www.MegaLab.it

da **giuly** » dom set 06, 2009 1:52 am

Ciao ragazzi
vi posto file di log di Hijackthis, ho eliminato quello su cui mi sentivo più sicura, altre cose aspetto un vostro consiglio [;)]

Prima di passare hijackthis, ho passato Ccleaner poi Ad Aware, e diversi scan on line che non mi hanno trovato nulla.

Anche gli scan on line non hanno trovato niente ma io sono "infestata"icone che spariscono, oppure cambiano nome e disegno, e ho troppe anomalie sul computer tipiche di spy e malware.
Io uso Avast come antivirus, nei log c'è Avira perché lo avevo provato una volta, poi l'ho disinstallato correttamente, ma inspiegabilmente è tornato...e mi sono apparse le iconcine. [cry]

E in fase di boot mi erano partiti tutti e due insieme [uhm]

Il primo effetto dopo la fix, mi è sparita la fotografia dello sfondo, spero di non aver fatto altri casotti...
Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.29.17, on 06/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://service4.symantec.com/SUPPORT/na ... 1209131106
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.70:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iet;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Programmi\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5816 bytes

da **ste_95** » dom set 06, 2009 6:16 am

Nel log non si vede nulla.

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto: [LOG]qui va inserito il log[/LOG]

da **giuly** » dom set 06, 2009 10:32 am

Grazie Ste
ora inserisco l'ultimo log di Hijacktis. Stamattina il pc lentissimo e si è spento da solo
Ho passato spy bot,
aveva rilevato violazioni alla sicurezza di Internet Explorer ma prima che finisse la sua scansione il pc si è riavviato da solo!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.31.53, on 06/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://service4.symantec.com/SUPPORT/na ... 1209131106
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TU ME HACE BIEN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.70:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iet;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5114 bytes

da **giuly** » dom set 06, 2009 11:18 am

Ecco ho fatto la scansione con il Combo
ti posto il log, per me è un po difficile capirci qualcosa.. [acc2]

che devo fare adesso?

grazie mille

ComboFix 09-09-03.02 - Giuly 06/09/2009 12.01.36.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.255.97 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuly\Documenti\MANUTENZIONE PC\COMBO FIX\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: avast! antivirus 4.8.1351 [VPS 090905-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2052111302-436374069-1060284298-1003
c:\recycler\S-1-5-21-2163189065-379671059-1944491143-1003
c:\windows\Installer\1182cde.msp
c:\windows\Installer\9170e.msp
c:\windows\Installer\a5810.msp
c:\windows\system32\sirenacm(2).dll

.
((((((((((((((((((((((((( Files Creati Da 2009-08-06 al 2009-09-06 )))))))))))))))))))))))))))))))))))
.

2009-09-05 21:25 . 2009-09-05 21:23 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-05 21:17 . 2009-09-05 21:17 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-09-05 21:16 . 2009-09-05 21:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-09-05 21:16 . 2009-09-05 21:16 -------- d-----w- c:\programmi\Lavasoft
2009-09-05 19:09 . 2009-09-05 19:09 -------- d-----w- C:\VundoFix Backups
2009-09-05 18:23 . 2009-09-05 18:23 -------- d-----w- c:\programmi\Trend Micro
2009-09-05 16:14 . 2009-09-05 16:32 -------- d-----w- c:\windows\BDOSCAN8
2009-09-05 15:18 . 2009-09-06 01:42 -------- d-----w- c:\programmi\Wise Registry Cleaner
2009-09-05 14:49 . 2009-09-06 01:49 -------- d-----w- c:\programmi\Wise Disk Cleaner
2009-09-05 13:08 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-05 13:08 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-05 13:08 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-05 13:08 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-05 13:07 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-05 13:07 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-05 13:07 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-05 13:07 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-05 13:06 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-05 13:06 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-05 13:06 . 2009-09-05 13:06 -------- d-----w- c:\programmi\Alwil Software
2009-09-05 12:35 . 2009-09-05 12:43 -------- d-----w- C:\verme schifoso
2009-09-05 04:21 . 2009-09-05 17:15 23584800 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-05 01:25 . 2009-09-05 01:37 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-05 01:20 . 2009-09-05 01:20 -------- d--h--w- c:\windows\PIF
2009-09-05 00:42 . 2009-09-05 00:42 119764 ----a-w- C:\cc_20090905_024156 bkp notturno.reg
2009-09-05 00:27 . 2009-09-05 03:36 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-04 22:08 . 2009-07-28 14:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-04 22:08 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-04 22:08 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-04 22:08 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-04 22:08 . 2009-09-04 22:08 -------- d-----w- c:\programmi\Avira
2009-09-04 22:08 . 2009-09-04 22:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-09-04 20:01 . 2009-09-04 20:01 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-04 20:00 . 2009-09-06 09:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-04 17:54 . 2009-09-05 00:39 -------- d-----w- c:\programmi\Prevx
2009-09-02 12:08 . 2009-09-02 12:08 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\Foxit
2009-09-02 11:53 . 2009-09-02 12:17 -------- d-----w- c:\programmi\Foxit Software
2009-09-02 10:19 . 2009-09-02 10:19 4828 ----a-w- C:\cc_20090902_121848.reg
2009-09-02 06:20 . 2009-09-02 06:20 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-01 15:15 . 2002-09-10 07:00 82501 ----a-w- c:\windows\system32\dllcache\bckg.dll
2009-09-01 15:15 . 2002-09-10 07:00 1817687 ----a-w- c:\windows\system32\dllcache\bckgres.dll
2009-09-01 15:15 . 2002-09-10 07:00 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll
2009-09-01 15:15 . 2002-09-10 07:00 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll
2009-09-01 15:15 . 2002-09-10 07:00 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll
2009-08-28 17:10 . 2009-08-28 17:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GARMIN
2009-08-28 16:35 . 2009-08-28 16:35 -------- d-----w- c:\programmi\Garmin GPS Plugin
2009-08-28 16:35 . 2009-08-28 16:35 -------- d-----w- c:\programmi\Garmin
2009-08-12 10:02 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-09 12:33 . 2009-08-09 12:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-09 12:33 . 2009-08-09 12:33 -------- d-----w- c:\programmi\MSBuild
2009-08-09 12:32 . 2009-08-09 12:32 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-09 12:28 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 12:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-09 12:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 12:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 12:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 12:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-09 12:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 12:28 . 2009-08-09 12:30 -------- d-----w- C:\8afa6da130f9d5cd4338ff
2009-08-08 10:04 . 2009-08-08 10:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-08 10:04 . 2009-08-08 10:08 -------- d-----w- c:\programmi\iTunes
2009-08-08 09:50 . 2009-08-08 09:55 -------- d-----w- c:\programmi\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 17:15 . 2009-09-05 04:21 277460 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-05 09:56 . 2005-01-03 19:00 -------- d-----w- c:\programmi\File comuni\Nokia
2009-09-05 09:56 . 2005-01-03 19:00 -------- d-----w- c:\programmi\Nokia
2009-09-01 15:09 . 2003-10-04 01:17 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\MSN6
2009-08-31 19:29 . 2003-07-21 11:40 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-30 09:14 . 2008-12-13 14:26 3364 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-30 08:48 . 2004-12-25 12:34 28024 ----a-w- c:\documents and settings\Giuly\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-28 17:10 . 2008-08-22 10:08 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\GARMIN
2009-08-28 16:35 . 2007-01-21 13:45 -------- d-----w- c:\programmi\DIFX
2009-08-09 12:58 . 2002-09-23 08:18 79626 ----a-w- c:\windows\system32\perfc010.dat
2009-08-09 12:58 . 2002-09-23 08:18 479874 ----a-w- c:\windows\system32\perfh010.dat
2009-08-09 08:18 . 2007-10-13 11:04 -------- d-----w- c:\programmi\File comuni\Apple
2009-08-08 10:28 . 2003-07-21 12:00 -------- d-----w- c:\programmi\Microsoft Works
2009-08-08 10:07 . 2006-02-26 18:42 -------- d-----w- c:\programmi\iPod
2009-08-05 08:59 . 2002-12-11 22:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2002-09-10 02:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2003-07-21 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:55 . 2004-08-23 19:35 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2004-08-19 22:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2002-09-10 02:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-09-10 02:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-09-10 02:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-09-10 02:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-09-10 02:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-09-10 02:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-09-10 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-09-10 02:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-09-10 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-09-10 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 12:28 . 2009-06-15 12:28 144976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\pswi_pcuui.exe
2009-06-15 12:08 . 2009-06-15 12:08 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-15 12:08 . 2009-06-15 12:08 8 --sh--r- c:\windows\system32\D90E9B2181.sys
2009-06-15 11:22 . 2009-06-15 11:22 1402448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\pswi_preloaded.exe
2009-06-15 10:43 . 2002-09-10 02:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-09-10 02:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2002-09-10 02:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2002-09-10 02:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2003-05-01 180316]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-24 327680]
"PRONoMgr.exe"="c:\programmi\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 86016]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 36864]
"AdaptecDirectCD"="c:\programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-05 520024]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-05-06 88267]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-1-20 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-03-24 10:26 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIModeChange"=Ati2mdxx.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05/09/2009 23.25.12 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/09/2009 15.07.55 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/09/2009 15.07.55 20560]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [17/07/2003 8.44.24 18848]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [04/10/2003 8.20.14 26240]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21.06.55 1029456]
S3 uteznja4;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uteznja4.sys -->

c:\windows\system32\Drivers\uteznja4.sys [?]

.
Contenuto della cartella 'Scheduled Tasks'

2009-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:23]

2009-09-05 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\programmi\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-09-05 13:35]

2009-09-05 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\programmi\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-09-05 10:55]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://service4.symantec.com/SUPPORT/na ... 1209131106
uInternet Settings,ProxyServer = 172.16.0.70:80
uInternet Settings,ProxyOverride = *.iet;<local>;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 12:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????????h????????? ?pTB???????????????B????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3453765963-252631013-1518390747-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\System32\LgNotify.dll
.
Ora fine scansione: 2009-09-06 12.17.24
ComboFix-quarantined-files.txt 2009-09-06 10:16

Pre-Run: 17.782.300.672 byte disponibili
Post-Run: 18.071.470.080 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

216 --- E O F --- 2009-08-28 22:22

da **ste_95** » dom set 06, 2009 5:35 pm

Carica questo file su VirusTotal:
c:\windows\system32\Drivers\uteznja4.sys

da **Amantide** » dom set 06, 2009 6:35 pm

ste_95 ha scritto:Carica questo file su VirusTotal:
c:\windows\system32\Drivers\uteznja4.sys

Dovrebbe essere questo:
AVZ Antiviral Toolkit

da **giuly** » dom set 06, 2009 8:19 pm

ste_95 ha scritto:Carica questo file su VirusTotal:
c:\windows\system32\Drivers\uteznja4.sys

...il file non esiste più... l'ho cercato, anche visualizzando i file nascosti ma nulla...

da **giuly** » lun set 07, 2009 1:07 am

Ho provato a fare una nuova scansione con Combo il log qui :

ComboFix 09-09-05.03 - Giuly 06/09/2009 22.57.48.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.255.98 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuly\Desktop\MIAQ0.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: avast! antivirus 4.8.1351 [VPS 090906-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Giuly\IMPOST~1\Temp\catchme.dll
c:\documents and settings\Giuly\Impostazioni locali\temp\catchme.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-08-06 al 2009-09-06 )))))))))))))))))))))))))))))))))))
.

2009-09-06 17:10 . 2009-09-06 17:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-09-06 17:08 . 2009-09-06 17:09 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-09-06 17:08 . 2009-09-06 17:08 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\SUPERAntiSpyware.com
2009-09-06 17:03 . 2009-09-06 17:03 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-09-06 16:06 . 2009-09-06 16:06 -------- d-----w- C:\VundoFix Backups
2009-09-06 09:54 . 2009-09-06 10:17 -------- d-----w- C:\butterfly
2009-09-05 21:25 . 2009-09-05 21:23 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-05 21:17 . 2009-09-05 21:17 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-09-05 21:16 . 2009-09-05 21:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-09-05 21:16 . 2009-09-05 21:16 -------- d-----w- c:\programmi\Lavasoft
2009-09-05 18:23 . 2009-09-05 18:23 -------- d-----w- c:\programmi\Trend Micro
2009-09-05 16:14 . 2009-09-05 16:32 -------- d-----w- c:\windows\BDOSCAN8
2009-09-05 15:18 . 2009-09-06 01:42 -------- d-----w- c:\programmi\Wise Registry Cleaner
2009-09-05 14:49 . 2009-09-06 18:12 -------- d-----w- c:\programmi\Wise Disk Cleaner
2009-09-05 13:08 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-05 13:08 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-05 13:08 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-05 13:08 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-05 13:07 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-05 13:07 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-05 13:07 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-05 13:07 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-05 13:06 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-05 13:06 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-05 13:06 . 2009-09-05 13:06 -------- d-----w- c:\programmi\Alwil Software
2009-09-05 04:21 . 2009-09-05 17:15 23584800 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-05 01:25 . 2009-09-05 01:37 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-05 01:20 . 2009-09-05 01:20 -------- d--h--w- c:\windows\PIF
2009-09-05 00:42 . 2009-09-05 00:42 119764 ----a-w- C:\cc_20090905_024156 bkp notturno.reg
2009-09-05 00:27 . 2009-09-05 03:36 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-04 22:08 . 2009-07-28 14:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-04 22:08 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-04 22:08 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-04 22:08 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-04 22:08 . 2009-09-04 22:08 -------- d-----w- c:\programmi\Avira
2009-09-04 22:08 . 2009-09-04 22:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-09-04 20:01 . 2009-09-04 20:01 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-04 20:00 . 2009-09-06 09:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-04 17:54 . 2009-09-05 00:39 -------- d-----w- c:\programmi\Prevx
2009-09-02 12:08 . 2009-09-02 12:08 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\Foxit
2009-09-02 11:53 . 2009-09-02 12:17 -------- d-----w- c:\programmi\Foxit Software
2009-09-02 10:19 . 2009-09-02 10:19 4828 ----a-w- C:\cc_20090902_121848.reg
2009-09-02 06:20 . 2009-09-02 06:20 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-01 15:15 . 2002-09-10 07:00 82501 ----a-w- c:\windows\system32\dllcache\bckg.dll
2009-09-01 15:15 . 2002-09-10 07:00 1817687 ----a-w- c:\windows\system32\dllcache\bckgres.dll
2009-09-01 15:15 . 2002-09-10 07:00 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll
2009-09-01 15:15 . 2002-09-10 07:00 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll
2009-09-01 15:15 . 2002-09-10 07:00 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll
2009-08-28 17:10 . 2009-08-28 17:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GARMIN
2009-08-28 16:35 . 2009-08-28 16:35 -------- d-----w- c:\programmi\Garmin GPS Plugin
2009-08-28 16:35 . 2009-08-28 16:35 -------- d-----w- c:\programmi\Garmin
2009-08-12 10:02 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-09 12:33 . 2009-08-09 12:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-09 12:33 . 2009-08-09 12:33 -------- d-----w- c:\programmi\MSBuild
2009-08-09 12:32 . 2009-08-09 12:32 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-09 12:28 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 12:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-09 12:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 12:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 12:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 12:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-09 12:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 12:28 . 2009-08-09 12:30 -------- d-----w- C:\8afa6da130f9d5cd4338ff
2009-08-08 10:04 . 2009-08-08 10:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-08 10:04 . 2009-08-08 10:08 -------- d-----w- c:\programmi\iTunes
2009-08-08 09:50 . 2009-08-08 09:55 -------- d-----w- c:\programmi\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 17:15 . 2009-09-05 04:21 277460 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-05 09:56 . 2005-01-03 19:00 -------- d-----w- c:\programmi\File comuni\Nokia
2009-09-05 09:56 . 2005-01-03 19:00 -------- d-----w- c:\programmi\Nokia
2009-09-01 15:09 . 2003-10-04 01:17 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\MSN6
2009-08-31 19:29 . 2003-07-21 11:40 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-30 09:14 . 2008-12-13 14:26 3364 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-30 08:48 . 2004-12-25 12:34 28024 ----a-w- c:\documents and settings\Giuly\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-28 17:10 . 2008-08-22 10:08 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\GARMIN
2009-08-28 16:35 . 2007-01-21 13:45 -------- d-----w- c:\programmi\DIFX
2009-08-09 12:58 . 2002-09-23 08:18 79626 ----a-w- c:\windows\system32\perfc010.dat
2009-08-09 12:58 . 2002-09-23 08:18 479874 ----a-w- c:\windows\system32\perfh010.dat
2009-08-09 08:18 . 2007-10-13 11:04 -------- d-----w- c:\programmi\File comuni\Apple
2009-08-08 10:28 . 2003-07-21 12:00 -------- d-----w- c:\programmi\Microsoft Works
2009-08-08 10:07 . 2006-02-26 18:42 -------- d-----w- c:\programmi\iPod
2009-08-05 08:59 . 2002-12-11 22:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2002-09-10 02:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2003-07-21 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:55 . 2004-08-23 19:35 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2004-08-19 22:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2002-09-10 02:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-09-10 02:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-09-10 02:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-09-10 02:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-09-10 02:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-09-10 02:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-09-10 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-09-10 02:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-09-10 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-09-10 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 12:28 . 2009-06-15 12:28 144976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\pswi_pcuui.exe
2009-06-15 12:08 . 2009-06-15 12:08 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-15 12:08 . 2009-06-15 12:08 8 --sh--r- c:\windows\system32\D90E9B2181.sys
2009-06-15 11:22 . 2009-06-15 11:22 1402448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\pswi_preloaded.exe
2009-06-15 10:43 . 2002-09-10 02:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-09-10 02:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2002-09-10 02:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2002-09-10 02:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2003-05-01 180316]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-24 327680]
"PRONoMgr.exe"="c:\programmi\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 86016]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 36864]
"AdaptecDirectCD"="c:\programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-05 520024]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-05-06 88267]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-1-20 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-03-24 10:26 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIModeChange"=Ati2mdxx.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05/09/2009 23.25.12 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/09/2009 15.07.55 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/09/2009 15.07.55 20560]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [17/07/2003 8.44.24 18848]
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:23]

2009-09-05 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\programmi\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-09-05 13:35]

2009-09-05 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\programmi\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-09-05 10:55]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-Wdf01000.sys

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://service4.symantec.com/SUPPORT/na ... 1209131106
uInternet Settings,ProxyServer = 172.16.0.70:80
uInternet Settings,ProxyOverride = *.iet;<local>;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 01:43
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????????h????????? ?pTB???????????????B????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3453765963-252631013-1518390747-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\LgNotify.dll

- - - - - - - > 'explorer.exe'(4068)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\RegSrvc.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-06 1.58.05 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-06 23:57
ComboFix2.txt 2009-09-06 10:17

Pre-Run: 17.950.830.592 byte disponibili
Post-Run: 17.910.611.968 byte disponibili

233 --- E O F --- 2009-08-28 22:22

E l'unico che riesce a finirmi tutta la scansione.
Gli altri tool che ho provato, partono sembrano andare...ma poi si bloccano e il computer si spegne e al riavvio non ci sono più.
Ci sono ancora delle cartelle di Avira, dopo che lo avevo disinstallato, se vado sopra queste cartelle non me le fa eliminare, [nonono]

con diversi messaggi di accesso negato.. logicamente da Ccleaner e da installazioni/applicazioni di windows non c'è nemmeno l'ombra..

[grazie]

da **Amantide** » lun set 07, 2009 12:21 pm

Purtroppo nel log di Combofix non si vede nulla di sospetto [uhm]

Intanto per rimuovere i residui di Avira puoi usare questo tool.

Prova anche ad eseguire le scansioni conKaspersky Virus Removal Tool e con Avira Antivir RescueCD.

da **giuly** » ven set 11, 2009 10:59 am

Help me!La situazione peggiora... i sintomi:
-alcune cartelle sotto C:\ appaiono improvvisamente o peggio cambiano nome... le icone talvolta rimangono uguali..ho cartelle vuote o con dentro cartelle che si chiamano "_N" anche queste vuote, oppure config.msi ... anche risorse del computer certe volte si chiama addirittura "combofix"
Il nome utente alla fase di avvio è cambiato!Per fortuna la pwd no..
Spybot mi aveva rilevato solo 2 cookie traccianti.
L'HijackThis mi parte e poi va in errore.
Ogni volta che passo il combo sembra andare meglio ma poi ritorno alla situazione di prima.
Anche se alcune volte ricevo il msg che il file è corrotto..allora lo elimino, scarico di nuovo e lo faccio partire e allora va.
AVG non è più sulla macchina, ho scaricato anche i tool per rimuoverlo, passati diverse volte poi ricercato a mano e nessuna traccia, ma il combo lo continua a vedere.
Non so più che fare [cry]

Gli scanonline non mi trovano nulla.. Vorrei fare qualcosa ma ho paura! [boh]

Grazie

Vi allego l'ultimo log del Combo

ComboFix 09-09-10.01 - Giuly 11/09/2009 10.52.28.10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.255.100 [GMT 2:00]
Eseguito da: c:\qoobox\eddaje.exe
AV: avast! antivirus 4.8.1351 [VPS 090910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Creati Da 2009-08-11 al 2009-09-11 )))))))))))))))))))))))))))))))))))
.

2009-09-11 00:20 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\33200207.sys
2009-09-10 23:57 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\40482505.sys
2009-09-10 23:57 . 2009-09-11 00:07 -------- d-----w- C:\Virus Removal Tool
2009-09-10 23:17 . 2009-09-10 23:17 -------- d-----w- c:\programmi\ESET
2009-09-10 23:12 . 2009-09-11 08:49 -------- d-----w- C:\ComboFix
2009-09-10 23:08 . 2009-09-10 23:08 -------- d-----w- C:\Nuova cartella
2009-09-10 16:27 . 2009-09-11 00:39 1069088 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-10 16:18 . 2008-07-09 07:05 42384 ----a-w- c:\windows\zllsputility_loc0410.dll
2009-09-10 16:15 . 2009-09-10 16:15 -------- d-----w- c:\programmi\Zone Labs
2009-09-10 15:40 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 15:18 . 2009-09-10 15:18 -------- d-----w- c:\documents and settings\Giuly\Impostazioni locali\Dati applicazioni\Runscanner.net
2009-09-10 12:12 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-10 12:12 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-10 12:12 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-10 12:12 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 12:12 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-10 12:12 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-10 12:12 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-10 12:12 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-10 12:11 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-10 12:11 . 2009-09-10 12:11 -------- d-----w- c:\programmi\Alwil Software
2009-09-09 15:30 . 2009-09-10 10:59 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\CheckPoint
2009-09-09 15:05 . 2009-09-09 15:05 144 ----a-w- c:\windows\system32\lkfl.dat
2009-09-09 15:04 . 2009-09-10 10:58 96 ----a-w- c:\windows\system32\pdfl.dat
2009-09-09 15:04 . 2009-09-09 15:04 80 ----a-w- c:\windows\system32\ibfl.dat
2009-09-09 15:04 . 2009-09-09 15:04 -------- d-----w- c:\programmi\CheckPoint
2009-09-09 14:27 . 2009-09-09 14:27 -------- d-----w- C:\Risorse del Computer
2009-09-07 00:43 . 2009-09-07 00:43 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\Malwarebytes
2009-09-07 00:43 . 2009-09-07 00:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-07 00:43 . 2009-09-11 08:24 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-06 17:10 . 2009-09-06 17:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-09-06 17:08 . 2009-09-06 17:09 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-09-06 17:08 . 2009-09-06 17:08 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\SUPERAntiSpyware.com
2009-09-06 17:03 . 2009-09-06 17:03 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-09-06 09:54 . 2009-09-10 23:53 -------- d-----w- C:\butterfly
2009-09-05 21:16 . 2009-09-09 09:26 -------- d-----w- c:\programmi\Lavasoft
2009-09-05 21:16 . 2009-09-09 09:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-09-05 18:23 . 2009-09-05 18:23 -------- d-----w- c:\programmi\Trend Micro
2009-09-05 16:14 . 2009-09-05 16:32 -------- d-----w- c:\windows\BDOSCAN8
2009-09-05 15:18 . 2009-09-06 01:42 -------- d-----w- c:\programmi\Wise Registry Cleaner
2009-09-05 14:49 . 2009-09-10 21:09 -------- d-----w- c:\programmi\Wise Disk Cleaner
2009-09-05 13:06 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-05 01:25 . 2009-09-08 20:04 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-05 01:20 . 2009-09-05 01:20 -------- d--h--w- c:\windows\PIF
2009-09-05 00:42 . 2009-09-05 00:42 119764 ----a-w- C:\cc_20090905_024156 bkp notturno.reg
2009-09-05 00:27 . 2009-09-05 03:36 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-04 22:08 . 2009-07-28 14:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-04 20:01 . 2009-09-04 20:01 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-04 20:00 . 2009-09-10 23:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-04 17:54 . 2009-09-05 00:39 -------- d-----w- c:\programmi\Prevx
2009-09-02 12:08 . 2009-09-02 12:08 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\Foxit
2009-09-02 11:53 . 2009-09-02 12:17 -------- d-----w- c:\programmi\Foxit Software
2009-09-02 10:19 . 2009-09-02 10:19 4828 ----a-w- C:\cc_20090902_121848.reg
2009-09-02 06:20 . 2009-09-02 06:20 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-01 15:15 . 2002-09-10 07:00 82501 ----a-w- c:\windows\system32\dllcache\bckg.dll
2009-09-01 15:15 . 2002-09-10 07:00 1817687 ----a-w- c:\windows\system32\dllcache\bckgres.dll
2009-09-01 15:15 . 2002-09-10 07:00 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll
2009-09-01 15:15 . 2002-09-10 07:00 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll
2009-09-01 15:15 . 2002-09-10 07:00 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll
2009-08-28 17:10 . 2009-08-28 17:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GARMIN
2009-08-28 16:35 . 2009-08-28 16:35 -------- d-----w- c:\programmi\Garmin GPS Plugin
2009-08-28 16:35 . 2009-08-28 16:35 -------- d-----w- c:\programmi\Garmin
2009-08-12 10:02 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 00:39 . 2009-09-10 16:27 1460 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-10 16:22 . 2005-09-28 15:01 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-09-07 19:04 . 2008-12-13 14:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-05 09:56 . 2005-01-03 19:00 -------- d-----w- c:\programmi\File comuni\Nokia
2009-09-05 09:56 . 2005-01-03 19:00 -------- d-----w- c:\programmi\Nokia
2009-09-01 15:09 . 2003-10-04 01:17 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\MSN6
2009-08-31 19:29 . 2003-07-21 11:40 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-30 08:48 . 2004-12-25 12:34 28024 ----a-w- c:\documents and settings\Giuly\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-28 17:10 . 2008-08-22 10:08 -------- d-----w- c:\documents and settings\Giuly\Dati applicazioni\GARMIN
2009-08-28 16:35 . 2007-01-21 13:45 -------- d-----w- c:\programmi\DIFX
2009-08-09 12:58 . 2002-09-23 08:18 79626 ----a-w- c:\windows\system32\perfc010.dat
2009-08-09 12:58 . 2002-09-23 08:18 479874 ----a-w- c:\windows\system32\perfh010.dat
2009-08-09 12:33 . 2009-08-09 12:33 -------- d-----w- c:\programmi\MSBuild
2009-08-09 12:32 . 2009-08-09 12:32 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-09 08:18 . 2007-10-13 11:04 -------- d-----w- c:\programmi\File comuni\Apple
2009-08-08 10:28 . 2003-07-21 12:00 -------- d-----w- c:\programmi\Microsoft Works
2009-08-08 10:08 . 2009-08-08 10:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-08 10:08 . 2009-08-08 10:04 -------- d-----w- c:\programmi\iTunes
2009-08-08 10:07 . 2006-02-26 18:42 -------- d-----w- c:\programmi\iPod
2009-08-08 09:55 . 2009-08-08 09:50 -------- d-----w- c:\programmi\QuickTime
2009-08-05 08:59 . 2002-12-11 22:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2002-09-10 02:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2003-07-21 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:55 . 2004-08-23 19:35 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2004-08-19 22:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2002-09-10 02:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-09-10 02:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-09-10 02:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-09-10 02:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-09-10 02:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-09-10 02:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-09-10 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-09-10 02:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-09-10 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-09-10 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 12:28 . 2009-06-15 12:28 144976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\pswi_pcuui.exe
2009-06-15 12:08 . 2009-06-15 12:08 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-15 12:08 . 2009-06-15 12:08 8 --sh--r- c:\windows\system32\D90E9B2181.sys
2009-06-15 11:22 . 2009-06-15 11:22 1402448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\pswi_preloaded.exe
2009-06-15 10:43 . 2002-09-10 02:00 78336 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-09-09_21.10.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 16:17 . 2008-07-09 07:05 75248 c:\windows\zllsputility.exe
+ 2009-07-11 17:41 . 2009-07-11 17:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-09-11 08:05 . 2009-09-11 08:05 16384 c:\windows\temp\Perflib_Perfdata_610.dat
+ 2009-09-10 16:18 . 2008-07-09 07:05 21904 c:\windows\system32\ZoneLabs\zlsre_loc0410.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 17808 c:\windows\system32\ZoneLabs\zlquarantine_loc0410.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 79344 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 17808 c:\windows\system32\ZoneLabs\vsvault_loc0410.dll
+ 2009-09-10 16:17 . 2008-07-09 07:05 50576 c:\windows\system32\ZoneLabs\vsmon_loc0410.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 75304 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-09-10 16:17 . 2008-07-09 07:05 17808 c:\windows\system32\ZoneLabs\vsdb_loc0410.dll
+ 2009-09-10 16:14 . 2008-07-09 07:05 83432 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 75152 c:\windows\system32\ZoneLabs\updClient_loc0410.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 26000 c:\windows\system32\ZoneLabs\streamapi\imslsp\imslsp_loc0410.dll
+ 2009-09-10 16:17 . 2008-02-27 01:10 51176 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-09-10 16:17 . 2008-07-09 07:05 17808 c:\windows\system32\ZoneLabs\scheduler_loc0410.dll
+ 2009-09-10 16:15 . 2008-07-09 07:06 30216 c:\windows\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2009-09-10 16:15 . 2008-07-09 07:06 30184 c:\windows\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 71056 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 26000 c:\windows\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 26000 c:\windows\system32\ZoneLabs\imsecure_loc0410.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 38376 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 17808 c:\windows\system32\ZoneLabs\camupd_loc0410.dll
+ 2009-09-10 16:17 . 2008-07-09 07:05 99816 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-09-10 16:16 . 2007-05-30 22:03 90112 c:\windows\system32\ZoneLabs\avsys\prremote.dll
- 2009-09-09 15:02 . 2009-03-31 15:18 90112 c:\windows\system32\ZoneLabs\avsys\prremote.dll
+ 2009-09-10 16:16 . 2007-05-30 22:03 38400 c:\windows\system32\ZoneLabs\avsys\FSSync.dll
- 2009-09-09 15:02 . 2009-03-31 15:18 38400 c:\windows\system32\ZoneLabs\avsys\FSSync.dll
- 2009-09-09 15:03 . 2009-03-31 15:18 77824 c:\windows\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2009-09-10 16:17 . 2007-05-30 22:03 77824 c:\windows\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2009-09-10 16:16 . 2006-06-30 12:47 21568 c:\windows\system32\ZoneLabs\avsys\bases\avcmhk4.dll
- 2009-09-09 15:02 . 2006-06-30 12:47 21568 c:\windows\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2009-09-10 16:16 . 2007-05-30 22:03 65248 c:\windows\system32\ZoneLabs\avsys\bases\aphish.dat
- 2009-09-09 15:02 . 2007-06-19 18:39 65248 c:\windows\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2009-09-10 16:18 . 2008-07-09 07:05 21904 c:\windows\system32\ZoneLabs\av_loc0410.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 71144 c:\windows\system32\zlcommdb.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 83432 c:\windows\system32\zlcomm.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 99816 c:\windows\system32\vsxml.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 46568 c:\windows\system32\vswmi.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 54672 c:\windows\system32\vsutil_loc0410.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 71144 c:\windows\system32\vsregexp.dll
+ 2009-09-10 16:14 . 2008-07-09 07:05 83432 c:\windows\system32\vsdata.dll
+ 2006-12-15 17:09 . 2007-07-27 08:41 16760 c:\windows\system32\spmsg.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 17808 c:\windows\system32\imslsp_install_loc0410.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 21904 c:\windows\system32\imsinstall_loc0410.dll
+ 2009-09-10 19:22 . 2009-09-10 19:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
- 2009-08-09 13:31 . 2009-08-09 13:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
- 2009-09-09 15:02 . 2007-06-19 18:39 1628 c:\windows\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2009-09-10 16:16 . 2007-05-30 22:03 1628 c:\windows\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 120296 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-09-10 16:17 . 2008-07-09 07:05 382440 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 177640 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 239080 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-09-10 16:17 . 2008-07-09 07:05 198032 c:\windows\system32\ZoneLabs\vsruledb_loc0410.dll
+ 2009-09-10 16:14 . 2008-07-09 07:05 108008 c:\windows\system32\ZoneLabs\vsavpro.dll
- 2009-09-09 15:03 . 2007-01-11 15:48 286787 c:\windows\system32\ZoneLabs\updtrsdk.dll
+ 2009-09-10 16:17 . 2007-01-11 15:31 286787 c:\windows\system32\ZoneLabs\updtrsdk.dll
+ 2009-09-10 16:17 . 2008-07-09 07:05 144936 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-09-10 16:16 . 2007-10-11 14:50 832984 c:\windows\system32\ZoneLabs\updating.dll
- 2009-09-09 15:01 . 2007-10-11 14:51 832984 c:\windows\system32\ZoneLabs\updating.dll
- 2009-09-09 15:03 . 2006-09-04 18:59 503875 c:\windows\system32\ZoneLabs\upd_core.dll
+ 2009-09-10 16:17 . 2006-09-04 18:59 503875 c:\windows\system32\ZoneLabs\upd_core.dll
+ 2009-09-10 16:17 . 2008-07-09 07:06 214528 c:\windows\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 456168 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 173544 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-09-10 16:17 . 2008-02-27 01:10 792032 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-09-10 16:16 . 2008-02-27 01:10 714208 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 152976 c:\windows\system32\ZoneLabs\lib\LicenseUI_loc0410.zip.dll
+ 2009-09-10 16:18 . 2008-07-09 07:05 288144 c:\windows\system32\ZoneLabs\lib\ConfigWizard_loc0410.zip.dll
+ 2009-09-10 16:17 . 2008-07-09 07:05 321016 c:\windows\system32\ZoneLabs\imsecure.dll
+ 2009-09-10 16:16 . 2008-07-09 07:05 128480 c:\windows\system32\ZoneLabs\fbl.dll
- 2009-09-09 15:04 . 2008-03-17 14:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-09-10 16:18 . 2004-01-30 10:35 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-09-10 16:17 . 2006-12-19 16:13 200704 c:\windows\system32\ZoneLabs\avsys\ssleay32.dll
+ 2009-09-10 16:16 . 2007-12-03 12:53 139264 c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2009-09-10 16:16 . 2007-05-30 22:03 184320 c:\windows\system32\ZoneLabs\avsys\prloader.dll
- 2009-09-09 15:02 . 2009-03-31 15:18 184320 c:\windows\system32\ZoneLabs\avsys\prloader.dll
+ 2009-09-10 16:16 . 2007-05-30 22:03 626688 c:\windows\system32\ZoneLabs\avsys\msvcr80.dll
- 2009-09-09 15:02 . 2009-03-31 15:18 626688 c:\windows\system32\ZoneLabs\avsys\msvcr80.dll
- 2009-09-09 15:02 . 2009-03-31 15:18 548864 c:\windows\system32\ZoneLabs\avsys\msvcp80.dll
+ 2009-09-10 16:16 . 2007-05-30 22:03 548864 c:\windows\system32\ZoneLabs\avsys\msvcp80.dll
+ 2009-09-10 16:16 . 2007-12-03 12:53 282624 c:\windows\system32\ZoneLabs\avsys\kave.dll
- 2009-09-09 15:02 . 2006-09-19 21:12 208960 c:\windows\system32\ZoneLabs\avsys\inv.dll
+ 2009-09-10 16:16 . 2006-09-19 21:12 208960 c:\windows\system32\ZoneLabs\avsys\inv.dll
- 2009-09-09 15:03 . 2009-03-31 15:18 331776 c:\windows\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2009-09-10 16:17 . 2007-05-30 22:03 331776 c:\windows\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2009-09-10 16:17 . 2007-05-30 22:03 110592 c:\windows\system32\ZoneLabs\avsys\CKAHrule.dll
- 2009-09-09 15:03 . 2009-03-31 15:18 110592 c:\windows\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2009-09-10 16:17 . 2008-07-09 07:05 370208 c:\windows\system32\ZoneLabs\av.dll
+ 2009-09-10 16:14 . 2008-07-09 07:05 472552 c:\windows\system32\vsutil.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 275944 c:\windows\system32\vspubapi.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 103912 c:\windows\system32\vsmonapi.dll
+ 2009-09-10 16:14 . 2008-07-09 07:05 157160 c:\windows\system32\vsinit.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 394952 c:\windows\system32\vsdatant.sys
+ 2009-09-10 16:16 . 2008-07-09 07:05 796048 c:\windows\system32\libeay32_0.9.6l.dll
+ 2003-01-13 13:57 . 2009-08-13 15:15 512000 c:\windows\system32\jscript.dll
- 2003-01-13 13:57 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2002-09-23 08:11 . 2009-09-10 09:45 150792 c:\windows\system32\FNTCACHE.DAT
+ 2009-09-10 16:16 . 2007-07-19 13:10 127768 c:\windows\system32\drivers\klif.sys
+ 2008-05-09 10:53 . 2009-08-13 15:15 512000 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2009-09-10 15:51 . 2009-09-10 15:51 195584 c:\windows\Installer\bc679e.msi
+ 2009-09-10 15:51 . 2009-09-10 15:51 248832 c:\windows\Installer\bc6799.msi
+ 2009-03-20 09:48 . 2009-03-20 09:48 183808 c:\windows\Installer\bc6793.msp
+ 2008-12-13 07:58 . 2008-12-13 07:58 754688 c:\windows\Installer\bc6789.msp
- 2009-08-09 13:31 . 2009-08-09 13:31 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-09-10 19:22 . 2009-09-10 19:22 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-09-10 19:22 . 2009-09-10 19:22 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
- 2009-08-09 13:31 . 2009-08-09 13:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
- 2009-08-09 13:31 . 2009-08-09 13:31 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-09-10 19:22 . 2009-09-10 19:22 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
- 2009-08-09 13:31 . 2009-08-09 13:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-09-10 19:22 . 2009-09-10 19:22 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
- 2009-08-09 13:29 . 2009-08-09 13:29 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-09-10 19:13 . 2009-09-10 19:13 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
- 2009-08-09 13:29 . 2009-08-09 13:29 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-09-10 19:15 . 2009-09-10 19:15 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-09-10 15:42 . 2009-09-10 15:42 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2009-09-05 00:46 . 2009-09-05 00:46 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-09-10 15:43 . 2009-09-10 15:43 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-09-10 15:42 . 2009-09-10 15:42 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2009-09-05 00:46 . 2009-09-05 00:46 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2009-09-05 00:46 . 2009-09-05 00:46 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-09-10 15:42 . 2009-09-10 15:42 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 1086952 c:\windows\system32\zpeng24.dll
+ 2009-09-10 16:17 . 2008-01-21 06:34 7603688 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-09-10 16:15 . 2008-07-09 07:05 1361384 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-09-10 16:15 . 2008-07-09 07:05 2029032 c:\windows\system32\ZoneLabs\vsmondll.dll
+ 2009-09-10 16:17 . 2008-07-09 07:06 3266040 c:\windows\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2009-09-10 16:17 . 2008-02-27 01:10 1504736 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-09-10 16:17 . 2008-01-21 06:34 7603688 c:\windows\system32\ZoneLabs\spyware.dat
+ 2009-09-10 16:15 . 2008-07-09 07:05 1361296 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-09-10 16:17 . 2006-12-19 16:13 1093632 c:\windows\system32\ZoneLabs\avsys\libeay32.dll
- 2003-07-21 11:55 . 2008-06-18 04:03 2458112 c:\windows\system32\WMVCore.dll
+ 2003-07-21 11:55 . 2009-05-20 02:56 2458112 c:\windows\system32\WMVCore.dll
- 2003-07-21 11:55 . 2008-06-18 04:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2003-07-21 11:55 . 2009-05-20 02:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-09-10 19:21 . 2009-09-10 19:22 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
- 2009-08-09 13:30 . 2009-08-09 13:30 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-09-10 19:20 . 2009-09-10 19:20 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
- 2009-08-09 13:30 . 2009-08-09 13:30 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
- 2009-08-09 13:29 . 2009-08-09 13:29 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-09-10 19:13 . 2009-09-10 19:13 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
- 2009-09-05 00:46 . 2009-09-05 00:46 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-09-10 15:43 . 2009-09-10 15:43 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2005-05-11 16:43 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-24 327680]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-05-06 88267]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-1-20 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-03-24 10:26 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIModeChange"=Ati2mdxx.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Ad-Watch"=c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
"HPDJ Taskbar Utility"=c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
"PreloadApp"=c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
"PRONoMgr.exe"=c:\programmi\Intel\NCS\PROSet\PRONoMgr.exe
"AdaptecDirectCD"="c:\programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
"Cpqset"=c:\programmi\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/09/2009 14.12.12 114768]
R1 is-AGF28drv;is-AGF28drv;c:\windows\system32\drivers\40482505.sys [11/09/2009 1.57.46 148496]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [04/09/2009 14.50.00 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [04/09/2009 14.49.58 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/09/2009 14.12.12 20560]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [17/07/2003 8.44.24 18848]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [04/10/2003 8.20.14 26240]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [04/09/2009 14.50.02 7408]
S3 uteznja4;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uteznja4.sys -->

c:\windows\system32\Drivers\uteznja4.sys [?]

.
Contenuto della cartella 'Scheduled Tasks'

2009-09-05 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\programmi\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-09-05 13:35]

2009-09-05 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\programmi\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-09-05 10:55]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://service4.symantec.com/SUPPORT/na ... 1209131106
uInternet Settings,ProxyServer = 172.16.0.70:80
uInternet Settings,ProxyOverride = *.iet;<local>;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 11:04
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3453765963-252631013-1518390747-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\System32\LgNotify.dll

- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-09-11 11.12.15
ComboFix-quarantined-files.txt 2009-09-11 09:12
ComboFix2.txt 2009-09-10 14:01
ComboFix3.txt 2009-09-10 11:31
ComboFix4.txt 2009-09-09 23:22
ComboFix5.txt 2009-09-11 08:49

Pre-Run: 16.950.259.712 byte disponibili
Post-Run: 17.011.638.272 byte disponibili

Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4
366 --- E O F --- 2009-08-28 22:22

da **Amantide** » ven set 11, 2009 1:38 pm

giuly ha scritto:Gli scanonline non mi trovano nulla

Ma hai provato a fare la scansione con i CD che ti ho suggerito prima? [uhm]

Amantide prima ha scritto:Prova anche ad eseguire le scansioni con Kaspersky Virus Removal Tool e con Avira Antivir RescueCD.

da **crazy.cat** » ven set 11, 2009 1:50 pm

Io proverei solo a ricreare un utente nuovo e vedere se anche con quello ci sono problemi, poi visto il numero di casini che ci sono (se avira cd non trova un qualche virus) andrei con un bel format generale.

da **giuly** » sab set 12, 2009 1:56 am

Amantide prima ha scritto:Prova anche ad eseguire le scansioni con Kaspersky Virus Removal Tool e con Avira Antivir RescueCD.

Ho finito quella con Kaspersky Virus Removal, ci ha messo un sacco di tempo...e poi prima non riuscivo a farla partire, mi andava in errore e diceva che mancavano dei componenti, metto qui di seguito il log/report, non so se sia quello giusto.. [boh]

non ci capisco molto

<AVZ_CollectSysInfo>
--------------------
Start time: 12/09/2009 1.05.50
Duration: 00.06.07
Finish time: 12/09/2009 1.11.57

<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
12/09/2009 1.06.25 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
12/09/2009 1.06.25 System Restore: enabled
12/09/2009 1.06.41 1.1 Searching for user-mode API hooks
12/09/2009 1.06.41 Analysis: kernel32.dll, export table found in section .text
12/09/2009 1.06.41 Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C80236B->61F03F42
12/09/2009 1.06.41 Hook kernel32.dll:CreateProcessA (99) blocked
12/09/2009 1.06.41 Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802336->61F04040
12/09/2009 1.06.41 Hook kernel32.dll:CreateProcessW (103) blocked
12/09/2009 1.06.41 Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC7E->61F041FC
12/09/2009 1.06.41 Hook kernel32.dll:FreeLibrary (241) blocked
12/09/2009 1.06.41 Function kernel32.dll:GetModuleFileNameA (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B56F->61F040FB
12/09/2009 1.06.41 Hook kernel32.dll:GetModuleFileNameA (373) blocked
12/09/2009 1.06.41 Function kernel32.dll:GetModuleFileNameW (374) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B475->61F041A0
12/09/2009 1.06.41 Hook kernel32.dll:GetModuleFileNameW (374) blocked
12/09/2009 1.06.41 Function kernel32.dll:GetProcAddress (409) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE40->61F04648
12/09/2009 1.06.41 Hook kernel32.dll:GetProcAddress (409) blocked
12/09/2009 1.06.41 Function kernel32.dll:LoadLibraryA (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D7B->61F03C6F
12/09/2009 1.06.41 Hook kernel32.dll:LoadLibraryA (581) blocked
12/09/2009 1.06.41 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
12/09/2009 1.06.41 Function kernel32.dll:LoadLibraryExA (582) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D53->61F03DAF
12/09/2009 1.06.41 Hook kernel32.dll:LoadLibraryExA (582) blocked
12/09/2009 1.06.41 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
12/09/2009 1.06.41 Function kernel32.dll:LoadLibraryExW (583) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF5->61F03E5A
12/09/2009 1.06.41 Hook kernel32.dll:LoadLibraryExW (583) blocked
12/09/2009 1.06.41 Function kernel32.dll:LoadLibraryW (584) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AEEB->61F03D0C
12/09/2009 1.06.41 Hook kernel32.dll:LoadLibraryW (584) blocked
12/09/2009 1.06.41 IAT modification detected: LoadLibraryW - 00BE0010<>7C80AEEB
12/09/2009 1.06.41 Analysis: ntdll.dll, export table found in section .text
12/09/2009 1.06.42 Analysis: user32.dll, export table found in section .text
12/09/2009 1.06.42 Analysis: advapi32.dll, export table found in section .text
12/09/2009 1.06.42 Analysis: ws2_32.dll, export table found in section .text
12/09/2009 1.06.42 Analysis: wininet.dll, export table found in section .text
12/09/2009 1.06.43 Analysis: rasapi32.dll, export table found in section .text
12/09/2009 1.06.43 Analysis: urlmon.dll, export table found in section .text
12/09/2009 1.06.43 Analysis: netapi32.dll, export table found in section .text
12/09/2009 1.06.44 1.2 Searching for kernel-mode API hooks
12/09/2009 1.06.45 Driver loaded successfully
12/09/2009 1.06.45 SDT found (RVA=083220)
12/09/2009 1.06.45 Kernel ntoskrnl.exe found in memory at address 804D7000
12/09/2009 1.06.45 SDT = 8055A220
12/09/2009 1.06.45 KiST = 804E26A8 (284)
12/09/2009 1.06.48 Function NtClose (19) intercepted (805678DD->F0DDA6B8), hook C:\WINDOWS\System32\Drivers\aswSP.SYS
12/09/2009 1.06.48 >>> Function restored successfully !
12/09/2009 1.06.48 >>> Hook code blocked
12/09/2009 1.06.49 Function NtConnectPort (1F) intercepted (805879F7->F0F30040), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtCreateFile (25) intercepted (8056CDC0->F0F2C930), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtCreateKey (29) intercepted (8057065D->F0DDA574), hook C:\WINDOWS\System32\Drivers\aswSP.SYS
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtCreatePort (2E) intercepted (805975C1->F0F30510), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtCreateProcess (2F) intercepted (805B136A->F0F36870), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtCreateProcessEx (30) intercepted (8057FC6C->F0F36AA0), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtCreateSection (32) intercepted (805652B3->F0F39FD0), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtCreateWaitablePort (38) intercepted (805DB134->F0F30600), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtDeleteFile (3E) intercepted (805D801B->F0F2CF20), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtDeleteKey (3F) intercepted (805952CA->F0F386E0), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtDeleteValueKey (41) intercepted (80592D5C->F0DDAA52), hook C:\WINDOWS\System32\Drivers\aswSP.SYS
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtDuplicateObject (44) intercepted (805715E0->F0F36580), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.49 Function NtLoadKey (62) intercepted (805AED6D->F0F388B0), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.49 >>> Function restored successfully !
12/09/2009 1.06.49 >>> Hook code blocked
12/09/2009 1.06.50 Function NtOpenFile (74) intercepted (8056CD5B->F0F2CD70), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtOpenKey (77) intercepted (80568D59->F0DDA64E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtOpenProcess (7A) intercepted (805717C7->F0F36350), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtOpenThread (80) intercepted (8058A1C9->F0F36150), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtQueryValueKey (B1) intercepted (8056A1F2->F0DDA76E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtRenameKey (C0) intercepted (8064E77C->F0F39250), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtReplaceKey (C1) intercepted (8064F0DC->F0F38CB0), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtRequestWaitReplyPort (C8) intercepted (80576CE6->F0F2FC00), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtRestoreKey (CC) intercepted (8064EC71->F0DDA72E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtSecureConnectPort (D2) intercepted (8058F4EA->F0F30220), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtSetInformationFile (E0) intercepted (8057494A->F0F2D120), hook C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtSetValueKey (F7) intercepted (80572889->F0DDA8AE), hook C:\WINDOWS\System32\Drivers\aswSP.SYS
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.50 Function NtTerminateProcess (101) intercepted (805822EC->F0EBF0B0), hook C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
12/09/2009 1.06.50 >>> Function restored successfully !
12/09/2009 1.06.50 >>> Hook code blocked
12/09/2009 1.06.52 Functions checked: 284, intercepted: 27, restored: 27
12/09/2009 1.06.52 1.3 Checking IDT and SYSENTER
12/09/2009 1.06.52 Analysis for CPU 1
12/09/2009 1.06.52 Checking IDT and SYSENTER - complete
12/09/2009 1.06.53 1.4 Searching for masking processes and drivers
12/09/2009 1.06.53 Checking not performed: extended monitoring driver (AVZPM) is not installed
12/09/2009 1.06.53 Driver loaded successfully
12/09/2009 1.06.53 1.5 Checking of IRP handlers
12/09/2009 1.06.53 \driver\tcpip[IRP_MJ_CREATE] = F0F41C20 -> C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.53 \driver\tcpip[IRP_MJ_CLOSE] = F0F41C20 -> C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.53 \driver\tcpip[IRP_MJ_DEVICE_CONTROL] = F0F41C20 -> C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.53 \driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = F0F41C20 -> C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.53 \driver\tcpip[IRP_MJ_CLEANUP] = F0F41C20 -> C:\WINDOWS\System32\vsdatant.sys
12/09/2009 1.06.53 Checking - complete
12/09/2009 1.06.54 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll -->

Suspicion for Keylogger or Trojan DLL
12/09/2009 1.06.54 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll>>> Behavioral analysis
12/09/2009 1.06.54 Behaviour typical for keyloggers not detected
12/09/2009 1.06.55 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll -->

Suspicion for Keylogger or Trojan DLL
12/09/2009 1.06.55 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll>>> Behavioral analysis
12/09/2009 1.06.55 Behaviour typical for keyloggers not detected
12/09/2009 1.07.32 Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
12/09/2009 1.07.52 >> Services: potentially dangerous service allowed: Schedule (Utilità di pianificazione)
12/09/2009 1.07.52 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
12/09/2009 1.07.52 >> Security: disk drives' autorun is enabled
12/09/2009 1.07.52 >> Security: administrative shares (C$, D$ ...) are enabled
12/09/2009 1.07.52 >> Security: anonymous user access is enabled
12/09/2009 1.07.59 >> Disable HDD autorun
12/09/2009 1.07.59 >> Disable autorun from network drives
12/09/2009 1.07.59 >> Disable CD/DVD autorun
12/09/2009 1.07.59 >> Disable removable media autorun
12/09/2009 1.07.59 >> Windows Update is disabled
12/09/2009 1.07.59 System Analysis in progress
12/09/2009 1.11.53 System Analysis - complete
12/09/2009 1.11.53 Delete file:C:\Nuova cartella\Virus Removal Tool\is-APEG8\LOG\avptool_syscheck.htm
12/09/2009 1.11.53 Delete file:C:\Nuova cartella\Virus Removal Tool\is-APEG8\LOG\avptool_syscheck.xml
12/09/2009 1.11.53 Deleting service/driver: uteznja4
12/09/2009 1.11.54 Delete file:C:\WINDOWS\system32\Drivers\uteznja4.sys
12/09/2009 1.11.54 Deleting service/driver: ujeznja4
12/09/2009 1.11.54 Script executed without errors

Che devo fare?!!

Ho preparato il CD-Rescue di Avira e domani lo passo. [grazie]

Spero di non dover formattare..
Spero di potervi rileggere... [:D]

da **Amantide** » sab set 12, 2009 10:57 am

giuly ha scritto:Che devo fare?!!

Hai controllato se dopo la scansione con Kaspersky Tool è cambiato qualcosa?

da **giuly** » lun set 14, 2009 1:49 pm

Amantide ha scritto:Hai controllato se dopo la scansione con Kaspersky Tool è cambiato qualcosa?

Io trovo molto difficile trovare cambiamenti, allora ti dico che riesco a collegarmi in rete anche se dopo un po' la navigazione si rallenta tantissimo fino al blocco, il notebook sia in fase di avvio sia in fase di stop è lentissimo...
ieri ho provato il Runscanner, dopo la scansione ho alcune voci in rosso, ma non mi sono azzardata a eliminare nulla, non so se posso eliminare tutte le voci scritte in rosso... [boh]

ancora sto studiando la guida.
Ho letto il vostro articolo [grazie]

utilissimo. E sto cercando guide approfondite.

Ho poi queste cartelle con nomi "anomali" tipo "combofix" dove invece dentro ci sono altre cose, per esempio la cartella "system.sav"e poi "risorse del computer"(con icona modificata..in cartella gialla) dentro ha una cartella che si chiama "_N" e dentro un sacco di file . dat, .log, .cfxxe

Le date dei file sono miste e variegate...alcune vecchissime, 2003, 2001 ecc.. ma non saprei dire che cosa fanno tutti qs files!! [8)]

Un'altra cosa che ho notato, se vado in task manager -->

processi nella colonna Nome utente non vedo più nulla, prima c'era il mio nome e il System ora trovo solo System per il Ciclo Idle del sistema.
Poi in task manager -->

applicazioni vedo ZoneAlarm attivo ma l'avast no, posso vedere che è attivo solo dai processi.
Sto cercando di fare il possibile, intanto per sicurezza ho comprato un notebook nuovo, approfittando di una mega offerta.. visto che questo sta per "schiantare"...

da **Amantide** » lun set 14, 2009 4:42 pm

giuly ha scritto:Sto cercando di fare il possibile, intanto per sicurezza ho comprato un notebook nuovo, approfittando di una mega offerta.. visto che questo sta per "schiantare"...

Beh.. a questo punto mi sa che ti conviene formattare il vecchio computer, visti tutti i problemi presenti.
Per sicurezza fai anche uno scandsik per vedere se non c'è qualche problema anche con hard disk.

da **giuly** » mar set 15, 2009 7:34 am

Amantide ha scritto: Beh.. a questo punto mi sa che ti conviene formattare il vecchio computer, visti tutti i problemi presenti.
Per sicurezza fai anche uno scandsik per vedere se non c'è qualche problema anche con hard disk.

Ehh si infatti!! Però sai la cosa che mi secca qual è?!! [uhm]

Non essere riuscita a capire che cosa mi ha causato tutto questo!! [boh]

Ora provo a fare le operazioni di sistema e poi ti aggiorno.
Ho cercato sempre di manutenere il notebook, ho sempre fatto aggiornamenti, update, pulizia vecchi file, ccleaner, utility di sistema ecc...
comunque forse la vita media di un notebook non supera i 6-7anni, fino ad ora non ho mai dovuto formattare un pc/notebook.
Grazie mille

da **lorenaino** » mar set 15, 2009 7:52 am

ciao,prima di formattare,prova a fare una scansione completa (se non l'hai già fatto) con Malwarebytes' antimalware free,tentar non nuoce:

http://download.cnet.com/Malwarebytes-A ... tag=button

[;)]

www.MegaLab.it

Un aiutino per Check log di Hijackthis ;O)

Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Log dello scan consigliato

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Help situazione peggiora...

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Re: Un aiutino per Check log di Hijackthis ;O)

Chi c’è in linea