www.MegaLab.it

da **bellicomericky** » gio lug 30, 2009 2:45 pm

Salve a tutti!!
ho fatto la scansione con combofix. Da li la wifi vede la rete wireless ma non si riesce a connettere. Posto il log della scansione!

http://www.mediafire.com/file/umntennyjzh/ComboFix5.txt

In più quando spengo il pc mi da errore il GENERIC HOST PROCESSES e devo spegnere manualmente!!!
Mi potete aiutare?!
Grazie davvero

da **Amantide** » gio lug 30, 2009 2:51 pm

Come si poteva presumere, si tratta di Bagle.
Combofix ha già rimosso qualcosa, compresi alcuni adware, però c'è il bisogno di rimuovere i residui di Bagle.

Scarica FindyKill (by Chiquitine29)ed installalo (è in francese però è di facile comprensione).
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt

da **bellicomericky** » gio lug 30, 2009 4:53 pm

Ecco i report!!!
Findykill:

############################## | FindyKill V5.005 |

# User : Riccardo () # PIADINA
# Update on 27/07/09 by Chiquitine29
# Start at: 16.52.49 | 30/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Pentium(R) M processor 1.73GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
# FW : Kaspersky Anti-Hacker[ (!) Disabled ]1.9.0.37

# C:\ # Disco rigido locale # 92,96 Go (5,8 Go free) # NTFS
# D:\ # Disco CD-ROM # 493,58 Mo (0 Mo free) [WXPVOL_IT] # CDFS
# E:\ # Disco CD-ROM

############################## | Active Processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\OGAVerify.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

(!) Not Deleted ! D:\autorun.inf

################## | C:\WINDOWS |

Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Riccardo\Dati applicazioni |

################## | C:\Documents and Settings\Administrator\Application Data |

################## | C:\Documents and Settings\Federico\Application Data |

################## | C:\Documents and Settings\Michele e Michela\Application Data |

################## | Other ... |

################## | Temporary Internet Files |

################## | Registry / Infected keys |

################## | State / Service / Information |

# Safe boot mode : OK

# Showing of hidden files : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Anti-Virus Personal\5.0\Bases\Patches\"patch_pers_5.0.388_390_to_5.0.391.exe""
04/03/2006 02.54 |Size 63402 |Crc32 238127e9 |Md5 0e624a54db468cc4736903c236d5d5af

################## | End of Report # FindyKill V5.005 ! |

da **bellicomericky** » gio lug 30, 2009 4:54 pm

Ti allego anche quello di Hijackthis se ti può aiutare!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.11.22, on 30/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\Federico\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\Federico\rapimgr.exe
C:\Programmi\Veoh Networks\Veoh\VeohClient.exe
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\3M\PDNotes\PDNotes.exe
C:\Programmi\Toshiba\Toshiba VoIP Phone\ToshibaVoIPPhone.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programmi\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Programmi\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [Option Bib Logo Log] C:\Documents and Settings\All Users\Dati applicazioni\LICENSE ADMIN OPTION BIB\keep locks.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Documents and Settings\Federico\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Programmi\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Antirule] C:\DOCUME~1\Riccardo\DATIAP~1\TRANSA~1\Delete Cash Boob.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O4 - Global Startup: Toshiba VoIP Phone.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\DOCUME~1\Federico\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\DOCUME~1\Federico\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\DOCUME~1\Federico\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {4176C4D9-C276-4F9F-AA0C-FF1E248B3236} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O15 - Trusted Zone: *.3
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2096176265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2221269296
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27929B24-84CE-4FEB-93AB-962FE75ECD3F}: NameServer = 85.37.17.15 85.38.28.74
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: is-BF7BQ - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-BF7BQ\is-BF7BQ.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LoadDLLServ - Unknown owner - C:\Documents and Settings\Federico\Dati applicazioni\SysServDLL32.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 17091 bytes

da **Amantide** » gio lug 30, 2009 4:59 pm

Hai ancora dei problemi con Wi-Fi?

Fixa con Hijackthis questa voce ed elimina il file e la cartella indicati in rosso.

O4 - HKCU\..\Run: [Antirule] C:\DOCUME~1\Riccardo\DATIAP~1\TRANSA~1\Delete Cash Boob.exe

da **ste_95** » gio lug 30, 2009 5:39 pm

bellicomericky ha scritto:################## | C: |

(!) Not Deleted ! D:\autorun.inf

Dai una passata con Perlovga Removal Tool come descritto qui.
Poi scarica Bagle Restore ed esegui la sua funzione di ripristino.

da **bellicomericky** » gio lug 30, 2009 8:26 pm

Signori nulla!!!
Ho fatto sia come dice Amantide sia come dice Ste! La wifi continua a vedere la linea, la striscia verde continua ad andare su e giu sull'icona ma nn si connette!
Amantide ho fixato O4 - HKCU\..\Run: [Antirule] C:\DOCUME~1\Riccardo\DATIAP~1\TRANSA~1\Delete Cash Boob.exe con Hijackthis.
Poi mi hai detto di eliminare la cartella TRANSA~1\Delete Cash Boob.exe! Sono andato a trovarla ma...non cè!!Fixandola l'ho automaticamente cancellata??
Altre soluzioni?

da **Amantide** » gio lug 30, 2009 8:30 pm

bellicomericky ha scritto:Amantide ho fixato O4 - HKCU\..\Run: [Antirule] C:\DOCUME~1\Riccardo\DATIAP~1\TRANSA~1\Delete Cash Boob.exe con Hijackthis.
Poi mi hai detto di eliminare la cartella TRANSA~1\Delete Cash Boob.exe! Sono andato a trovarla ma...non cè!!Fixandola l'ho automaticamente cancellata??
Altre soluzioni?

Dovresti abilitare la visualizzazione dei file nascosti per poter vedere quella cartella.

bellicomericky ha scritto:Signori nulla!!!Ho fatto sia come dice Amantide sia come dice Ste! La wifi continua a vedere la linea, la striscia verde continua ad andare su e giu sull'icona ma nn si connette!

Mi sorge un dubbio [uhm]

Ma la WiFi ti ha smesso di funzionare Prima o Dopo aver fatto la scansione con Combofix?

da **bellicomericky** » gio lug 30, 2009 8:32 pm

1) Ho abilitato i file nascosti ed ho anche effettuato la ricerca includendoli!!Nulla
2) Ha smesso di funzionare credo subito dopo aver usato combofix!!

da **Amantide** » gio lug 30, 2009 8:39 pm

bellicomericky ha scritto:1) Ho abilitato i file nascosti ed ho anche effettuato la ricerca includendoli!!Nulla

Vorra dire che il file è stato già eliminato in precedenza.

bellicomericky ha scritto:2) Ha smesso di funzionare credo subito dopo aver usato combofix!!

A proposito di Combofix [uhm]

Ho appena ricontrollato il log (composto da 2 report) che hai postato e me ne sono accorta che il primo riporta la data di 16 luglio ed altro di 20 luglio [boh]

E quello di oggi? [uhm]

da **bellicomericky** » gio lug 30, 2009 8:43 pm

No oggi nn ho usato combofix!! Il problema ce l'ho credo dal 17 o 20 luglio!!poi sono partito e..sono tornato ieri!oggi ho solo scansionato con Hijackthis e con Findykill(e poi con i due tools che ha suggerito Ste).
Vuoi che faccia una nuova scansione con combofix?? Credo xò che se ha rimosso qualcosa che nn doveva si vede in quella scansione che ti ho mandato! Ho anche il file di quarantena di combofix!! Dimmi tu cosa ti può servire e te lo do!

da **Amantide** » gio lug 30, 2009 8:52 pm

bellicomericky ha scritto:Vuoi che faccia una nuova scansione con combofix?? Credo xò che se ha rimosso qualcosa che nn doveva si vede in quella scansione che ti ho mandato! Ho anche il file di quarantena di combofix!! Dimmi tu cosa ti può servire e te lo do!

Ero ritornata a riivisionare il log proprio nella ricerca di qualche file o qualche voce di registro di troppo che ha potuto eliminare Combofix... ma niente [boh]

Ora ricontrollo un'altra volta, ma direi che tutto ciò che ha rimosso era malevole. [uhm]

da **bellicomericky** » gio lug 30, 2009 8:55 pm

Cacchio!!!Ero sicuro fosse stato combofix x' non mi ha cominciato a funzionare dopo il riavvio!!
Ad ogni modo prima di pensare a combofix ho provato a riinstallare i driver, ad attivare zeroconfig...ho provato di tutto!!!
Cosa può essere se no?? Che cosa può mancare o essere corrotto?

da **Amantide** » gio lug 30, 2009 9:02 pm

No, niente, nemmeno ricontrollando il log.

Guarda, visto che non riesci a ripristinare il WiFi nemmeno con il tool postato da Ste, non saprei cosa dire.
A questo punto puoi provare a fare il ripristino di sistema alla data antecedente alla comparsa del problema, visto che per me sarebbe molto più facile aiutarti a ripulire il pc dai virus che cercare un ago nel paiaio [V]

da **bellicomericky** » gio lug 30, 2009 9:18 pm

Azz...se anche tu non trovi il problema...sono nei guai davvero!!
Bho vedo un attimo!!!Se ho bisogno scrivo qui!!!
Grazie mille comunque dell'impegno!!!!
Buona serata

da **bellicomericky** » ven lug 31, 2009 12:29 am

Non mi sono accorto della data!!il log che ti ho postato è vecchio!!!di luglio ho trovato questo snapshot!!!dovrebbe essere quello giusto!
Prova a vedere se trovi qualcosa!! comunque tutto quello che scannerizza combofix va a finire in QooBox giusto??
http://www.mediafire.com/?sharekey=8c79e6548d349220b94117dade8fc29552eb1a82c452e3a7c95965eaa7bc68bc

da **Amantide** » ven lug 31, 2009 11:34 am

bellicomericky ha scritto:di luglio ho trovato questo snapshot!!!dovrebbe essere quello giusto!Prova a vedere se trovi qualcosa!!

Purtroppo lo snapshot non è la parte più utile nel log di Combofix.
Se non vuoi proprio provare a fare il ripristino di sistema, sarebbe utile il nuovo log di Combofix, almeno vediamo com'è la situazione adesso.

bellicomericky ha scritto: comunque tutto quello che scannerizza combofix va a finire in QooBox giusto??

Si.

da **bellicomericky** » ven lug 31, 2009 3:14 pm

Non ho ancora abbandonato!!;)
Ho trovato questo procedimento su un altro forum!! ho trascinato questo script

File::
c:\Knight.exe open
H:\Knight.exe open

Registry:
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861c48fc-c8ca-11dc-9076-001b24b910f8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb5269cb-9aa5-11dd-8090-001b24b910f8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf921698-cf0e-11dc-9980-001b24b910f8}]

sull'icona di combofix e come risultato mi ha dato questo log

ComboFix 09-07-29.04 - Riccardo 31/07/2009 15.47.37.7.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.382 [GMT 2:00]
Eseguito da: c:\documents and settings\Riccardo\Desktop\Riccardo.exe
Opzioni usate :: c:\documents and settings\Riccardo\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Kaspersky Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}

FILE ::
"c:\Knight.exe open"
"H:\Knight.exe open"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt

.
((((((((((((((((((((((((( Files Creati Da 2009-06-28 al 2009-07-31 )))))))))))))))))))))))))))))))))))
.

2009-07-31 09:52 . 2009-07-31 09:52 -------- d-----w- c:\programmi\ESET
2009-07-30 12:10 . 2009-07-30 12:10 -------- d-----w- c:\programmi\Trend Micro
2009-07-29 20:07 . 2009-07-29 20:08 117760 ----a-w- c:\documents and settings\Riccardo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-18 19:47 . 2009-07-18 19:47 -------- dc----w- C:\dell
2009-07-18 10:37 . 2009-07-30 15:44 -------- dc----w- C:\FindyKill
2009-07-17 17:46 . 2009-07-17 17:46 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Intel
2009-07-17 17:46 . 2009-07-17 17:46 -------- d-----w- c:\documents and settings\Default User\Dati applicazioni\Intel
2009-07-17 17:46 . 2009-07-17 17:46 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Intel
2009-07-17 17:46 . 2009-07-17 17:46 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\Intel
2009-07-17 17:46 . 2009-07-17 17:46 -------- d-----w- c:\documents and settings\Michele e Michela\Dati applicazioni\Intel
2009-07-17 17:45 . 2009-07-17 17:45 -------- d-----w- c:\programmi\File comuni\Intel
2009-07-17 17:35 . 2009-07-17 17:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Intel
2009-07-17 17:35 . 2009-07-17 17:35 -------- d-----w- c:\documents and settings\Riccardo\Dati applicazioni\Intel
2009-07-17 16:52 . 2009-07-17 16:53 -------- d-----w- c:\programmi\SystemRequirementsLab
2009-07-17 13:08 . 2009-07-17 13:08 -------- d-----w- c:\documents and settings\Riccardo\Impostazioni locali\Dati applicazioni\temp
2009-07-17 13:08 . 2009-07-17 13:08 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\temp
2009-07-17 13:08 . 2009-07-17 13:08 -------- d-----w- c:\documents and settings\Michele e Michela\Impostazioni locali\Dati applicazioni\temp
2009-07-17 13:08 . 2009-07-17 13:08 -------- d-----w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\temp
2009-07-17 13:08 . 2009-07-17 13:08 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\temp
2009-07-17 13:08 . 2009-07-17 13:08 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\temp
2009-07-17 13:07 . 2001-08-31 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys
2009-07-17 13:07 . 2001-08-31 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys
2009-07-17 13:07 . 2001-08-31 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-07-17 13:07 . 2001-08-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-07-17 12:50 . 2009-07-17 12:50 33792 ----a-w- c:\windows\system32\_msgsvc.dll_.vir
2009-07-16 11:05 . 2009-07-16 11:05 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-10 15:38 . 2009-07-10 15:38 -------- d-----w- c:\programmi\File comuni\NetDragon
2009-07-10 14:17 . 2009-07-10 14:17 -------- d-----w- c:\programmi\NetDragon
2009-07-07 09:31 . 2009-07-07 09:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-06 13:59 . 2009-07-06 13:59 -------- d-sh--w- c:\documents and settings\Riccardo\IECompatCache
2009-07-06 13:59 . 2009-07-06 13:59 -------- d-sh--w- c:\documents and settings\Riccardo\PrivacIE
2009-07-05 14:43 . 2009-07-05 14:43 -------- d-sh--w- c:\documents and settings\Riccardo\IETldCache
2009-07-05 13:54 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-05 13:54 . 2009-07-05 13:54 -------- d-----w- c:\windows\ie8updates
2009-07-05 13:52 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-05 13:52 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-05 13:48 . 2009-07-05 13:52 -------- dc-h--w- c:\windows\ie8
2009-07-05 09:19 . 2009-06-30 11:02 327688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgldx86.sys
2009-07-05 09:19 . 2009-07-05 09:15 2054424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2009-07-05 09:19 . 2009-07-05 09:15 2167576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgresf.dll
2009-07-05 09:19 . 2009-06-30 11:02 3402008 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgui.exe
2009-07-05 09:19 . 2009-06-30 11:02 1204504 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgabout.dll
2009-07-05 09:19 . 2009-06-30 11:02 337176 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avglogx.dll
2009-07-05 09:19 . 2009-06-30 11:02 829208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcfgx.dll
2009-07-05 09:19 . 2009-06-30 11:02 3298072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\setup.exe
2009-07-05 09:12 . 2009-06-30 11:00 1085208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.exe
2009-07-05 09:12 . 2009-06-30 11:00 1454360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 13:44 . 2008-07-21 20:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-07-31 13:17 . 2006-08-01 13:56 -------- d-----w- c:\documents and settings\Riccardo\Dati applicazioni\Skype
2009-07-31 10:57 . 2008-07-22 13:04 -------- d-----w- c:\programmi\Trojan Killer
2009-07-31 09:47 . 2005-03-29 05:38 93326 ----a-w- c:\windows\system32\perfc010.dat
2009-07-31 09:47 . 2005-03-29 05:38 518488 ----a-w- c:\windows\system32\perfh010.dat
2009-07-31 09:43 . 2007-11-17 11:09 -------- d-----w- c:\documents and settings\Riccardo\Dati applicazioni\skypePM
2009-07-31 09:38 . 2008-07-22 19:42 22594688 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-31 09:38 . 2008-07-22 19:42 1937586208 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-30 20:17 . 2008-05-07 14:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-07-30 10:19 . 2008-07-22 09:49 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-07-29 20:05 . 2009-02-04 10:47 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-07-29 19:56 . 2007-06-15 17:21 -------- d-----w- c:\programmi\Yahoo!
2009-07-29 19:52 . 2008-05-29 10:24 -------- d-----w- c:\programmi\ClickTray Calendar
2009-07-29 19:41 . 2008-07-22 09:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-17 23:43 . 2008-07-22 10:27 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-17 17:45 . 2005-03-29 07:58 -------- d-----w- c:\programmi\Intel
2009-07-17 12:36 . 2005-12-30 23:35 -------- d-----w- c:\programmi\eMule
2009-07-16 11:07 . 2008-05-17 19:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-07-13 11:36 . 2008-07-22 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2008-07-22 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 14:17 . 2005-03-29 07:58 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-07-05 09:15 . 2008-12-16 11:01 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 16:57 . 2007-07-10 16:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-06-30 11:02 . 2009-05-11 18:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 11:02 . 2008-12-16 11:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 11:19 . 2009-06-23 11:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-23 11:19 . 2007-07-10 16:22 -------- d-----w- c:\programmi\iTunes
2009-06-23 11:18 . 2007-01-08 22:07 -------- d-----w- c:\programmi\iPod
2009-06-23 11:18 . 2007-07-10 16:18 -------- d-----w- c:\programmi\File comuni\Apple
2009-06-23 11:12 . 2006-04-15 09:40 -------- d-----w- c:\programmi\QuickTime
2009-06-23 10:48 . 2009-06-23 10:48 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:36 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:48 . 2009-06-12 12:48 -------- d-----w- c:\documents and settings\Riccardo\Dati applicazioni\vlc
2009-06-06 14:38 . 2009-06-06 14:38 -------- d-----w- c:\documents and settings\Riccardo\Dati applicazioni\Yahoo!
2009-06-06 12:42 . 2008-08-24 16:00 -------- d-----w- c:\programmi\Veoh Networks
2009-06-05 09:42 . 2009-03-29 14:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2007-07-10 16:18 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2004-08-19 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 11:57 . 2009-05-21 11:57 204800 ----a-w- c:\windows\system32\NetProvCredMan.dll
2009-05-13 05:02 . 2004-08-19 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-19 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-07-31 07:04 . 2008-07-20 17:35 134648 ----a-w- c:\programmi\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2004-08-19 12:00 14336 73955B04F209D8A1C633867841267A96 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 02:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 02:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\system32\svchost.exe
[-] 2008-04-14 02:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:20 578048 488019BFE2B0F9F8CD8394276D5B664A c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 579072 BAB4F995E526484A235A276E269AAF7F c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:37 578560 9DAA2190A18739B657B58F794ACF2E47 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-19 12:00 578048 08447BDFCE5D1B1956F962602381F5C1 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:10 578048 14B5D6B20467DBA209853D65D1F6A124 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2007-03-08 15:37 578560 9DAA2190A18739B657B58F794ACF2E47 c:\windows\FlyakiteOSX\Backup\user32.dll
[-] 2008-04-14 02:13 588800 3DBD6DC6D74C517D55A1B3AECA88EF48 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 02:13 588800 3DBD6DC6D74C517D55A1B3AECA88EF48 c:\windows\system32\user32.dll
[-] 2008-04-14 02:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\VistaMizer\old\user32.dll

[-] 2004-08-19 12:00 82944 12EAD983C875ED9BCC8B90E3F77F2E4A c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 02:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 02:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\system32\ws2_32.dll
[-] 2008-04-14 02:13 82432 D34F635FF28F2AABEDC95BFEB891864C c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2004-09-29 18:45 659456 5E44C65A8FDF34E023467B13C0305196 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-09-02 23:53 663040 AF06731262917615B4DF9E0E88B7E436 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-10-21 03:39 664064 B94ABC767831F875E95F7F23BD9DB85D c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 04:00 666112 55E5EE815E09F13902009D9338C11176 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 666112 0DB0E3399BE75BBC6448FCBFF9AD55E3 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2008-04-21 06:43 668672 2CE6E1EF74FA3F3D48DFD5278CDDB9B6 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 06:24 669184 A1CB36F94F11DB02626C207469FC1571 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-06-23 15:09 668672 47B9FA081A4CF13CA8AC8E1A7889E11E c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 14:55 669184 4010CEDC2CBB7F1D48B77FEB18EB38E2 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-06-23 15:39 827904 BF9D17259082632F03F3FF5759C6AE32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 8E694EC9DA095E518D9447B3293208EA c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 19:32 827904 F303CFED3D8B8348A54F7A53DDC7CCA0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:47 827904 3F7320E0F75F2B5A7A9AD32AEA08BF21 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:15 828416 C04C42D707CDB4129B86C4E96FA5C24B c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 04:37 828928 D327397F4448DCB912E9FE78C9A94C88 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-05-13 05:07 915456 4D9C680641CC367FEEFE308C6577E0CD c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2004-08-19 12:00 658944 27966534A0820CD3BD988BD1517C8FF2 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 660992 E9967B85C3B594B3556EC1C78A25AD06 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:34 667136 2CDE29A401B990086FC91969D3C6B66A c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 14:00 667648 B05B2F108D1443944234AF75EF70ECE0 c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2007-02-19 15:22 668160 D27C33040D66640D5269FA94A61CBD3A c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-04-18 12:46 813056 9C924E065B0D21B2A8C485863FA70D30 c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-06-26 14:39 668160 7EE33E13EC9B5EDC0D0CF8865C529243 c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-08-22 12:56 668160 2385E8CAF1ED885CAF1F480E3AB0EB05 c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-10-11 06:11 813568 A7221EFCBFB63352437C8A721B6467CB c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2007-12-07 00:45 668672 20BFCC8FB33F90D14EAF57E58101918F c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2008-02-16 09:31 668672 3CBCB268E9DCF7AC46B66559B3D7AF97 c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2008-04-21 06:56 814080 F3BD24D13D5BA3451F9C9071CA1A03C5 c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2008-04-21 06:56 669184 7B396E0FF5F8B3F92AC93F2AE10A022B c:\windows\FlyakiteOSX\Backup\wininet.dll
[-] 2008-06-23 16:12 669696 8F7A6B013FAFBE0D61DB6B589CC70DB7 c:\windows\ie7\wininet.dll
[-] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:15 826368 4B54220877703198E55F61CB7B87979E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:57 826368 D590241CADEC69A1BC157DC0452C92D1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:04 927744 917D4F1ED7A8AC8E33093D5AB85DA4B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 22:31 826368 EF1520F95DD25F48C18502005F5EE995 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:03 826368 0F74B461F95EC8373FFF5990DC619A75 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-04-29 04:45 827392 B7DFEFC4FC10B8AC464FCDCA309267B6 c:\windows\ie8\wininet.dll
[-] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2008-10-16 20:04 927744 917D4F1ED7A8AC8E33093D5AB85DA4B0 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-06-23 16:15 826368 4B54220877703198E55F61CB7B87979E c:\windows\SoftwareDistribution\Download\921eed15ab37cd7c76babbe10158742c\SP2GDR\wininet.dll
[-] 2008-06-23 15:39 827904 BF9D17259082632F03F3FF5759C6AE32 c:\windows\SoftwareDistribution\Download\921eed15ab37cd7c76babbe10158742c\SP2QFE\wininet.dll
[-] 2009-05-13 05:02 915456 F45D1DF0F6FD7AD945824CC9A0CE5597 c:\windows\SoftwareDistribution\Download\a43f6b68276a306bd11b3aa6e0600f9f\SP3GDR\wininet.dll
[-] 2009-05-13 05:07 915456 4D9C680641CC367FEEFE308C6577E0CD c:\windows\SoftwareDistribution\Download\a43f6b68276a306bd11b3aa6e0600f9f\SP3QFE\wininet.dll
[-] 2009-05-13 05:02 915456 F45D1DF0F6FD7AD945824CC9A0CE5597 c:\windows\system32\wininet.dll
[-] 2009-05-13 05:02 915456 F45D1DF0F6FD7AD945824CC9A0CE5597 c:\windows\system32\dllcache\wininet.dll
[-] 2009-05-13 05:02 915456 F45D1DF0F6FD7AD945824CC9A0CE5597 c:\windows\system32\dllcache\cache\wininet.dll
[-] 2008-10-16 20:04 826368 A4C79606C0D9835E8A5A8E5E5804AE60 c:\windows\VistaMizer\old\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-19 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-19 12:00 544256 E6F62282EBAA63BA07FA2DC7198B8D0D c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 02:14 549888 6DC43081C760EEC1130D2C8C145DF375 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 02:14 549888 6DC43081C760EEC1130D2C8C145DF375 c:\windows\system32\winlogon.exe
[-] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\VistaMizer\old\winlogon.exe

[-] 2004-08-19 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2004-08-19 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 18:12 2060672 DE16030E8209FD96EEB06D9E3D8C84A8 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 18:44 2063104 0943F29440085D86A1B9B9C2356B45B4 c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:06 2063104 F89D8E24FBE047506D60B850D00BDEE3 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:14 2069888 FF69166080436A31A3EAC9CC7C3F1847 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 13:37 2066688 B3D66020C1667D33C3429869B191BB13 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 13:22 2069760 93FB9D817B37DF1191B73DB7BC2F4006 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 17:25 2069760 C812D8551FD3B6ACDBF7EB6B18B1B992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 13:42 2061440 4220D4263C7D56A5C2EF425C36EEB8A7 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-19 12:00 2060544 4DC3A3626B02C39AA69AAE6F64BFBC2D c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:06 2060544 8F485CF9683F1220BA27D10281052FCE c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 18:22 2061312 7373BD87175412862CF9E534C6AA5EC9 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 13:22 2327040 6019E2A90D584B4AA41397D4B5B4469A c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 01:54 2069632 5E95F445B70ADCF8876D1203852262A1 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2007-02-28 16:02 2318592 6143E9659FC21C5CD1894186C8EDC154 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 16:02 2061312 49BAEA1D9379DF8CD897AFF9F49BC9DE c:\windows\FlyakiteOSX\Backup\ntkrnlpa.exe
[-] 2008-08-14 13:22 2327040 6019E2A90D584B4AA41397D4B5B4469A c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
[-] 2008-08-14 13:22 2069760 93FB9D817B37DF1191B73DB7BC2F4006 c:\windows\VistaMizer\old\ntkrnlpa.exe

[-] 2005-03-02 18:12 2183296 C120A33C71E706545CF26D6276BC0344 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 18:44 2185728 ECB771F4CC4B5CD2B19B294FBD56F75D c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:06 2185856 763EA08993B467A3AF048EF185B1F805 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:14 2192896 3B5928FCD0DD3E10DEB1C13CA35201F6 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 13:37 2189696 943548E50AB0443F1B1EC5F2C2867FCD c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 13:22 2192896 0F93D9366B222D63F9402F7ED45CF2A4 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 17:25 2192896 0EE73494680235D59F4E57301D7AD580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 13:42 2184064 DA01088AD01BF30A0AEBB62F99E04BC7 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-19 12:00 2184704 4591CF1F202181113DE2996E79A2905A c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:07 2183040 84E6643DB22C06128576AFBF89DFEE70 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 18:22 2184064 B33A2A0E76D3A2FAA044B197E345458C c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 13:22 2450176 D401A34FE3E57DF330AC44916EAF7DFD c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 01:55 2192768 7D804C28404E94F57967DE3394201D55 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 16:02 2441344 8FAAF726DD7F11472F9C2E937CC9ED07 c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 16:02 2184064 5EC517CC0865808DF80D2184B0131D27 c:\windows\FlyakiteOSX\Backup\ntoskrnl.exe
[-] 2008-08-14 13:22 2450176 D401A34FE3E57DF330AC44916EAF7DFD c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\system32\dllcache\cache\ntoskrnl.exe
[-] 2008-08-14 13:22 2192896 0F93D9366B222D63F9402F7ED45CF2A4 c:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2008-04-14 02:14 1554944 287B3020F1324E99F313C9E7FCFCCCCC c:\windows\explorer.exe
[-] 2007-06-13 13:10 1035776 B4E85805BE6D23DE697F7B3BA7492D0B c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:22 1554432 391EB0F3BD36758D332832B71F1456DD c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-19 12:00 1553408 F197D18A05873C2BAD347F5F49287D8E c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 13:22 1035776 7E2817A623E16F830B660F81C0FD63DA c:\windows\FlyakiteOSX\Backup\explorer.exe
[-] 2008-04-14 02:14 1554944 287B3020F1324E99F313C9E7FCFCCCCC c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 02:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\VistaMizer\old\explorer.exe

[-] 2009-02-09 11:14 111104 C79FEAE2F68982259907AB52B0F2676F c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-19 12:00 108544 E77F6FA2A15390F1727F4C1C55B69DA6 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 02:14 109056 DAC0440C89B1EA4E35684896D5BF856E c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 02:14 109056 DAC0440C89B1EA4E35684896D5BF856E c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\system32\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\system32\dllcache\cache\services.exe

[-] 2004-08-19 12:00 13312 0815E8DA286775FA432C7C9EE5E10BA1 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 02:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 02:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\system32\lsass.exe
[-] 2008-04-14 02:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\system32\dllcache\cache\lsass.exe

[-] 2004-08-19 12:00 25088 40DE117B6CCFC031D2DC8B73D82020CF c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 02:14 25088 91B6AAC828F8BBE1796275424E44DFB0 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 02:14 25088 91B6AAC828F8BBE1796275424E44DFB0 c:\windows\system32\ctfmon.exe
[-] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\VistaMizer\old\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-19 12:00 57856 216F8454A9415DD3E451B169DC3121C4 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 02:14 57856 60977C9BAE8F86F9075829325303D0C9 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 02:14 57856 60977C9BAE8F86F9075829325303D0C9 c:\windows\system32\spoolsv.exe
[-] 2008-04-14 02:14 57856 60977C9BAE8F86F9075829325303D0C9 c:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2004-08-19 12:00 25088 C1E7FE19F98A877BF8F941BF48148695 c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 02:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 02:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\system32\userinit.exe
[-] 2008-04-14 02:14 26624 DF69726907357C3ADD243F48902B0331 c:\windows\system32\dllcache\cache\userinit.exe

[-] 2004-08-19 10:00 296960 C06CD1890279603E15020757E02DE56B c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 02:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 02:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\system32\termsrv.dll
[-] 2008-04-14 02:13 296960 FE5A5329CCFC33D645C33077FF04F052 c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2006-07-05 10:57 1029120 4BBAA51F3CE5852AE38C98F3E1272580 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:09 1030144 6D9421A648F26B8640C63D0F8F2B7D48 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:59 1035776 A3A365C46057532F6638D57E4C0B66B8 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 1028608 EB1428078E1D10FDEC060857AA526A9F c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-19 12:00 1027584 FEB3CC200749FF119BB8B08224A1A594 c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:56 1028096 967C4531EA54A7AFC019220206863D1B c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 02:13 1033728 06157539EBB8B87D47B9B6C5DA44B62F c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 02:13 1033728 06157539EBB8B87D47B9B6C5DA44B62F c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 14:06 1033728 5576C1D7AF026D18240ED6A624FD01A2 c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2004-08-19 12:00 17408 41FF9D663219A1DD0397FE2C5B09436C c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 02:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 02:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\system32\powrprof.dll
[-] 2008-04-14 02:13 17408 2F331374433E3FE176BEE155D9BE83E1 c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2004-08-19 12:00 110080 CA38A6091ECAC2668EC99AFD4B6C0615 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 02:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 02:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\system32\imm32.dll
[-] 2008-04-14 02:13 110080 3F970150C170A38FCE423994341205B4 c:\windows\system32\dllcache\cache\imm32.dll

[-] 2004-08-19 12:00 175104 00E50CD4D9247CB56EFC1360C32AB755 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 02:13 175104 9062ED05B7519324FD7F0D6AFB9D1147 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 02:13 175104 9062ED05B7519324FD7F0D6AFB9D1147 c:\windows\system32\appmgmts.dll
[-] 2008-04-14 02:13 175104 9062ED05B7519324FD7F0D6AFB9D1147 c:\windows\system32\dllcache\cache\appmgmts.dll

[-] 2004-08-19 12:00 25088 E883AE6EA0B313E659225AA32E449CE9 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 01:53 25088 28B6EACE513CA7EABA3B809AD4BC274D c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 01:53 25088 28B6EACE513CA7EABA3B809AD4BC274D c:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2008-04-14 01:53 25088 28B6EACE513CA7EABA3B809AD4BC274D c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-19 12:00 1444352 1298C2F7228487A430390768B97923F0 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2004-08-19 12:00 845824 B979BBBA74F4F5DB69C3A5DFDC52828C c:\windows\FlyakiteOSX\Backup\comres.dll
[-] 2008-04-14 02:13 1444352 0FF0C3264283FDEDDAA6A9DE51341A3D c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:13 1444352 0FF0C3264283FDEDDAA6A9DE51341A3D c:\windows\system32\comres.dll
[-] 2008-04-14 02:13 845824 C43124F63818E65CAFA49D3957C3CA67 c:\windows\VistaMizer\old\comres.dll

[-] 2004-08-19 12:00 22016 54260506F6A2589DCF5722E32BDC7CB6 c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 02:13 22016 1E63346FDDB693C8D5D574A49C877A2C c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 02:13 22016 1E63346FDDB693C8D5D574A49C877A2C c:\windows\system32\lpk.dll
[-] 2008-04-14 02:13 22016 1E63346FDDB693C8D5D574A49C877A2C c:\windows\system32\dllcache\cache\lpk.dll

[-] 2001-08-31 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2001-08-31 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2001-08-31 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2001-08-31 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-19 12:00 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys

[-] 2006-11-01 19:18 927504 BB6786F692227DD59F1C872CCA19282D c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-19 12:00 924432 907601D4078A5526CDA46536A4288E44 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 02:13 927504 EE45F8D08BAEDA5316EA2C4F0B3C07AF c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:13 927504 EE45F8D08BAEDA5316EA2C4F0B3C07AF c:\windows\system32\mfc40u.dll
[-] 2008-04-14 02:13 927504 EE45F8D08BAEDA5316EA2C4F0B3C07AF c:\windows\system32\dllcache\cache\mfc40u.dll

[-] 2005-04-28 19:35 396288 1A2A2A1AB10CF25ABF99CC79909C2DB5 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:27 398336 F683B6ED87C7DCE1FB51A7D113DE0346 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2009-02-09 10:55 401408 91F797DFBC1416FCEA76AD76FE07DA89 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2005-07-26 04:40 397824 CC41F9D29EDD55037A4C26E70C175528 c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2004-08-19 12:00 395776 0C015AB735A4624C44CB5696E9208C4C c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:32 395776 A5BC1A3B9F42ED4AB65804CEC4A7F69C c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2008-04-14 02:13 399360 DB0C9517C2374D86A18DBFA12B35B129 c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 02:13 399360 DB0C9517C2374D86A18DBFA12B35B129 c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2009-02-09 10:51 401408 BC4E0226341AAEC1222336B3AED86BAB c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:51 401408 BC4E0226341AAEC1222336B3AED86BAB c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 10:51 401408 BC4E0226341AAEC1222336B3AED86BAB c:\windows\system32\dllcache\cache\rpcss.dll

[-] 2004-08-19 12:00 33792 3777AB9537D05BFD404B0FBC13A140A6 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 02:13 33792 3B32F662C8607E891F325E41F7EE225C c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 02:13 33792 3B32F662C8607E891F325E41F7EE225C c:\windows\system32\msgsvc.dll
[-] 2008-04-14 02:13 33792 3B32F662C8607E891F325E41F7EE225C c:\windows\system32\dllcache\cache\msgsvc.dll

[-] 2006-08-25 15:51 724992 36DF8AD4EA40ECE91B553BD3866481B3 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-19 12:00 611328 0FE5F5912C30795C455A9645970E6C7C c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2006-08-25 15:51 617472 EFA21A3FE23BBCFDB6F61A3AF723E05A c:\windows\FlyakiteOSX\Backup\comctl32.dll
[-] 2008-04-14 02:13 724992 97CBB1689BB951AD8DEE44C9F9C44318 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 02:13 724992 97CBB1689BB951AD8DEE44C9F9C44318 c:\windows\system32\comctl32.dll
[-] 2008-04-14 02:13 617472 10AA0E13B4D20EE798E3382C9B89B3E3 c:\windows\VistaMizer\old\comctl32.dll
[-] 2004-08-19 10:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\InstallTemp\66252\comctl32.dll
[-] 2004-08-19 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\InstallTemp\66502\comctl32.dll
[-] 2004-08-19 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-19 12:00 1050624 D81759006D620D41F7FD1D2A4A10C7F3 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:51 1054208 837B282813808C17E9C94E56300AA29E c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2008-04-14 02:11 1054208 9530E35D9033ACED20CDA2509A21073A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2004-08-19 12:00 12160 49AC5CD87FBDDA62F3E25190019E7627 c:\windows\system32\dllcache\cache\acpiec.sys
[-] 2004-08-19 12:00 12160 49AC5CD87FBDDA62F3E25190019E7627 c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-19 12:00 5120 E6F026DBC75B6EED7331EBF581AFD4D8 c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 02:13 5120 DA19147BEED619CAB738FE191BA0CD7C c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 02:13 5120 DA19147BEED619CAB738FE191BA0CD7C c:\windows\system32\sfc.dll
[-] 2008-04-14 02:13 5120 DA19147BEED619CAB738FE191BA0CD7C c:\windows\system32\dllcache\cache\sfc.dll

[-] 2004-08-19 12:00 407040 926BB51BB6DE79DEDB93E9C2B0811CCF c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 02:13 407040 E1DACEE13CAF8E118416399ABD2A08D9 c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 02:13 407040 E1DACEE13CAF8E118416399ABD2A08D9 c:\windows\system32\netlogon.dll

[-] 2004-08-19 10:00 171008 BA4E8AC9A60C4527C969D08F3ABE9D36 c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 02:13 171520 B3E3DA70A7A76E69B872DE3D06D32C19 c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 02:13 171520 B3E3DA70A7A76E69B872DE3D06D32C19 c:\windows\system32\srsvc.dll

[-] 2004-08-19 12:00 437248 6D96A941EED90224486F9AF30B9666E1 c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 02:13 437248 89DB90B5F35D2795D9FC56D933CC72B8 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:13 437248 89DB90B5F35D2795D9FC56D933CC72B8 c:\windows\system32\ntmssvc.dll

[-] 2004-08-19 12:00 89088 84D4005E21A887F87D943D9526020531 c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 02:13 88576 9839B418343D6E6E52659BDF3FF1FE67 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 02:13 88576 9839B418343D6E6E52659BDF3FF1FE67 c:\windows\system32\rasauto.dll

[-] 2004-08-19 12:00 1548288 0F9AAB130D89786A59F8F93A9E23C658 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 02:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 02:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 02:13 1571840 CE7DB8EE1C9BD8A40F84529DDC28B0D8 c:\windows\system32\dllcache\cache\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-07-17_12.59.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-14 13:02 . 2008-05-14 13:02 16896 c:\windows\system32\S24NCfg.dll
+ 2005-03-29 05:37 . 2009-07-31 09:47 78804 c:\windows\system32\perfc009.dat
- 2005-03-29 05:37 . 2009-04-16 07:17 78804 c:\windows\system32\perfc009.dat
+ 2008-08-13 15:23 . 2008-08-13 15:23 11904 c:\windows\system32\drivers\s24trans.sys
+ 2009-07-17 18:16 . 2009-07-17 18:16 49152 c:\windows\Installer\{72EEB695-388B-4835-8EA6-0C04545B06B9}\NewShortcut1_EC2A9EA7A46E48B9A0FD04BC5EF9F6A5.exe
+ 2009-07-17 18:16 . 2009-07-17 18:16 9110 c:\windows\Installer\{72EEB695-388B-4835-8EA6-0C04545B06B9}\ARPPRODUCTICON.exe
+ 2005-03-29 05:37 . 2009-07-31 09:47 466146 c:\windows\system32\perfh009.dat
- 2005-03-29 05:37 . 2009-04-16 07:17 466146 c:\windows\system32\perfh009.dat
+ 2009-07-17 14:15 . 2007-02-12 19:40 557056 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2c32.dll
+ 2009-07-17 17:46 . 2008-06-20 08:32 663552 c:\windows\system32\DRVSTORE\netw5x32_D5D0E44792B0452958414D32626987C3E12635A2\NETw5c32.dll
+ 2009-07-17 14:15 . 2008-06-20 17:32 663552 c:\windows\system32\DRVSTORE\netw5x32_89C90A37830F348FCEEF2A9500D9D51FD91050A9\NETw5c32.dll
+ 2005-10-28 17:11 . 2005-10-28 17:11 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2007-01-17 13:35 . 2007-02-12 19:41 2732032 c:\windows\system32\Netw2r32.dll
- 2007-01-17 13:35 . 2007-02-12 10:41 2732032 c:\windows\system32\Netw2r32.dll
+ 2009-07-17 14:15 . 2008-01-07 21:36 2216064 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.sys
+ 2009-07-17 14:15 . 2008-01-07 21:39 2212352 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n50.sys
+ 2009-07-17 14:15 . 2007-02-12 19:41 2732032 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2r32.dll
+ 2009-07-17 17:46 . 2009-05-28 20:23 4203392 c:\windows\system32\DRVSTORE\netw5x32_D5D0E44792B0452958414D32626987C3E12635A2\NETw5x32.sys
+ 2009-07-17 17:46 . 2008-06-20 08:33 2756608 c:\windows\system32\DRVSTORE\netw5x32_D5D0E44792B0452958414D32626987C3E12635A2\NETw5r32.dll
+ 2009-07-17 14:15 . 2009-03-04 17:31 4202496 c:\windows\system32\DRVSTORE\netw5x32_89C90A37830F348FCEEF2A9500D9D51FD91050A9\NETw5x32.sys
+ 2009-07-17 14:15 . 2008-06-20 17:33 2756608 c:\windows\system32\DRVSTORE\netw5x32_89C90A37830F348FCEEF2A9500D9D51FD91050A9\NETw5r32.dll
+ 2005-03-29 08:15 . 2008-01-07 21:36 2216064 c:\windows\system32\drivers\w29n51.sys
+ 2009-07-17 18:16 . 2009-07-17 18:16 5950976 c:\windows\Installer\31e8d6.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1831424]
"H/PC Connection Agent"="c:\documents and settings\Federico\wcescomm.exe" [2005-11-15 1204224]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [2007-07-15 5674352]
"Veoh"="c:\programmi\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2007-11-12 21760296]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"Vidalia"="c:\programmi\Vidalia Bundle\Vidalia\vidalia.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-10-30 192512]
"PadTouch"="c:\programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 675840]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"TOSHIBA Accessibility"="c:\programmi\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 24576]
"HWSetup"="c:\programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672]
"SVPWUTIL"="c:\programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 118784]
"Tvs"="c:\programmi\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-13 122939]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"FLMOFFICE4DMOUSE"="c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2006-12-11 370176]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-30 1948440]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"UVS12 Preload"="c:\programmi\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"Option Bib Logo Log"="c:\documents and settings\All Users\Dati applicazioni\LICENSE ADMIN OPTION BIB\keep locks.exe" [BU]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-10-28 88363]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-07-14 24576]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-02-17 266240]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-02-16 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

c:\documents and settings\Riccardo\Menu Avvio\Programmi\Esecuzione automatica\
Stardock ObjectDock.lnk - c:\programmi\Stardock\ObjectDock\ObjectDock.exe [2008-6-22 3581680]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-3-30 25214]
Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Post-it© Digital Notes.lnk - c:\programmi\3M\PDNotes\PDNotes.exe [2006-3-21 6485528]
Toshiba VoIP Phone.lnk - c:\programmi\Toshiba\Toshiba VoIP Phone\ToshibaVoIPPhone.exe [2007-6-16 262144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 11:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Federico\\rapimgr.exe"=
"c:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Programmi\\Azureus\\Azureus.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4:TCP"= 4:TCP:*:Disabled:msn
"5:UDP"= 5:UDP:*:Disabled:msn
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/12/2008 13.01.50 335752]
R1 is-BF7BQdrv;is-BF7BQdrv;c:\windows\system32\drivers\44849258.sys [22/07/2008 21.42.03 148496]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 17.17.40 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 17.17.38 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/12/2008 13.01.34 298776]
R3 AtmElan;LAN ATM emulata;c:\windows\system32\drivers\atmlane.sys [19/08/2004 14.00.00 55808]
S2 is-BF7BQ;is-BF7BQ;"c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-BF7BQ\is-BF7BQ.exe" -r -->

c:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\is-BF7BQ\is-BF7BQ.exe [?]

S2 LoadDLLServ;LoadDLLServ;c:\documents and settings\Federico\Dati applicazioni\SysServDLL32.exe -->

c:\documents and settings\Federico\Dati applicazioni\SysServDLL32.exe [?]

S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [13/10/2006 21.39.52 36224]
S3 AtmLane;Emulazione LAN ATM;c:\windows\system32\drivers\atmlane.sys [19/08/2004 14.00.00 55808]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 17.17.42 7408]
S3 ulusba;NEC 616 Command Port Driver;c:\windows\system32\drivers\ulusba.sys [13/10/2006 21.04.56 25856]
S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\drivers\ulusbc.sys [13/10/2006 21.02.13 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\drivers\ulusbe.sys [13/10/2006 21.02.13 12928]
S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\drivers\ulusbm.sys [13/10/2006 21.04.56 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\programmi\PixiePack Codec Pack\InstallerHelper.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

2009-07-31 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-07 17:04]

2009-07-31 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-07-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
IE: &Search - ?p=ZNfox000
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: 1
Trusted Zone: 2
Trusted Zone: 3
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Riccardo\Dati applicazioni\Mozilla\Firefox\Profiles\iqut7qal.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 15:59
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3015640899-1514982267-2402615733-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FBACEA22-5206-7903-4DDF-515CE525EEE2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abcpoanidbijmfpdihbbhpnakjhibjbihp"=hex:61,61,00,00
"bbcpoanidbijmfpdihabmdcgidpljmkfihaj"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\setupapi.dll
.
Ora fine scansione: 2009-07-31 16.08.42
ComboFix-quarantined-files.txt 2009-07-31 14:07
ComboFix2.txt 2009-07-17 13:07
ComboFix3.txt 2009-05-01 14:00
ComboFix4.txt 2009-01-31 16:13
ComboFix5.txt 2009-07-31 13:45

Pre-Run: 6.432.014.336 byte disponibili
Post-Run: 6.486.724.608 byte disponibili

587 --- E O F --- 2009-07-16 11:08

Vedi nulla che mi possa aiutare?

da **bellicomericky** » ven lug 31, 2009 3:17 pm

Hai per caso uno script o una sorta di elenco dei file che occorrono al pc (e quindi della wifi) da far eseguire?!?!
Non esiste una procedura del genere..tipo di ripristino dei file di sistema!(come programma..nn console di ripristino..ma se può servire..)

da **Amantide** » ven lug 31, 2009 3:54 pm

bellicomericky ha scritto:Ho trovato questo procedimento su un altro forum!! ho trascinato questo script sull'icona di combofix e come risultato mi ha dato questo log

E' un procedimento alquanto inutile, visto che gli script per Combofix sono strettamente personali e si possono comporre solo dopo aver visionato il log di Combofix.

bellicomericky ha scritto:Hai per caso uno script o una sorta di elenco dei file che occorrono al pc (e quindi della wifi) da far eseguire?!?! Non esiste una procedura del genere..tipo di ripristino dei file di sistema!(come programma..nn console di ripristino..ma se può servire..)

Erano compresi nel tool postato da Ste_95, che tu hai detto di aver già eseguito.

Mentre finisco a controllare il log, controlla su www.virustotal.com questo file e vedi di che specie di bestiaccia si tratta:

c:\documents and settings\Federico\Dati applicazioni\SysServDLL32.exe

www.MegaLab.it

Dopo scansione Combofix Wifi non funziona!!

Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Re: Dopo scansione Combofix Wifi non funziona!!

Chi c’è in linea