Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Computer invaso da Virus URGENTE!
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 08 Mag 2007 18:24    Oggetto: Computer invaso da Virus URGENTE! Rispondi citando
Allora mi sono spostato dalla sezione Sicurezza a quì perchè credo che la situazione sia grave...



Orange ha scritto:
tranquillo... niente di tanto grave.
la maggior parte si trovano in C:\System Volume Information\_restore
e ti basterebbe da modalita provvisoria disattivare il ripristino, riavviare e riattivarlo. (non li elimini tutti, però la maggior parte sì)


ma una domanda sorge spontanea: hai usato qualcosa per protezione PC?


rispondo a Orange dicendo che si ho usato protezioni da altri antivirus, circa 5 che non mi hanno risolto un bel niente! Come faccio a disattivare il ripristino?



Ora vi posto le cose più importanti dell'altra discussione così potete capire.

Questo è il risultato della scansione online di kaspersky:

Cessiti ha scritto:
Allora pensavo di aver risolto eliminando alcuni virus con Spybot S&D, sembrava a posto, poi ho letto la risposta di Benny e ho eseguito una scansione online con kaspersky e ne è venuto fuori una visone sconfortante Mad

Prima di postare il risultato della scansione vorrei precisare che tra quei 48 virus che scoprii alla prima scansione una ventina erano trojan horse.

Ecco i risultati:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 08, 2007 3:47:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/05/2007
Kaspersky Anti-Virus database records: 315395


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 54910
Number of viruses found 21
Number of infected objects 68 / 0
Number of suspicious objects 0
Duration of the scan process 01:22:00

Infected Object Name Virus Name Last Action
C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015537.EXE Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015541.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015542.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015542.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015543.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015544.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015544.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015545.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015545.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015548.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015556.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015558.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP62\A0015559.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP66\A0017401.EXE Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP66\A0017403.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP70\A0018175.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP70\A0018318.exe Infected: Trojan-Downloader.Win32.Small.ehb skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018348.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018350.exe Infected: Trojan-Downloader.Win32.Small.ehb skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018451.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018451.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018451.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018452.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018453.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018455.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018457.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018457.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018457.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018457.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018457.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018461.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018461.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018461.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018462.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018503.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018857.EXE Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0018858.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0019442.EXE Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP71\A0019443.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022322.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022323.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022324.EXE Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022325.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022326.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022327.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022328.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022329.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022330.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022331.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP80\A0022332.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP81\A0022435.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP83\A0022688.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP83\change.log Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\adsint.dll Infected: Trojan-Downloader.Win32.ConHook.bf skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\tmp3176.tmp.dll Infected: Trojan.Win32.BHO.g skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\updater.exe.tmp Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Ciao\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Temp\tmp3176.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Cronologia\History.IE5\MSHist012007050820070509\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Temporary Internet Files\Content.IE5\Q8Q9712P\suvs[1].ani Infected: Exploit.Win32.IMG-ANI.k skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Temporary Internet Files\Content.IE5\8Q8GTHBG\nauj_20070426[1] Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Ciao\Documenti\BearShareV6it.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped

C:\Documents and Settings\Ciao\Documenti\BearShareV6it.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped

C:\Documents and Settings\Ciao\Documenti\BearShareV6it.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Softomate.j skipped

C:\Documents and Settings\Ciao\Documenti\BearShareV6it.exe WiseSFX: infected - 3 skipped

C:\Documents and Settings\Ciao\Documenti\BearShareV6it.exe WiseSFX Dropper: infected - 3 skipped

C:\Documents and Settings\Ciao\Documenti\FlyakiteOSXv3.5.exe/stream/data0023 Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\Documents and Settings\Ciao\Documenti\FlyakiteOSXv3.5.exe/stream Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\Documents and Settings\Ciao\Documenti\FlyakiteOSXv3.5.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Ciao\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\UserData\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\NTUSER.DAT Object is locked skipped

C:\Programmi\Alice ti aiuta\log\mpbtn.log Object is locked skipped

C:\My Downloads\Spyware Doctor v5 0 0 180 + Crack.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\My Downloads\Spyware Doctor v5 0 0 180 + Crack.zip ZIP: infected - 1 skipped

Scan process completed.[/list]

Ora cosa devo fare? E' possibile che non riesco ad eliminare questi virus?

Aiuto!



E ripeto dicendo che il computer è infettato da trojan horse vari, e da molti malware.

Un' altra cosa, credete che se scaricando Internet Explorer 7, le cose potrebbero migliorare? riguardo a prevenzione intendo, e poi come proteggo la mia rete senza fili?

Aiuto!
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 08 Mag 2007 18:50    Oggetto: Rispondi citando
5 antivirus, dici?........ Rolling Eyes
disattivare ripristino.
postare log di HiJackThis
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 08 Mag 2007 22:04    Oggetto: Rispondi citando
Orange ha scritto:
5 antivirus, dici?........ Rolling Eyes
disattivare ripristino.
postare log di HiJackThis


Perchè 5 sono pochi?
Comunque ho seguito la tua guida su hijackthis, ho scaricato i programmi e li ho eseguiti, ti dico che Spybot S&D ha trovato 14555 prodotti nocivi e li ha bloccati, quindi se disinstallo Spybot S&D li sblocca?

Poi con Bitdefender ho fatto una scansione e ha trovato 2 virus e 4 elementi infetti.

Infine ho fatto la scansione con hijackthis, ma non mi ha risolto un cavolo! quelle finestre mi appaiono lo stesso!

Ecco il log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.57.00, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Programmi\UberIcon\UberIcon Manager.exe
C:\Programmi\WinRoll\winroll.exe
C:\Programmi\YzShadow\YzShadow.exe
C:\Programmi\RK Launcher\RKLauncher.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdswitch.exe
C:\DOCUME~1\Ciao\IMPOST~1\Temp\Directory temporanea 1 per HiJackThis_v2.zip\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.benq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WWW.BenQ.COM/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.register.epson-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {a7f830bc-1938-40dc-83e2-3f93aa9d2892} - C:\WINDOWS\system32\adsint.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\tmp4.tmp.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\iiiifg.dll",realset
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Programmi\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Programmi\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programmi\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Programmi\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: adsint - C:\WINDOWS\SYSTEM32\adsint.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6697 bytes

Aiuto! mi sa che mi tocca formattare...
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 08 Mag 2007 23:29    Oggetto: Rispondi citando
Cessiti ha scritto:
Perchè 5 sono pochi?

No, troppi
Cessiti ha scritto:
Infine ho fatto la scansione con hijackthis, ma non mi ha risolto un cavolo! quelle finestre mi appaiono lo stesso!

Non fare confusione tra hijack, l'antivirus e l'antispyware. Sono cose diverse e funzionano in maniera diversa.

Riavvia il pc in modalità provvisoria e riesegui hijackthis:
- clicca su Do a system scan only
- metti il segno di spunta alle voci seguenti
- clicca su fix checked
Cessiti ha scritto:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {a7f830bc-1938-40dc-83e2-3f93aa9d2892} - C:\WINDOWS\system32\adsint.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\tmp4.tmp.dll (file missing)
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\iiiifg.dll",realset
O20 - AppInit_DLLs:
O20 - Winlogon Notify: adsint - C:\WINDOWS\SYSTEM32\adsint.dll

Riavvia il pc in modalità normale e riposta il log di hijack.
Cessiti ha scritto:
Aiuto! mi sa che mi tocca formattare...

Non disperare, calma e sangue freddo che riusciamo a combinare qualcosa.
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 09 Mag 2007 14:44    Oggetto: Rispondi citando
Allora ho eseguito le operazioni che mi hai detto.

Ecco il log:

Logfile of HijackThis v1.99.1
Scan saved at 14.37.28, on 09/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\1XConfig.exe
C:\DOCUME~1\Ciao\IMPOST~1\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.benq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WWW.BenQ.COM/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.register.epson-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\tmp1E.tmp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Programmi\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Programmi\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programmi\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Programmi\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

Ora cosa devo fare?
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 09 Mag 2007 15:21    Oggetto: Rispondi citando
Andiamo già meglio.
Ci sono solo 2 cose da sistemare:
Cessiti ha scritto:
C:\DOCUME~1\Ciao\IMPOST~1\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe

Hijack va scompattato in una sua cartella (non temporanea) per poter lavorare in maniera sicura.

Non ricordo se hai disabilitato il Ripristino configurazione di sistema.

Riavvia hijack e fixa la voce seguente:
Cessiti ha scritto:
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\tmp1E.tmp.dll


Sembrerebbe la presenza di Vundo...
Prova a scaricare questi e ad avviarli:
link
VundoFix


Ti consiglio anche una scansione con questo, disabilitando momentaneamente il tuo antivirus.
Una volta finita la scansione, salva il log su uno di questi siti:
link
link
e posta il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 09 Mag 2007 16:48    Oggetto: Rispondi citando
bdoriano ha scritto:
Andiamo già meglio.
Ci sono solo 2 cose da sistemare:
Cessiti ha scritto:
C:\DOCUME~1\Ciao\IMPOST~1\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe

Hijack va scompattato in una sua cartella (non temporanea) per poter lavorare in maniera sicura.

Non ricordo se hai disabilitato il Ripristino configurazione di sistema.

Riavvia hijack e fixa la voce seguente:
Cessiti ha scritto:
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\tmp1E.tmp.dll


Sembrerebbe la presenza di Vundo...
Prova a scaricare questi e ad avviarli:
link
VundoFix


Ti consiglio anche una scansione con questo, disabilitando momentaneamente il tuo antivirus.
Una volta finita la scansione, salva il log su uno di questi siti:
link
link
e posta il link che ti viene assegnato.


Allora ho eliminato il trojan horse vundo con il tool della Symantec, e ho fatto la scansione con quel programma, non sono riuscito a metterlo in quei siti, ecco i risultati:

SystemScan - www.suspectfile.com - ver. 3.0.2

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)

Date: 09/05/2007
Time: 16.32.52

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Duplicates in BAK folders
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files

-------------Users folders -------------

14/04/2007 17.32.38 (DIR) ---- 0025 days old -- All Users
14/04/2007 17.32.38 (DIR) -H-- 0025 days old -- Default User
14/04/2007 17.44.38 (DIR) -HS- 0025 days old -- NetworkService
14/04/2007 17.44.40 (DIR) -HS- 0025 days old -- LocalService
14/04/2007 17.48.02 (DIR) ---- 0025 days old -- Ciao

Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
Yes | Ciao
| Guest (Disabled)
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)

-------------Recent files (60 days old)-------------

------------- Showing files newer than 60 days in C:\

14/04/2007 17.22.40 -HS- 0025 days old -- BOOTLOG.TXT
14/04/2007 17.22.42 -HS- 0025 days old -- BOOTSECT.DOS
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- WINDOWS
14/04/2007 17.32.06 (DIR) ---- 0025 days old -- DRV
14/04/2007 17.32.38 (DIR) ---- 0025 days old -- Documents and Settings
14/04/2007 17.39.38 (DIR) ---- 0025 days old -- Programmi
14/04/2007 17.45.14 (DIR) -HS- 0025 days old -- Recycled
14/04/2007 17.47.50 AH-- 0025 days old -- boot.ini
14/04/2007 17.47.50 AH-- 0025 days old -- boot.ini.SAB
14/04/2007 17.57.30 AHSR 0025 days old -- IO.SYS
14/04/2007 17.57.30 AHSR 0025 days old -- MSDOS.SYS
14/04/2007 18.01.02 (DIR) ---- 0025 days old -- Intel
14/04/2007 18.31.26 (DIR) -H-R 0025 days old -- MSOCache
14/04/2007 18.59.06 (DIR) ---- 0025 days old -- My Downloads
14/04/2007 19.00.24 (DIR) ---- 0025 days old -- Incomplete
17/04/2007 15.52.52 (DIR) -HS- 0022 days old -- Config.Msi
19/04/2007 14.59.32 (DIR) -HS- 0020 days old -- FOUND.000
05/05/2007 12.06.20 A--- 0004 days old -- DBS.TXT
05/05/2007 12.06.40 (DIR) ---- 0004 days old -- Program Files
06/05/2007 16.41.34 (DIR) -HS- 0003 days old -- FOUND.001
06/05/2007 16.44.48 (DIR) -HS- 0003 days old -- FOUND.002
08/05/2007 20.38.34 (DIR) -HS- 0001 days old -- FOUND.003
09/05/2007 14.22.14 (DIR) -HS- 0000 days old -- FOUND.004
09/05/2007 16.16.00 (DIR) ---- 0000 days old -- pagefile.sys
09/05/2007 16.32.38 A--- 0000 days old -- vundofix.txt
09/05/2007 16.32.54 (DIR) ---- 0000 days old -- suspectfile

------------- Showing files newer than 60 days in C:\WINDOWS\

14/04/2007 17.28.00 (DIR) ---- 0025 days old -- msapps
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- AppPatch
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Debug
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- twain_32
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Driver Cache
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- security
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Temp
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- ime
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- pchealth
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- PeerNet
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- WinSxS
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Resources
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Provisioning
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- mui
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Help
14/04/2007 17.28.00 (DIR) --SR 0025 days old -- Fonts
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Config
14/04/2007 17.28.00 (DIR) -H-- 0025 days old -- inf
14/04/2007 17.28.00 (DIR) -HS- 0025 days old -- system32
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- system
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- repair
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- java
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- addins
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Connection Wizard
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Cursors
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- msagent
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Media
14/04/2007 17.33.26 (DIR) -HS- 0025 days old -- Installer
14/04/2007 17.37.42 A--- 0025 days old -- T30DebugLogFile.txt
14/04/2007 17.38.14 (DIR) ---- 0025 days old -- Registration
14/04/2007 17.38.20 A--- 0025 days old -- vbaddin.ini
14/04/2007 17.38.20 A--- 0025 days old -- vb.ini
14/04/2007 17.38.54 (DIR) ---- 0025 days old -- srchasst
14/04/2007 17.38.56 (DIR) --S- 0025 days old -- Tasks
14/04/2007 17.39.28 AH-R 0025 days old -- WindowsShell.Manifest
14/04/2007 17.39.34 (DIR) ---R 0025 days old -- Offline Web Pages
14/04/2007 17.39.34 (DIR) --S- 0025 days old -- Downloaded Program Files
14/04/2007 17.39.38 (DIR) ---R 0025 days old -- Web
14/04/2007 17.40.28 A--- 0025 days old -- ODBCINST.INI
14/04/2007 17.40.46 A--- 0025 days old -- control.ini
14/04/2007 17.44.42 (DIR) ---- 0025 days old -- Prefetch
14/04/2007 17.44.44 (DIR) ---- 0025 days old -- SoftwareDistribution
14/04/2007 17.45.14 A--- 0025 days old -- smscfg.ini
14/04/2007 17.46.18 A--- 0025 days old -- REGLOCS.OLD
14/04/2007 17.55.30 (DIR) ---- 0025 days old -- OPTIONS
14/04/2007 17.59.34 (DIR) ---- 0025 days old -- Drivers
14/04/2007 18.03.20 (DIR) ---- 0025 days old -- Cache
14/04/2007 18.20.30 A--- 0025 days old -- CDER300Euro.ini
14/04/2007 18.23.24 (DIR) ---- 0025 days old -- EPSON PhotoStarter Essential
14/04/2007 18.23.32 (DIR) ---- 0025 days old -- EPSON CardMonitor Essential
14/04/2007 18.29.16 (DIR) ---- 0025 days old -- Motive
14/04/2007 18.33.58 (DIR) ---- 0025 days old -- SHELLNEW
14/04/2007 18.35.52 A--- 0025 days old -- ODBC.INI
14/04/2007 18.40.28 (DIR) ---- 0025 days old -- Downloaded Installations
14/04/2007 23.56.00 (DIR) -H-- 0025 days old -- $NtUninstallKB898461$
14/04/2007 23.56.00 (DIR) -H-- 0025 days old -- $hf_mig$
14/04/2007 23.56.26 (DIR) -H-- 0025 days old -- $MSI31Uninstall_KB893803v2$
15/04/2007 22.54.26 (DIR) -H-- 0024 days old -- FlyakiteOSX
15/04/2007 23.05.38 (DIR) -H-- 0024 days old -- $NtUninstallKB928843$
15/04/2007 23.05.46 (DIR) -H-- 0024 days old -- $NtUninstallKB890859$
15/04/2007 23.06.00 (DIR) -H-- 0024 days old -- $NtUninstallKB928090$
15/04/2007 23.06.14 (DIR) -H-- 0024 days old -- $NtUninstallKB914389$
15/04/2007 23.06.18 (DIR) -H-- 0024 days old -- $NtUninstallKB920683$
15/04/2007 23.06.24 (DIR) -H-- 0024 days old -- $NtUninstallKB908519$
15/04/2007 23.06.28 (DIR) -H-- 0024 days old -- $NtUninstallKB894391$
15/04/2007 23.06.36 (DIR) -H-- 0024 days old -- $NtUninstallKB896428$
15/04/2007 23.06.40 (DIR) -H-- 0024 days old -- $NtUninstallKB913580$
15/04/2007 23.06.46 (DIR) -H-- 0024 days old -- $NtUninstallKB905749$
15/04/2007 23.06.50 (DIR) -H-- 0024 days old -- $NtUninstallKB908531$
15/04/2007 23.07.00 (DIR) -H-- 0024 days old -- $NtUninstallKB904706$
15/04/2007 23.07.04 (DIR) -H-- 0024 days old -- $NtUninstallKB923694$
15/04/2007 23.07.10 (DIR) -H-- 0024 days old -- $NtUninstallKB916595$
15/04/2007 23.07.14 (DIR) -H-- 0024 days old -- $NtUninstallKB886185$
15/04/2007 23.07.18 (DIR) -H-- 0024 days old -- $NtUninstallKB920213$
15/04/2007 23.07.24 (DIR) -H-- 0024 days old -- $NtUninstallKB900725$
15/04/2007 23.07.30 (DIR) -H-- 0024 days old -- $NtUninstallKB888302$
15/04/2007 23.07.32 (DIR) -H-- 0024 days old -- $NtUninstallKB926255$
15/04/2007 23.07.38 (DIR) -H-- 0024 days old -- $NtUninstallKB918118$
15/04/2007 23.07.44 (DIR) -H-- 0024 days old -- $NtUninstallKB922582$
15/04/2007 23.07.50 (DIR) -H-- 0024 days old -- $NtUninstallKB917422$
15/04/2007 23.07.54 (DIR) -H-- 0024 days old -- $NtUninstallKB923191$
15/04/2007 23.07.58 (DIR) -H-- 0024 days old -- $NtUninstallKB901214$
15/04/2007 23.08.02 (DIR) -H-- 0024 days old -- $NtUninstallKB932168$
15/04/2007 23.08.06 (DIR) -H-- 0024 days old -- $NtUninstallKB917953$
15/04/2007 23.08.10 (DIR) -H-- 0024 days old -- $NtUninstallKB905414$
15/04/2007 23.08.16 (DIR) -H-- 0024 days old -- $NtUninstallKB917344$
15/04/2007 23.08.20 (DIR) -H-- 0024 days old -- $NtUninstallKB914388$
15/04/2007 23.08.24 (DIR) -H-- 0024 days old -- $NtUninstallKB919007$
15/04/2007 23.08.28 (DIR) -H-- 0024 days old -- $NtUninstallKB930178$
15/04/2007 23.08.34 (DIR) -H-- 0024 days old -- $NtUninstallKB920872$
15/04/2007 23.08.38 (DIR) -H-- 0024 days old -- $NtUninstallKB926436$
15/04/2007 23.08.44 (DIR) -H-- 0024 days old -- $NtUninstallKB902400$
15/04/2007 23.08.56 (DIR) -H-- 0024 days old -- $NtUninstallKB918439$
15/04/2007 23.09.00 (DIR) -H-- 0024 days old -- $NtUninstallKB891781$
15/04/2007 23.09.04 (DIR) -H-- 0024 days old -- $NtUninstallKB920670$
15/04/2007 23.09.08 (DIR) -H-- 0024 days old -- $NtUninstallKB925902$
15/04/2007 23.09.22 (DIR) -H-- 0024 days old -- $NtUninstallKB911564$
15/04/2007 23.09.32 (DIR) -H-- 0024 days old -- $NtUninstallKB923689$
15/04/2007 23.09.38 (DIR) -H-- 0024 days old -- $NtUninstallKB910437$
15/04/2007 23.09.42 (DIR) -H-- 0024 days old -- $NtUninstallKB896358$
15/04/2007 23.09.46 (DIR) -H-- 0024 days old -- $NtUninstallKB887472$
15/04/2007 23.09.50 (DIR) -H-- 0024 days old -- $NtUninstallKB931836$
15/04/2007 23.09.54 (DIR) -H-- 0024 days old -- $NtUninstallKB924496$
15/04/2007 23.09.58 (DIR) -H-- 0024 days old -- $NtUninstallKB873339$
15/04/2007 23.10.02 (DIR) -H-- 0024 days old -- $NtUninstallKB931261$
15/04/2007 23.10.06 (DIR) -H-- 0024 days old -- $NtUninstallKB924270$
15/04/2007 23.10.12 (DIR) -H-- 0024 days old -- $NtUninstallKB900485$
15/04/2007 23.10.16 (DIR) -H-- 0024 days old -- $NtUninstallKB896423$
15/04/2007 23.10.20 (DIR) -H-- 0024 days old -- $NtUninstallKB924667$
15/04/2007 23.10.24 (DIR) -H-- 0024 days old -- $NtUninstallKB911562$
15/04/2007 23.10.30 (DIR) -H-- 0024 days old -- $NtUninstallKB911280$
15/04/2007 23.10.34 (DIR) -H-- 0024 days old -- $NtUninstallKB923980$
15/04/2007 23.10.38 (DIR) -H-- 0024 days old -- $NtUninstallKB893756$
15/04/2007 23.10.44 (DIR) -H-- 0024 days old -- $NtUninstallKB920685$
15/04/2007 23.10.48 (DIR) -H-- 0024 days old -- $NtUninstallKB899591$
15/04/2007 23.10.52 (DIR) -H-- 0024 days old -- $NtUninstallKB901017$
15/04/2007 23.11.00 (DIR) -H-- 0024 days old -- $NtUninstallKB925398_WMP64$
15/04/2007 23.11.06 (DIR) -H-- 0024 days old -- $NtUninstallKB911927$
15/04/2007 23.11.10 (DIR) -H-- 0024 days old -- $NtUninstallKB929969$
15/04/2007 23.11.16 (DIR) -H-- 0024 days old -- $NtUninstallKB931784$
15/04/2007 23.11.28 (DIR) -H-- 0024 days old -- $NtUninstallKB917734_WMP9$
15/04/2007 23.11.34 (DIR) -H-- 0024 days old -- $NtUninstallKB928255$
15/04/2007 23.11.44 (DIR) -H-- 0024 days old -- $NtUninstallKB923414$
15/04/2007 23.11.48 (DIR) -H-- 0024 days old -- $NtUninstallKB885836$
15/04/2007 23.11.52 (DIR) -H-- 0024 days old -- $NtUninstallKB885835$
15/04/2007 23.11.56 (DIR) -H-- 0024 days old -- $NtUninstallKB922819$
15/04/2007 23.12.02 (DIR) -H-- 0024 days old -- $NtUninstallKB924191$
15/04/2007 23.12.08 (DIR) -H-- 0024 days old -- $NtUninstallKB927802$
15/04/2007 23.12.12 (DIR) -H-- 0024 days old -- $NtUninstallKB927779$
15/04/2007 23.12.16 (DIR) -H-- 0024 days old -- $NtUninstallKB899587$
21/04/2007 09.40.08 A--- 0018 days old -- RestoreFlyakiteOSX.txt
21/04/2007 10.59.08 A--- 0018 days old -- WLP.ini
21/04/2007 10.59.08 A--- 0018 days old -- system.ini
30/04/2007 13.00.00 A--- 0009 days old -- updater.exe.tmp
30/04/2007 14.24.56 (DIR) ---- 0009 days old -- Microsoft.NET
30/04/2007 14.25.26 (DIR) --SR 0009 days old -- assembly
30/04/2007 15.11.14 A--- 0009 days old -- nsreg.dat
05/05/2007 12.08.04 A--- 0004 days old -- setupapi.log.0.old
05/05/2007 12.08.20 (DIR) -H-- 0004 days old -- $NtUninstallWdf01005$
05/05/2007 12.12.46 A--- 0004 days old -- ModemLog_Motorola USB Modem.txt
06/05/2007 16.45.36 (DIR) ---- 0003 days old -- Minidump
08/05/2007 14.45.34 -HS- 0001 days old -- adddgh.ini
08/05/2007 20.39.50 -HS- 0001 days old -- oruttv.ini
08/05/2007 21.37.00 A--- 0001 days old -- Sti_Trace.log
08/05/2007 21.44.26 -HS- 0001 days old -- gfiiii.ini
08/05/2007 22.09.22 A--- 0001 days old -- fccbxw.dll
09/05/2007 14.23.08 -HS- 0000 days old -- wxbccf.ini
09/05/2007 14.52.32 A--- 0000 days old -- QTFont.for
09/05/2007 14.52.32 AH-- 0000 days old -- QTFont.qfn
09/05/2007 15.33.18 A--- 0000 days old -- setupact.log
09/05/2007 15.33.18 A--- 0000 days old -- setuperr.log
09/05/2007 15.33.24 (DIR) -H-- 0000 days old -- $NtUninstallWudf01000$
09/05/2007 15.33.32 A--- 0000 days old -- Wudf01000Inst.log
09/05/2007 15.34.18 A--- 0000 days old -- WMFDist11.log
09/05/2007 15.35.10 A--- 0000 days old -- wmp11.log
09/05/2007 15.35.14 (DIR) -H-- 0000 days old -- $NtUninstallMSCompPackV1$
09/05/2007 15.35.16 A--- 0000 days old -- MSCompPackV1.log
09/05/2007 15.35.16 A--- 0000 days old -- imsins.BAK
09/05/2007 15.35.24 (DIR) -H-- 0000 days old -- $NtUninstallKB926239$
09/05/2007 15.35.28 A--- 0000 days old -- tsoc.log
09/05/2007 15.35.28 A--- 0000 days old -- comsetup.log
09/05/2007 15.35.28 A--- 0000 days old -- imsins.log
09/05/2007 15.35.28 A--- 0000 days old -- ntdtcsetup.log
09/05/2007 15.35.28 A--- 0000 days old -- setupapi.log
09/05/2007 15.35.28 A--- 0000 days old -- ocmsn.log
09/05/2007 15.35.28 A--- 0000 days old -- msgsocm.log
09/05/2007 15.35.28 A--- 0000 days old -- KB926239.log
09/05/2007 15.35.28 A--- 0000 days old -- FaxSetup.log
09/05/2007 15.35.28 A--- 0000 days old -- ocgen.log
09/05/2007 15.35.28 A--- 0000 days old -- iis6.log
09/05/2007 15.53.18 A--- 0000 days old -- NeroDigital.ini
09/05/2007 16.12.34 A--- 0000 days old -- updspapi.log
09/05/2007 16.12.34 A--- 0000 days old -- wmsetup10.log
09/05/2007 16.12.38 A--- 0000 days old -- wmp11Uninst.log
09/05/2007 16.13.56 A--- 0000 days old -- win.ini
09/05/2007 16.15.00 A--- 0000 days old -- WMFDist11Uninst.log
09/05/2007 16.15.18 A--- 0000 days old -- wiaservc.log
09/05/2007 16.15.20 A--- 0000 days old -- SchedLgU.Txt
09/05/2007 16.16.04 A-S- 0000 days old -- bootstat.dat
09/05/2007 16.16.06 A--- 0000 days old -- ModemLog_Agere Systems AC'97 Modem.txt
09/05/2007 16.16.08 A--- 0000 days old -- 0.log
09/05/2007 16.16.12 A--- 0000 days old -- wiadebug.log
09/05/2007 16.16.16 A--- 0000 days old -- WMSysPr9.prx
09/05/2007 16.16.20 A--- 0000 days old -- spupdsvc.log
09/05/2007 16.16.26 A--- 0000 days old -- wmsetup.log
09/05/2007 16.22.18 A--- 0000 days old -- WindowsUpdate.log

------------- Showing files newer than 60 days in C:\WINDOWS\Downloaded Program Files\

23/03/2007 12.17.32 A--- 0047 days old -- erma.inf
14/04/2007 17.39.34 -H-- 0025 days old -- desktop.ini

------------- Showing files newer than 60 days in C:\WINDOWS\system\


------------- Showing files newer than 60 days in C:\WINDOWS\system32\

17/03/2007 15.44.48 A--- 0053 days old -- winsrv.dll
28/03/2007 18.51.54 ---- 0042 days old -- SymNeti.dll
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 1041
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 1042
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 1054
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 1037
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 1028
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 1031
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 1033
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- IME
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 3com_dmi
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 1040
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- inetsrv
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 2052
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 3076
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- usmt
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- 1025
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- dhcp
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- wins
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- Setup
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- ShellExt
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- drivers
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- config
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- spool
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- ras
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- icsxml
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- export
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- mui
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- oobe
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- wbem
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- npp
14/04/2007 17.28.00 (DIR) -HSR 0025 days old -- dllcache
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- ias
14/04/2007 17.32.58 (DIR) ---- 0025 days old -- CatRoot2
14/04/2007 17.32.58 (DIR) ---- 0025 days old -- CatRoot
14/04/2007 17.36.00 A--- 0025 days old -- h323log.txt
14/04/2007 17.37.20 (DIR) ---- 0025 days old -- Com
14/04/2007 17.37.22 (DIR) ---- 0025 days old -- MsDtc
14/04/2007 17.37.42 (DIR) ---- 0025 days old -- FxsTmp
14/04/2007 17.37.42 A--- 0025 days old -- mapisvc.inf
14/04/2007 17.38.36 A--- 0025 days old -- emptyregdb.dat
14/04/2007 17.38.48 (DIR) ---- 0025 days old -- Restore
14/04/2007 17.38.54 (DIR) ---- 0025 days old -- Macromed
14/04/2007 17.39.08 (DIR) ---- 0025 days old -- DirectX
14/04/2007 17.39.28 AH-R 0025 days old -- cdplayer.exe.manifest
14/04/2007 17.39.28 AH-R 0025 days old -- nwc.cpl.manifest
14/04/2007 17.39.28 AH-R 0025 days old -- ncpa.cpl.manifest
14/04/2007 17.39.28 AH-R 0025 days old -- sapi.cpl.manifest
14/04/2007 17.39.28 AH-R 0025 days old -- wuaucpl.cpl.manifest
14/04/2007 17.39.34 AH-R 0025 days old -- logonui.exe.manifest
14/04/2007 17.39.34 AH-R 0025 days old -- WindowsLogon.manifest
14/04/2007 17.40.46 A--- 0025 days old -- CONFIG.NT
14/04/2007 17.40.56 (DIR) ---- 0025 days old -- xircom
14/04/2007 17.44.42 (DIR) --S- 0025 days old -- Microsoft
14/04/2007 17.45.08 A--- 0025 days old -- $ncsp$.inf
14/04/2007 17.47.52 A--- 0025 days old -- $winnt$.inf
14/04/2007 17.51.30 (DIR) ---- 0025 days old -- ReinstallBackups
14/04/2007 18.01.56 (DIR) ---- 0025 days old -- LogFiles
14/04/2007 18.17.56 A--- 0025 days old -- BenQ Screensaver.scr
14/04/2007 18.49.36 (DIR) ---- 0025 days old -- SoftwareDistribution
14/04/2007 23.08.36 A--- 0025 days old -- WLAN.INI
14/04/2007 23.09.02 A--- 0025 days old -- results.txt
14/04/2007 23.52.14 (DIR) ---- 0025 days old -- bak
14/04/2007 23.56.02 (DIR) ---- 0025 days old -- PreInstall
17/04/2007 19.06.04 A--- 0022 days old -- d3d9caps.dat
21/04/2007 09.36.18 A--- 0018 days old -- uxtheme.dll
21/04/2007 12.57.46 A--- 0018 days old -- TZLog.log
21/04/2007 14.21.20 A--- 0018 days old -- ntkrnlpa.exe
21/04/2007 14.21.22 A--- 0018 days old -- ntoskrnl.exe
21/04/2007 15.04.34 (DIR) ---- 0018 days old -- DRVSTORE
26/04/2007 07.30.14 A--- 0013 days old -- MSINET.oca
01/05/2007 21.58.34 A--- 0008 days old -- perfh009.dat
01/05/2007 21.58.34 A--- 0008 days old -- perfc009.dat
01/05/2007 21.58.34 A--- 0008 days old -- perfc010.dat
01/05/2007 21.58.34 A--- 0008 days old -- PerfStringBackup.INI
01/05/2007 21.58.34 A--- 0008 days old -- perfh010.dat
06/05/2007 20.32.16 A--- 0003 days old -- ikhcore.cfg
06/05/2007 20.32.18 -HS- 0003 days old -- netstat.com
06/05/2007 20.32.18 -HS- 0003 days old -- tasklist.com
06/05/2007 20.32.18 -HS- 0003 days old -- tracert.com
06/05/2007 20.32.18 -HS- 0003 days old -- ping.com
06/05/2007 20.32.18 -HS- 0003 days old -- taskkill.com
06/05/2007 20.32.18 -HS- 0003 days old -- cmd.com
06/05/2007 20.55.00 A--- 0003 days old -- iklog.log
08/05/2007 21.26.22 A--- 0001 days old -- FNTCACHE.DAT
08/05/2007 21.59.14 A--- 0001 days old -- getfile.dat
08/05/2007 21.59.18 A--- 0001 days old -- x_dtrace_log
08/05/2007 22.06.34 A--- 0001 days old -- tmp1E.tmp.dll
08/05/2007 22.28.04 AH-- 0001 days old -- adsint.dns
09/05/2007 15.37.46 A--- 0000 days old -- wpa.dbl
09/05/2007 16.16.08 A--- 0000 days old -- nscompat.tlb
09/05/2007 16.16.08 A--- 0000 days old -- amcompat.tlb

------------- Showing files newer than 60 days in C:\WINDOWS\system32\drivers\

14/04/2007 17.28.00 (DIR) ---- 0025 days old -- disdn
14/04/2007 17.28.00 (DIR) ---- 0025 days old -- etc
14/04/2007 17.32.06 (DIR) ---- 0025 days old -- SYMBOLS
14/04/2007 18.02.04 A--- 0025 days old -- mdc8021x.sys
14/04/2007 23.08.56 A--- 0025 days old -- AegisP.sys
05/05/2007 12.08.32 AH-- 0004 days old -- MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
05/05/2007 12.08.36 AH-- 0004 days old -- Msft_Kernel_motmodem_01005.Wdf
09/05/2007 15.33.30 (DIR) ---- 0000 days old -- UMDF

------------- Showing files newer than 60 days in C:\WINDOWS\temp\

08/05/2007 21.36.54 A--- 0001 days old -- T30DebugLogFile.txt
08/05/2007 21.38.52 (DIR) ---- 0001 days old -- tmp00005a7f
09/05/2007 16.15.18 A--- 0000 days old -- WUSB54GC_I1.gif
09/05/2007 16.15.18 A--- 0000 days old -- WUSB54GC_S1.gif
09/05/2007 16.15.20 A--- 0000 days old -- WUSB54GC_S2.gif

------------- Showing files newer than 60 days in C:\Programmi\

14/04/2007 17.33.24 (DIR) ---- 0025 days old -- File comuni
14/04/2007 17.37.22 (DIR) ---- 0025 days old -- Windows NT
14/04/2007 17.37.34 (DIR) ---- 0025 days old -- MSN Gaming Zone
14/04/2007 17.37.36 (DIR) ---- 0025 days old -- Messenger
14/04/2007 17.37.44 (DIR) ---- 0025 days old -- Windows Media Player
14/04/2007 17.38.22 (DIR) ---- 0025 days old -- ComPlus Applications
14/04/2007 17.38.42 (DIR) ---- 0025 days old -- Internet Explorer
14/04/2007 17.38.46 (DIR) ---- 0025 days old -- NetMeeting
14/04/2007 17.38.46 (DIR) ---- 0025 days old -- Outlook Express
14/04/2007 17.38.50 (DIR) ---- 0025 days old -- Movie Maker
14/04/2007 17.39.18 (DIR) ---- 0025 days old -- Servizi in linea
14/04/2007 17.39.22 (DIR) -H-- 0025 days old -- WindowsUpdate
14/04/2007 17.40.56 (DIR) ---- 0025 days old -- xerox
14/04/2007 17.40.56 (DIR) ---- 0025 days old -- microsoft frontpage
14/04/2007 17.48.06 (DIR) -H-- 0025 days old -- Uninstall Information
14/04/2007 17.49.02 (DIR) -H-- 0025 days old -- InstallShield Installation Information
14/04/2007 17.52.14 (DIR) ---- 0025 days old -- Intel
14/04/2007 17.58.00 (DIR) ---- 0025 days old -- Synaptics
14/04/2007 18.04.16 (DIR) ---- 0025 days old -- Adobe
14/04/2007 18.09.20 (DIR) ---- 0025 days old -- Ahead
14/04/2007 18.13.20 (DIR) ---- 0025 days old -- CyberLink
14/04/2007 18.17.10 (DIR) ---- 0025 days old -- BenQ
14/04/2007 18.20.40 (DIR) ---- 0025 days old -- EPSON
14/04/2007 18.22.16 (DIR) ---- 0025 days old -- EPSON Print CD
14/04/2007 18.27.52 (DIR) ---- 0025 days old -- Telecom Italia
14/04/2007 18.28.58 (DIR) ---- 0025 days old -- Alice ti aiuta
14/04/2007 18.29.08 (DIR) ---- 0025 days old -- Motive
14/04/2007 18.29.12 (DIR) ---- 0025 days old -- Common Files
14/04/2007 18.32.06 (DIR) ---- 0025 days old -- Microsoft Office
14/04/2007 18.34.12 (DIR) ---- 0025 days old -- Microsoft Visual Studio
14/04/2007 18.34.20 (DIR) ---- 0025 days old -- Microsoft Works
14/04/2007 18.35.08 (DIR) ---- 0025 days old -- Microsoft.NET
14/04/2007 18.42.10 (DIR) ---- 0025 days old -- iPod
14/04/2007 18.43.48 (DIR) ---- 0025 days old -- QuickTime
14/04/2007 19.11.18 (DIR) ---- 0025 days old -- Apple Software Update
14/04/2007 19.12.50 (DIR) ---- 0025 days old -- iTunes
15/04/2007 22.58.00 (DIR) ---- 0024 days old -- iColorFolder
15/04/2007 22.58.00 (DIR) ---- 0024 days old -- ObjectDock
15/04/2007 22.58.08 (DIR) ---- 0024 days old -- Tiger System Preferences v2
15/04/2007 22.58.10 (DIR) ---- 0024 days old -- UberIcon
15/04/2007 22.58.12 (DIR) ---- 0024 days old -- WinRoll
15/04/2007 22.58.14 (DIR) ---- 0024 days old -- YzShadow
17/04/2007 14.54.52 (DIR) ---- 0022 days old -- Symantec
21/04/2007 10.11.10 (DIR) ---- 0018 days old -- RocketDock
21/04/2007 10.40.34 (DIR) ---- 0018 days old -- Picasa2
21/04/2007 10.55.26 (DIR) ---- 0018 days old -- Wildlife Park
21/04/2007 14.45.34 (DIR) ---- 0018 days old -- Motorola
30/04/2007 12.59.32 (DIR) ---- 0009 days old -- outlook
01/05/2007 10.29.00 (DIR) ---- 0008 days old -- Compact Wireless-G USB Adapter Wireless Network Monitor(2)
01/05/2007 11.58.12 (DIR) ---- 0008 days old -- Stardock
01/05/2007 13.11.04 (DIR) ---- 0008 days old -- PJW
01/05/2007 20.27.30 (DIR) ---- 0008 days old -- Google
01/05/2007 20.27.30 (DIR) ---- 0008 days old -- VideoLAN
01/05/2007 20.30.22 (DIR) ---- 0008 days old -- Compact Wireless-G USB Adapter Wireless Network Monitor
01/05/2007 21.11.32 (DIR) ---- 0008 days old -- Ares Tube
01/05/2007 21.19.46 (DIR) ---- 0008 days old -- RK Launcher
05/05/2007 12.01.22 (DIR) ---- 0004 days old -- Motorola Phone Tools
05/05/2007 12.02.40 (DIR) ---- 0004 days old -- Avanquest update
06/05/2007 17.29.08 (DIR) ---- 0003 days old -- a-squared Anti-Malware
06/05/2007 21.06.10 (DIR) ---- 0003 days old -- Spybot - Search & Destroy
08/05/2007 21.47.58 (DIR) ---- 0001 days old -- Softwin
09/05/2007 14.48.26 (DIR) ---- 0000 days old -- BearShare
09/05/2007 15.34.56 (DIR) ---- 0000 days old -- Windows Media Connect 2

------------- Showing files newer than 60 days in C:\Programmi\File comuni\

14/04/2007 17.33.24 (DIR) ---- 0025 days old -- SpeechEngines
14/04/2007 17.33.24 (DIR) ---- 0025 days old -- Microsoft Shared
14/04/2007 17.33.26 (DIR) ---- 0025 days old -- ODBC
14/04/2007 17.38.44 (DIR) ---- 0025 days old -- System
14/04/2007 17.38.56 (DIR) ---- 0025 days old -- MSSoap
14/04/2007 17.38.58 (DIR) ---- 0025 days old -- Services
14/04/2007 17.48.58 (DIR) ---- 0025 days old -- InstallShield
14/04/2007 18.09.24 (DIR) ---- 0025 days old -- Ahead
14/04/2007 18.34.24 (DIR) ---- 0025 days old -- DESIGNER
17/04/2007 14.54.36 (DIR) ---- 0022 days old -- Symantec Shared
17/04/2007 19.14.46 (DIR) ---- 0022 days old -- Adobe
05/05/2007 12.06.40 (DIR) ---- 0004 days old -- Motorola Shared
08/05/2007 21.37.08 (DIR) ---- 0001 days old -- Softwin

-------------Duplicates in BAK folders-------------

BAK folders found:

C:\WINDOWS\system32\bak

19/08/2004 20.00.00 - 15360 - ctfmon.exe
10/02/2004 04.55.32 - 155648 - igfxtray.exe
10/02/2004 04.51.30 - 118784 - hkcmd.exe
09/07/2001 11.50.42 - 155648 - NeroCheck.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\bak

11/09/2003 05.00.00 - 99840 - E_S4I0F2.EXE

C:\Programmi\Intel\PROSetWireless\NCS\PROSet\bak

05/02/2004 16.33.08 - 86016 - PRONoMgr.exe

C:\Programmi\Synaptics\SynTP\bak

26/09/2003 05.01.44 - 98304 - SynTPLpr.exe
26/09/2003 05.01.22 - 503808 - SynTPEnh.exe

C:\Programmi\CyberLink\PowerDVD\bak

31/10/2003 19.42.40 - 32768 - PDVDServ.exe

C:\Programmi\BenQ\Q-MediaBar\bak

05/01/2005 13.41.12 - 286803 - QBar.exe

C:\Programmi\BenQ\QMusic2\bak

04/10/2004 13.11.16 - 151552 - QMAgent.exe

C:\Programmi\QuickTime\bak

16/02/2007 10.54.04 - 282624 - qttask.exe

C:\Programmi\iTunes\bak

14/03/2007 19.05.48 - 257088 - iTunesHelper.exe

Duplicates found:

19/08/2004 20.00.00 - 15360 - C:\WINDOWS\system32\ctfmon.exe
19/08/2004 20.00.00 - 15360 - C:\WINDOWS\system32\dllcache\ctfmon.exe
19/08/2004 20.00.00 - 15360 - C:\WINDOWS\system32\bak\ctfmon.exe
10/02/2004 04.55.32 - 155648 - C:\WINDOWS\system32\bak\igfxtray.exe
10/02/2004 04.55.32 - 155648 - C:\WINDOWS\Drivers\Intel\Graphics\win2000\igfxtray.exe
10/02/2004 04.51.30 - 118784 - C:\WINDOWS\system32\bak\hkcmd.exe
10/02/2004 04.51.30 - 118784 - C:\WINDOWS\Drivers\Intel\Graphics\win2000\hkcmd.exe
09/07/2001 11.50.42 - 155648 - C:\WINDOWS\system32\bak\NeroCheck.exe
11/09/2003 05.00.00 - 99840 - C:\WINDOWS\system32\spool\drivers\w32x86\E_S4I0F2.EXE
11/09/2003 05.00.00 - 99840 - C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I0F2.EXE
05/02/2004 16.33.08 - 86016 - C:\Programmi\Intel\PROSetWireless\NCS\PROSet\bak\PRONoMgr.exe
26/09/2003 05.01.44 - 98304 - C:\Programmi\Synaptics\SynTP\Media\SynTPLpr.exe
26/09/2003 05.01.44 - 98304 - C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe
26/09/2003 05.01.22 - 503808 - C:\Programmi\Synaptics\SynTP\Media\SynTPEnh.exe
26/09/2003 05.01.22 - 503808 - C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe
31/10/2003 19.42.40 - 32768 - C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe
05/01/2005 13.41.12 - 286803 - C:\Programmi\BenQ\Q-MediaBar\bak\QBar.exe
04/10/2004 13.11.16 - 151552 - C:\Programmi\BenQ\QMusic2\bak\QMAgent.exe
16/02/2007 10.54.04 - 282624 - C:\Programmi\QuickTime\qttask.exe
16/02/2007 10.54.04 - 282624 - C:\Programmi\QuickTime\bak\qttask.exe
14/03/2007 19.05.48 - 257088 - C:\Programmi\iTunes\iTunesHelper.exe
14/03/2007 19.05.48 - 257088 - C:\Programmi\iTunes\bak\iTunesHelper.exe

Scanned 41893 files, in 4289 folders.

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"SoundMan"="SOUNDMAN.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S"
"QuickTime Task"="\"C:\Programmi\QuickTime\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\Programmi\iTunes\iTunesHelper.exe\""

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
@SACL=
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe"
"UberIcon"="\"C:\Programmi\UberIcon\UberIcon Manager.exe\""
"WinRoll"="C:\Programmi\WinRoll\winroll.exe"
"Yz Shadow"="C:\Programmi\YzShadow\YzShadow.exe"
"RK Launcher"="C:\Programmi\RK Launcher\RKLauncher.exe"
"MSMSGS"="\"C:\Programmi\Messenger\msmsgs.exe\" /background"

-------------HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"=""

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-------------

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Unlock"="WinlogonUnlockEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\Sebring]
"Logoff"="SebringUserLogoff"
"Logon"="SebringUserLogon"
"Dllname"="C:\WINDOWS\system32\LgNotify.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
@SACL=
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-------------

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-------------HKLM\System\CurrentControlSet\Control\Session Manager\-------------

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-------------HKLM\SYSTEM\CurrentControlSet\Control\WOW-------------

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKLM\Software\Microsoft\Command Processor\Autorun-------------

-------------HKCU\Software\Microsoft\Command Processor\Autorun-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-------------

-------------HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-------------

-------------HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-------------

-------------HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-------------

-------------HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"

-------------HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-------------

-------------HKCU\Control Panel\Desktop\-------------

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\system32\Flurry.scr"

[Desktop\WindowMetrics]

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

[command]
@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

[command]
@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

[command]
@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

[command]
@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

[command]
@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-------------

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-------------HKLM\SYSTEM\CurrentControlSet\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:00000318
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="31a48b7b"
"Pattern"=hex:98,b3,62,34,d2,5e,17,ed,d3,23,d1,b4,3c,51,b9,ea,33,31,61,34,38,\
62,37,62,00,00,00,00,43,0b,00,00,18,ca,06,00,99,d0,b8,71,04,ca,06,00,10,00,\
00,00,00,00,00,00,69,35,03,f9,32,b4,a4,48,22,73,d7,31

[Lsa\GBG]
@Class="69b49a32"
"GrafBlumGroup"=hex:25,5c,7d,00,a6,be,ca,b6,dd

[Lsa\JD]
@Class="22d7f948"
"Lookup"=hex:00,bf,20,23,8e,a1

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="03357346"
"SkewMatrix"=hex:a3,7d,5e,8b,0f,82,ff,a8,aa,d3,27,74,0c,58,b0,c3

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:10,f7,4d,9e,92,7f,c7,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,90,2d,58,16,86,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,90,2d,58,16,86,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,90,2d,58,16,86,c4,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-------------

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:000003a3

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\iTunes\iTunes.exe"="C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programmi\BearShare\BearShare.exe"="C:\Programmi\BearShare\BearShare.exe:*:Enabled:BearShare"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-------------

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-------------HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-------------

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-------------

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}"

[SystemRestore\SnapshotCallbacks]
@=""

-------------HKEY_CURRENT_USER\Software\VB and VBA Program Settings-------------

[VB and VBA Program Settings]

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"DontAsk"=dword:00000002
"Version"="9,0,0,3250"
"IsInstalled"=dword:00000000
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"Locale"="*"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"
"Version"="2,0,0,0"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
"Version"="2,0,0,0"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Microsoft VM"
"ComponentID"="JAVAVM"
"IsInstalled"=hex:01,00,00,00
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
"Locale"="IT"
"Version"="5,0,3809,0"

[Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]
@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
"Locale"="*"
"IsInstalled"=dword:00000001
"ComponentID"="KB922770"
"Version"="2,0,50727"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"
"Version"="6,0,2462,0001"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="IT"
"StubPath"=""
"Version"="11,0,5721,5145"

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="IT"
"StubPath"=""
"IsInstalled"=dword:00000001
@="Microsoft Windows Media Player 6.4"
"Version"="11,0,5721,5145"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
@="DirectAnimation"
"IsInstalled"=dword:00000001
"Version"="6,0,3,531"
"Locale"="IT"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="IT"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
"Version"="1,1,1,7"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,7,0,0320"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"Version"="6,0,2900,2180"
@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"
"IsInstalled"=dword:00000001
"Locale"="*"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,397,2406,1"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Creazione avanzata"
"ComponentID"="AdvAuth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="6,0,2900,2180"
@="Microsoft Outlook Express 6"
"IsInstalled"=dword:00000001
"Locale"="IT"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"IsInstalled"=hex:01,00,00,00
"Version"="4,4,0,3400"
"Locale"="IT"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="IT"
"Version"="11,0,5721,5145"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Guida di Internet Explorer"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Classi Java DirectAnimation"
"ComponentID"="DAJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,00,01,0223"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="IT"
"Version"="5,6,0,8820"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"Locale"="IT"
"Version"="4,7,0,3000"
"IsInstalled"=dword:00000001

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,00,2918,1900"

[Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}]
@="BearShare"
"Version"="5,2,5,1"
"ComponentID"="BearShare"
"IsInstalled"=dword:00000001
"Locale"="EN"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,0,0,1"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"Version"="6,0,2900,2180"
@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"=&
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 09 Mag 2007 18:01    Oggetto: Rispondi citando
Avendo eliminato Vundo come ti sembra il pc?

Purtroppo il log che hai allegato viene troncato automaticamente e risulta incompleto.
Da quel poco che posso vedere, sembra che tu abbia avuto anche un problema con Instant Access.

Proprio non riesci a caricare il log su uno dei siti che ti ho indicato?
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 09 Mag 2007 18:25    Oggetto: Rispondi citando
bdoriano ha scritto:
Avendo eliminato Vundo come ti sembra il pc?

Purtroppo il log che hai allegato viene troncato automaticamente e risulta incompleto.
Da quel poco che posso vedere, sembra che tu abbia avuto anche un problema con Instant Access.

Proprio non riesci a caricare il log su uno dei siti che ti ho indicato?


No non riesco...comunque devo dire che da quando ho eliminato quel trojan horse vundo, le finestrelle non mi appaiono più, e poi ho anche scaricato Internet Explorer 7 per avere una navigazione più sicura...vediamo
Top
Profilo Invia messaggio privato
niklair
Dio maturo
Dio maturo


Registrato: 31/10/03 11:38
Messaggi: 2289
Residenza: Piu' a nord della dea della grafica
MessaggioInviato: 09 Mag 2007 20:44    Oggetto: Rispondi citando
Citazione:
ho anche scaricato Internet Explorer 7 per avere una navigazione più sicura


.... detta così sembra un po' ironica .... ti consiglio di utilizzare Firefox Wink Wink
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 10 Mag 2007 10:33    Oggetto: Rispondi citando
Ho risolto. Grazie a tutti! Grazie
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 10 Mag 2007 17:24    Oggetto: Rispondi citando
formattando?? Rolling Eyes
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 12 Mag 2007 11:15    Oggetto: Rispondi citando
Orange ha scritto:
formattando?? Rolling Eyes


No da quando ho usato il tool di rimozione del trojan horse Vundo, quelle fastidiose finestre non apparivano più.
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 12 Mag 2007 14:56    Oggetto: Rispondi citando
hai risolto il problema pop-up, ma non le altre.... Rolling Eyes
avevi più di una infezione presente... alcune anche più serie del Vundo (tipo Instant Access...)
fai tu
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 13 Mag 2007 16:37    Oggetto: Rispondi citando
Orange ha scritto:
hai risolto il problema pop-up, ma non le altre.... Rolling Eyes
avevi più di una infezione presente... alcune anche più serie del Vundo (tipo Instant Access...)
fai tu


Ma Instant Access cosa sarebbe? quindi cosa mi consigli di fare?
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 13 Mag 2007 17:06    Oggetto: Rispondi citando
intanto leggi questa discussione, scarica i tools consigliati, fai lo scan e posta i risultati
dopo se vuoi, rifai lo scan con Kaspersky e posta il risultato
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 13 Mag 2007 18:19    Oggetto: Rispondi citando
Allora intanto ti posto il log di FinAWF:


Citazione:

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 582C-11F1

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 20.00 15.360 ctfmon.exe
10/02/2004 04.51 118.784 hkcmd.exe
10/02/2004 04.55 155.648 igfxtray.exe
09/07/2001 11.50 155.648 NeroCheck.exe
4 File 445.440 byte
2 Directory 22.415.769.600 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 582C-11F1

Directory di C:\PROGRA~1\QUICKT~1\BAK

16/02/2007 10.54 282.624 qttask.exe
1 File 282.624 byte
2 Directory 22.415.769.600 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 582C-11F1

Directory di C:\PROGRA~1\ITUNES\BAK

14/03/2007 19.05 257.088 iTunesHelper.exe
1 File 257.088 byte
2 Directory 22.415.769.600 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 582C-11F1

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

26/09/2003 05.01 503.808 SynTPEnh.exe
26/09/2003 05.01 98.304 SynTPLpr.exe
2 File 602.112 byte
2 Directory 22.415.769.600 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 582C-11F1

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

31/10/2003 19.42 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 22.415.769.600 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 582C-11F1

Directory di C:\PROGRA~1\BENQ\Q-MEDI~1\BAK

05/01/2005 13.41 286.803 QBar.exe
1 File 286.803 byte
2 Directory 22.415.769.600 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 582C-11F1

Directory di C:\PROGRA~1\BENQ\QMUSIC2\BAK

04/10/2004 13.11 151.552 QMAgent.exe
1 File 151.552 byte
2 Directory 22.415.769.600 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 582C-11F1

Directory di C:\PROGRA~1\INTEL\PROSET~1\NCS\PROSET\BAK

05/02/2004 16.33 86.016 PRONoMgr.exe
1 File 86.016 byte
2 Directory 22.415.769.600 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 582C-11F1

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

11/09/2003 05.00 99.840 E_S4I0F2.EXE
1 File 99.840 byte
2 Directory 22.415.769.600 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 10 Feb 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 10 Feb 2004 "C:\WINDOWS\Drivers\Intel\Graphics\win2000\igfxtray.exe"
118784 10 Feb 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 10 Feb 2004 "C:\WINDOWS\Drivers\Intel\Graphics\win2000\hkcmd.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
282624 16 Feb 2007 "C:\Programmi\QuickTime\qttask.exe"
282624 16 Feb 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
1507328 25 Feb 2006 "C:\WINDOWS\iTunes Multi-Plugin.exe"
257088 14 Mar 2007 "C:\Programmi\iTunes\iTunesHelper.exe"
102400 1 May 2007 "C:\WINDOWS\Installer\{AB90749C-7422-4580-8A7A-66CC5E9E5F98}\iTunesIco.exe"
257088 14 Mar 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
116288 14 Mar 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
98304 26 Sep 2003 "C:\Programmi\Synaptics\SynTP\Media\SynTPLpr.exe"
98304 26 Sep 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
503808 26 Sep 2003 "C:\Programmi\Synaptics\SynTP\Media\SynTPEnh.exe"
503808 26 Sep 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
32768 31 Oct 2003 "C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe"
286803 5 Jan 2005 "C:\Programmi\BenQ\Q-MediaBar\bak\QBar.exe"
151552 4 Oct 2004 "C:\Programmi\BenQ\QMusic2\bak\QMAgent.exe"
86016 5 Feb 2004 "C:\Programmi\Intel\PROSetWireless\NCS\PROSet\bak\PRONoMgr.exe"
99840 11 Sep 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\E_S4I0F2.EXE"
99840 11 Sep 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I0F2.EXE"


end of report


Ci sono file infetti? se si mi dici come scrivere lo script in avenger che non so come si fa?
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 13 Mag 2007 19:51    Oggetto: Rispondi citando
Aiuto!
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 14 Mag 2007 08:11    Oggetto: Rispondi citando
lo script per Avenger
Citazione:
files to delete:
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe

files to move:
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe


fai quella scansione con Kaspersky
Top
Profilo Invia messaggio privato
Cessiti
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 10/04/07 12:23
Messaggi: 123
MessaggioInviato: 15 Mag 2007 11:02    Oggetto: Rispondi
Allora ho eseguito lo script in avenger e questo è il risultato all'avvio del computer:

Citazione:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xeifsndu

*******************

Script file located at: \??\C:\Program Files\oquuimys.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.


Poi ho fatto la scansione con Kaspersky...e mi sono sconfortato...ha trovato 4 virus e 5 file infetti di cui 2 trojan horse...ma come è possibile?
Questo è il log:

Citazione:
Tuesday, May 15, 2007 10:56:40 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/05/2007
Kaspersky Anti-Virus database records: 300984


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 46448
Number of viruses found 4
Number of infected objects 5 / 0
Number of suspicious objects 0
Duration of the scan process 00:37:44

Infected Object Name Virus Name Last Action
C:\System Volume Information\_restore{4FAFE68C-F716-47E5-AB27-E03B5967D1C2}\RP21\change.log Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\tmp1E.tmp.dll Infected: Trojan.Win32.BHO.g skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\fccbxw.dll Infected: Trojan.Win32.Agent.agv skipped

C:\WINDOWS\updater.exe.tmp Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Ciao\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Cronologia\History.IE5\MSHist012007051520070516\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Ciao\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Ciao\NTUSER.DAT Object is locked skipped

C:\Programmi\Alice ti aiuta\log\mpbtn.log Object is locked skipped

C:\Programmi\Softwin\BitDefender8\Quarantine\tmp4.tmp.dll Infected: Trojan.Win32.BHO.g skipped

C:\Programmi\Softwin\BitDefender8\Quarantine\adsint.dll Infected: Trojan-Downloader.Win32.ConHook.bf skipped

Scan process completed.


Cosa devo fare? Poi ho un dubbio...ma non è che il programma Bear Share 5.2.5 mi porta qualche virus o trojan horse o qualche altra cosa?

Aiuto!
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2  Successivo
Pagina 1 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi