Sujet Précédent Sujet Suivant

Win32 _ Genetik trojan Aide Help!!

Therockx Messages postés 1 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Behh depuis ce matin et après avoir essayer d'autes antivirus (avira antivir , panda security) mon Nod 32 smart édition détecte la variante Genetik Trojan Qu'il ne peut pas supprimer.
Voila le rapport de hijackthis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:32, on 15/03/2009
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chaibi\Desktop\eset Serials.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chaibi\Desktop\HiJackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] -----"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] -----C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] -----C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] -----C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSN] -winlogs.exe
O4 - HKLM\..\Run: [{6B-B6-67-78-DW}] ----C:\WINDOWS\system32\rwwdw64d.exe DWoli5
O4 - HKLM\..\Run: [New.net Startup] -----rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [f006b6d7] rundll32.exe "C:\WINDOWS\system32\jjsqtqvl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] -----C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwdw64d.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: ???? ????? Adobe Reader.lnk
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: kttysf.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - -----"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -----"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)

--
End of file - 3415 bytes


Alors c'est quoi la solution ,je ne veux pas perdre mon travail....
Merci d'avance.
A voir également:

9 réponses

Réponse 1 / 9
Utilisateur anonyme
 
bravo :
C:\Documents and Settings\Chaibi\Desktop\eset Serials.exe

tu assume les conséquence du piratage maintenant te voila infecté...
2
Réponse 2 / 9
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
1
impresaria Messages postés 2 Statut Membre
 
ok, voici les resultats:

log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Casa at 2009-04-25 18:39:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (15%) free of 53 GB
Total RAM: 1023 MB (44% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\RegPowerClean.job
C:\WINDOWS\tasks\RPCReminder.job
C:\WINDOWS\tasks\Verifica aggiornamenti per Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Supporto di collegamento per Adobe PDF Reader - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Guida per l'accesso a Windows Live - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]
Come2PlayK2P Toolbar - C:\Programmi\Come2PlayK2P\tbCom0.dll [2009-03-12 1883672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programmi\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
securedie Toolbar - C:\Programmi\securedie\tbsecu.dll [2007-09-06 1453080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1DF60BB-F974-21EC-316C-F43F57562EE7}]
leftsidebuddy search enhancer - C:\WINDOWS\system32\elwbhrmopme.dll [2009-03-24 625152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programmi\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{b8a5b62c-517f-42a5-85ae-29b5497fb15f} - Come2PlayK2P Toolbar - C:\Programmi\Come2PlayK2P\tbCom0.dll [2009-03-12 1883672]
{cd36797a-70f3-4acd-8825-623d3b896881} - securedie Toolbar - C:\Programmi\securedie\tbsecu.dll [2007-09-06 1453080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-06-29 14720000]
"OrderReminder"=C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-01-30 98304]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-01 86016]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"Collegamento alla pagina delle proprietà di High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"ActivBoard"=C:\Programmi\ActivBoard\ABoard.exe [2003-05-02 24576]
"D-Link AirPlus G"=C:\Programmi\D-Link\AirPlus G\AirGCFG.exe [2006-11-17 1552384]
"ANIWZCS2Service"=C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2006-06-29 49152]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LogitechVideoRepair"=C:\Programmi\Logitech\Video\ISStart.exe [2003-12-16 188416]
"LogitechVideoTray"=C:\Programmi\Logitech\Video\LogiTray.exe [2003-12-16 77824]
"QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2008-09-06 413696]
"Motive SmartBridge"=C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe [2006-04-21 438359]
"AliceRE_McciTrayApp"=C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE [2006-11-21 936960]
"Adobe Reader Speed Launcher"=C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"egui"=C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"rgcebvj0ejce"=C:\WINDOWS\system32\qgc9bvj0ejce.exe [2009-04-16 80191]
"VVSN"=C:\Programmi\VVSN\VVSN.exe [2005-10-25 107520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Skype"=C:\Programmi\Skype\Phone\Skype.exe [2008-11-07 21633320]
"MsnMsgr"=C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe
DSLMON.lnk - C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Casa\Menu Avvio\Programmi\Esecuzione automatica
OpenOffice.org 2.4.lnk - C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Programmi\Ahead\eMule\emule.exe"="C:\Programmi\Ahead\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\Casa\Desktop\utorrent.exe"="C:\Documents and Settings\Casa\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Programmi\Bonjour\mDNSResponder.exe"="C:\Programmi\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Programmi\SopCast\adv\SopAdver.exe"="C:\Programmi\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-04-25 18:39:18 ----D---- C:\rsit
2009-04-25 18:39:18 ----D---- C:\Programmi\trend micro
2009-04-25 18:35:07 ----A---- C:\WINDOWS\system32\OLD20.tmp
2009-04-25 18:34:15 ----A---- C:\WINDOWS\system32\OLD7.tmp
2009-04-25 18:34:14 ----D---- C:\WINDOWS\LastGood
2009-04-25 16:17:49 ----SHD---- C:\RECYCLER
2009-04-25 15:49:22 ----D---- C:\WINDOWS\temp
2009-04-25 15:49:18 ----A---- C:\ComboFix.txt
2009-04-25 15:36:22 ----A---- C:\Boot.bak
2009-04-25 15:36:19 ----RASHD---- C:\cmdcons
2009-04-25 15:34:35 ----A---- C:\WINDOWS\zip.exe
2009-04-25 15:34:35 ----A---- C:\WINDOWS\vFind.exe
2009-04-25 15:34:35 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-25 15:34:35 ----A---- C:\WINDOWS\SWSC.exe
2009-04-25 15:34:35 ----A---- C:\WINDOWS\SWREG.exe
2009-04-25 15:34:35 ----A---- C:\WINDOWS\sed.exe
2009-04-25 15:34:35 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-25 15:34:35 ----A---- C:\WINDOWS\grep.exe
2009-04-25 15:34:31 ----D---- C:\WINDOWS\ERDNT
2009-04-25 15:34:27 ----AD---- C:\Qoobox
2009-04-22 14:17:11 ----D---- C:\Programmi\VVSN
2009-04-22 14:16:39 ----D---- C:\Programmi\DAEMON Tools
2009-04-22 14:01:23 ----D---- C:\WINDOWS\Profiles
2009-04-22 14:01:22 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\InterTrust
2009-04-22 14:01:13 ----A---- C:\WINDOWS\IsUninst.exe
2009-04-16 23:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 23:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 23:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 23:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 23:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 14:47:21 ----A---- C:\WINDOWS\system32\sgccbvj0ejce.dll
2009-04-16 14:47:20 ----A---- C:\WINDOWS\system32\qgc9bvj0ejce.exe
2009-04-05 19:05:10 ----D---- C:\download
2009-04-03 15:34:55 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-04-03 11:47:49 ----D---- C:\Programmi\CamSpace
2009-04-03 09:29:22 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\DriverCure
2009-04-03 09:29:17 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\ParetoLogic
2009-04-03 09:29:17 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\DriverCure
2009-04-02 19:19:31 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2009-04-02 19:19:20 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\Azureus
2009-04-02 18:33:51 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\TortoiseSVN
2009-04-02 18:28:35 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\Subversion
2009-04-02 18:13:15 ----D---- C:\Programmi\TortoiseSVN
2009-04-02 18:13:15 ----D---- C:\Programmi\File comuni\TortoiseOverlays
2009-04-02 12:48:44 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\uTorrent
2009-03-31 10:12:08 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\WinZip
2009-03-31 10:12:01 ----D---- C:\Programmi\WinZip
2009-03-30 19:58:01 ----D---- C:\Programmi\7-Zip
2009-03-30 10:52:05 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\GetRightToGo
2009-03-30 10:38:11 ----D---- C:\Programmi\bios
2009-03-30 09:55:21 ----D---- C:\Programmi\Pcsx2
2009-03-29 19:15:32 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\LimeWire
2009-03-26 18:10:14 ----A---- C:\WINDOWS\kmouse32.dll
2009-03-26 18:10:13 ----A---- C:\WINDOWS\marche_turismo.exe

======List of files/folders modified in the last 1 months======

2009-04-25 18:39:18 ----RD---- C:\Programmi
2009-04-25 18:37:50 ----D---- C:\Programmi\Mozilla Firefox
2009-04-25 18:35:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-25 18:35:07 ----D---- C:\WINDOWS\system32
2009-04-25 18:34:44 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\skypePM
2009-04-25 18:34:29 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\OpenOffice.org2
2009-04-25 18:34:14 ----AD---- C:\WINDOWS
2009-04-25 18:34:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-25 17:02:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-25 17:02:53 ----HD---- C:\WINDOWS\inf
2009-04-25 15:49:22 ----D---- C:\WINDOWS\Prefetch
2009-04-25 15:47:34 ----A---- C:\WINDOWS\system.ini
2009-04-25 15:45:53 ----D---- C:\WINDOWS\system32\drivers
2009-04-25 15:45:53 ----D---- C:\WINDOWS\AppPatch
2009-04-25 15:45:50 ----D---- C:\Programmi\File comuni
2009-04-25 15:36:22 ----RASH---- C:\boot.ini
2009-04-25 14:51:06 ----D---- C:\WINDOWS\system32\Lang
2009-04-25 14:48:42 ----D---- C:\Programmi\Seekeen
2009-04-22 14:01:23 ----D---- C:\Programmi\Adobe
2009-04-22 13:52:31 ----D---- C:\Programmi\UBISOFT
2009-04-22 13:47:35 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-20 21:01:33 ----D---- C:\WINDOWS\system32\wbem
2009-04-20 21:01:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-19 19:38:00 ----AD---- C:\WINDOWS\Drivers
2009-04-19 18:43:12 ----D---- C:\Documents and Settings\Casa\Dati applicazioni\Skype
2009-04-19 18:27:27 ----SHD---- C:\WINDOWS\Installer
2009-04-19 18:27:27 ----SD---- C:\Documents and Settings\Casa\Dati applicazioni\Microsoft
2009-04-16 23:09:57 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 23:09:46 ----D---- C:\WINDOWS\system32\it-it
2009-04-16 23:09:46 ----D---- C:\Programmi\Internet Explorer
2009-04-16 23:09:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 23:09:04 ----A---- C:\WINDOWS\win.ini
2009-04-07 10:01:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-06 16:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-05 19:09:49 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-03 15:32:05 ----SD---- C:\WINDOWS\system32\Microsoft
2009-04-03 12:47:39 ----D---- C:\Programmi\Java
2009-04-03 12:45:28 ----D---- C:\Programmi\Windows Live
2009-04-03 11:58:52 ----AD---- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2009-04-03 11:47:49 ----D---- C:\WINDOWS\system32\DirectX
2009-04-03 09:45:43 ----SD---- C:\WINDOWS\Tasks
2009-04-02 19:38:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-02 18:13:20 ----D---- C:\WINDOWS\WinSxS
2009-03-31 18:27:07 ----D---- C:\Programmi\WinRAR
2009-03-31 18:16:56 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Driver processore Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-01-28 279712]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-01-28 25888]
R3 Arp1394;Protocollo client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Driver bus UAA Microsoft per High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-06-29 3173888]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-30 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 QCMerced;Logitech QuickCam Messenger; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2003-06-27 472332]
R3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
R3 rtl8139;Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbaudio;Driver audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Driver di tastiera HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-06-24 127497]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Periferica audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Driver di comunicazioni virtuali Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 BTWDNDIS;Server di accesso alla rete LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Decoder sottotitoli codificati; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2009-04-22 223128]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connesione TV/Video Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Driver scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys []
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WSTCODEC;Codec World Standard Teletext; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Programmi\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 Network WanMiniport First Position;Network WanMiniport First Position; C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2006-07-03 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 lxci_device;lxci_device; C:\WINDOWS\system32\lxcicoms.exe [2005-10-24 491520]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 17408]
S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 17408]
S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Programmi\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-04-25 18:39:32



info.txt
======Uninstall list======

-->C:\PROGRA~1\ALICET~1\Uninstall.exe AliceRE
-->C:\Programmi\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Programmi\7-Zip\Uninstall.exe"
ActivBoard v1.2-->"C:\Programmi\ActivBoard\unins000.exe"
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Programmi\File comuni\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programmi\File comuni\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.4 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Aggiornamento critico per Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aggiornamento della protezione per Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
AirPlus G-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2B7E4354-0492-460A-BDB1-1F59EE141025}\setup.exe" -l0x10 -removeonly
Alice ti aiuta-->C:\Programmi\Alice ti aiuta\bin\UninstallAlice.exe
ANIO Service-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\setup.exe"
Anteprima (Windows Live Toolbar)-->MsiExec.exe /X{AC0A04F7-2BBE-4323-B64C-1B71F2BDBF0D}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistente per l'accesso a Windows Live-->MsiExec.exe /I{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}
Avvio installazione di Microsoft Works 2003-->C:\Programmi\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
BlockCAD 3.19-->C:\Programmi\BlockCAD\unins000.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Coloriage-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Programmi\denouvel\Coloriage\UnInst.log" "/APPNAME=Coloriage"
Come2PlayK2P Toolbar-->C:\PROGRA~1\COME2P~1\UNWISE.EXE C:\PROGRA~1\COME2P~1\INSTALL.LOG
DivX Codec-->C:\Programmi\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programmi\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programmi\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programmi\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Detective-->C:\Programmi\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Driver di Logitech® Camera-->"C:\Programmi\File comuni\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
DWGSee DWG Viewer Pro-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{180EF577-D68D-41F2-B4A7-71331B8DB2DE}\Setup.exe"
eMule-->"C:\Programmi\eMule\Uninstall.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
Favorit-->"c:\documents and settings\casa\impostazioni locali\dati applicazioni\icyemqi.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP OrderReminder-->C:\Programmi\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe hp_LaserJet_1018
IE Flash Updater-->rundll32.exe "C:\WINDOWS\Drivers\phuninst.dll",StartUninstall
IE Phishing Agent-->rundll32.exe "C:\WINDOWS\Drivers\phuninst.dll",StartUninstall
K-Lite Codec Pack 4.5.3 (Standard)-->"C:\Programmi\K-Lite Codec Pack\unins000.exe"
LaserJet 1018-->C:\Programmi\Zenographics\{7C4ABCEF-31A2-40A8-9031-724003377EEB}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
Lexmark 7300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxciUNST.EXE -NOLICENSE
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x10
Logitech QuickCam-->MsiExec.exe /I{A488D63E-B3DD-4423-892F-2F2EC8909518}
Menu intelligenti (Windows Live Toolbar)-->MsiExec.exe /X{B3EABECF-D820-4246-94B8-0CF300CA505A}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft AutoRoute 2002-->MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110410-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.9)-->C:\Programmi\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 6-->C:\Programmi\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NOD32 FiX v1.8-->"C:\DOCUME~1\Casa\IMPOST~1\Temp\Rar$EX00.641\Obsolete\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{BCCB055C-7F64-4B13-90F5-078DE693EE00}
OpenOffice.org 2.4-->MsiExec.exe /I{9C68CD57-4E45-4230-A743-44D2CA9BF714}
Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x10
Search Assistant Leftsidebuddy-->C:\WINDOWS\system32\elwbhrmopme.dll-uninst.exe
securedie Toolbar-->C:\PROGRA~1\SECURE~2\UNWISE.EXE C:\PROGRA~1\SECURE~2\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartAds browser enhancer-->"C:\Programmi\Smart-Ads-Solutions\SmartAds\1.0.21.0\uninstall.exe"
SopCast 2.0.4-->C:\Programmi\SopCast\uninst.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
TortoiseSVN 1.6.0.15855 (32 bit)-->MsiExec.exe /X{AE6FB4CD-554F-4560-9A99-F8AE602414DB}
VLC media player 0.9.2-->C:\Programmi\VideoLAN\VLC\uninstall.exe
WanMiniport1st-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{A9D65D46-3708-4F5B-9117-0199C7098D11}\Setup.exe" -l0x10
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{3F35D1A3-92AD-401B-ABE2-FA27682F4112}
Windows Live Toolbar-->"C:\Programmi\Windows Live Toolbar\UnInstall.exe" {800B96E6-7359-441D-A367-9C0CFC5DCD1A}
Windows Live Toolbar-->MsiExec.exe /X{800B96E6-7359-441D-A367-9C0CFC5DCD1A}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programmi\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Winferno Registry Power Cleaner-->"C:\Programmi\Winferno\RegistryPowerCleaner\unins000.exe"
WinRAR gestione archivi-->C:\Programmi\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======System event log======

Computer Name: MIO
Event Code: 7023
Message: Servizio Gestione applicazione terminato con l'errore:
Impossibile trovare il modulo specificato.


Record Number: 37406
Source Name: Service Control Manager
Time Written: 20090409083630.000000+120
Event Type: Errore
User:

Computer Name: MIO
Event Code: 7036
Message: Il servizio Gestione applicazione è ora in modalità arrestato.

Record Number: 37405
Source Name: Service Control Manager
Time Written: 20090409083630.000000+120
Event Type: Informazione
User:

Computer Name: MIO
Event Code: 7035
Message: Invio di un controllo avvio da parte del servizio Gestione applicazione riuscito.

Record Number: 37404
Source Name: Service Control Manager
Time Written: 20090409083630.000000+120
Event Type: Informazione
User: MIO\Casa

Computer Name: MIO
Event Code: 7023
Message: Servizio Gestione applicazione terminato con l'errore:
Impossibile trovare il modulo specificato.


Record Number: 37403
Source Name: Service Control Manager
Time Written: 20090409083630.000000+120
Event Type: Errore
User:

Computer Name: MIO
Event Code: 7036
Message: Il servizio Gestione applicazione è ora in modalità arrestato.

Record Number: 37402
Source Name: Service Control Manager
Time Written: 20090409083630.000000+120
Event Type: Informazione
User:

=====Application event log=====

Computer Name: MIO
Event Code: 1024
Message: Prodotto Microsoft Office Professional Edition 2003: impossibile installare aggiornamento "Update for Outlook 2003: Junk E-mail Filter (KB958620): OUTLFLTR". Codice errore 1603. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: https://docs.microsoft.com/en-us/troubleshoot/windows-client/application-management/enable-windows-installer-logging

Record Number: 5822
Source Name: MsiInstaller
Time Written: 20081230104155.000000+060
Event Type: Errore
User: NT AUTHORITY\SYSTEM

Computer Name: MIO
Event Code: 11327
Message: Prodotto: Microsoft Office Professional Edition 2003 -- Errore 1327. Unità non valida: G:\

Record Number: 5821
Source Name: MsiInstaller
Time Written: 20081230104155.000000+060
Event Type: Errore
User: NT AUTHORITY\SYSTEM

Computer Name: MIO
Event Code: 101
Message: wlmail (3772) Motore del database interrotto.

Record Number: 5820
Source Name: ESENT
Time Written: 20081230102457.000000+060
Event Type: Informazione
User:

Computer Name: MIO
Event Code: 103
Message: wlmail (3772) WindowsLiveMail0: Il motore del database ha interrotto un'istanza (0).

Record Number: 5819
Source Name: ESENT
Time Written: 20081230102457.000000+060
Event Type: Informazione
User:

Computer Name: MIO
Event Code: 213
Message: wlmail (3772) WindowsLiveMail0: Procedura di backup completata.

Record Number: 5818
Source Name: ESENT
Time Written: 20081230102411.000000+060
Event Type: Informazione
User:

======Environment variables======

"CLASSPATH"=.;C:\Programmi\Java\jre1.6.0_07\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programmi\TortoiseSVN\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0409
"QTJAVA"=C:\Programmi\Java\jre1.6.0_07\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------
0
Réponse 3 / 9
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Collect::
C:\WINDOWS\system32\qgc9bvj0ejce.exe
C:\WINDOWS\system32\elwbhrmopme.dll
c:\documents and settings\LocalService\Preferiti
c:\windows\system32\sgccbvj0ejce.dll
c:\windows\system32\qgc9bvj0ejce.exe
File::
C:\WINDOWS\system32\qgc9bvj0ejce.exe
C:\WINDOWS\system32\elwbhrmopme.dll
c:\documents and settings\LocalService\Preferiti
c:\windows\system32\sgccbvj0ejce.dll
c:\windows\system32\qgc9bvj0ejce.exe
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run]
"rgcebvj0ejce"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{F1DF60BB-F974-21EC-316C-F43F57562EE7}]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
________________________

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
1
impresaria
 
merci pour ton aide.
0
Réponse 4 / 9
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
impresaria Messages postés 2 Statut Membre
 
jìai eu le meme probleme je t'envoi mon .txt


ComboFix 09-04-25.A1 - Casa 25/04/2009 15.44.08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.724 [GMT 2:00]
Eseguito da: c:\documents and settings\Casa\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Resident AV is active

.
[i] ADS - WINDOWS: deleted 0 bytes in 1 streams. /i

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\icyemqi.dat
c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\icyemqi.exe
c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\icyemqi_nav.dat
c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\icyemqi_navps.dat
c:\programmi\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
c:\programmi\QUAD Utilities
c:\recycler\S-7-4-96-100018754-100004362-100001583-3399.com
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\gxvxcaecitpxehbroqwuopylognpseaumirbq.sys
c:\windows\system32\drivers\gxvxcasdixiqilpmcxqqvptpkjkhlpquncpse.sys
c:\windows\system32\drivers\gxvxcbobtrfdbuxckioeonusqequynqacnxei.sys
c:\windows\system32\drivers\gxvxckfcplvgonhntnawacefvukrdqemvnkpu.sys
c:\windows\system32\drivers\gxvxcllkjtaroeltitumysvpelxlauvjseyxr.sys
c:\windows\system32\drivers\gxvxclxevusoqogaalxaanfvysmixnyadidrv.sys
c:\windows\system32\drivers\gxvxcnrvkqpygjdlkamttxkodlhyebwqghwbd.sys
c:\windows\system32\drivers\gxvxcogpjkeclkdcnjxuuntjunpfekmxpwkey.sys
c:\windows\system32\drivers\gxvxcoownthxvdbapalkmrmyopxoblvoypqwr.sys
c:\windows\system32\drivers\gxvxcusdwyayumparersamsyuurntpkctnmoh.sys
c:\windows\system32\drivers\gxvxcvmpfmuwyrgkvewobqjixvaoexwbardyu.sys
c:\windows\system32\drivers\gxvxcxllkieeykjauobauhwvqjejdptdoujdo.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcqdxoxdxnjylvvkbowturodgohaqakdvj.dll
c:\windows\system32\kr_done1
c:\windows\system32\zip32.dll
F:\Autorun.inf
f:\recycler\S-0-5-97-100006459-100013978-100018277-9237.com
f:\recycler\S-1-5-35-100007531-100013175-100024050-9658.com
f:\recycler\S-1-9-75-100001452-100012270-100008121-3661.com
f:\recycler\S-2-7-35-100003006-100002215-100000043-3812.com
f:\recycler\S-2-8-81-100003513-100016293-100002585-1815.com
f:\recycler\S-2-9-96-100029700-100031602-100001615-6625.com
f:\recycler\S-4-6-37-100004206-100031761-100013874-6684.com
f:\recycler\S-4-6-67-100028625-100023504-100018065-1308.com
f:\recycler\S-5-9-34-100022681-100011182-100031113-7758.com
f:\recycler\S-7-4-96-100018754-100004362-100001583-3399.com
f:\recycler\S-8-5-89-100023943-100004647-100010282-8064.com
G:\Autorun.inf
g:\recycler\S-0-5-97-100006459-100013978-100018277-9237.com
g:\recycler\S-1-5-35-100007531-100013175-100024050-9658.com
g:\recycler\S-1-9-75-100001452-100012270-100008121-3661.com
g:\recycler\S-2-7-35-100003006-100002215-100000043-3812.com
g:\recycler\S-2-8-81-100003513-100016293-100002585-1815.com
g:\recycler\S-2-9-96-100029700-100031602-100001615-6625.com
g:\recycler\S-4-6-37-100004206-100031761-100013874-6684.com
g:\recycler\S-4-6-67-100028625-100023504-100018065-1308.com
g:\recycler\S-5-9-34-100022681-100011182-100031113-7758.com
g:\recycler\S-7-4-96-100018754-100004362-100001583-3399.com
g:\recycler\S-8-5-89-100023943-100004647-100010282-8064.com
L:\Autorun.inf
l:\recycler\S-0-5-97-100006459-100013978-100018277-9237.com
l:\recycler\S-1-9-75-100001452-100012270-100008121-3661.com
l:\recycler\S-2-9-96-100029700-100031602-100001615-6625.com
l:\recycler\S-4-6-37-100004206-100031761-100013874-6684.com
l:\recycler\S-7-4-96-100018754-100004362-100001583-3399.com
M:\Autorun.inf
m:\recycler\S-0-5-97-100006459-100013978-100018277-9237.com
m:\recycler\S-1-5-35-100007531-100013175-100024050-9658.com
m:\recycler\S-1-9-75-100001452-100012270-100008121-3661.com
m:\recycler\S-2-7-35-100003006-100002215-100000043-3812.com
m:\recycler\S-2-8-81-100003513-100016293-100002585-1815.com
m:\recycler\S-2-9-96-100029700-100031602-100001615-6625.com
m:\recycler\S-4-6-37-100004206-100031761-100013874-6684.com
m:\recycler\S-4-6-67-100028625-100023504-100018065-1308.com
m:\recycler\S-5-9-34-100022681-100011182-100031113-7758.com
m:\recycler\S-7-4-96-100018754-100004362-100001583-3399.com
m:\recycler\S-8-5-89-100023943-100004647-100010282-8064.com

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Creati Da 2009-05-25 al 2009-4-25 )))))))))))))))))))))))))))))))))))
.

2009-04-22 12:17 . 2009-04-22 12:18 -------- d-----w c:\programmi\VVSN
2009-04-22 12:16 . 2009-04-22 12:16 223128 ----a-w c:\windows\system32\drivers\dtscsi.sys
2009-04-22 12:16 . 2009-04-22 13:08 -------- d-----w c:\programmi\DAEMON Tools
2009-04-22 12:13 . 2009-04-22 12:13 96384 ----a-w c:\windows\system32\drivers\sptd1437.sys
2009-04-22 12:13 . 2009-04-22 12:13 642560 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-22 12:01 . 2009-04-22 12:01 -------- d-----w c:\windows\Profiles
2009-04-22 12:01 . 2009-04-22 12:01 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\InterTrust
2009-04-22 12:01 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-16 12:47 . 2009-04-16 12:47 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Conduit
2009-04-16 12:47 . 2009-04-19 16:00 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Come2PlayK2P
2009-04-16 12:47 . 2009-04-16 12:47 -------- d-----r c:\documents and settings\LocalService\Preferiti
2009-04-16 12:47 . 2009-04-16 12:47 118784 ----a-w c:\windows\system32\sgccbvj0ejce.dll
2009-04-16 12:47 . 2009-04-16 12:47 80191 ----a-w c:\windows\system32\qgc9bvj0ejce.exe
2009-04-16 06:57 . 2009-03-27 06:48 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 06:57 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-05 17:05 . 2009-04-05 17:05 -------- d-----w C:\download
2009-04-03 16:02 . 2009-04-03 16:02 -------- d-----w c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\bluesoleil
2009-04-03 15:51 . 2009-04-09 06:36 32 ----a-w c:\windows\[u]0/u
2009-04-03 15:51 . 2009-04-03 15:51 0 ----a-w c:\windows\system32\[u]0/u
2009-04-03 13:34 . 2008-04-13 17:13 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-03 13:34 . 2008-04-13 17:13 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-03 09:47 . 2009-04-03 09:47 -------- d-----w c:\documents and settings\Casa\My CamSpace Games
2009-04-03 09:47 . 2009-04-03 10:18 -------- d-----w c:\programmi\CamSpace
2009-04-03 07:29 . 2009-04-03 07:29 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\DriverCure
2009-04-03 07:29 . 2009-04-03 07:45 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\DriverCure
2009-04-03 07:29 . 2009-04-03 07:29 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2009-04-02 17:19 . 2009-04-02 17:19 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Azureus
2009-04-02 17:19 . 2009-04-02 19:05 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Azureus
2009-04-02 16:33 . 2009-04-02 16:33 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\TortoiseSVN
2009-04-02 16:28 . 2009-04-02 16:28 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Subversion
2009-04-02 16:17 . 2009-04-25 12:50 -------- d-----w c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\TSVNCache
2009-04-02 16:13 . 2009-04-02 16:13 -------- d-----w c:\programmi\TortoiseSVN
2009-04-02 16:13 . 2009-04-02 16:13 -------- d-----w c:\programmi\File comuni\TortoiseOverlays
2009-04-02 10:48 . 2009-04-24 13:52 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\uTorrent
2009-03-31 08:14 . 2009-04-19 16:18 -------- d-----w c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\WinZip
2009-03-31 08:12 . 2009-03-31 08:14 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-03-30 17:58 . 2009-03-30 17:58 -------- d-----w c:\programmi\7-Zip
2009-03-30 08:52 . 2009-03-30 08:55 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\GetRightToGo
2009-03-30 08:38 . 2009-03-30 09:10 -------- d-----w c:\programmi\bios
2009-03-30 07:55 . 2009-04-16 12:58 -------- d-----w c:\programmi\Pcsx2
2009-03-29 17:15 . 2009-03-30 06:21 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\LimeWire
2009-03-26 16:10 . 2009-03-26 16:10 28672 ----a-w c:\windows\kmouse32.dll
2009-03-26 16:10 . 2009-03-26 16:10 1424676 ----a-w c:\windows\marche_turismo.exe
2009-03-26 16:10 . 2009-03-26 16:10 120128 ----a-w c:\windows\marche_turismo.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 13:37 . 2008-08-05 12:01 232 ---ha-w C:\sqmdata11.sqm
2009-04-25 13:37 . 2008-08-05 12:01 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-25 12:51 . 2008-07-21 10:27 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\OpenOffice.org2
2009-04-25 12:49 . 2008-08-05 09:31 268 ---ha-w C:\sqmdata10.sqm
2009-04-25 12:49 . 2008-08-05 09:31 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-25 12:48 . 2008-12-22 20:05 -------- d-----w c:\programmi\Seekeen
2009-04-25 12:34 . 2008-04-03 17:26 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\skypePM
2009-04-24 17:27 . 2008-08-05 06:17 268 ---ha-w C:\sqmdata09.sqm
2009-04-24 17:27 . 2008-08-05 06:17 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-24 13:52 . 2008-08-04 15:14 268 ---ha-w C:\sqmdata08.sqm
2009-04-24 13:52 . 2008-08-04 15:14 244 ---ha-w C:\sqmnoopt08.sqm
2009-04-23 18:35 . 2008-08-04 15:00 268 ---ha-w C:\sqmdata07.sqm
2009-04-23 18:35 . 2008-08-04 15:00 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-22 16:33 . 2008-08-04 13:31 268 ---ha-w C:\sqmdata06.sqm
2009-04-22 16:33 . 2008-08-04 13:31 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-22 13:08 . 2008-07-17 16:34 268 ---ha-w C:\sqmdata03.sqm
2009-04-22 13:08 . 2008-07-17 16:34 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-22 12:13 . 2008-07-17 09:57 268 ---ha-w C:\sqmdata02.sqm
2009-04-22 12:13 . 2008-07-17 09:57 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-22 11:52 . 2009-03-04 13:04 -------- d-----w c:\programmi\UBISOFT
2009-04-21 20:23 . 2008-07-17 07:22 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-21 20:23 . 2008-07-17 07:22 232 ---ha-w C:\sqmdata01.sqm
2009-04-21 20:21 . 2008-07-16 17:08 268 ---ha-w C:\sqmdata00.sqm
2009-04-21 20:21 . 2008-07-16 17:08 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-20 19:33 . 2008-08-27 20:41 244 ---ha-w C:\sqmnoopt19.sqm
2009-04-20 19:33 . 2008-08-27 20:41 232 ---ha-w C:\sqmdata19.sqm
2009-04-20 19:33 . 2008-08-27 15:40 268 ---ha-w C:\sqmdata18.sqm
2009-04-20 19:33 . 2008-08-27 15:40 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-20 19:01 . 2004-08-19 12:00 73106 ----a-w c:\windows\system32\perfc010.dat
2009-04-20 19:01 . 2004-08-19 12:00 446756 ----a-w c:\windows\system32\perfh010.dat
2009-04-19 18:54 . 2008-08-26 09:44 268 ---ha-w C:\sqmdata17.sqm
2009-04-19 18:54 . 2008-08-26 09:44 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-19 16:43 . 2008-04-03 17:23 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Skype
2009-04-18 19:52 . 2008-08-26 07:56 268 ---ha-w C:\sqmdata16.sqm
2009-04-18 19:52 . 2008-08-26 07:56 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-17 21:33 . 2008-08-05 19:13 268 ---ha-w C:\sqmdata15.sqm
2009-04-17 21:33 . 2008-08-05 19:13 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-16 21:07 . 2008-08-05 17:45 268 ---ha-w C:\sqmdata14.sqm
2009-04-16 21:07 . 2008-08-05 17:45 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-16 13:18 . 2008-08-04 12:41 268 ---ha-w C:\sqmdata05.sqm
2009-04-16 13:18 . 2008-08-04 12:41 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-15 20:58 . 2008-08-03 13:01 268 ---ha-w C:\sqmdata04.sqm
2009-04-15 20:58 . 2008-08-03 13:01 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-14 19:56 . 2008-08-05 13:15 268 ---ha-w C:\sqmdata13.sqm
2009-04-14 19:56 . 2008-08-05 13:15 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-14 14:12 . 2008-08-05 12:41 268 ---ha-w C:\sqmdata12.sqm
2009-04-14 14:12 . 2008-08-05 12:41 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-03 10:47 . 2008-07-21 10:24 -------- d-----w c:\programmi\Java
2009-04-03 10:45 . 2008-07-16 15:34 -------- d-----w c:\programmi\Windows Live
2009-04-03 09:58 . 2008-08-05 17:19 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-25 08:26 . 2009-01-25 09:47 57421 ----a-w c:\windows\system32\elwbhrmopme.dll-uninst.exe
2009-03-24 10:45 . 2009-03-24 10:45 625152 ----a-w c:\windows\system32\elwbhrmopme.dll
2009-03-17 18:18 . 2007-12-30 08:39 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-12 20:27 . 2009-01-25 08:54 -------- d-----w c:\programmi\Come2PlayK2P
2009-03-11 17:22 . 2009-03-11 17:22 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-11 11:31 . 2009-03-11 11:02 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Smart-Ads-Solutions
2009-03-11 11:02 . 2009-03-11 11:02 -------- d-----w c:\programmi\Smart-Ads-Solutions
2009-03-07 08:36 . 2008-12-18 17:43 -------- d-----w c:\programmi\eMule
2009-03-05 07:57 . 2009-01-15 09:00 -------- d-----w c:\programmi\Telecom Italia
2009-03-05 07:52 . 2009-03-05 07:52 4944 ----a-w C:\PERF.LOG
2009-03-04 13:44 . 2009-03-04 13:44 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\BufferZone
2009-03-04 13:43 . 2009-03-04 13:43 -------- d-----w c:\programmi\securedie
2009-03-03 00:03 . 2004-08-19 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 20:33 . 2009-03-02 20:33 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-02 20:33 . 2009-03-02 20:33 -------- d--h--r c:\documents and settings\Casa\Dati applicazioni\SecuROM
2009-03-02 18:17 . 2009-03-02 18:17 2785 ----a-w C:\LGSInst.Log
2009-03-02 18:17 . 2008-07-16 16:55 -------- d-----w c:\programmi\File comuni\Logitech
2009-03-02 18:17 . 2008-07-16 16:58 -------- d-----w c:\programmi\Logitech
2009-03-01 16:18 . 2009-03-01 16:05 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-02-28 10:11 . 2009-02-28 10:11 -------- d-----w c:\programmi\Josoft
2009-02-28 10:09 . 2009-02-28 10:00 -------- d-----w c:\programmi\Infogrames Interactive
2009-02-27 10:44 . 2009-02-27 10:44 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Ace
2009-02-20 17:08 . 2004-08-19 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-17 12:31 . 2009-01-25 08:56 77824 ----a-w c:\windows\system32\appverimp.dll
2009-02-09 14:04 . 2004-08-19 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 19:57 . 2004-08-19 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-20 22:59 . 2007-12-31 16:07 47120 ----a-w c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-08-05 17:13 . 2008-08-05 17:13 0 ----a-w c:\programmi\temp01
2008-04-03 17:26 . 2008-04-03 17:26 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-12-04 18:06 . 2008-12-04 18:07 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008120420081205\index.dat
.

------- Sigcheck -------

[7] 2004-08-19 12:00 14336 73955B04F209D8A1C633867841267A96 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-13 17:14 14336 BB8363ABEC09AA2F9B363484E282117C c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-13 17:14 17408 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\svchost.exe

[7] 2004-08-19 12:00 504832 4166454E2BCFCC20D1B8A5AC9FEAB243 c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-13 17:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 17:14 512000 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\winlogon.exe

[7] 2004-08-19 12:00 108544 E77F6FA2A15390F1727F4C1C55B69DA6 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-13 17:14 109056 DAC0440C89B1EA4E35684896D5BF856E c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 10:05 111104 AA6602EA22899E57D4661DDA87C3EE21 c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2GDR\services.exe
[-] 2009-02-09 09:50 111104 BCF1770A35BDA3BD13A9E2054F15F37E c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP2QFE\services.exe
[-] 2009-02-09 11:22 111104 26845F272435302E0F3322E660A24F7D c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3GDR\services.exe
[-] 2009-02-09 11:14 111104 C79FEAE2F68982259907AB52B0F2676F c:\windows\SoftwareDistribution\Download\5aa525e90b2bd0646a33215135e6b43b\SP3QFE\services.exe
[-] 2008-04-13 17:14 111104 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\services.exe

[7] 2004-08-19 12:00 13312 0815E8DA286775FA432C7C9EE5E10BA1 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-13 17:14 13312 0FBA335727905DE8E4CB5A2CF438ABF5 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-13 17:14 14848 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\lsass.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-19 12:00 57856 216F8454A9415DD3E451B169DC3121C4 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-13 17:14 57856 60977C9BAE8F86F9075829325303D0C9 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-13 17:14 58880 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]
2009-03-12 20:27 1883672 ----a-w c:\programmi\Come2PlayK2P\tbCom0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 11:28 1453080 ----a-w c:\programmi\securedie\tbsecu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1DF60BB-F974-21EC-316C-F43F57562EE7}]
2009-03-24 10:45 625152 ----a-w c:\windows\system32\elwbhrmopme.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\programmi\Come2PlayK2P\tbCom0.dll" [2009-03-12 1883672]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\programmi\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B8A5B62C-517F-42A5-85AE-29B5497FB15F}"= "c:\programmi\Come2PlayK2P\tbCom0.dll" [2009-03-12 1883672]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\programmi\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"OrderReminder"="c:\programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"ActivBoard"="c:\programmi\ActivBoard\ABoard.exe" [2003-05-02 24576]
"D-Link AirPlus G"="c:\programmi\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2003-12-16 77824]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"rgcebvj0ejce"="c:\windows\system32\qgc9bvj0ejce.exe" [2009-04-16 80191]
"VVSN"="c:\programmi\VVSN\VVSN.exe" [2005-10-25 107520]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\documents and settings\Casa\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - c:\programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
PowerReg Scheduler V3.exe [2009-2-28 225280]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-1-15 217088]
DSLMON.lnk - c:\programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-30 962663]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ENxBdxVSCa"= {9CC9BC95-3663-163F-2D43-DC3A97FAE11C} - c:\windows\system32\fghk.dll [2008-04-13 32768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Ahead\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Casa\\Desktop\\utorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4242:TCP"= 4242:TCP:donkey

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2005-10-24 491520]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
S2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]

.
Contenuto della cartella 'Scheduled Tasks'

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-04-25 c:\windows\Tasks\RegPowerClean.job
- c:\programmi\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-12-22 13:48]

2009-04-25 c:\windows\Tasks\RPCReminder.job
- c:\programmi\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-12-22 13:34]

2009-04-25 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{B34E20E5-96B2-46AC-9D68-C6B2CD293C2C} - (no file)
BHO-{CB1D36F0-D0A6-40AB-B827-B9B9550CE691} - (no file)
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\programmi\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-icyemqi - c:\documents and settings\casa\impostazioni locali\dati applicazioni\icyemqi.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
mStart Page = hxxp://www.virgilio.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {789B2030-9D4B-42A5-8120-356DCF49C1A5} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {FFC1EBAA-5AEC-44AC-A937-B65D8D3ECBE2} - hxxp://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-5.cab
FF - ProfilePath - c:\documents and settings\Casa\Dati applicazioni\Mozilla\Firefox\Profiles\veousifa.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 15:47
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-04-25 15.49.16
ComboFix-quarantined-files.txt 2009-04-25 13:48

Pre-Run: 7.265.452.032 byte disponibili
Post-Run: 8.251.002.880 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

404 --- E O F --- 2009-04-24 17:28
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu as les rapports?
0
impresaria
 
voici le rapport combofix:


ComboFix 09-04-25.A1 - Casa 27/04/2009 15.30.14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.480 [GMT 2:00]
Eseguito da: c:\documents and settings\Casa\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Casa\Desktop\CFScript
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

FILE ::
c:\windows\system32\elwbhrmopme.dll
c:\windows\system32\qgc9bvj0ejce.exe
c:\windows\system32\sgccbvj0ejce.dll
c:\documents and settings\LocalService\Preferiti :#:
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\qgc9bvj0ejce.exe
c:\windows\system32\sgccbvj0ejce.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-05-27 al 2009-4-27 )))))))))))))))))))))))))))))))))))
.

2009-04-25 16:50 . 2009-04-25 16:50 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Malwarebytes
2009-04-25 16:50 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-25 16:50 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 16:50 . 2009-04-25 16:50 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-25 16:50 . 2009-04-25 16:50 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-25 16:39 . 2009-04-25 16:39 -------- d-----w C:\rsit
2009-04-25 16:39 . 2009-04-25 16:39 -------- d-----w c:\programmi\trend micro
2009-04-22 12:17 . 2009-04-22 12:18 -------- d-----w c:\programmi\VVSN
2009-04-22 12:16 . 2009-04-22 12:16 223128 ----a-w c:\windows\system32\drivers\dtscsi.sys
2009-04-22 12:16 . 2009-04-22 13:08 -------- d-----w c:\programmi\DAEMON Tools
2009-04-22 12:13 . 2009-04-22 12:13 96384 ----a-w c:\windows\system32\drivers\sptd1437.sys
2009-04-22 12:13 . 2009-04-22 12:13 642560 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-22 12:01 . 2009-04-22 12:01 -------- d-----w c:\windows\Profiles
2009-04-22 12:01 . 2009-04-22 12:01 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\InterTrust
2009-04-22 12:01 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-16 12:47 . 2009-04-16 12:47 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Conduit
2009-04-16 12:47 . 2009-04-19 16:00 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Come2PlayK2P
2009-04-16 12:47 . 2009-04-16 12:47 -------- d-----r c:\documents and settings\LocalService\Preferiti
2009-04-16 06:58 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:58 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:58 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:58 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:58 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:58 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:58 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 06:58 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 06:57 . 2009-03-27 06:48 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 06:57 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-05 17:05 . 2009-04-05 17:05 -------- d-----w C:\download
2009-04-03 16:02 . 2009-04-03 16:02 -------- d-----w c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\bluesoleil
2009-04-03 15:51 . 2009-04-09 06:36 32 ----a-w c:\windows\[u]0/u
2009-04-03 15:51 . 2009-04-03 15:51 0 ----a-w c:\windows\system32\[u]0/u
2009-04-03 13:34 . 2008-04-13 17:13 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-03 13:34 . 2008-04-13 17:13 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-03 09:47 . 2009-04-03 09:47 -------- d-----w c:\documents and settings\Casa\My CamSpace Games
2009-04-03 09:47 . 2009-04-03 10:18 -------- d-----w c:\programmi\CamSpace
2009-04-03 07:29 . 2009-04-03 07:29 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\DriverCure
2009-04-03 07:29 . 2009-04-03 07:45 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\DriverCure
2009-04-03 07:29 . 2009-04-03 07:29 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2009-04-02 17:19 . 2009-04-02 17:19 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Azureus
2009-04-02 17:19 . 2009-04-02 19:05 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Azureus
2009-04-02 16:33 . 2009-04-02 16:33 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\TortoiseSVN
2009-04-02 16:28 . 2009-04-02 16:28 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Subversion
2009-04-02 16:17 . 2009-04-27 10:14 -------- d-----w c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\TSVNCache
2009-04-02 16:13 . 2009-04-02 16:13 -------- d-----w c:\programmi\TortoiseSVN
2009-04-02 16:13 . 2009-04-02 16:13 -------- d-----w c:\programmi\File comuni\TortoiseOverlays
2009-04-02 10:48 . 2009-04-25 15:01 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\uTorrent
2009-03-31 08:14 . 2009-04-19 16:18 -------- d-----w c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\WinZip
2009-03-31 08:12 . 2009-03-31 08:14 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-03-30 17:58 . 2009-03-30 17:58 -------- d-----w c:\programmi\7-Zip
2009-03-30 08:52 . 2009-03-30 08:55 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\GetRightToGo
2009-03-30 08:38 . 2009-03-30 09:10 -------- d-----w c:\programmi\bios
2009-03-30 07:55 . 2009-04-16 12:58 -------- d-----w c:\programmi\Pcsx2
2009-03-29 17:15 . 2009-03-30 06:21 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 13:34 . 2008-04-03 17:26 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\skypePM
2009-04-27 13:33 . 2008-07-21 10:27 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\OpenOffice.org2
2009-04-26 19:01 . 2008-08-04 12:41 268 ---ha-w C:\sqmdata05.sqm
2009-04-26 19:01 . 2008-08-04 12:41 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-25 22:21 . 2008-08-03 13:01 268 ---ha-w C:\sqmdata04.sqm
2009-04-25 22:21 . 2008-08-03 13:01 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-25 20:38 . 2004-08-19 12:00 73106 ----a-w c:\windows\system32\perfc010.dat
2009-04-25 20:38 . 2004-08-19 12:00 446756 ----a-w c:\windows\system32\perfh010.dat
2009-04-25 18:33 . 2008-08-05 13:15 268 ---ha-w C:\sqmdata13.sqm
2009-04-25 18:33 . 2008-08-05 13:15 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-25 17:40 . 2008-08-05 12:41 268 ---ha-w C:\sqmdata12.sqm
2009-04-25 17:40 . 2008-08-05 12:41 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-25 13:37 . 2008-08-05 12:01 232 ---ha-w C:\sqmdata11.sqm
2009-04-25 13:37 . 2008-08-05 12:01 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-25 12:49 . 2008-08-05 09:31 268 ---ha-w C:\sqmdata10.sqm
2009-04-25 12:49 . 2008-08-05 09:31 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-24 17:27 . 2008-08-05 06:17 268 ---ha-w C:\sqmdata09.sqm
2009-04-24 17:27 . 2008-08-05 06:17 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-24 13:52 . 2008-08-04 15:14 268 ---ha-w C:\sqmdata08.sqm
2009-04-24 13:52 . 2008-08-04 15:14 244 ---ha-w C:\sqmnoopt08.sqm
2009-04-23 18:35 . 2008-08-04 15:00 268 ---ha-w C:\sqmdata07.sqm
2009-04-23 18:35 . 2008-08-04 15:00 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-22 16:33 . 2008-08-04 13:31 268 ---ha-w C:\sqmdata06.sqm
2009-04-22 16:33 . 2008-08-04 13:31 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-22 13:08 . 2008-07-17 16:34 268 ---ha-w C:\sqmdata03.sqm
2009-04-22 13:08 . 2008-07-17 16:34 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-22 12:13 . 2008-07-17 09:57 268 ---ha-w C:\sqmdata02.sqm
2009-04-22 12:13 . 2008-07-17 09:57 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-22 11:52 . 2009-03-04 13:04 -------- d-----w c:\programmi\UBISOFT
2009-04-21 20:23 . 2008-07-17 07:22 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-21 20:23 . 2008-07-17 07:22 232 ---ha-w C:\sqmdata01.sqm
2009-04-21 20:21 . 2008-07-16 17:08 268 ---ha-w C:\sqmdata00.sqm
2009-04-21 20:21 . 2008-07-16 17:08 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-20 19:33 . 2008-08-27 20:41 244 ---ha-w C:\sqmnoopt19.sqm
2009-04-20 19:33 . 2008-08-27 20:41 232 ---ha-w C:\sqmdata19.sqm
2009-04-20 19:33 . 2008-08-27 15:40 268 ---ha-w C:\sqmdata18.sqm
2009-04-20 19:33 . 2008-08-27 15:40 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-19 18:54 . 2008-08-26 09:44 268 ---ha-w C:\sqmdata17.sqm
2009-04-19 18:54 . 2008-08-26 09:44 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-19 16:43 . 2008-04-03 17:23 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Skype
2009-04-18 19:52 . 2008-08-26 07:56 268 ---ha-w C:\sqmdata16.sqm
2009-04-18 19:52 . 2008-08-26 07:56 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-17 21:33 . 2008-08-05 19:13 268 ---ha-w C:\sqmdata15.sqm
2009-04-17 21:33 . 2008-08-05 19:13 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-16 21:07 . 2008-08-05 17:45 268 ---ha-w C:\sqmdata14.sqm
2009-04-16 21:07 . 2008-08-05 17:45 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-03 10:47 . 2008-07-21 10:24 -------- d-----w c:\programmi\Java
2009-04-03 10:45 . 2008-07-16 15:34 -------- d-----w c:\programmi\Windows Live
2009-04-03 09:58 . 2008-08-05 17:19 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-26 16:10 . 2009-03-26 16:10 28672 ----a-w c:\windows\kmouse32.dll
2009-03-26 16:10 . 2009-03-26 16:10 1424676 ----a-w c:\windows\marche_turismo.exe
2009-03-26 16:10 . 2009-03-26 16:10 120128 ----a-w c:\windows\marche_turismo.scr
2009-03-25 08:26 . 2009-01-25 09:47 57421 ----a-w c:\windows\system32\elwbhrmopme.dll-uninst.exe
2009-03-17 18:18 . 2007-12-30 08:39 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-12 20:27 . 2009-01-25 08:54 -------- d-----w c:\programmi\Come2PlayK2P
2009-03-11 17:22 . 2009-03-11 17:22 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-11 11:31 . 2009-03-11 11:02 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Smart-Ads-Solutions
2009-03-11 11:02 . 2009-03-11 11:02 -------- d-----w c:\programmi\Smart-Ads-Solutions
2009-03-07 08:36 . 2008-12-18 17:43 -------- d-----w c:\programmi\eMule
2009-03-06 14:19 . 2004-08-19 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-05 07:57 . 2009-01-15 09:00 -------- d-----w c:\programmi\Telecom Italia
2009-03-05 07:52 . 2009-03-05 07:52 4944 ----a-w C:\PERF.LOG
2009-03-04 13:44 . 2009-03-04 13:44 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\BufferZone
2009-03-04 13:43 . 2009-03-04 13:43 -------- d-----w c:\programmi\securedie
2009-03-03 00:03 . 2004-08-19 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 20:33 . 2009-03-02 20:33 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-02 20:33 . 2009-03-02 20:33 -------- d--h--r c:\documents and settings\Casa\Dati applicazioni\SecuROM
2009-03-02 18:17 . 2009-03-02 18:17 2785 ----a-w C:\LGSInst.Log
2009-03-02 18:17 . 2008-07-16 16:55 -------- d-----w c:\programmi\File comuni\Logitech
2009-03-02 18:17 . 2008-07-16 16:58 -------- d-----w c:\programmi\Logitech
2009-03-01 16:18 . 2009-03-01 16:05 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-02-28 10:11 . 2009-02-28 10:11 -------- d-----w c:\programmi\Josoft
2009-02-28 10:09 . 2009-02-28 10:00 -------- d-----w c:\programmi\Infogrames Interactive
2009-02-27 10:44 . 2009-02-27 10:44 -------- d-----w c:\documents and settings\Casa\Dati applicazioni\Ace
2009-02-20 17:08 . 2004-08-19 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:02 . 2004-08-19 15:34 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:04 . 2004-08-19 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-19 12:00 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-08-19 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-19 12:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-19 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-19 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-19 12:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-19 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-20 22:59 . 2007-12-31 16:07 47120 ----a-w c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-08-05 17:13 . 2008-08-05 17:13 0 ----a-w c:\programmi\temp01
2008-04-03 17:26 . 2008-04-03 17:26 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-12-04 18:06 . 2008-12-04 18:07 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008120420081205\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-25_13.47.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-19 12:00 . 2008-04-13 17:14 14336 c:\windows\system32\svchost.exe
- 2007-12-31 16:16 . 2007-07-27 08:41 26488 c:\windows\system32\spupdsvc.exe
+ 2007-12-31 16:16 . 2008-07-09 07:42 26488 c:\windows\system32\spupdsvc.exe
+ 2004-08-19 12:00 . 2008-04-13 17:14 57856 c:\windows\system32\spoolsv.exe
+ 2009-01-20 22:41 . 2008-07-09 07:42 18808 c:\windows\system32\spmsg.dll
- 2009-01-20 22:41 . 2007-11-30 12:39 18808 c:\windows\system32\spmsg.dll
- 2004-08-19 12:00 . 2009-04-20 19:01 60760 c:\windows\system32\perfc009.dat
+ 2004-08-19 12:00 . 2009-04-25 20:38 60760 c:\windows\system32\perfc009.dat
+ 2004-08-19 12:00 . 2008-04-13 17:14 13312 c:\windows\system32\lsass.exe
+ 2004-08-19 12:00 . 2008-04-13 17:14 14336 c:\windows\system32\dllcache\svchost.exe
+ 2004-08-19 12:00 . 2008-04-13 17:14 57856 c:\windows\system32\dllcache\spoolsv.exe
+ 2004-08-19 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-19 12:00 . 2008-04-13 17:14 13312 c:\windows\system32\dllcache\lsass.exe
+ 2004-08-19 12:00 . 2008-04-13 17:14 510464 c:\windows\system32\winlogon.exe
+ 2007-12-29 18:39 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2007-12-29 18:39 . 2009-02-09 10:51 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2007-12-29 18:39 . 2009-02-09 10:51 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-19 12:00 . 2009-04-25 20:38 400600 c:\windows\system32\perfh009.dat
- 2004-08-19 12:00 . 2009-04-20 19:01 400600 c:\windows\system32\perfh009.dat
+ 2004-08-19 12:00 . 2008-04-13 17:14 510464 c:\windows\system32\dllcache\winlogon.exe
+ 2004-08-19 12:00 . 2009-02-09 11:22 111104 c:\windows\system32\dllcache\services.exe
+ 2008-10-20 12:15 . 2009-02-09 11:23 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-20 12:15 . 2008-08-14 13:22 2027520 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-20 12:15 . 2009-02-09 11:23 2027520 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-20 12:15 . 2008-08-14 13:22 2069760 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-20 12:15 . 2009-02-10 17:02 2069760 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-20 12:15 . 2008-08-14 13:22 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-20 12:15 . 2009-02-09 11:22 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-20 12:15 . 2009-02-09 11:23 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-20 12:15 . 2009-02-09 11:23 2027520 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-20 12:15 . 2008-08-14 13:22 2027520 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-20 12:15 . 2008-08-14 13:22 2069760 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-20 12:15 . 2009-02-10 17:02 2069760 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-20 12:15 . 2009-02-09 11:22 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-20 12:15 . 2008-08-14 13:22 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]
2009-03-12 20:27 1883672 ----a-w c:\programmi\Come2PlayK2P\tbCom0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 11:28 1453080 ----a-w c:\programmi\securedie\tbsecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\programmi\Come2PlayK2P\tbCom0.dll" [2009-03-12 1883672]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\programmi\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B8A5B62C-517F-42A5-85AE-29B5497FB15F}"= "c:\programmi\Come2PlayK2P\tbCom0.dll" [2009-03-12 1883672]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\programmi\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"OrderReminder"="c:\programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"ActivBoard"="c:\programmi\ActivBoard\ABoard.exe" [2003-05-02 24576]
"D-Link AirPlus G"="c:\programmi\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2003-12-16 77824]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"VVSN"="c:\programmi\VVSN\VVSN.exe" [2005-10-25 107520]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\documents and settings\Casa\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - c:\programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
PowerReg Scheduler V3.exe [2009-2-28 225280]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-1-15 217088]
DSLMON.lnk - c:\programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-30 962663]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Ahead\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Casa\\Desktop\\utorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4242:TCP"= 4242:TCP:donkey

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2005-10-24 491520]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
S2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]

.
Contenuto della cartella 'Scheduled Tasks'

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-04-27 c:\windows\Tasks\RegPowerClean.job
- c:\programmi\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-12-22 13:48]

2009-04-27 c:\windows\Tasks\RPCReminder.job
- c:\programmi\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-12-22 13:34]

2009-04-27 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-rgcebvj0ejce - c:\windows\system32\qgc9bvj0ejce.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
mStart Page = hxxp://www.virgilio.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {789B2030-9D4B-42A5-8120-356DCF49C1A5} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {FFC1EBAA-5AEC-44AC-A937-B65D8D3ECBE2} - hxxp://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-5.cab
FF - ProfilePath - c:\documents and settings\Casa\Dati applicazioni\Mozilla\Firefox\Profiles\veousifa.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 15:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3460)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
c:\programmi\TortoiseSVN\bin\TortoiseStub.dll
c:\programmi\TortoiseSVN\bin\TortoiseSVN.dll
c:\programmi\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\programmi\ActivBoard\AOSD.EXE
c:\windows\system32\LVComS.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\McciTrayApp.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.bin
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-27 15.36.39 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-27 13:36
ComboFix2.txt 2009-04-25 13:49

Pre-Run: 8.169.365.504 byte disponibili
Post-Run: 8.159.662.080 byte disponibili

392 --- E O F --- 2009-04-25 18:34



quel est le second dejà?
0
Réponse 6 / 9
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
impresaria
 
rapport hijachthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.33.44, on 28/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\ActivBoard\ABoard.exe
C:\Programmi\ActivBoard\AOSD.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 2.4\program\soffice.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.BIN
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Casa\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Programmi\Come2PlayK2P\tbCom0.dll (file missing)
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programmi\securedie\tbsecu.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Programmi\Come2PlayK2P\tbCom0.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programmi\securedie\tbsecu.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Programmi\Come2PlayK2P\tbCom0.dll (file missing)
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programmi\securedie\tbsecu.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ActivBoard] C:\Programmi\ActivBoard\ABoard.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a26d248725766dd0.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://www.telepace.it/scripts/sopcore.cab
O16 - DPF: {FFC1EBAA-5AEC-44AC-A937-B65D8D3ECBE2} (SNMP Class) - http://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4851665B-32B8-431A-9246-628432ACB44A}: NameServer = 85.37.17.57 85.38.28.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{789B2030-9D4B-42A5-8120-356DCF49C1A5}: NameServer = 192.168.1.1
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 7 / 9
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
malwarebyte?

tu utilise ces deux barres: ?

Come2PlayK2P Toolbar
securedie Toolbar
0
impresaria
 
non je ne les utilise pas. mais elles sont peut-etre presente dans C:

voici le dernier rapport
Malwarebytes' Anti-Malware 1.36
Versione del database: 2040
Windows 5.1.2600 Service Pack 3

28/04/2009 12.04.49
mbam-log-2009-04-28 (12-04-49).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 128124
Tempo trascorso: 26 minute(s), 50 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
0
Réponse 8 / 9
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
si tu ne les utilise pas alors désinstalle les via ton panneau de configuration

puis

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

_________________

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

ps : pas besoin de m´envoyer le rapport si tout a été supprimé

_______________

encore des soucis avec ton pc?
0
impresaria
 
Non, merci beaucoup pour ton aide, je suis nulle en informatique et seule je n'y serai jamais arrivee.
Merci encore.
0
Réponse 9 / 9
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
de rien!
0

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses