 |
 |
| 
gyncos
New Member
Date Joined Feb 2008
Total Posts : 12
| Posted 2-23-2008 12:13 (GMT +1) |   | Hi
I've got this virus in my laptop
Whenever I try to open a hard drive AVG detects the virus, I move it to the vault but it doesn't work. I cannot unhide hidden files and folders.
I ran Kaspersky, spybot, avg, adaware. they all detect sth but no way to solve the problem
I'm not posting the kaspersky log report because it is too long. Could anyone help me analyze the HJT log and tell me what to do next?
Thks
Logfile of HijackThis v1.99.1
Scan saved at 9.35.33, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATKOSD2\ATKOSD2.exe
C:\Programmi\ATK Hotkey\Hcontrol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\ATK Hotkey\ATKOSD.exe
C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\ASUSTPE.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\ASScrPro.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Atheros\ACU.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ATK Hotkey\KBFiltr.exe
C:\Programmi\Notebook Hardware Control\nhc.exe
C:\Programmi\ATK Hotkey\WDC.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ASUS\Asus MultiFrame\MultiFrame.exe
c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\mioengine.exe
c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\SETUP\FIREFO~1.WIN\FIREFOX\FIREFOX.EXE
C:\HJT\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eluniversal.com/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69204
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATKOSD2] "C:\Programmi\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programmi\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] "C:\Programmi\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programmi\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [ACU] C:\Programmi\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programmi\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MultiFrame] C:\Programmi\ASUS\Asus MultiFrame\MultiFrame.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - Startup: CCC.lnk = ?
O4 - Startup: My Vodafone.it.lnk = C:\Documents and Settings\Gyanos\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gyanos.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Servizio di configurazione Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13642
| Posted 2-23-2008 9:11 (GMT +1) | | Hello 
Please download Combofix:
and save to the desktop.
Important-> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
|
Close all other browser windows.
Go to start --> run and copy/paste in the following:
"%userprofile%\desktop\combofix.exe" /killall
When finished, it will produce a logfile located at C:\ComboFix.txt.
Post the contents of that log in your next reply with a new hijackthis log.
Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
gyncos
New Member
Date Joined Feb 2008
Total Posts : 12
| Posted 2-23-2008 11:19 (GMT +1) | | Hi Touch
thanks a lot for you quick reply. I dis as suggested, but I think I may have done sth wrong. I ran the program thinkin I should paste
"%userprofile%\desktop\combofix.exe" /killall
in run when finished, so the program did a first scan and deleted some registry keys (as notified by spybot, which I had obviously not completely disabled although I thought I had).
So I launched another scan, now typing the above string into start>run. So now I have two reports. Which One should I send?
Anyway the main problem seems to be fix as I can now unhide hidden files and among the keys deleted I identified suspected files...the side effect is that modzilla firefox seems to have disappeared, but that's not too bad as I can reinstall.
Here's the new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 11:14, on 2008-02-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Programmi\ATKOSD2\ATKOSD2.exe
C:\Programmi\ATK Hotkey\Hcontrol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\ASUSTPE.exe
C:\WINDOWS\ASScrPro.exe
C:\Programmi\Atheros\ACU.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Programmi\Notebook Hardware Control\nhc.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Programmi\Skype\Phone\Skype.exe
c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\ATK Hotkey\ATKOSD.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\mioengine.exe
C:\Programmi\ATK Hotkey\KBFiltr.exe
C:\Programmi\ATK Hotkey\WDC.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\Grisoft\AVG7\avgcc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eluniversal.com/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69204
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATKOSD2] "C:\Programmi\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programmi\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] "C:\Programmi\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programmi\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [ACU] C:\Programmi\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programmi\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MultiFrame] C:\Programmi\ASUS\Asus MultiFrame\MultiFrame.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CCC.lnk = ?
O4 - Startup: My Vodafone.it.lnk = C:\Documents and Settings\Gyanos\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gyanos.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Servizio di configurazione Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe | | Back to Top | | |
|
gyncos
New Member
Date Joined Feb 2008
Total Posts : 12
| Posted 2-23-2008 11:24 (GMT +1) | | | I just have to rectify, modzilla was not uninstalled. It just disappeared as the default browser....sorry! | | Back to Top | | |
|
gyncos
New Member
Date Joined Feb 2008
Total Posts : 12
| Posted 2-23-2008 11:29 (GMT +1) | | here's the first combofixlog
ComboFix 08-02-23.2 - Gyanos 2008-02-23 10.34.07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1200 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Gyanos\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre elimi!!!!oni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Programmi\p4p
C:\Programmi\p4p\Bookmark.ini
C:\Programmi\p4p\P4P.exe
C:\Programmi\p4p\RING.WAV
C:\u.exe
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2008-01-23 al 2008-02-23 )))))))))))))))))))))))))))))))))))
.
2008-02-23 10:03 . 2008-02-23 10:09 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Malwarebytes
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-02-22 01:47 . 2008-02-22 01:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-22 01:47 . 2008-02-22 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-22 01:34 . 2008-02-22 09:35 <DIR> d-------- C:\HJT
2008-02-22 01:11 . 2008-02-22 01:11 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Lavasoft
2008-02-22 01:10 . 2008-02-22 01:10 <DIR> d-------- C:\Programmi\Lavasoft
2008-02-21 23:22 . 2008-02-21 23:21 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-21 23:21 . 2008-02-21 23:27 <DIR> d-------- C:\Documents and Settings\Gyanos\.housecall6.6
2008-02-21 22:46 . 2008-02-21 22:15 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-21 22:46 . 2008-02-21 22:46 2,546 --a------ C:\WINDOWS\unins000.dat
2008-02-21 22:12 . 2008-02-21 22:50 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-21 22:12 . 2008-02-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-21 21:30 . 2008-02-22 00:21 81,408 -r-hs---- C:\WINDOWS\system32\tavo1.dll
2008-02-20 17:26 . 2008-02-20 17:27 115,221 -r-hs---- C:\gqsk.bat
2008-02-20 17:26 . 2008-02-22 00:21 113,040 -r-hs---- C:\WINDOWS\system32\tavo.exe
2008-02-12 11:47 . 2008-02-13 11:29 <DIR> d-------- C:\CutePrinter
2008-02-12 11:47 . 2003-07-24 18:06 86,016 --a------ C:\WINDOWS\system32\cutemon2k.dll
2008-02-12 11:47 . 2003-06-01 15:24 40,960 --a------ C:\WINDOWS\system32\UnCutePP.exe
2008-02-11 19:19 . 2008-02-11 19:19 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-02-11 19:03 . 2008-02-11 19:03 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-02-11 19:03 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-11 19:03 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-11 19:03 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-11 19:03 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-11 19:01 . 2008-02-11 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-11 19:01 . 2008-02-11 19:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-11 16:42 . 2008-02-11 16:42 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\mioObjects
2008-02-11 16:42 . 2008-02-11 16:42 407,047 --a------ C:\WINDOWS\system32\mioengine.exe
2008-02-09 15:29 . 2008-02-09 15:29 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-02-09 15:28 . 2008-02-09 15:28 <DIR> d-------- C:\Programmi\Real
2008-02-09 15:28 . 2008-02-09 15:29 <DIR> d-------- C:\Programmi\File comuni\Real
2008-02-05 22:07 . 2008-02-11 16:14 <DIR> d-------- C:\Programmi\AdunanzA
2008-02-05 18:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-05 18:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-05 18:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-05 13:32 . 2008-02-05 13:32 268 --ah----- C:\sqmdata01.sqm
2008-02-05 13:32 . 2008-02-05 13:32 244 --ah----- C:\sqmnoopt01.sqm
2008-02-04 22:45 . 2008-02-04 22:45 268 --ah----- C:\sqmdata00.sqm
2008-02-04 22:45 . 2008-02-04 22:45 244 --ah----- C:\sqmnoopt00.sqm
2008-02-04 19:46 . 2008-02-05 18:46 <DIR> d-------- C:\Documents and Settings\Gyanos\Contacts
2008-02-04 19:31 . 2008-02-04 19:45 <DIR> d-------- C:\Programmi\Windows Live
2008-02-04 19:31 . 2008-02-04 19:45 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-04 19:31 . 2008-02-04 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-04 11:00 . 2002-10-16 09:18 372,736 --a------ C:\WINDOWS\system32\ISIIndexer.dll
2008-02-04 11:00 . 2002-03-06 18:56 196,608 --a------ C:\WINDOWS\system32\ISIXFiles.dll
2008-02-04 11:00 . 2008-02-17 11:20 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-02 15:42 . 2008-02-23 09:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-02 15:42 . 2008-02-02 15:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\iTunes
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\iPod
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\Bonjour
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Apple Computer
2008-02-02 15:40 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\QuickTime
2008-02-02 15:40 . 2008-02-02 15:40 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-02-02 15:40 . 2008-02-02 15:40 <DIR> d-------- C:\Programmi\Apple Software Update
2008-02-02 15:40 . 2008-02-02 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-02-02 15:40 . 2008-02-02 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-02-02 15:25 . 2008-02-02 15:38 <DIR> d-------- C:\Documents and Settings\Gyanos\.SunDownloadManager
2008-02-02 15:15 . 2008-02-02 15:19 <DIR> d-------- C:\j2sdk1.4.2_16
2008-02-02 15:07 . 2008-02-02 15:07 <DIR> d-------- C:\WINDOWS\Sun
2008-02-02 15:06 . 2008-02-02 15:27 <DIR> d-------- C:\Programmi\Java
2008-02-02 15:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 15:05 . 2008-02-02 15:05 <DIR> d-------- C:\Programmi\File comuni\Java
2008-02-02 14:45 . 2008-02-02 14:45 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Printer Info Cache
2008-02-02 14:45 . 2008-02-02 15:30 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Image Zone Express
2008-02-02 12:23 . 2008-02-02 12:23 <DIR> d-------- C:\Programmi\Microsoft ActiveSync
2008-02-02 12:23 . 2008-02-02 12:23 <DIR> d-------- C:\Programmi\File comuni\L&H
2008-02-02 12:05 . 2008-02-02 12:05 <DIR> d-------- C:\Programmi\TRADOS
2008-02-01 10:31 . 2008-02-01 10:31 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-01-31 19:19 . 2008-01-31 19:19 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\DataCast
2008-01-31 19:19 . 2007-12-14 17:19 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2008-01-31 19:18 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-01-31 18:34 . 2008-01-31 18:34 <DIR> d-------- C:\Programmi\MarkAny
2008-01-31 18:31 . 2008-01-31 18:31 <DIR> d-------- C:\Programmi\Samsung
2008-01-31 18:31 . 2006-03-16 08:26 397,429 --a------ C:\WINDOWS\system32\PixtreeMP4FormatWriter.ax
2008-01-31 18:31 . 2006-01-20 10:11 110,592 --a------ C:\WINDOWS\system32\tg_dump.dll
2008-01-31 18:02 . 2008-01-31 18:02 <DIR> d-------- C:\Programmi\Trust
2008-01-31 18:02 . 2008-01-31 18:02 <DIR> d-------- C:\Programmi\File comuni\snpstd
2008-01-31 18:02 . 2004-05-17 20:55 302,720 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
2008-01-31 18:02 . 2004-05-10 17:37 286,720 --a------ C:\WINDOWS\vsnpstd.exe
2008-01-31 18:02 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd.dll
2008-01-31 18:02 . 2004-05-04 20:30 53,248 --a------ C:\WINDOWS\system32\rsnpstd.dll
2008-01-31 18:02 . 2004-05-06 11:22 53,248 --a------ C:\WINDOWS\system32\dsnpstd.dll
2008-01-31 18:02 . 2002-07-03 11:44 53,248 --a------ C:\WINDOWS\amcap.exe
2008-01-31 18:02 . 2004-05-04 20:10 36,864 --a------ C:\WINDOWS\system32\vsnpstd.dll
2008-01-31 18:02 . 2004-05-04 20:07 36,864 --a------ C:\WINDOWS\system32\dsnpstd.ax
2008-01-31 18:02 . 2004-02-23 15:19 20,480 --a------ C:\WINDOWS\usnpstd.exe
2008-01-31 18:02 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd.ini
2008-01-31 18:02 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd.src
2008-01-31 17:12 . 2008-01-31 18:27 <DIR> d-------- C:\Programmi\C'è Posta
2008-01-31 16:18 . 2008-01-31 17:12 286,720 --a------ C:\WINDOWS\iun507.exe
2008-01-31 12:19 . 2008-01-31 12:41 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\HP
2008-01-31 12:18 . 2008-02-04 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\HPSSUPPLY
2008-01-31 12:16 . 2008-01-31 12:16 <DIR> d-------- C:\Programmi\Hewlett-Packard
2008-01-31 12:16 . 2008-01-31 12:18 <DIR> d-------- C:\Programmi\File comuni\HP
2008-01-31 12:16 . 2008-01-31 12:16 <DIR> d-------- C:\Programmi\File comuni\Hewlett-Packard
2008-01-31 12:16 . 2008-01-31 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 08:52 --------- d-----w C:\Documents and Settings\Gyanos\Dati applicazioni\Skype
2008-02-23 08:43 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-23 08:43 --------- d-----w C:\Documents and Settings\Gyanos\Dati applicazioni\skypePM
2008-02-23 08:43 --------- d-----w C:\Documents and Settings\Gyanos\Dati applicazioni\AVG7
2008-02-04 10:00 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-01 09:00 --------- d-----w C:\Programmi\ASUS
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 16:19 40,960 ------w C:\WINDOWS\system32\MAMACExtract.dll
2007-12-07 00:45 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 00:45 668,672 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-12-07 00:45 619,008 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-12-07 00:45 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-12-07 00:45 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:45 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-12-07 00:45 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-07 00:45 3,087,360 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 00:45 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-12-07 00:45 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:44 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-12-07 00:44 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-12-07 00:44 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-07 00:44 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-12-07 00:44 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-12-07 00:44 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-12-07 00:44 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:44 1,056,256 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:44 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-02 10:34 155,995 ----a-w C:\WINDOWS\java\Packages\I975R5VN.ZIP
2007-11-28 21:34 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"StartCCC"="c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"MultiFrame"="C:\Programmi\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 14:07 999792]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="C:\Programmi\ATKOSD2\ATKOSD2.exe" [2007-07-03 10:48 7708672]
"ATKHOTKEY"="C:\Programmi\ATK Hotkey\Hcontrol.exe" [2007-07-12 10:25 225280]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"ATKMEDIA"="C:\Programmi\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 05:02 786521]
"ACMON"="C:\Programmi\ASUS\Splendid\ACMON.exe" [2007-07-10 10:59 851968]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 19:14 61440]
"RemoteControl"="C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"SMSERIAL"="C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 02:31 630784]
"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]
"Wireless Console 2"="C:\Programmi\Wireless Console 2\wcourier.exe" [2007-07-05 16:53 1040384]
"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007-01-16 16:13 106496]
"ASUS Camera ScreenSaver"="C:\WINDOWS\ASScrProlog.exe" [2007-10-29 14:43 37232]
"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2007-10-29 14:44 33136]
"ACU"="C:\Programmi\Atheros\ACU.exe" [2007-05-03 17:42 376921]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-30 11:44 579072]
"NotebookHardwareControl"="C:\Programmi\Notebook Hardware Control\nhc.exe" [2007-05-04 01:33 2629632]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37 286720]
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-02-09 15:28 185896]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-02 13:10 219136]
C:\Documents and Settings\Gyanos\Menu Avvio\Programmi\Esecuzione automatica\
CCC.lnk - C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]
My Vodafone.it.lnk - C:\Documents and Settings\Gyanos\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio [2008-02-11 16:42:35 103615]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-12-02 12:14:43 212992]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgw.exe"=
"C:\\Programmi\\FastWeb Login\\FastLogin.exe"=
"C:\\Programmi\\C'è Posta\\CPosta.exe"=
"C:\\Programmi\\ASUS\\ASUS Live Update\\ALU.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-02 21:26]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 01:50]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 00:07]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 19:52]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-06 10:39]
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-04 06:28]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 14:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49d1b7f8-9d2c-11dc-ad13-001d60ddc7a4}]
\Shell\AutoRun\command - G:\gqsk.bat
\Shell\explore\Command - G:\gqsk.bat
\Shell\open\Command - G:\gqsk.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c3cded9-9df3-11dc-ad17-001d60ddc7a4}]
\Shell\AutoRun\command - H:\u.exe
\Shell\explore\Command - H:\u.exe
\Shell\open\Command - H:\u.exe
*Newly Created Service* - NTMSSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-18 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Gyanos.job"
- c:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exei/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 10:35:18
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-02-23 10.35.39
ComboFix-quarantined-files.txt 2008-02-23 09:35:38
.
2008-02-13 12:34:01 --- E O F --- | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13642
| Posted 2-23-2008 6:03 (GMT +1) | | | No problem
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
KILLALL::
Snapshot::
File::
C:\WINDOWS\system32\tavo1.dll
C:\gqsk.bat
C:\WINDOWS\system32\tavo.exe
G:\gqsk.bat
H:\u.exe
----------------------------------------------
Save this as CFScript.txt
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
Post new hijackthis log along with fresh combofix log
Nb. Tavo exe is - A keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.)
I´ll therefore suggest You ->
"From a clean computer, change *all* your online passwords -- for ISP login, email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.
And what ever else seems appropriate."
Do NOT post your problem in someone elses thread.
Post Edited (Touch) : 23-02-2008 17:06:40 GMT | | Back to Top | | |
|
gyncos
New Member
Date Joined Feb 2008
Total Posts : 12
| Posted 2-23-2008 6:37 (GMT +1) | | Hi!, after my last post I realised that whatever combofix could have done was lost because i had attached to my pc both my Usb flash drive and external HD, which were infected (in fact I am sure I got the virus through the usb flash drive bacause it all started there).
So I ran again combofix with the external HD and the usd drive connected, after which the problem had gone in the Hd but was back when I re-attached the flash drive.
I ran again combofix, with only the HD attached, and the problems seem to be fixed. I have not re-attached the flash drive since because it would reproduce the virus again. Here's the last combofix report. Do you confirm I should follow the procedure described in your previous post?
thanks and sorry for the mess :-(
ComboFix 08-02-23.2 - Gyanos 2008-02-23 12:58:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1473 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Gyanos\desktop\combofix.exe
Command switches used :: /killall
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre elimi!!!!oni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-01-23 al 2008-02-23 )))))))))))))))))))))))))))))))))))
.
2008-02-23 13:01 . 2003-07-29 03:18 3,839 --a------ C:\WINDOWS\system32\drivers\GETPADD.sys
2008-02-23 11:54 . 2008-02-23 12:52 81,408 -r-hs---- C:\WINDOWS\system32\tavo0.dll
2008-02-23 10:03 . 2008-02-23 10:09 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Malwarebytes
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-02-22 01:47 . 2008-02-22 01:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-22 01:47 . 2008-02-22 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-22 01:34 . 2008-02-23 11:14 <DIR> d-------- C:\HJT
2008-02-22 01:11 . 2008-02-22 01:11 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Lavasoft
2008-02-22 01:10 . 2008-02-22 01:10 <DIR> d-------- C:\Programmi\Lavasoft
2008-02-21 23:22 . 2008-02-21 23:21 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-21 23:21 . 2008-02-21 23:27 <DIR> d-------- C:\Documents and Settings\Gyanos\.housecall6.6
2008-02-21 22:46 . 2008-02-21 22:15 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-21 22:46 . 2008-02-21 22:46 2,546 --a------ C:\WINDOWS\unins000.dat
2008-02-21 22:12 . 2008-02-21 22:50 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-21 22:12 . 2008-02-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-21 21:30 . 2008-02-22 00:21 81,408 -r-hs---- C:\WINDOWS\system32\tavo1.dll
2008-02-20 17:26 . 2008-02-20 17:27 115,221 -r-hs---- C:\gqsk.bat
2008-02-20 17:26 . 2008-02-23 12:52 113,040 -r-hs---- C:\WINDOWS\system32\tavo.exe
2008-02-12 11:47 . 2008-02-13 11:29 <DIR> d-------- C:\CutePrinter
2008-02-12 11:47 . 2003-07-24 18:06 86,016 --a------ C:\WINDOWS\system32\cutemon2k.dll
2008-02-12 11:47 . 2003-06-01 15:24 40,960 --a------ C:\WINDOWS\system32\UnCutePP.exe
2008-02-11 19:19 . 2008-02-11 19:19 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-02-11 19:03 . 2008-02-11 19:03 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-02-11 19:03 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-11 19:03 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-11 19:03 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-11 19:03 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-11 19:01 . 2008-02-11 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-11 19:01 . 2008-02-11 19:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-11 16:42 . 2008-02-11 16:42 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\mioObjects
2008-02-11 16:42 . 2008-02-11 16:42 407,047 --a------ C:\WINDOWS\system32\mioengine.exe
2008-02-09 15:29 . 2008-02-09 15:29 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-02-09 15:28 . 2008-02-09 15:28 <DIR> d-------- C:\Programmi\Real
2008-02-09 15:28 . 2008-02-09 15:29 <DIR> d-------- C:\Programmi\File comuni\Real
2008-02-05 22:07 . 2008-02-11 16:14 <DIR> d-------- C:\Programmi\AdunanzA
2008-02-05 18:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-05 18:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-05 18:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-05 13:32 . 2008-02-05 13:32 268 --ah----- C:\sqmdata01.sqm
2008-02-05 13:32 . 2008-02-05 13:32 244 --ah----- C:\sqmnoopt01.sqm
2008-02-04 22:45 . 2008-02-04 22:45 268 --ah----- C:\sqmdata00.sqm
2008-02-04 22:45 . 2008-02-04 22:45 244 --ah----- C:\sqmnoopt00.sqm
2008-02-04 19:46 . 2008-02-05 18:46 <DIR> d-------- C:\Documents and Settings\Gyanos\Contacts
2008-02-04 19:31 . 2008-02-04 19:45 <DIR> d-------- C:\Programmi\Windows Live
2008-02-04 19:31 . 2008-02-04 19:45 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-04 19:31 . 2008-02-04 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-04 11:00 . 2002-10-16 09:18 372,736 --a------ C:\WINDOWS\system32\ISIIndexer.dll
2008-02-04 11:00 . 2002-03-06 18:56 196,608 --a------ C:\WINDOWS\system32\ISIXFiles.dll
2008-02-04 11:00 . 2008-02-17 11:20 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-02 15:42 . 2008-02-23 13:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-02 15:42 . 2008-02-02 15:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\iTunes
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\iPod
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\Bonjour
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Apple Computer
2008-02-02 15:40 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\QuickTime
2008-02-02 15:40 . 2008-02-02 15:40 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-02-02 15:40 . 2008-02-02 15:40 <DIR> d-------- C:\Programmi\Apple Software Update
2008-02-02 15:40 . 2008-02-02 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-02-02 15:40 . 2008-02-02 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-02-02 15:25 . 2008-02-02 15:38 <DIR> d-------- C:\Documents and Settings\Gyanos\.SunDownloadManager
2008-02-02 15:15 . 2008-02-02 15:19 <DIR> d-------- C:\j2sdk1.4.2_16
2008-02-02 15:07 . 2008-02-02 15:07 <DIR> d-------- C:\WINDOWS\Sun
2008-02-02 15:06 . 2008-02-02 15:27 <DIR> d-------- C:\Programmi\Java
2008-02-02 15:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 15:05 . 2008-02-02 15:05 <DIR> d-------- C:\Programmi\File comuni\Java
2008-02-02 14:45 . 2008-02-02 14:45 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Printer Info Cache
2008-02-02 14:45 . 2008-02-02 15:30 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Image Zone Express
2008-02-02 12:23 . 2008-02-02 12:23 <DIR> d-------- C:\Programmi\Microsoft ActiveSync
2008-02-02 12:23 . 2008-02-02 12:23 <DIR> d-------- C:\Programmi\File comuni\L&H
2008-02-02 12:05 . 2008-02-02 12:05 <DIR> d-------- C:\Programmi\TRADOS
2008-02-01 10:31 . 2008-02-01 10:31 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-01-31 19:19 . 2008-01-31 19:19 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\DataCast
2008-01-31 19:19 . 2007-12-14 17:19 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2008-01-31 19:18 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-01-31 18:34 . 2008-01-31 18:34 <DIR> d-------- C:\Programmi\MarkAny
2008-01-31 18:31 . 2008-01-31 18:31 <DIR> d-------- C:\Programmi\Samsung
2008-01-31 18:31 . 2006-03-16 08:26 397,429 --a------ C:\WINDOWS\system32\PixtreeMP4FormatWriter.ax
2008-01-31 18:31 . 2006-01-20 10:11 110,592 --a------ C:\WINDOWS\system32\tg_dump.dll
2008-01-31 18:02 . 2008-01-31 18:02 <DIR> d-------- C:\Programmi\Trust
2008-01-31 18:02 . 2008-01-31 18:02 <DIR> d-------- C:\Programmi\File comuni\snpstd
2008-01-31 18:02 . 2004-05-17 20:55 302,720 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
2008-01-31 18:02 . 2004-05-10 17:37 286,720 --a------ C:\WINDOWS\vsnpstd.exe
2008-01-31 18:02 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd.dll
2008-01-31 18:02 . 2004-05-04 20:30 53,248 --a------ C:\WINDOWS\system32\rsnpstd.dll
2008-01-31 18:02 . 2004-05-06 11:22 53,248 --a------ C:\WINDOWS\system32\dsnpstd.dll
2008-01-31 18:02 . 2002-07-03 11:44 53,248 --a------ C:\WINDOWS\amcap.exe
2008-01-31 18:02 . 2004-05-04 20:10 36,864 --a------ C:\WINDOWS\system32\vsnpstd.dll
2008-01-31 18:02 . 2004-05-04 20:07 36,864 --a------ C:\WINDOWS\system32\dsnpstd.ax
2008-01-31 18:02 . 2004-02-23 15:19 20,480 --a------ C:\WINDOWS\usnpstd.exe
2008-01-31 18:02 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd.ini
2008-01-31 18:02 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd.src
2008-01-31 17:12 . 2008-01-31 18:27 <DIR> d-------- C:\Programmi\C'Š Posta
2008-01-31 16:18 . 2008-01-31 17:12 286,720 --a------ C:\WINDOWS\iun507.exe
2008-01-31 12:19 . 2008-01-31 12:41 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\HP
2008-01-31 12:18 . 2008-02-04 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\HPSSUPPLY
2008-01-31 12:16 . 2008-01-31 12:16 <DIR> d-------- C:\Programmi\Hewlett-Packard
2008-01-31 12:16 . 2008-01-31 12:18 <DIR> d-------- C:\Programmi\File comuni\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 12:01 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-23 11:49 --------- d-----w C:\Documents and Settings\Gyanos\Dati applicazioni\Skype
2008-02-23 10:28 --------- d-----w C:\Documents and Settings\Gyanos\Dati applicazioni\AVG7
2008-02-23 08:43 --------- d-----w C:\Documents and Settings\Gyanos\Dati applicazioni\skypePM
2008-02-04 10:00 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-01 09:00 --------- d-----w C:\Programmi\ASUS
2008-01-31 17:27 --------- d-----w C:\Programmi\C'è Posta
2007-11-28 21:34 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"StartCCC"="c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"MultiFrame"="C:\Programmi\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 14:07 999792]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="C:\Programmi\ATKOSD2\ATKOSD2.exe" [2007-07-03 10:48 7708672]
"ATKHOTKEY"="C:\Programmi\ATK Hotkey\Hcontrol.exe" [2007-07-12 10:25 225280]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"ATKMEDIA"="C:\Programmi\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 05:02 786521]
"ACMON"="C:\Programmi\ASUS\Splendid\ACMON.exe" [2007-07-10 10:59 851968]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 19:14 61440]
"RemoteControl"="C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"SMSERIAL"="C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 02:31 630784]
"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]
"Wireless Console 2"="C:\Programmi\Wireless Console 2\wcourier.exe" [2007-07-05 16:53 1040384]
"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007-01-16 16:13 106496]
"ASUS Camera ScreenSaver"="C:\WINDOWS\ASScrProlog.exe" [2007-10-29 14:43 37232]
"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2007-10-29 14:44 33136]
"ACU"="C:\Programmi\Atheros\ACU.exe" [2007-05-03 17:42 376921]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-30 11:44 579072]
"NotebookHardwareControl"="C:\Programmi\Notebook Hardware Control\nhc.exe" [2007-05-04 01:33 2629632]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37 286720]
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-02-09 15:28 185896]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-02 13:10 219136]
C:\Documents and Settings\Gyanos\Menu Avvio\Programmi\Esecuzione automatica\
CCC.lnk - C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]
My Vodafone.it.lnk - C:\Documents and Settings\Gyanos\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio [2008-02-11 16:42:35 103615]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-12-02 12:14:43 212992]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgw.exe"=
"C:\\Programmi\\FastWeb Login\\FastLogin.exe"=
"C:\\Programmi\\C'è Posta\\CPosta.exe"=
"C:\\Programmi\\ASUS\\ASUS Live Update\\ALU.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-02 21:26]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 01:50]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 00:07]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 14:00]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 19:52]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-06 10:39]
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-04 06:28]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49d1b7f8-9d2c-11dc-ad13-001d60ddc7a4}]
\Shell\AutoRun\command - G:\gqsk.bat
\Shell\explore\Command - G:\gqsk.bat
\Shell\open\Command - G:\gqsk.bat
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-18 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Gyanos.job"
- c:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exei/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 13:01:33
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Programmi\ASUS\Asus MultiFrame\HookTitle.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\ACEngSvr.exe
c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\ATK Hotkey\ATKOSD.exe
C:\Programmi\ATK Hotkey\KBFiltr.exe
C:\Programmi\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\mioengine.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\imapi.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-23 13:04:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 12:04:15
ComboFix2.txt 2008-02-23 11:50:37
ComboFix3.txt 2008-02-23 09:59:43
ComboFix4.txt 2008-02-23 09:35:41
.
2008-02-13 12:34:01 --- E O F --- | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13642
| Posted 2-23-2008 7:48 (GMT +1) | | | Let´s see if We can clean Your flashdrives first -
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.
- Double-click Flash_Disinfector.exe to run it.
- Follow any prompts that may appear.
- Your desktop will vanish for a while, and then reappear. This is normal.
- Wait until the program has finished scanning, then please exit the program.
Then follow My instructions here:
Posted Today 6:03
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
gyncos
New Member
Date Joined Feb 2008
Total Posts : 12
| Posted 2-23-2008 8:26 (GMT +1) | | Hi Here's the new combofix log, follows also the new HJT log. Should I change my passwords now? is the computer clean?
ComboFix 08-02-23.2 - Gyanos 2008-02-23 20:07:44.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1432 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Gyanos\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gyanos\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\gqsk.bat
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo1.dll
G:\gqsk.bat
H:\u.exe
.
((((((((((((((((((((((((((((((((((((( Altre elimi!!!!oni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\gqsk.bat
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo1.dll
G:\gqsk.bat
H:\u.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-01-23 al 2008-02-23 )))))))))))))))))))))))))))))))))))
.
2008-02-23 20:14 . 2003-07-29 03:18 3,839 --a------ C:\WINDOWS\system32\drivers\GETPADD.sys
2008-02-23 11:54 . 2008-02-23 12:52 81,408 -r-hs---- C:\WINDOWS\system32\tavo0.dll
2008-02-23 10:03 . 2008-02-23 10:09 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Malwarebytes
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-02-22 01:47 . 2008-02-22 01:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-22 01:47 . 2008-02-22 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-22 01:34 . 2008-02-23 11:14 <DIR> d-------- C:\HJT
2008-02-22 01:11 . 2008-02-22 01:11 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Lavasoft
2008-02-22 01:10 . 2008-02-22 01:10 <DIR> d-------- C:\Programmi\Lavasoft
2008-02-21 23:22 . 2008-02-21 23:21 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-21 23:21 . 2008-02-21 23:27 <DIR> d-------- C:\Documents and Settings\Gyanos\.housecall6.6
2008-02-21 22:46 . 2008-02-21 22:15 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-21 22:46 . 2008-02-21 22:46 2,546 --a------ C:\WINDOWS\unins000.dat
2008-02-21 22:12 . 2008-02-21 22:50 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-21 22:12 . 2008-02-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-12 11:47 . 2008-02-13 11:29 <DIR> d-------- C:\CutePrinter
2008-02-12 11:47 . 2003-07-24 18:06 86,016 --a------ C:\WINDOWS\system32\cutemon2k.dll
2008-02-12 11:47 . 2003-06-01 15:24 40,960 --a------ C:\WINDOWS\system32\UnCutePP.exe
2008-02-11 19:19 . 2008-02-11 19:19 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-02-11 19:03 . 2008-02-11 19:03 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-02-11 19:03 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-11 19:03 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-11 19:03 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-11 19:03 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-11 19:01 . 2008-02-11 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-11 19:01 . 2008-02-11 19:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-11 16:42 . 2008-02-11 16:42 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\mioObjects
2008-02-11 16:42 . 2008-02-11 16:42 407,047 --a------ C:\WINDOWS\system32\mioengine.exe
2008-02-09 15:29 . 2008-02-09 15:29 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-02-09 15:28 . 2008-02-09 15:28 <DIR> d-------- C:\Programmi\Real
2008-02-09 15:28 . 2008-02-09 15:29 <DIR> d-------- C:\Programmi\File comuni\Real
2008-02-05 22:07 . 2008-02-11 16:14 <DIR> d-------- C:\Programmi\AdunanzA
2008-02-05 18:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-05 18:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-05 18:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-05 13:32 . 2008-02-05 13:32 268 --ah----- C:\sqmdata01.sqm
2008-02-05 13:32 . 2008-02-05 13:32 244 --ah----- C:\sqmnoopt01.sqm
2008-02-04 22:45 . 2008-02-04 22:45 268 --ah----- C:\sqmdata00.sqm
2008-02-04 22:45 . 2008-02-04 22:45 244 --ah----- C:\sqmnoopt00.sqm
2008-02-04 19:46 . 2008-02-05 18:46 <DIR> d-------- C:\Documents and Settings\Gyanos\Contacts
2008-02-04 19:31 . 2008-02-04 19:45 <DIR> d-------- C:\Programmi\Windows Live
2008-02-04 19:31 . 2008-02-04 19:45 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-04 19:31 . 2008-02-04 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-04 11:00 . 2002-10-16 09:18 372,736 --a------ C:\WINDOWS\system32\ISIIndexer.dll
2008-02-04 11:00 . 2002-03-06 18:56 196,608 --a------ C:\WINDOWS\system32\ISIXFiles.dll
2008-02-04 11:00 . 2008-02-17 11:20 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-02 15:42 . 2008-02-23 20:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-02 15:42 . 2008-02-02 15:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\iTunes
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\iPod
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\Bonjour
2008-02-02 15:41 . 2008-02-02 15:41 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Apple Computer
2008-02-02 15:40 . 2008-02-02 15:41 <DIR> d-------- C:\Programmi\QuickTime
2008-02-02 15:40 . 2008-02-02 15:40 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-02-02 15:40 . 2008-02-02 15:40 <DIR> d-------- C:\Programmi\Apple Software Update
2008-02-02 15:40 . 2008-02-02 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-02-02 15:40 . 2008-02-02 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-02-02 15:25 . 2008-02-02 15:38 <DIR> d-------- C:\Documents and Settings\Gyanos\.SunDownloadManager
2008-02-02 15:15 . 2008-02-02 15:19 <DIR> d-------- C:\j2sdk1.4.2_16
2008-02-02 15:07 . 2008-02-02 15:07 <DIR> d-------- C:\WINDOWS\Sun
2008-02-02 15:06 . 2008-02-02 15:27 <DIR> d-------- C:\Programmi\Java
2008-02-02 15:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 15:05 . 2008-02-02 15:05 <DIR> d-------- C:\Programmi\File comuni\Java
2008-02-02 14:45 . 2008-02-02 14:45 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Printer Info Cache
2008-02-02 14:45 . 2008-02-02 15:30 <DIR> d-------- C:\Documents and Settings\Gyanos\Dati applicazioni\Image Zone Express
2008-02-02 12:23 . 2008-02-02 12:23 <DIR> d-------- C:\Programmi\Microsoft ActiveSync
2008-02-02 12:23 . 2008-02-02 12:23 <DIR> d-------- C:\Programmi\File comuni\L&H
2008-02-02 12:05 . 2008-02-02 12:05 <DIR> d-------- C:\Programmi\TRADOS
2008-02-01 10:31 . 200 | |
| |
