Users\All Users\InfoEn
2008-09-02 07:18 . 2008-09-02 07:18 <DIR> d-------- C:\ProgramData\InfoEn
2008-09-01 10:12 . 2008-09-01 10:12 <DIR> d-------- C:\Users\All Users\ActSmart
2008-09-01 10:12 . 2008-09-01 10:12 <DIR> d-------- C:\ProgramData\ActSmart
2008-09-01 07:18 . 2008-09-01 07:18 <DIR> d-------- C:\Users\All Users\SrvApi
2008-09-01 07:18 . 2008-09-01 07:18 <DIR> d-------- C:\ProgramData\SrvApi
2008-08-29 10:56 . 2008-08-29 10:56 <DIR> d-------- C:\Users\All Users\srvappgen
2008-08-29 10:56 . 2008-08-29 10:56 <DIR> d-------- C:\ProgramData\srvappgen
2008-08-28 12:45 . 2008-08-28 14:01 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-08-28 10:26 . 2008-08-28 10:26 <DIR> d-------- C:\Windows\System32\Rinera
2008-08-28 09:09 . 2008-08-28 09:09 <DIR> d-------- C:\Users\All Users\CfgEnMsg
2008-08-28 09:09 . 2008-08-28 09:09 <DIR> d-------- C:\ProgramData\CfgEnMsg
2008-08-28 07:44 . 2008-09-04 09:58 <DIR> d-------- C:\Users\All Users\InfoSrvCom
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\Users\All Users\fqhclwta
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\Users\All Users\endb
2008-08-28 07:44 . 2008-09-04 09:58 <DIR> d-------- C:\ProgramData\InfoSrvCom
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\ProgramData\fqhclwta
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\ProgramData\endb
2008-08-28 07:43 . 2008-08-28 07:43 <DIR> d-------- C:\Users\All Users\enprocsmart
2008-08-28 07:43 . 2008-08-28 07:43 <DIR> d-------- C:\ProgramData\enprocsmart
2008-08-27 07:49 . 2008-08-27 07:49 0 --a------ C:\Users\marcomichi\AppData\Roaming\wklnhst.dat
2008-08-26 13:54 . 2008-08-26 13:54 <DIR> d-------- C:\Users\All Users\TERMINAL Studio
2008-08-26 13:54 . 2008-08-26 13:54 <DIR> d-------- C:\ProgramData\TERMINAL Studio
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\Users\All Users\MumboJumbo
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\ProgramData\MumboJumbo
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\Users\All Users\EarMaster
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\ProgramData\EarMaster
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\Program Files\EarMaster School 5
2008-08-20 11:48 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-19 23:39 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-19 23:39 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-19 23:39 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-19 23:39 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-19 23:39 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-15 14:52 . 2008-08-15 14:52 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Nikon
2008-08-15 14:52 . 2004-09-27 20:49 2,813,952 --a------ C:\Windows\System32\NkNEFPlugin.dll
2008-08-15 14:52 . 2002-01-06 06:48 974,848 --a------ C:\Windows\System32\mfc70.dll
2008-08-15 14:52 . 2004-06-21 14:08 495,616 -ra------ C:\Windows\System32\DRAGNKL1.dll
2008-08-15 14:52 . 2004-08-03 21:47 180,224 -ra------ C:\Windows\System32\picn1120.dll
2008-08-15 14:52 . 2004-07-20 09:45 176,128 -ra------ C:\Windows\System32\Strato4.dll
2008-08-15 14:52 . 2004-08-03 21:47 155,648 -ra------ C:\Windows\System32\picn1020.dll
2008-08-15 14:52 . 2004-07-12 09:59 110,592 -ra------ C:\Windows\System32\RCSigProc.dll
2008-08-15 14:52 . 2004-06-21 14:27 54,784 -ra------ C:\Windows\System32\RedEye.dll
2008-08-15 14:52 . 2004-08-03 21:47 48,128 -ra------ C:\Windows\System32\picn20.dll
2008-08-15 14:51 . 2008-08-15 14:51 <DIR> d-------- C:\Users\All Users\QuickTime
2008-08-15 14:51 . 2008-08-15 14:51 <DIR> d-------- C:\ProgramData\QuickTime
2008-08-15 14:51 . 2008-08-15 14:52 <DIR> d-------- C:\Program Files\Nikon
2008-08-15 14:50 . 2008-08-15 14:50 <DIR> d-------- C:\Program Files\ArcSoft
2008-08-15 14:50 . 1995-08-01 04:44 212,480 --------- C:\Windows\PCDLIB32.DLL
2008-08-15 14:49 . 2008-08-15 14:52 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\PACE Anti-Piracy
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\Users\All Users\PACE Anti-Piracy
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\ProgramData\PACE Anti-Piracy
2008-08-08 19:30 . 2008-08-08 19:33 <DIR> d-------- C:\Program Files\Waves
2008-08-08 19:13 . 2008-08-08 19:23 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-08-07 18:27 . 2008-09-01 13:56 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-08-06 22:19 . 2008-08-06 22:19 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Acoustica
2008-08-06 21:27 . 2008-08-06 21:27 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-08-06 21:27 . 2007-08-07 11:32 57,344 --a------ C:\Windows\System32\Wnaspint.dll
2008-08-06 21:19 . 2008-08-06 21:19 <DIR> d-------- C:\Users\All Users\Acoustica
2008-08-06 21:19 . 2008-08-06 21:19 <DIR> d-------- C:\ProgramData\Acoustica
2008-08-06 21:19 . 2008-08-06 22:19 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-08-06 16:31 . 2008-08-20 18:56 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Audacity
2008-08-06 16:31 . 2008-08-06 16:31 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-08-06 11:31 . 2008-08-06 11:31 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-08-05 19:59 . 2008-08-05 19:59 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Sonic Foundry
2008-08-05 19:50 . 2008-08-05 19:50 <DIR> d-------- C:\Users\All Users\Sony
2008-08-05 19:50 . 2008-08-05 19:50 <DIR> d-------- C:\ProgramData\Sony
2008-08-05 19:49 . 2008-08-05 19:50 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Sony
2008-08-05 19:49 . 2008-08-05 19:49 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Publish Providers
2008-08-05 19:49 . 2008-08-05 19:49 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\NetMedia Providers
2008-08-05 19:45 . 2002-12-17 16:23 33,340 --------- C:\Windows\System32\dbmsqlgc.dll
2008-08-05 19:45 . 2002-10-20 14:05 24,576 --------- C:\Windows\System32\dbmsgnet.dll
2008-08-05 19:45 . 2008-08-05 19:45 20,480 --a------ C:\Windows\System32\cliconfg.728
2008-08-05 19:36 . 2008-08-06 19:05 <DIR> d-------- C:\Program Files\Sony
2008-08-05 19:34 . 2008-08-05 19:34 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-08-05 18:43 . 2008-08-05 18:43 <DIR> d-------- C:\Program Files\Sonic Foundry
2008-08-05 11:47 . 2008-08-05 11:48 229,619,811 --a------ C:\Windows\MEMORY.DMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 08:54 --------- d-----w C:\Program Files\iTunes
2008-09-04 08:53 --------- d-----w C:\ProgramData\Apple Computer
2008-09-04 06:06 --------- d-----w C:\Users\marcomichi\AppData\Roaming\skypePM
2008-09-04 05:51 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Skype
2008-08-31 08:00 --------- d-----w C:\Program Files\McAfee
2008-08-28 09:24 --------- d---a-w C:\ProgramData\TEMP
2008-08-28 09:22 --------- d-----w C:\Program Files\Acer GameZone
2008-08-20 11:25 --------- d-----w C:\Program Files\Windows Mail
2008-08-20 09:49 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-15 15:46 --------- d-----w C:\Users\marcomichi\AppData\Roaming\SiteAdvisor
2008-08-15 12:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 21:55 --------- d-----w C:\Users\marcomichi\AppData\Roaming\LimeWire
2008-08-06 09:50 --------- d-----w C:\Program Files\Steinberg
2008-08-04 21:37 --------- d-----w C:\Program Files\Sony Setup
2008-08-04 21:12 --------- d-----w C:\ProgramData\Ref city new
2008-08-04 08:58 --------- d-----w C:\Program Files\directx
2008-08-03 16:07 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Steinberg
2008-08-03 16:01 --------- d-----w C:\Program Files\Syncrosoft
2008-08-01 06:10 --------- d-----w C:\Program Files\Real
2008-08-01 06:10 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-01 06:10 --------- d-----w C:\Program Files\Common Files\Real
2008-07-31 10:01 --------- d-----w C:\ProgramData\Arcade Lab
2008-07-31 09:52 --------- d-----w C:\ProgramData\Sandlot Games
2008-07-31 08:52 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Big Fish Games
2008-07-31 08:13 --------- d-----w C:\ProgramData\JollyBear
2008-07-30 14:59 --------- d-----w C:\Users\marcomichi\AppData\Roaming\PlayFirst
2008-07-30 14:59 --------- d-----w C:\ProgramData\PlayFirst
2008-07-30 14:11 --------- d-----w C:\ProgramData\Oberon Games
2008-07-30 14:05 --------- d-----w C:\ProgramData\SpinTop Games
2008-07-30 12:05 --------- d-----w C:\Users\marcomichi\AppData\Roaming\iWin
2008-07-30 11:57 --------- d-----w C:\ProgramData\InterAction studios
2008-07-30 08:57 --------- d-----w C:\Users\marcomichi\AppData\Roaming\FloodLightGames
2008-07-30 08:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 15:50 --------- d-----w C:\ProgramData\Bags loud rect corn
2008-07-28 10:27 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-07-25 09:22 --------- d-----w C:\Program Files\Sun
2008-07-25 09:22 --------- d-----w C:\Program Files\Java
2008-07-21 13:38 --------- d-----w C:\Program Files\Common Files\Java
2008-07-21 05:39 --------- d-----w C:\ProgramData\eSobi
2008-07-19 10:26 --------- d-----w C:\Program Files\Ubisoft
2008-07-19 09:55 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-07-19 09:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-19 09:52 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-14 17:31 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Image Zone Express
2008-07-13 09:45 --------- d-----w C:\Program Files\Cakewalk
2008-07-13 09:18 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Cakewalk
2008-07-13 09:16 118,784 ----a-w C:\Windows\dsdxirmv.exe
2008-07-13 09:15 --------- d-----w C:\Users\marcomichi\AppData\Roaming\DivX
2008-07-12 14:55 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-12 13:42 --------- d-----w C:\Users\marcomichi\AppData\Roaming\DAEMON Tools
2008-07-06 15:16 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Printer Info Cache
2008-07-06 15:16 --------- d-----w C:\Users\marcomichi\AppData\Roaming\HP
2008-07-06 15:16 --------- d-----w C:\ProgramData\HP
2008-07-06 15:13 --------- d-----w C:\ProgramData\WEBREG
2008-07-06 15:10 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-07-06 15:10 --------- d-----w C:\Program Files\HP
2008-07-06 15:10 --------- d-----w C:\Program Files\Common Files\HP
2008-07-06 15:08 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-06 15:08 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-07-06 15:00 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-06-27 10:06 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-06-27 10:06 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-27 01:26 39472 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FiveThat"="C:\ProgramData\messmpegmpeg.ivbyf" [X]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-27 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"DjSkoT1lra"="C:\ProgramData\fqhclwta\jkxmnilw.exe" [2008-08-28 73728]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ChkProc"="C:\ProgramData\ChkProc\hatgredg.exe" [2008-09-02 81920]
"shstr"="C:\ProgramData\shstr\xijizste.exe" [2008-09-04 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-02-14 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-02-14 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-27 523312]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"AliceRV_McciTrayApp"="C:\Program Files\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-08-15 118784]
StupAssist.lnk - C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe [2008-08-15 31744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rect corn size style]
C:\ProgramData\bleh rect seek.oy63o [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
--a------ 2008-02-25 18:57 34040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-05-11 02:46 200069 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-01 08:10 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35231020-9A84-4A5B-A38F-A08085E74F0A}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8ECF1DFD-54F0-47C8-A63D-2BAF3DBF2C04}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{91AA76E2-621F-4FAD-B445-875BB571F627}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{A0045052-62F3-4D2F-A4A1-C91893026072}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{5693E81E-B138-4A7A-8000-AC9E7A5A73DC}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{4468DF18-54C1-4F98-A685-A1F57BD1D1B6}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{D4AC761A-5E28-4C06-BD84-A06D0E6F585C}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{4CBFA36D-4833-473A-B932-04073C5DF553}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{0E76ADA1-7092-43D0-8B04-758576C5AB4B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{87B44FEB-AB15-4BF9-93FD-75FF9B1C9C06}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{34BC6C0B-8563-482F-9A3D-20AF105FDD44}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9121E19-FEC6-47EF-8AB3-4EBBC45299F0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FED3614C-EFF0-482E-97A9-C29FADDFEAA9}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{AB8ED860-E1B5-420C-8941-E2178F89636A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{9C041D29-2098-47EF-A01C-608D26B80808}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{0CB7B0FE-0640-4152-AF87-839A3CE6C933}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{F06DED21-C4BF-4C3A-88EF-D7E77A128A76}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{D0BB0099-9E12-48F7-B30D-678AEB325EF4}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AABCD62C-EEC9-4114-8C90-40A1829DA5C2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E413CB1-3963-422F-863B-9FD090D12068}"= C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{2BE86962-1FC0-4359-8684-8AD725CB75E2}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7CECEE54-0CA1-4349-9C1D-A8EB12175E49}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{807649C2-F48D-4109-9E8E-6B2869E3B109}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{31D18DF4-9882-4611-A562-FC805521B284}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F186FE74-903A-4677-9039-B42E33093A39}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{593298C8-BF53-46AD-9693-EE2950344602}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{99D7AF1E-1895-479A-9E75-6B4C54460742}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6c2600-5578-11dd-a430-00173fb38c20}]
\shell\AutoRun\command - K:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÇOS REMOVIDOS - - - -

HKCU-Run-InfoSrvCom - C:\ProgramData\InfoSrvCom\tefkhwhi.exe
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-BearShare - C:\Program Files\BearShare\BearShare.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKLM-Main,Start Page = hxxp://it.intl.acer.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {4819DFDF-ABC4-488C-A323-919848C51175} - C:\Windows\Downloaded Program Files\rineraproxy.inf

- hxxp://portal3.rinera.com/download/RineraProxy-1.4.cab
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 15:20:51
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execu‡Æo ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-05 15:28:40 - machine was rebooted [marcomichi]
ComboFix-quarantined-files.txt 2008-09-05 13:28:14

Pre-Run: 63,800,557,568 byte disponibili
Post-Run: 65,965,162,496 byte disponibili

414 --- E O F --- 2008-09-05 05:28:09
desdemonia
Utente Junior
 
Post: 15
Iscritto il: 05/09/08 14:31

Re: aiuto non ne posso più!!

Postdi Luke57 » 05/09/08 19:03

@Desdemonia
Ciao, dal blocco note di windows, apri un file di testo. copia e incolla il seguente script nel file:

Codice: Seleziona tutto
Folder::
C:\Users\All Users\fqhclwta
C:\ProgramData\fqhclwta
C:\ProgramData\shstr
C:\Users\All Users\shstr
C:\ProgramData\ChkProc
C:\Users\All Users\ChkProc

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shstr"=-
ChkProc"=-
"DjSkoT1lra"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6c2600-5578-11dd-a430-00173fb38c20}]



salva il file di testo, chiamandolo obbligatoriamente CFScript.txt , nella stessa direzione di combofix, trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione e riavvio del computer. Allega nuovo report se prodotto.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto non ne posso più!!

Postdi desdemonia » 05/09/08 20:00

ecco il risultato.....io ho già scaricato malware...fammi sapere...
e GRAZIE!!! ;)




ComboFix 08-09-04.09 - marcomichi 2008-09-05 20.38.58.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1691 [GMT 2:00]
Eseguito da: C:\Users\marcomichi\Desktop\ComboFix.exe
Command switches used :: C:\Users\marcomichi\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\ChkProc
C:\ProgramData\ChkProc\hatgredg.exe
C:\ProgramData\fqhclwta
C:\ProgramData\fqhclwta\jkxmnilw.exe
C:\ProgramData\shstr
C:\ProgramData\shstr\xijizste.exe
C:\Users\All Users\ChkProc
C:\Users\All Users\ChkProc\hatgredg.exe
C:\Users\All Users\fqhclwta
C:\Users\All Users\fqhclwta\jkxmnilw.exe
C:\Users\All Users\shstr
C:\Users\All Users\shstr\xijizste.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-08-05 al 2008-09-05 )))))))))))))))))))))))))))))))))))
.

2008-09-05 18:43 . 2008-09-05 18:43 <DIR> d-------- C:\Users\All Users\InfoMnt
2008-09-05 18:43 . 2008-09-05 18:43 <DIR> d-------- C:\ProgramData\InfoMnt
2008-09-05 17:24 . 2008-09-05 17:24 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-05 17:24 . 2008-09-05 17:24 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-05 16:51 . 2008-09-05 16:51 <DIR> d-------- C:\Program Files\BitDefender
2008-09-05 16:50 . 2008-09-05 18:39 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 13:39 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-05 13:39 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-05 12:04 . 2008-09-05 12:04 <DIR> d-------- C:\Users\marcomichi\DoctorWeb
2008-09-05 07:19 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-05 07:19 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-05 07:19 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-05 07:19 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-05 07:19 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-05 07:19 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-05 07:18 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-05 07:18 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-05 07:18 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-04 18:56 . 2008-09-04 18:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 18:56 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-04 12:32 . 2008-09-04 12:32 <DIR> d-------- C:\Users\All Users\AplSh
2008-09-04 12:32 . 2008-09-04 12:32 <DIR> d-------- C:\ProgramData\AplSh
2008-09-04 10:55 . 2008-09-04 10:55 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-04 10:54 . 2008-09-04 10:54 <DIR> d-------- C:\Program Files\iPod
2008-09-04 10:52 . 2008-09-04 10:52 <DIR> d-------- C:\Program Files\Bonjour
2008-09-04 09:58 . 2008-09-04 09:58 <DIR> d-------- C:\Users\All Users\SysChk
2008-09-04 09:58 . 2008-09-04 09:58 <DIR> d-------- C:\ProgramData\SysChk
2008-09-03 15:30 . 2008-09-03 15:32 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-03 15:30 . 2008-09-03 15:32 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-03 14:00 . 2008-09-03 14:00 <DIR> d-------- C:\Program Files\CleanUp!
2008-09-03 09:28 . 2008-09-03 09:28 <DIR> d-------- C:\Users\All Users\MsgWin
2008-09-03 09:28 . 2008-09-03 09:28 <DIR> d-------- C:\ProgramData\MsgWin
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\Users\All Users\webgen
2008-09-02 15:37 . 2008-09-02 15:37 <DIR> d-------- C:\ProgramData\webgen
2008-09-02 12:00 . 2008-09-05 13:19 1,524 --a------ C:\Windows\wininit.ini
2008-09-02 11:19 . 2008-09-02 15:38 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-02 11:19 . 2008-09-02 15:38 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-02 11:19 . 2008-09-02 15:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-02 10:33 . 2008-09-02 10:33 <DIR> d-------- C:\Users\All Users\hlpstr
2008-09-02 10:33 . 2008-09-02 10:33 <DIR> d-------- C:\ProgramData\hlpstr
2008-09-02 07:18 . 2008-09-02 07:18 <DIR> d-------- C:\Users\All Users\InfoEn
2008-09-02 07:18 . 2008-09-02 07:18 <DIR> d-------- C:\ProgramData\InfoEn
2008-09-01 10:12 . 2008-09-01 10:12 <DIR> d-------- C:\Users\All Users\ActSmart
2008-09-01 10:12 . 2008-09-01 10:12 <DIR> d-------- C:\ProgramData\ActSmart
2008-09-01 07:18 . 2008-09-01 07:18 <DIR> d-------- C:\Users\All Users\SrvApi
2008-09-01 07:18 . 2008-09-01 07:18 <DIR> d-------- C:\ProgramData\SrvApi
2008-08-29 10:56 . 2008-08-29 10:56 <DIR> d-------- C:\Users\All Users\srvappgen
2008-08-29 10:56 . 2008-08-29 10:56 <DIR> d-------- C:\ProgramData\srvappgen
2008-08-28 12:45 . 2008-08-28 14:01 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-08-28 10:26 . 2008-08-28 10:26 <DIR> d-------- C:\Windows\System32\Rinera
2008-08-28 09:09 . 2008-08-28 09:09 <DIR> d-------- C:\Users\All Users\CfgEnMsg
2008-08-28 09:09 . 2008-08-28 09:09 <DIR> d-------- C:\ProgramData\CfgEnMsg
2008-08-28 07:44 . 2008-09-04 09:58 <DIR> d-------- C:\Users\All Users\InfoSrvCom
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\Users\All Users\endb
2008-08-28 07:44 . 2008-09-04 09:58 <DIR> d-------- C:\ProgramData\InfoSrvCom
2008-08-28 07:44 . 2008-08-28 07:44 <DIR> d-------- C:\ProgramData\endb
2008-08-28 07:43 . 2008-08-28 07:43 <DIR> d-------- C:\Users\All Users\enprocsmart
2008-08-28 07:43 . 2008-08-28 07:43 <DIR> d-------- C:\ProgramData\enprocsmart
2008-08-27 07:49 . 2008-08-27 07:49 0 --a------ C:\Users\marcomichi\AppData\Roaming\wklnhst.dat
2008-08-26 13:54 . 2008-08-26 13:54 <DIR> d-------- C:\Users\All Users\TERMINAL Studio
2008-08-26 13:54 . 2008-08-26 13:54 <DIR> d-------- C:\ProgramData\TERMINAL Studio
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\Users\All Users\MumboJumbo
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\ProgramData\MumboJumbo
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\Users\All Users\EarMaster
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\ProgramData\EarMaster
2008-08-20 14:25 . 2008-08-20 14:25 <DIR> d-------- C:\Program Files\EarMaster School 5
2008-08-20 11:48 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-19 23:39 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-19 23:39 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-19 23:39 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-19 23:39 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-19 23:39 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-15 14:52 . 2008-08-15 14:52 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Nikon
2008-08-15 14:52 . 2004-09-27 20:49 2,813,952 --a------ C:\Windows\System32\NkNEFPlugin.dll
2008-08-15 14:52 . 2004-06-21 14:08 495,616 -ra------ C:\Windows\System32\DRAGNKL1.dll
2008-08-15 14:52 . 2004-08-03 21:47 180,224 -ra------ C:\Windows\System32\picn1120.dll
2008-08-15 14:52 . 2004-07-20 09:45 176,128 -ra------ C:\Windows\System32\Strato4.dll
2008-08-15 14:52 . 2004-08-03 21:47 155,648 -ra------ C:\Windows\System32\picn1020.dll
2008-08-15 14:52 . 2004-07-12 09:59 110,592 -ra------ C:\Windows\System32\RCSigProc.dll
2008-08-15 14:52 . 2004-06-21 14:27 54,784 -ra------ C:\Windows\System32\RedEye.dll
2008-08-15 14:52 . 2004-08-03 21:47 48,128 -ra------ C:\Windows\System32\picn20.dll
2008-08-15 14:51 . 2008-08-15 14:51 <DIR> d-------- C:\Users\All Users\QuickTime
2008-08-15 14:51 . 2008-08-15 14:51 <DIR> d-------- C:\ProgramData\QuickTime
2008-08-15 14:51 . 2008-08-15 14:52 <DIR> d-------- C:\Program Files\Nikon
2008-08-15 14:50 . 2008-08-15 14:50 <DIR> d-------- C:\Program Files\ArcSoft
2008-08-15 14:50 . 1995-08-01 04:44 212,480 --------- C:\Windows\PCDLIB32.DLL
2008-08-15 14:49 . 2008-08-15 14:52 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\PACE Anti-Piracy
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\Users\All Users\PACE Anti-Piracy
2008-08-09 14:29 . 2008-08-09 14:29 <DIR> d-------- C:\ProgramData\PACE Anti-Piracy
2008-08-08 19:30 . 2008-08-08 19:33 <DIR> d-------- C:\Program Files\Waves
2008-08-08 19:13 . 2008-08-08 19:23 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-08-07 18:27 . 2008-09-01 13:56 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-08-06 22:19 . 2008-08-06 22:19 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Acoustica
2008-08-06 21:27 . 2008-08-06 21:27 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-08-06 21:27 . 2007-08-07 11:32 57,344 --a------ C:\Windows\System32\Wnaspint.dll
2008-08-06 21:19 . 2008-08-06 21:19 <DIR> d-------- C:\Users\All Users\Acoustica
2008-08-06 21:19 . 2008-08-06 21:19 <DIR> d-------- C:\ProgramData\Acoustica
2008-08-06 21:19 . 2008-08-06 22:19 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-08-06 16:31 . 2008-08-20 18:56 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Audacity
2008-08-06 16:31 . 2008-08-06 16:31 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-08-06 11:31 . 2008-08-06 11:31 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-08-05 19:59 . 2008-08-05 19:59 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Sonic Foundry
2008-08-05 19:50 . 2008-08-05 19:50 <DIR> d-------- C:\Users\All Users\Sony
2008-08-05 19:50 . 2008-08-05 19:50 <DIR> d-------- C:\ProgramData\Sony
2008-08-05 19:49 . 2008-08-05 19:50 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Sony
2008-08-05 19:49 . 2008-08-05 19:49 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\Publish Providers
2008-08-05 19:49 . 2008-08-05 19:49 <DIR> d-------- C:\Users\marcomichi\AppData\Roaming\NetMedia Providers
2008-08-05 19:45 . 2002-12-17 16:23 33,340 --------- C:\Windows\System32\dbmsqlgc.dll
2008-08-05 19:45 . 2002-10-20 14:05 24,576 --------- C:\Windows\System32\dbmsgnet.dll
2008-08-05 19:45 . 2008-08-05 19:45 20,480 --a------ C:\Windows\System32\cliconfg.728
2008-08-05 19:36 . 2008-08-06 19:05 <DIR> d-------- C:\Program Files\Sony
2008-08-05 19:34 . 2008-08-05 19:34 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-08-05 18:43 . 2008-08-05 18:43 <DIR> d-------- C:\Program Files\Sonic Foundry
2008-08-05 11:47 . 2008-08-05 11:48 229,619,811 --a------ C:\Windows\MEMORY.DMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 15:20 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-04 08:54 --------- d-----w C:\Program Files\iTunes
2008-09-04 08:53 --------- d-----w C:\ProgramData\Apple Computer
2008-09-04 06:06 --------- d-----w C:\Users\marcomichi\AppData\Roaming\skypePM
2008-09-04 05:51 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Skype
2008-08-31 08:00 --------- d-----w C:\Program Files\McAfee
2008-08-28 09:24 --------- d---a-w C:\ProgramData\TEMP
2008-08-28 09:22 --------- d-----w C:\Program Files\Acer GameZone
2008-08-20 11:25 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 15:46 --------- d-----w C:\Users\marcomichi\AppData\Roaming\SiteAdvisor
2008-08-15 12:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 21:55 --------- d-----w C:\Users\marcomichi\AppData\Roaming\LimeWire
2008-08-06 09:50 --------- d-----w C:\Program Files\Steinberg
2008-08-04 21:37 --------- d-----w C:\Program Files\Sony Setup
2008-08-04 21:12 --------- d-----w C:\ProgramData\Ref city new
2008-08-04 08:58 --------- d-----w C:\Program Files\directx
2008-08-03 16:07 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Steinberg
2008-08-03 16:01 --------- d-----w C:\Program Files\Syncrosoft
2008-08-01 06:10 --------- d-----w C:\Program Files\Real
2008-08-01 06:10 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-01 06:10 --------- d-----w C:\Program Files\Common Files\Real
2008-07-31 10:01 --------- d-----w C:\ProgramData\Arcade Lab
2008-07-31 09:52 --------- d-----w C:\ProgramData\Sandlot Games
2008-07-31 08:52 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Big Fish Games
2008-07-31 08:13 --------- d-----w C:\ProgramData\JollyBear
2008-07-30 14:59 --------- d-----w C:\Users\marcomichi\AppData\Roaming\PlayFirst
2008-07-30 14:59 --------- d-----w C:\ProgramData\PlayFirst
2008-07-30 14:11 --------- d-----w C:\ProgramData\Oberon Games
2008-07-30 14:05 --------- d-----w C:\ProgramData\SpinTop Games
2008-07-30 12:05 --------- d-----w C:\Users\marcomichi\AppData\Roaming\iWin
2008-07-30 11:57 --------- d-----w C:\ProgramData\InterAction studios
2008-07-30 08:57 --------- d-----w C:\Users\marcomichi\AppData\Roaming\FloodLightGames
2008-07-30 08:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 15:50 --------- d-----w C:\ProgramData\Bags loud rect corn
2008-07-28 10:27 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-07-25 09:22 --------- d-----w C:\Program Files\Sun
2008-07-25 09:22 --------- d-----w C:\Program Files\Java
2008-07-21 13:38 --------- d-----w C:\Program Files\Common Files\Java
2008-07-21 05:39 --------- d-----w C:\ProgramData\eSobi
2008-07-19 10:26 --------- d-----w C:\Program Files\Ubisoft
2008-07-19 09:55 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-07-19 09:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-19 09:52 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-18 18:38 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-14 17:31 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Image Zone Express
2008-07-13 09:45 --------- d-----w C:\Program Files\Cakewalk
2008-07-13 09:18 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Cakewalk
2008-07-13 09:16 118,784 ----a-w C:\Windows\dsdxirmv.exe
2008-07-13 09:15 --------- d-----w C:\Users\marcomichi\AppData\Roaming\DivX
2008-07-12 14:55 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-12 13:42 --------- d-----w C:\Users\marcomichi\AppData\Roaming\DAEMON Tools
2008-07-06 15:16 --------- d-----w C:\Users\marcomichi\AppData\Roaming\Printer Info Cache
2008-07-06 15:16 --------- d-----w C:\Users\marcomichi\AppData\Roaming\HP
2008-07-06 15:16 --------- d-----w C:\ProgramData\HP
2008-07-06 15:13 --------- d-----w C:\ProgramData\WEBREG
2008-07-06 15:10 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-07-06 15:10 --------- d-----w C:\Program Files\HP
2008-07-06 15:10 --------- d-----w C:\Program Files\Common Files\HP
2008-07-06 15:08 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-06 15:08 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-07-06 15:00 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-06-27 10:06 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-06-27 10:06 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-09-05_15.24.21.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-18 23:45:30 781,104 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-09-05 15:19:02 783,744 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2008-09-04 08:52:08 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-09-05 14:52:59 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-09-04 08:52:08 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-09-05 14:52:59 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-09-04 08:52:08 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-09-05 14:52:59 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2006-10-27 13:00:12 1,751,904 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 13:00:10 576,376 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 13:00:06 47,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 13:00:08 191,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 18:13:34 338,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 18:13:44 629,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 18:13:28 207,736 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 18:13:32 279,352 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 18:13:12 15,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 13:00:06 387,960 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 18:13:38 392,048 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 18:13:30 260,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 18:13:32 289,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 18:13:20 56,120 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 18:13:38 551,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 18:13:30 224,104 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-26 18:13:34 371,568 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 13:41:04 399,640 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 17:59:24 205,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 18:12:52 189,760 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 17:48:14 434,528 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 12:10:08 1,190,688 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 12:04:58 75,576 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-26 17:21:24 1,682,232 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 13:09:36 983,376 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 18:02:12 2,526,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 18:12:52 173,328 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 13:10:10 5,281,592 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 17:55:10 828,704 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 11:58:14 117,552 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 12:59:06 161,080 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 17:48:12 14,664 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 18:12:58 428,816 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 19:13:36 26,936 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 18:00:08 6,635,320 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 11:56:36 436,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 17:50:04 672,024 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 11:56:40 505,136 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 17:55:12 832,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 17:55:06 538,904 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 18:12:30 65,824 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 13:14:34 14,151,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 18:06:54 232,816 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 18:14:06 7,033,152 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 13:18:36 1,658,152 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 18:00:08 274,744 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 18:00:12 998,208 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 18:00:10 285,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-26 18:32:42 604,000 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 13:39:36 687,432 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 13:03:04 1,018,664 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-26 18:24:54 98,632 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 18:24:50 72,504 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 18:24:58 1,165,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 13:03:06 6,579,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-26 18:23:00 782,720 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-07-26 16:53:56 459,080 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-26 19:30:44 482,088 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-26 17:52:10 2,012,480 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 12:05:00 77,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-26 19:13:38 38,168 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 12:04:44 19,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 18:13:00 503,624 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 18:06:58 439,600 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 12:57:08 2,330,968 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 12:04:48 29,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 12:05:04 126,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 12:05:02 86,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 12:04:56 58,168 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 12:04:48 27,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 12:04:54 51,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 12:04:44 19,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 12:04:58 76,624 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-09-29 22:42:56 2,583,344 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-26 21:00:12 1,841,984 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-26 20:58:38 3,732,792 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2008-04-18 23:45:30 781,104 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-26 12:05:08 1,181,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 12:05:08 530,760 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
- 2008-04-18 23:43:55 217,864 ----a-r C:\Windows\Installer\{90120000-006E-0410-0000-0000000FF1CE}\misc.exe
+ 2008-09-05 15:20:17 217,864 ----a-r C:\Windows\Installer\{90120000-006E-0410-0000-0000000FF1CE}\misc.exe
- 2008-08-20 09:49:15 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-09-05 15:19:27 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-08-20 09:49:15 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-09-05 15:19:26 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-08-20 09:49:15 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-09-05 15:19:27 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-20 09:49:15 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-05 15:19:27 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-08-20 09:49:15 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-09-05 15:19:27 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-08-20 09:49:15 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-09-05 15:19:27 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-08-20 09:49:15 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-09-05 15:19:27 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-08-20 09:49:15 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-09-05 15:19:26 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-09-05 13:20:17 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-05 18:50:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-05 18:50:24 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-05 13:20:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-05 18:50:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-05 18:50:23 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2007-04-11 09:11:20 511,328 ----a-w C:\Windows\System32\capicom.dll
- 2008-09-05 13:20:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-05 18:50:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-05 13:20:24 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-05 18:50:36 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-05 13:20:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-05 18:50:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-14 16:54:44 102,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\netsf.inf_b4286468\bdfndisf.sys
- 2006-10-26 12:10:08 1,190,688 ----a-w C:\Windows\System32\FM20.DLL
+ 2007-08-22 23:03:38 1,195,888 ----a-w C:\Windows\System32\FM20.DLL
- 2002-01-06 04:48:16 974,848 ----a-w C:\Windows\System32\mfc70.dll
+ 2002-01-05 01:48:16 974,848 ----a-w C:\Windows\System32\mfc70.dll
+ 2002-01-05 01:36:38 964,608 ----a-w C:\Windows\System32\mfc70u.dll
- 2005-09-14 08:00:00 1,060,864 ----a-w C:\Windows\System32\MFC71.dll
+ 2003-03-18 19:20:00 1,060,864 ----a-w C:\Windows\System32\mfc71.dll
- 2005-09-14 08:00:00 1,047,552 ----a-w C:\Windows\System32\MFC71u.dll
+ 2003-03-18 19:12:12 1,047,552 ----a-w C:\Windows\System32\mfc71u.dll
+ 2002-01-05 01:38:38 54,784 ----a-w C:\Windows\System32\msvci70.dll
- 2005-06-04 07:08:46 487,424 ----a-w C:\Windows\System32\msvcp70.dll
+ 2002-01-05 01:40:20 487,424 ----a-w C:\Windows\System32\msvcp70.dll
- 2004-07-12 00:10:00 499,712 ----a-w C:\Windows\System32\msvcp71.dll
+ 2003-03-18 18:14:52 499,712 ----a-w C:\Windows\System32\msvcp71.dll
- 2005-06-04 07:08:40 344,064 ----a-w C:\Windows\System32\msvcr70.dll
+ 2002-01-05 00:37:28 344,064 ----a-w C:\Windows\System32\msvcr70.dll
- 2004-07-12 00:04:00 348,160 ----a-w C:\Windows\System32\msvcr71.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\Windows\System32\msvcr71.dll
- 2008-09-05 10:24:58 112,762 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-05 16:47:33 112,762 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-05 10:24:58 132,852 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-09-05 16:47:34 132,852 ----a-w C:\Windows\System32\perfc010.dat
- 2008-09-05 10:24:58 613,578 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-05 16:47:34 613,578 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-05 10:24:59 690,662 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-09-05 16:47:34 690,662 ----a-w C:\Windows\System32\perfh010.dat
- 2008-09-05 08:09:53 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-05 15:21:33 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-09-05 10:21:13 7,246 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2066312072-2244485012-556477551-1000_UserData.bin
+ 2008-09-05 16:43:52 7,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2066312072-2244485012-556477551-1000_UserData.bin
- 2008-09-05 10:21:12 76,792 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-05 16:43:50 77,808 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-05 10:21:09 64,006 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-05 18:51:41 65,556 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-27 01:26 39472 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FiveThat"="C:\ProgramData\messmpegmpeg.ivbyf" [X]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-27 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"InfoSrvCom"="C:\ProgramData\InfoSrvCom\tefkhwhi.exe" [BU]
"InfoMnt"="C:\ProgramData\InfoMnt\uzqpcbyz.exe" [2008-09-05 94208]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD1689"="del" [X]
"SpybotDeletingB8205"="command" [X]
"SpybotDeletingB6139"="command" [X]
"SpybotDeletingD392"="del" [X]
"SpybotDeletingD2339"="del" [X]
"SpybotDeletingB7633"="command" [X]
"SpybotDeletingD9752"="del" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-02-14 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-02-14 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-27 523312]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"AliceRV_McciTrayApp"="C:\Program Files\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-08-15 118784]
StupAssist.lnk - C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe [2008-08-15 31744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rect corn size style]
C:\ProgramData\bleh rect seek.oy63o [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
--a------ 2008-02-25 18:57 34040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-05-11 02:46 200069 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-01 08:10 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35231020-9A84-4A5B-A38F-A08085E74F0A}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8ECF1DFD-54F0-47C8-A63D-2BAF3DBF2C04}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{91AA76E2-621F-4FAD-B445-875BB571F627}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{A0045052-62F3-4D2F-A4A1-C91893026072}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{5693E81E-B138-4A7A-8000-AC9E7A5A73DC}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{4468DF18-54C1-4F98-A685-A1F57BD1D1B6}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{D4AC761A-5E28-4C06-BD84-A06D0E6F585C}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{4CBFA36D-4833-473A-B932-04073C5DF553}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{0E76ADA1-7092-43D0-8B04-758576C5AB4B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{87B44FEB-AB15-4BF9-93FD-75FF9B1C9C06}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{34BC6C0B-8563-482F-9A3D-20AF105FDD44}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9121E19-FEC6-47EF-8AB3-4EBBC45299F0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FED3614C-EFF0-482E-97A9-C29FADDFEAA9}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{AB8ED860-E1B5-420C-8941-E2178F89636A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{9C041D29-2098-47EF-A01C-608D26B80808}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{0CB7B0FE-0640-4152-AF87-839A3CE6C933}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{F06DED21-C4BF-4C3A-88EF-D7E77A128A76}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{D0BB0099-9E12-48F7-B30D-678AEB325EF4}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AABCD62C-EEC9-4114-8C90-40A1829DA5C2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E413CB1-3963-422F-863B-9FD090D12068}"= C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{2BE86962-1FC0-4359-8684-8AD725CB75E2}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7CECEE54-0CA1-4349-9C1D-A8EB12175E49}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{807649C2-F48D-4109-9E8E-6B2869E3B109}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{31D18DF4-9882-4611-A562-FC805521B284}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F186FE74-903A-4677-9039-B42E33093A39}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{593298C8-BF53-46AD-9693-EE2950344602}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{99D7AF1E-1895-479A-9E75-6B4C54460742}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÇOS REMOVIDOS - - - -

HKCU-Run-ChkProc - C:\ProgramData\ChkProc\hatgredg.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 20:50:36
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execu‡Æo ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-05 20:58:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 18:57:51
ComboFix2.txt 2008-09-05 13:28:47

Pre-Run: 65,919,094,784 byte disponibili
Post-Run: 65,363,542,016 byte disponibili

568 --- E O F --- 2008-09-05 15:21:06
desdemonia
Utente Junior
 
Post: 15
Iscritto il: 05/09/08 14:31

Re: aiuto non ne posso più!!

Postdi Luke57 » 05/09/08 21:52

Ciao, c'è qualcosa chnon va perchè si formano nuove infezioni.

1) fai uno scan con malwarebytes, dopo averlo aggiornato, eliminando ciò che trova
2)scarica cureit da qui
http://www.freedrweb.com/cureit/
fai una scansione completa del sistema, eliminando ciò che trova
3) riesegui combofix e posta il suo report (anzi, allegalo a un post)
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "aiuto non ne posso più!!":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3
aiuto x mobili
Autore: MarioLombardi
Forum: Forum off-topic
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 38 ospiti