www.MegaLab.it

da **spike_20** » mer feb 25, 2009 6:50 pm

Il malware "Fraud.XpAntivirus" ha infettato il mio pc!!

Ho già tentato di fare una scansione con l'antivirus "NOD32" installato sul pc, ma non me la fa avviare!!
Ho quindi installato un antispyware, "Spybot search and destroy" e provveduto alla scansione, terminata la quale, il log riportava il nome di quel malware, appunto. Ho provato a cancellarlo ma invano!!

Ho poi tentato una scansione in modalità provvisoria e successiva disinfezione, ma con esito sempre negativo!!

Ho poi avviato una scansione con "gmer", che, a un certo punto, si blocca, inspiegabilmente!!

Per ultimo ho eseguito uno script con "the avenger", che non è riuscito a trovare le chiavi di registro infette da rimuovere, secondo quanto riportato dal log, a fine processo!!

Inoltre ho notato che il malware, di sovente, provoca oscuramento a video e blocco del sistema, costringendomi a resettare e riavviare windows!!

Come posso fare per debellare questo insidioso malware??

Le ho provate tutte, aiutatemi!!

da **spike_20** » mer feb 25, 2009 6:54 pm

p.s.: dimenticavo che la connessione a internet è stata disabilitata a causa del malware, quindi non posso nessure fare una scansione online con "Kaspersky"!!

da **Amantide** » mer feb 25, 2009 6:58 pm

Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

da **spike_20** » mer feb 25, 2009 9:25 pm

ciao e grazie di aver risposto!

Ho provato ad avviare "combofix" come mi hai suggerito, ma a un certo punto compare a video un messaggio di rilevamento dell'antivirus "NOD32" secondo cui è consigliato disattivarlo per non correre dei seri rischi. Il problema è che a causa del malware contratto ("fraud.xpantivirus"), non è possibile aver accesso al control panel di "NOD32" ivi disattivarlo!! (il kernel sembra corrotto!!)

Come posso procedere allora senza compromettere il corretto funzionamento del sistema?

da **Scarecrow** » mer feb 25, 2009 9:41 pm

spike_20 ha scritto:Come posso procedere allora senza compromettere il corretto funzionamento del sistema?

La modalità provvisoria funziona?

da **spike_20** » mer feb 25, 2009 10:37 pm

si scarecrow, la modalità provvisoria funziona, ma ho gia fatto delle scansioni con "malwarebytes anti-malware", e ho cancellato tutti i file e le chiavi di registro infette, ma il malware "fraud.xpantivirus" c'è ancora, visto che internet explorer non funziona e non mi posso collegare a internet!! Uff cosa posso fare per debellare il potente virus??

da **Amantide** » mer feb 25, 2009 10:47 pm

Prova ad effettuare la scansione con Combofix dalla modalità ptovvisoria.

da **spike_20** » mer feb 25, 2009 11:12 pm

Amantide ci ho già provato anche dalla modalità provvisoria ma mi dice sempre che "combofix" entra in conflitto con antivirus attivi, e non posso disattivarlo visto il kernel del "nod32" è corrotto!!

Come procedo quindi?

da **Amantide** » gio feb 26, 2009 12:28 am

Scarica RSIT, esegui la scansione e posta qui il contenuto dei log log.txt e info.txt che troverai in C:\rsit usando il tag LOG.

da **spike_20** » gio feb 26, 2009 1:10 am

Amantide ti posto qui di seguito i due log di scansione risultati da "MSIT" come mi hai chiesto:

Esito info file:

info.txt logfile of random's system information tool 1.05 2009-02-26 01:02:18

======Uninstall list======

-->

C:\Programmi\InstallShield Installation Information\{BE6A35A2-A8A7-4A11-A6E7-7E014D0CEEC1}\Setup.exe
-->

C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->

RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x10 -removeonly
-->

RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3BB529C7-855D-11D7-8444-0050BA1D384D}\setup.exe" -l0x10
-->

rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A90000000001}
Aggiornamento della protezione per Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Allok MP3 to AMR Converter 2.6.2-->"C:\Programmi\Allok MP3 to AMR Converter\unins000.exe"
Application Suite-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E725A4F9-7E13-4CBC-B23A-07EC221FE8C7}\Setup.exe" -l0x10
Ashampoo Burning Studio 8.02-->"C:\Programmi\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
Assistente per l'accesso a Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
AudioConvert-->C:\PROGRA~1\AUDIOC~1\UNWISE.EXE C:\PROGRA~1\AUDIOC~1\INSTALL.LOG
AVI WMV MPEG Converter-->C:\PROGRA~1\AVIWMV~1\UNWISE.EXE C:\PROGRA~1\AVIWMV~1\INSTALL.LOG
AVS DVD Player version 2.4-->"C:\Programmi\AVS4YOU\AVSDVDPlayer\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Programmi\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Canon MF Toolbox 4.9.1.1.mf05-->MsiExec.exe /X{943D534F-B17D-4D52-9AC4-AE8DE38D3BF4}
Canon Serie MF4010-->"C:\WINDOWS\system32\CanonMF Uninstaller Information\{900A29A0-52BA-4a78-8E6C-5F4F821397CE}\misc\DelDrv.exe" /U:{900A29A0-52BA-4a78-8E6C-5F4F821397CE} /L0x0000
CCleaner (remove only)-->"C:\Programmi\CCleaner\uninst.exe"
ConvertXtoDVD 3.0.0.7-->"C:\Programmi\VSO\ConvertX\3\unins000.exe"
Crack for Jaws 7.10 By Lupocattivo-->"C:\Programmi\Crack for Jaws 7.10 By Lupocattivo\uninstall.exe"
Data Access Objects (DAO) 3.0-->C:\WINDOWS\UNINST.EXE -fC:\WINDOWS\Msapps\Dao\DeIsL1.isu
Driver Magician 3.32-->"C:\Programmi\Driver Magician\unins000.exe"
DVD Photo Slideshow Pro 6.70-->C:\Programmi\DVD Photo Slideshow Professional\uninst.exe
DVDFab Platinum 3.1.3.2-->"C:\Programmi\DVDFab Platinum 3\unins000.exe"
E-->C
eMule-->"C:\Programmi\eMule\Uninstall.exe"
Expert System Point&Go Platform-->"C:\Programmi\File comuni\Expert System\PGPlatform\unins000.exe"
FairUse Wizard-->C:\WINDOWS\iun6002.exe "C:\Programmi\FairUse Wizard\uninst.ini"
FlipAlbum 6.0 Pro-->MsiExec.exe /X{D09A4E8E-1989-4021-A78A-49D3BF4D0C09}
Freedom Scientific Braille-->MsiExec.exe /I{F2C54BFA-F1F0-4AE7-B447-67D2D08D6482}
GoldWave v5.08-->"C:\Programmi\GoldWave\unstall.exe" "GoldWave v5.08" "C:\Programmi\GoldWave\unstall.log"
Google Desktop-->C:\Programmi\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
IBM ViaVoice Outloud Runtime - Italiano-->C:\WINDOWS\IsUn0410.exe -f"C:\Programmi\ViaVoice Outloud\DeIsL1.isu"
Il tuo calendario personalizzato impianto-->C:\PROGRA~1\CMaker\UNWISE.EXE C:\PROGRA~1\CMaker\INSTALL.LOG
Installazione vocale 8.0 di Freedom Scientific-->MsiExec.exe /X{72BA5188-DF38-48DD-BB7D-C7D778890124}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Programmi\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA-->MsiExec.exe /I{842F9881-E181-30B3-A152-008D61433274}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA-->MsiExec.exe /I{86BA3130-5938-3192-BBCF-6B0A2D86FA58}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ita\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - ita-->MsiExec.exe /I{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programmi\File comuni\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyAlbum version 2.1-->C:\Programmi\MyAlbum\unins000.exe
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NOD32 FiX v2.1-->"C:\Programmi\Eset\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Nseries Skin for Microsoft Windows Media Player-->MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}
Nokia PC Suite-->C:\Documents and Settings\All Users\Dati applicazioni\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ita_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{BCCB055C-7F64-4B13-90F5-078DE693EE00}
Pacchetto driver Windows - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Pacchetto driver Windows - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Pacchetto driver Windows - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PE Builder 3.1.10a-->"c:\pebuilder3110a\unins000.exe"
PhotoDVD 2.9.6.1c-->"C:\Programmi\vso\PhotoDVD\unins000.exe"
Picasa 2-->"C:\Programmi\Picasa2\Uninstall.exe"
Presto! Digital Converter-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{EEFD47F3-3122-4A9C-8FFA-199F624378C6}\setup.exe" -l0x10 -removeonly
Presto! PageManager 7.15.14-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x10 anything -removeonly
Presto! VideoWorks 6-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}\setup.exe" -l0x10 anything -removeonly
Revo Uninstaller 1.80-->C:\Programmi\VS Revo Group\Revo Uninstaller\uninst.exe
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel System Driver-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
Serif PagePlus 8.0-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BDC83FD3-1A0F-46FB-8852-5E9A94294143}\Setup.exe"
Sistema Antivirus NOD32-->C:\Programmi\Eset\Setup\setup.exe /UNINSTALL
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Programmi\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Programmi\Spyware Doctor\unins000.exe /LOG
Unlocker 1.8.5-->C:\Programmi\Unlocker\uninst.exe
vanBasco's Karaoke Player-->C:\Programmi\vanBasco's Karaoke Player\uninst.exe
VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
Video mp3 Extractor-->"C:\Programmi\Video mp3 Extractor\unins000.exe"
VideoLAN VLC media player 0.8.4-test1-->C:\Programmi\VideoLAN\VLC\uninstall.exe
VirtuaGirl HD-->C:\Documents and Settings\Mario1\Menu Avvio\Programmi\VirtuaGirl HD\uninstall.lnk
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programmi\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinGuido-->C:\WINDOWS\ST5UNST.EXE -n "C:\WinGuido\ST5UNST.LOG"
WinRAR gestione archivi-->C:\Programmi\WinRAR\uninstall.exe
Wireless LAN USB2.0 Adapter-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com

======Security center information======

AV: Sistema Antivirus NOD32 2.70

System event log

Computer Name: MARIO
Event Code: 1003
Message: Impossibile rinnovare l'indirizzo del computer dal server DHCP per la scheda di rete con indirizzo 00120E99792E. Si è verificato il seguente errore:
Operazione annullata dall'utente.
.
Il computer tenterà di ottenere un indirizzo dal server DHCP degli indirizzi di rete.

Record Number: 19467
Source Name: Dhcp
Time Written: 20090219150249.000000+060
Event Type: Attenzione
User:

Computer Name: MARIO
Event Code: 4201
Message: Il sistema ha rilevato che la scheda di rete \DEVICE\TCPIP_{00DE4E69-46F8-4881-A54F-746222DE836F} è connessa alla rete,
e ha iniziato le normali operazioni sulla scheda di rete.

Record Number: 19466
Source Name: Tcpip
Time Written: 20090219150249.000000+060
Event Type: Informazione
User:

Computer Name: MARIO
Event Code: 4201
Message: Il sistema ha rilevato che la scheda di rete \DEVICE\TCPIP_{00DE4E69-46F8-4881-A54F-746222DE836F} è connessa alla rete,
e ha iniziato le normali operazioni sulla scheda di rete.

Record Number: 19465
Source Name: Tcpip
Time Written: 20090219150244.000000+060
Event Type: Informazione
User:

Computer Name: MARIO
Event Code: 6005
Message: Il servizio Registro eventi è stato avviato.

Record Number: 19464
Source Name: EventLog
Time Written: 20090219150241.000000+060
Event Type: Informazione
User:

Computer Name: MARIO
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 19463
Source Name: EventLog
Time Written: 20090219150241.000000+060
Event Type: Informazione
User:

Application event log

Computer Name: MARIO
Event Code: 1000
Message: Applicazione che ha provocato l'errore wgserver.exe, versione 1.0.0.0, modulo che ha provocato l'errore msvbvm50.dll, versione 6.0.97.82, indirizzo errore 0x000cc26f.

Record Number: 1465
Source Name: Application Error
Time Written: 20090216092739.000000+060
Event Type: Errore
User:

Computer Name: MARIO
Event Code: 1000
Message: Applicazione che ha provocato l'errore wgserver.exe, versione 1.0.0.0, modulo che ha provocato l'errore msvbvm50.dll, versione 6.0.97.82, indirizzo errore 0x000cc26f.

Record Number: 1464
Source Name: Application Error
Time Written: 20090216092718.000000+060
Event Type: Errore
User:

Computer Name: MARIO
Event Code: 1000
Message: Applicazione che ha provocato l'errore wgserver.exe, versione 1.0.0.0, modulo che ha provocato l'errore msvbvm50.dll, versione 6.0.97.82, indirizzo errore 0x000cc26f.

Record Number: 1463
Source Name: Application Error
Time Written: 20090216092656.000000+060
Event Type: Errore
User:

Computer Name: MARIO
Event Code: 1000
Message: Applicazione che ha provocato l'errore wgserver.exe, versione 1.0.0.0, modulo che ha provocato l'errore msvbvm50.dll, versione 6.0.97.82, indirizzo errore 0x000cc26f.

Record Number: 1462
Source Name: Application Error
Time Written: 20090216092623.000000+060
Event Type: Errore
User:

Computer Name: MARIO
Event Code: 1000
Message: Applicazione che ha provocato l'errore wgserver.exe, versione 1.0.0.0, modulo che ha provocato l'errore msvbvm50.dll, versione 6.0.97.82, indirizzo errore 0x000cc26f.

Record Number: 1461
Source Name: Application Error
Time Written: 20090216092552.000000+060
Event Type: Errore
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programmi\PC Connectivity Solution
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Esito log file:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Mario1 at 2009-02-26 01:02:05
Microsoft Windows XP Professional Service Pack 2
System drive C: has 44 GB (41%) free of 106 GB
Total RAM: 1023 MB (21% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}]
FlpLauncher Class - C:\Programmi\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll [2000-08-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Guida per l'accesso a Windows Live - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll [2008-12-21 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-21 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-21 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll [2008-12-21 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"Malwarebytes' Anti-Malware"=C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"DAEMON Tools Pro Agent"=C:\Programmi\DAEMON Tools Pro\DTProAgent.exe [2008-10-09 200136]
"comidle"= C:\Documents and Settings\Mario1\Dati applicazioni\comidle\comidle.exe 61A847B5BBF72810339E3F466188719AB689201522886B092CBD44BD8689220221DD3257 []
"SpybotSD TeaTimer"=C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 220544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe [2005-09-03 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
C:\WINDOWS\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Programmi\DAEMON Tools Pro\DTProAgent.exe [2008-10-09 200136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework Windows]
frmwrk32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe [2009-02-09 1838592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Programmi\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
C:\Programmi\Eset\nod32kui.exe [2008-07-22 949376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Programmi\Picasa2\PicasaMediaDetector.exe [2007-02-21 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-27 68856]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
Intelligent Wireless Utility.lnk - C:\Programmi\Intelligent\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programmi\Internet Explorer\iexplore.exe"="C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"="C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"="C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE"="C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"="C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"="C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bf6bdff-c5f3-11dd-92a5-00120e99792e}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66395371-86ec-11dd-9239-000ae647947c}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96776a30-f67c-11dd-931a-00120e99792e}]
shell\AutoRun\command - wdsync.exe

======List of files/folders created in the last 1 months======

2009-02-26 01:02:10 ----D---- C:\Programmi\trend micro
2009-02-26 01:02:05 ----D---- C:\rsit
2009-02-26 00:08:32 ----SHD---- C:\Config.Msi
2009-02-25 23:19:33 ----A---- C:\Bug.txt
2009-02-25 23:19:31 ----A---- C:\WINDOWS\system32\cmd.execf
2009-02-25 23:19:20 ----D---- C:\32788R22FWJFW
2009-02-25 21:10:35 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
2009-02-25 20:55:17 ----AD---- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2009-02-25 20:55:06 ----D---- C:\Programmi\File comuni\PC Tools
2009-02-25 20:54:41 ----D---- C:\Programmi\Spyware Doctor
2009-02-25 20:54:41 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\PC Tools
2009-02-25 20:54:41 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\PC Tools
2009-02-25 20:50:18 ----D---- C:\WINDOWS\ERDNT
2009-02-25 20:50:18 ----D---- C:\Qoobox
2009-02-25 19:32:24 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\Malwarebytes
2009-02-25 19:32:15 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2009-02-25 17:56:35 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-25 17:56:35 ----A---- C:\WINDOWS\gmer.ini
2009-02-25 17:56:35 ----A---- C:\WINDOWS\gmer.exe
2009-02-25 17:56:35 ----A---- C:\WINDOWS\gmer.dll
2009-02-25 16:59:24 ----D---- C:\WINDOWS\CSC
2009-02-25 16:59:13 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-25 16:02:24 ----D---- C:\Programmi\Spybot - Search & Destroy
2009-02-25 16:02:24 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-25 15:12:40 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\comidle
2009-02-25 15:12:36 ----D---- C:\Programmi\vghd
2009-02-25 15:12:35 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\vghd
2009-02-25 12:26:52 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\DAEMON Tools Pro
2009-02-25 12:26:49 ----D---- C:\Programmi\DAEMON Tools Pro
2009-02-25 11:38:19 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2009-02-25 11:36:18 ----D---- C:\WINDOWS\Prefetch
2009-02-25 11:26:33 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-25 11:25:06 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-25 11:02:29 ----A---- C:\WINDOWS\imsins.BAK
2009-02-25 11:02:12 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-25 11:02:12 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-25 11:01:50 ----RA---- C:\WINDOWS\SET82.tmp
2009-02-25 11:01:46 ----RA---- C:\WINDOWS\SET76.tmp
2009-02-25 11:01:43 ----RA---- C:\WINDOWS\SET73.tmp
2009-02-25 11:00:49 ----A---- C:\WINDOWS\setuplog.txt
2009-02-25 10:40:01 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-02-25 10:39:59 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Windows Genuine Advantage
2009-02-24 22:07:31 ----D---- C:\Programmi\File comuni\DESIGNER
2009-02-24 21:09:14 ----D---- C:\Programmi\Microsoft Works
2009-02-24 21:06:14 ----D---- C:\Programmi\Microsoft.NET
2009-02-24 21:00:54 ----D---- C:\Programmi\Microsoft Visual Studio 8
2009-02-24 20:59:05 ----HD---- C:\WINDOWS\ShellNew
2009-02-24 20:57:44 ----D---- C:\Programmi\Microsoft Office
2009-02-24 20:56:42 ----RHD---- C:\MSOCache
2009-02-24 20:16:03 ----D---- C:\Programmi\Alcohol Soft
2009-02-24 19:48:50 ----D---- C:\Programmi\VS Revo Group
2009-02-24 13:17:46 ----D---- C:\Programmi\Dizionario Garzanti Italiano 2006
2009-02-24 13:17:36 ----D---- C:\Programmi\File comuni\Expert System
2009-02-24 00:04:24 ----A---- C:\WINDOWS\w32dasm8.ini
2009-02-23 20:55:57 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\DAEMON Tools Pro
2009-02-23 20:18:33 ----D---- C:\Programmi\Unlocker
2009-02-23 04:23:06 ----A---- C:\WINDOWS\PhotMask.ini
2009-02-23 03:54:21 ----D---- C:\Programmi\CMaker
2009-02-22 20:49:41 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\Ashampoo
2009-02-22 20:48:13 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\ashampoo
2009-02-22 20:47:50 ----D---- C:\Programmi\Ashampoo
2009-02-22 18:27:58 ----A---- C:\WINDOWS\system32\NSM4AEnc.dll
2009-02-22 18:27:57 ----A---- C:\WINDOWS\system32\NSEncore.dll
2009-02-22 18:24:20 ----A---- C:\WINDOWS\system32\Nsvideo.dll
2009-02-22 18:23:35 ----D---- C:\Programmi\File comuni\NewSoft
2009-02-16 21:02:52 ----D---- C:\WINDOWS\pss
2009-02-14 07:00:51 ----A---- C:\JandS.exe
2009-02-12 14:31:51 ----A---- C:\WINDOWS\ODBC.INI
2009-02-12 14:31:47 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-02-12 14:27:21 ----D---- C:\Programmi\Microsoft Visual Studio
2009-02-11 19:10:13 ----A---- C:\Documents and Settings\Mario1\Dati applicazioni\Printer.ini
2009-02-11 17:36:40 ----D---- C:\Programmi\Western Digital Technologies
2009-02-09 16:20:53 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\NewSoft
2009-02-09 13:23:03 ----A---- C:\WINDOWS\system32\spmsg2.dll
2009-02-09 13:23:01 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-02-09 13:10:03 ----D---- C:\WINDOWS\system32\XPSViewer
2009-02-09 13:09:42 ----D---- C:\Programmi\Reference Assemblies
2009-02-09 13:08:48 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2009-02-09 13:08:48 ----A---- C:\WINDOWS\system32\prntvpt.dll
2009-02-09 13:08:47 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2009-02-09 13:08:46 ----D---- C:\cc20c366c217955ee50ce12baf
2009-02-09 10:35:22 ----D---- C:\Programmi\Picasa2
2009-02-09 10:22:58 ----D---- C:\Programmi\Western Digital
2009-02-09 10:04:30 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\NVIDIA
2009-02-06 12:35:56 ----A---- C:\WINDOWS\system32\LegitCheckControl.DLL
2009-02-05 10:35:59 ----D---- C:\Programmi\DVD Photo Slideshow Professional
2009-02-05 08:12:38 ----D---- C:\WINDOWS\system32\RMBin
2009-02-05 08:12:38 ----D---- C:\WINDOWS\system32\ RMBin
2009-02-05 08:12:33 ----A---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2009-02-05 08:12:33 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2009-02-05 08:12:32 ----A---- C:\WINDOWS\system32\NCTAudioCompressEx.dll
2009-02-05 08:12:32 ----A---- C:\WINDOWS\system32\NCTAudioCompress2.dll
2009-02-05 08:12:32 ----A---- C:\WINDOWS\system32\NCTAudioArrayProcessingEx.dll
2009-02-05 08:12:32 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-02-05 08:12:32 ----A---- C:\WINDOWS\system32\dpv10.dll
2009-02-05 08:12:32 ----A---- C:\WINDOWS\system32\dpus10.dll
2009-02-05 08:12:32 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2009-02-05 08:12:32 ----A---- C:\WINDOWS\system32\dpu10.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\PSIKey.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTWMVFile.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTVideoView.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTVideoTransform.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTVideoPlayer.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTVideoFile.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTVideoDxPlayer.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTVideoDxCapture.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTVideoCompress.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTVideoCapture.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTRMFile.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTQuickTimeFile.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTMPEGFile.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTImageFile.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTAVIFile.dll
2009-02-05 08:12:17 ----A---- C:\WINDOWS\system32\NCTAudioTransform2.dll
2009-02-05 08:12:16 ----A---- C:\WINDOWS\system32\qt-mt331.dll
2009-02-05 08:12:08 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2009-02-04 11:42:54 ----A---- C:\WINDOWS\system32\vfolx32n.dll
2009-02-04 10:46:49 ----D---- C:\Programmi\E-Book Systems
2009-02-03 14:22:06 ----A---- C:\WINDOWS\system32\XCEEDZIP.DLL
2009-02-03 14:22:06 ----A---- C:\WINDOWS\system32\XceedCry.dll
2009-02-03 14:22:03 ----D---- C:\Programmi\Driver Magician
2009-02-03 05:37:52 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\EBookSys
2009-02-02 13:19:11 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\Serif
2009-02-02 12:03:13 ----A---- C:\calendario.exe
2009-02-02 12:00:43 ----D---- C:\Programmi\Serif

======List of files/folders modified in the last 1 months======

2009-02-26 01:02:10 ----RD---- C:\Programmi
2009-02-26 00:28:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-26 00:28:46 ----D---- C:\WINDOWS\Temp
2009-02-26 00:22:52 ----SHD---- C:\WINDOWS\Installer
2009-02-26 00:22:49 ----D---- C:\WINDOWS\system32
2009-02-26 00:11:48 ----HD---- C:\WINDOWS\system32\drivers
2009-02-26 00:11:40 ----A---- C:\WINDOWS\system32\v2rxc69.dll
2009-02-26 00:11:40 ----A---- C:\WINDOWS\system32\h5vqk0i.dll
2009-02-26 00:06:13 ----D---- C:\WINDOWS
2009-02-26 00:04:19 ----HD---- C:\WINDOWS\inf
2009-02-26 00:04:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-26 00:04:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-26 00:04:01 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-02-25 15:29:53 ----SH---- C:\boot.ini
2009-02-25 15:29:53 ----A---- C:\WINDOWS\win.ini
2009-02-25 15:29:53 ----A---- C:\WINDOWS\system.ini
2009-02-25 15:25:54 ----D---- C:\Programmi\eMule
2009-02-25 15:12:53 ----A---- C:\WINDOWS\system32\userinit.exe
2009-02-25 13:54:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-25 12:13:32 ----D---- C:\WINDOWS\Help
2009-02-25 12:13:32 ----D---- C:\Programmi\Internet Explorer
2009-02-25 12:10:43 ----HDC---- C:\WINDOWS\ie7
2009-02-25 12:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-02-25 12:04:14 ----D---- C:\WINDOWS\Debug
2009-02-25 11:57:43 ----D---- C:\WINDOWS\system32\Setup
2009-02-25 11:57:33 ----D---- C:\WINDOWS\system32\usmt
2009-02-25 11:57:22 ----D---- C:\WINDOWS\AppPatch
2009-02-25 11:57:21 ----D---- C:\WINDOWS\ehome
2009-02-25 11:57:20 ----D---- C:\WINDOWS\ime
2009-02-25 11:57:19 ----RSD---- C:\WINDOWS\Fonts
2009-02-25 11:57:18 ----D---- C:\WINDOWS\Media
2009-02-25 11:57:04 ----D---- C:\WINDOWS\PeerNet
2009-02-25 11:56:49 ----D---- C:\WINDOWS\system32\npp
2009-02-25 11:56:41 ----D---- C:\WINDOWS\msagent
2009-02-25 11:55:42 ----D---- C:\WINDOWS\security
2009-02-25 11:54:29 ----D---- C:\WINDOWS\system32\1040
2009-02-25 11:54:22 ----D---- C:\WINDOWS\twain_32
2009-02-25 11:54:08 ----D---- C:\WINDOWS\system32\icsxml
2009-02-25 11:53:37 ----D---- C:\WINDOWS\system32\1033
2009-02-25 11:52:29 ----D---- C:\WINDOWS\Driver Cache
2009-02-25 11:52:28 ----D---- C:\WINDOWS\WinSxS
2009-02-25 11:43:34 ----D---- C:\WINDOWS\Registration
2009-02-25 11:38:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-25 11:37:46 ----SHD---- C:\System Volume Information
2009-02-25 11:35:42 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-25 11:35:42 ----D---- C:\WINDOWS\system32\config
2009-02-25 11:35:42 ----D---- C:\WINDOWS\nview
2009-02-25 11:26:27 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-25 11:25:54 ----D---- C:\WINDOWS\system32\ias
2009-02-25 11:25:11 ----RD---- C:\WINDOWS\Web
2009-02-25 11:24:57 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-25 11:24:31 ----D---- C:\WINDOWS\system32\oobe
2009-02-25 11:24:29 ----D---- C:\WINDOWS\srchasst
2009-02-25 11:24:25 ----D---- C:\Programmi\Windows Media Player
2009-02-25 11:24:18 ----D---- C:\Programmi\Movie Maker
2009-02-25 11:24:09 ----D---- C:\WINDOWS\system32\Restore
2009-02-25 11:24:05 ----D---- C:\Programmi\NetMeeting
2009-02-25 11:24:00 ----D---- C:\Programmi\Outlook Express
2009-02-25 11:24:00 ----D---- C:\Programmi\File comuni\System
2009-02-25 11:22:41 ----D---- C:\WINDOWS\system32\Com
2009-02-25 11:21:57 ----D---- C:\WINDOWS\system32\wbem
2009-02-25 11:21:54 ----D---- C:\Programmi\Windows NT
2009-02-25 11:02:11 ----D---- C:\WINDOWS\system
2009-02-25 11:01:58 ----ASH---- C:\Documents and Settings\All Users\Dati applicazioni\desktop.ini
2009-02-25 10:42:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-25 10:19:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-24 22:21:04 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2009-02-24 22:07:31 ----D---- C:\Programmi\File comuni
2009-02-24 22:07:22 ----D---- C:\Programmi\File comuni\Microsoft Shared
2009-02-24 21:15:09 ----RSD---- C:\WINDOWS\assembly
2009-02-24 21:08:48 ----D---- C:\Programmi\MSBuild
2009-02-24 13:22:17 ----D---- C:\WINDOWS\system32\Macromed
2009-02-24 13:22:17 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\Macromedia
2009-02-24 13:17:46 ----HD---- C:\Programmi\InstallShield Installation Information
2009-02-24 02:31:44 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-24 00:30:37 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-02-24 00:10:20 ----D---- C:\WINDOWS\Downloaded Installations
2009-02-22 18:38:15 ----D---- C:\Programmi\NewSoft
2009-02-16 09:28:59 ----D---- C:\WinGuido
2009-02-15 03:07:26 ----D---- C:\Programmi\Microsoft ActiveSync
2009-02-14 10:07:04 ----D---- C:\WINDOWS\Minidump
2009-02-12 14:53:47 ----SD---- C:\Documents and Settings\Mario1\Dati applicazioni\Microsoft
2009-02-12 14:31:54 ----SD---- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft
2009-02-11 19:10:14 ----D---- C:\Documents and Settings\Mario1\Dati applicazioni\Vso
2009-02-11 18:18:24 ----D---- C:\Programmi\VSO
2009-02-09 13:48:48 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-09 13:22:35 ----D---- C:\WINDOWS\system32\it-it
2009-02-09 13:09:58 ----D---- C:\WINDOWS\system32\en-US
2009-02-09 13:09:15 ----D---- C:\WINDOWS\system32\spool
2009-02-09 13:05:12 ----D---- C:\WINDOWS\system32\mui
2009-02-09 13:01:09 ----SD---- C:\WINDOWS\Tasks
2009-02-09 12:16:57 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-09 10:32:06 ----D---- C:\Programmi\Google
2009-02-07 08:28:33 ----D---- C:\Programmi\AudioConvert
2009-02-07 08:05:18 ----A---- C:\WINDOWS\system32\tempimg.tmp
2009-02-04 00:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-03 16:12:18 ----D---- C:\Programmi\MyAlbum

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Driver processore Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40192]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-07-22 15424]
R1 WS2IFSL;Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-31 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-22 21275]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-07-22 512096]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R3 FETNDIS;Driver NT scheda Fast Ethernet VIA PCI 10/100Mb; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 ms_mpu401;Driver Microsoft MPU-401 MIDI UART; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-20 47360]
R3 rtl8139;Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Driver scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2003-06-16 369920]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 aevlvgxr;aevlvgxr; C:\WINDOWS\system32\drivers\aevlvgxr.sys []
S3 anpu3ebq;anpu3ebq; C:\WINDOWS\system32\drivers\anpu3ebq.sys []
S3 Bridge;Bridge MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;Miniport del ponte MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BthEnum;Driver blocco richieste Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Periferica Bluetooth (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Driver della porta Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-19 274944]
S3 BTHUSB;Driver USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-25 70001]
S3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-31 9600]
S3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-31 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Periferica Bluetooth (RFCOMM protocollo TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-06-08 344064]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usb_rndisx;Scheda RNDIS USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2004-08-03 12672]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-19 25600]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MDM;Machine Debug Manager; C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S2 MBAMService;MBAMService; C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856]
S2 StarWindServiceAE;StarWind AE Service; C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe [2009-02-09 1838592]
S3 gusvc;Google Updater Service; C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-21 137200]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Programmi\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Programmi\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
S3 ServiceLayer;ServiceLayer; C:\Programmi\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NOD32krn;NOD32 Kernel Service; C:\Programmi\Eset\nod32krn.exe [2008-07-22 552064]
S4 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]

-----------------EOF-----------------

da **spike_20** » gio feb 26, 2009 1:17 am

mi sono sbagliato a digitare... i log sono di "RSIT", non di "MSIT". :)

Comunque cosa posso fare ora per debellare "fraud.xpantivirus"?

da **[Claudio]** » gio feb 26, 2009 10:10 am

spike_20 ha scritto:Comunque cosa posso fare ora per debellare "fraud.xpantivirus"?

Veramente ti era stato già suggerito da Amantide in un post precedente: accedi al sistema in modalità provvisoria con l'account Amministratore ed esegui Combofix ed allega il log che verrà rilasciato.
Tieni presente che in modalità provvisoria vengono avviati solo i servizi essenziali quindi non verrà avviato Nod32 [che pare sia quello che ti da fastidio].
Dopo aver eseguito Combofix, riavvia il sistema e:

Disattiva il Ripristino configurazione di sistema:
Start
tasto destro del mouse sull'icona Risorse del Computer
seleziona la voce Proprietà
apri la scheda Ripristino configurazione di sistema
spunta la voce Disattiva Ripristino configurazione di sistema
conferma, la modifica, con Applica e, poi OK

Svuota del suo contenuto la cartella Prefetch:
Start
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno

Altro riavvio ed accedi nuovamente in modalità provvisoria con l'account Amministratore.
Esegui una scansione completa del sistema con Malwarebytes, rimuovi tutto ciò che verrà rilevato e allega il log.

Scarica ed installa Hijackthis: clicca qui per il download
clicca su Do a system scan and save a logfile
finita la scansione verrà rilasciato un log che devi allegare

da **Amantide** » gio feb 26, 2009 12:37 pm

Scarica The Avenger, estrailo in una cartella ed avvia il file avenger.exe.
Incolla il seguente spript nello spazio bianco sotto alla voce Input script here, togli la spunta alla voce Scan for rootkits e clicca su Execute.

Codice: Seleziona tutto: Files to delete: C:\Documents and Settings\Mario1\Dati applicazioni\comidle\comidle.exe C:\windows\system32\frmwrk32.exe Folders to delete: C:\Documents and Settings\Mario1\Dati applicazioni\comidle Registry keys to delete: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework Windows

Il pc dovrebbe riavviarsi, se così non fosse, riavvialo manualmente.
Al riavvio dovrebbe apparire il log avenger.txt, posta qui il suo contenuto inserendolo tra i tag LOG.

Dopo aver eseguito The Avenger, riprova a rieseguire Combofix dalla modalità provvisoria.

da **spike_20** » gio feb 26, 2009 5:20 pm

claudio, non hai letto bene: avevo già seguito il consiglio di amantide di avviare in modalità provvisoria come amministratore ma senza esito positivo, visto che "combofix" mi rileva sempre la presenza del "NOD32" come attivo e non posso disattivarlo dato che il control panel dell'antivirus è danneggiato (problemi col kernel dello stesso), quindi, a meno che non ci sia un altro modo per disattivarlo, magari eseguendo un comando sotto DOS, non so, potrei, in alternativa eseguire, lo stesso "combofix" ma correrei seri rischi!! Che mi consigliate?

Le procedure successive all'esecuzione di "combofix" che mi hai consigliato, posso seguirle lo stesso intanto, claudio?

da **spike_20** » gio feb 26, 2009 5:26 pm

amantide, intanto, seguita la procedura da te consigliatami con "the avenger", ti riporto quanto segue:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Error: file "C:\Documents and Settings\Mario1\Dati applicazioni\comidle\comidle.exe" not found!
Deletion of file "C:\Documents and Settings\Mario1\Dati applicazioni\comidle\comidle.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\windows\system32\frmwrk32.exe" not found!
Deletion of file "C:\windows\system32\frmwrk32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Folder "C:\Documents and Settings\Mario1\Dati applicazioni\comidle" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework Windows" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ho provveduto anche a effettuare, dopo, una scansione con "the avenger" alla ricerca di eventuali componenti rootkit del virus, il cui log è riportato qui sotto:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

da **spike_20** » gio feb 26, 2009 5:31 pm

anche dopo la cancellazione della cartella inserita nello script e della chiave di registro (come risulta dal lod di scansione postato pocanzi) , fatta poi una scansione con "combofix" in modalità provvisoria come administrator, mi rileva sempre NOD32 come attivo!! Non so che altro fare... ma non demordo!! :)

da **Amantide** » gio feb 26, 2009 6:49 pm

A questo punto prova a fare la scansione con Kaspersky Virus Removal Tool seguendo questa guida http://www.MegaLab.it/2894/kaspersky-virus-removal-tool

da **spike_20** » gio feb 26, 2009 8:47 pm

ok, amantide, ho iniziato a scansionare con "kaspersky virus removal tool"; appena finita ti riferirò... [;)]

da **crazy.cat** » ven feb 27, 2009 8:06 am

Fresco fresco, come rimuovere Nod32
http://www.jkwebtalks.com/2009/02/how-t ... nod32.html
(facci sapere se funziona)

da **[Claudio]** » ven feb 27, 2009 11:54 am

crazy.cat ha scritto:Fresco fresco, come rimuovere Nod32

La procedura da registro la conoscevo già - non sapevo dell'esitenza di un tool di rimozione specifico - ottima segnalazione [^]

www.MegaLab.it

MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Re: MALWARE Fraud.XpAntivirus: come debellarlo? Aiuto!!

Chi c’è in linea