Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Log Hijackthis...c'è da eliminare qualcosa?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Log Hijackthis...c'è da eliminare qualcosa?

Postdi Pompeo_3 » 08/06/10 21:56

Ciao,
vi posto il log di Hijackthis...ho il pc che ha qualcosa che non va...
Vi ringrazio in anticipo se mi indicate cortesemente qualcosa che devo eliminare.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.50.13, on 08/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivX Video Duplicator OLR] C:\PROGRA~1\DIVXVI~1\BVRPOlr.exe /DivX Video Duplicator
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [{D90C7C2D-1D84-82F1-1F3F-1DD6D8F76C95}] "C:\Documents and Settings\Andrea\Dati applicazioni\Agunmy\yfon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: opmai.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4D8D902-51FF-45F5-A636-06B4591AF5AE}: NameServer = 85.255.116.135 85.255.112.9
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: DDE DSDM di rete NetDDEdsdmNetDDEdsdm (NetDDEdsdmNetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\1041f.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 11010 bytes

Ciao Pompeo
Pompeo_3
Utente Junior
 
Post: 62
Iscritto il: 10/10/07 21:37

Sponsor
 

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi -> EleKtrA <- » 08/06/10 22:18

Ciao Pompeo_3, dal log si vede un'infezione da Navipromo e Trojan.Zlob.

Disattiva il teatimer di Spybot, che potrebbe interferire con le modifiche del registro.
Apri SpyBot > menù modalità > avanzata > utilità > resident e togli la spunta a TeaTimer.

Disattiva momentaneamente l'antivirus
Scarica Combofix | Tutorial
Non installare la recovery console
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta

Scarica Malwarebytes, installa il programma ed aggiorna le firme.
Nella scheda scansione, seleziona "scansione completa"
Allega il rapporto.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi Pompeo_3 » 09/06/10 00:11

Ecco il primo

ComboFix 10-06-08.02 - Andrea 09/06/2010 0.33.22.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.263 [GMT 2:00]
Eseguito da: c:\documents and settings\Andrea\Desktop\ComboFix3.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\1378163949.dat

.
((((((((((((((((((((((((( Files Creati Da 2010-05-08 al 2010-06-08 )))))))))))))))))))))))))))))))))))
.

2010-06-08 22:20 . 2010-06-08 22:27 -------- d-----w- C:\ComboFix
2010-06-08 22:20 . 2010-06-08 22:19 398336 ----a-w- c:\windows\system32\CF19884.exe
2010-06-08 19:17 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-08 19:17 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-08 19:17 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-08 19:17 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-08 19:17 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-08 19:17 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-08 19:17 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-08 19:17 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-08 19:17 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-08 18:53 . 2010-06-08 18:53 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-06-08 18:52 . 2010-06-08 18:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-26 19:14 . 2010-05-26 19:14 -------- d-sh--w- c:\documents and settings\Andrea\PrivacIE
2010-05-26 19:09 . 2010-05-26 19:09 -------- d-sh--w- c:\documents and settings\Andrea\IETldCache
2010-05-26 18:53 . 2010-05-26 18:56 -------- dc-h--w- c:\windows\ie8
2010-05-20 08:18 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-20 08:18 . 2010-05-20 08:18 -------- d-----w- c:\programmi\Avira
2010-05-20 08:18 . 2010-05-20 08:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-05-13 20:03 . 2010-05-13 20:03 -------- d-----w- c:\programmi\iPod
2010-05-13 20:03 . 2010-05-13 20:04 -------- d-----w- c:\programmi\iTunes
2010-05-13 19:56 . 2010-05-13 19:56 -------- d-----w- c:\programmi\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 21:30 . 2005-08-05 06:10 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Coyceg
2010-06-08 19:16 . 2010-03-17 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-06-08 18:31 . 2005-09-11 20:16 -------- d-----w- c:\programmi\XStyle v2
2010-06-08 08:27 . 2010-06-08 08:27 4 ----a-w- c:\documents and settings\Andrea\Dati applicazioni\dhxiuw.dat
2010-06-05 11:48 . 2009-06-07 22:32 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\mIRC
2010-06-05 10:28 . 2009-06-07 22:32 -------- d-----w- c:\programmi\mirc2
2010-06-03 08:21 . 2006-10-24 18:26 -------- d-----w- c:\programmi\CCleaner
2010-06-02 11:25 . 2007-01-06 20:09 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Skype
2010-06-01 18:58 . 2005-10-20 18:53 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\Canon
2010-05-13 20:03 . 2009-12-19 15:02 -------- d-----w- c:\programmi\File comuni\Apple
2010-05-09 00:08 . 2008-06-30 15:31 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\BSplayer
2010-04-17 21:40 . 2006-03-21 19:30 -------- d-----w- c:\programmi\eMule
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-28 11:35 . 2002-09-10 12:00 70544 ----a-w- c:\windows\system32\perfc010.dat
2010-03-28 11:35 . 2002-09-10 12:00 440128 ----a-w- c:\windows\system32\perfh010.dat
2010-03-14 01:05 . 2007-12-18 14:04 72852 ---ha-w- c:\windows\system32\mlfcache.dat
2007-09-09 16:32 . 2007-09-09 16:32 7520 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-23_14.26.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-06-08 19:14 . 2010-06-08 19:14 16384 c:\windows\Temp\Perflib_Perfdata_5fc.dat
+ 2005-07-08 22:58 . 2009-01-07 16:21 26144 c:\windows\system32\spupdsvc.exe
+ 2007-03-09 17:23 . 2009-01-07 16:20 16928 c:\windows\system32\spmsg.dll
+ 2002-09-10 12:00 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll
- 2002-09-10 12:00 . 2009-11-06 08:18 59440 c:\windows\system32\perfc009.dat
+ 2002-09-10 12:00 . 2010-03-28 11:35 59440 c:\windows\system32\perfc009.dat
- 2006-06-29 07:05 . 2006-06-29 07:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 07:05 . 2009-01-07 16:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-28 16:59 . 2006-06-28 16:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-28 16:59 . 2009-01-07 16:20 24576 c:\windows\system32\nlsdl.dll
- 2002-09-10 12:00 . 2006-10-17 10:28 48128 c:\windows\system32\mshtmler.dll
+ 2002-09-10 12:00 . 2009-03-08 02:31 48128 c:\windows\system32\mshtmler.dll
+ 2002-09-10 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll
- 2002-09-10 12:00 . 2006-10-17 10:56 45568 c:\windows\system32\mshta.exe
+ 2002-09-10 12:00 . 2009-03-08 02:31 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 10:58 . 2009-03-08 02:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-11-07 20:03 . 2009-03-08 02:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2002-09-10 12:00 . 2009-03-08 02:34 43008 c:\windows\system32\licmgr10.dll
+ 2002-09-10 12:00 . 2009-03-08 02:33 25600 c:\windows\system32\jsproxy.dll
+ 2002-09-10 12:00 . 2009-03-08 02:32 94720 c:\windows\system32\inseng.dll
+ 2002-09-10 12:00 . 2009-03-08 02:31 34816 c:\windows\system32\imgutil.dll
+ 2006-11-07 02:26 . 2009-03-08 02:32 36864 c:\windows\system32\ieudinit.exe
+ 2002-09-10 12:00 . 2009-03-08 02:32 71680 c:\windows\system32\iesetup.dll
+ 2002-09-10 12:00 . 2009-03-08 02:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 07:05 . 2009-01-07 16:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 07:05 . 2006-06-29 07:05 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 10:58 . 2009-03-08 02:31 59904 c:\windows\system32\icardie.dll
+ 2010-04-01 20:02 . 2009-10-16 00:33 41472 c:\windows\system32\DRVSTORE\usbaapl_E0F497D6C8B1C59AEB6422181BF0AFABD8356D47\usbaapl.sys
+ 2006-05-10 05:23 . 2009-03-08 02:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2006-10-17 10:28 . 2006-10-17 10:28 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-10-17 10:28 . 2009-03-08 02:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-05-10 05:23 . 2009-03-08 02:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-10-17 10:56 . 2006-10-17 10:56 45568 c:\windows\system32\dllcache\mshta.exe
+ 2006-10-17 10:56 . 2009-03-08 02:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-05-08 18:40 . 2009-03-08 02:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 11:05 . 2009-03-08 02:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-05-10 05:23 . 2009-03-08 02:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:23 . 2009-03-08 02:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2006-10-17 10:57 . 2009-03-08 02:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2006-11-07 02:26 . 2009-03-08 02:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2006-11-07 02:26 . 2009-03-08 02:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-10-10 23:49 . 2009-03-08 02:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2006-10-17 10:44 . 2009-03-08 02:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 02:33 . 2009-03-08 02:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2006-11-07 02:26 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2002-09-10 12:00 . 2009-03-08 02:33 18944 c:\windows\system32\corpol.dll
+ 2002-09-10 12:00 . 2009-03-08 02:32 72704 c:\windows\system32\admparse.dll
+ 2002-09-10 12:00 . 2008-04-14 02:14 93184 c:\windows\system32\1041f.exe
+ 2010-05-26 18:55 . 2009-03-08 12:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 44544 c:\windows\ie8\pngfilt.dll
+ 2010-05-26 18:53 . 2006-10-17 10:28 48128 c:\windows\ie8\mshtmler.dll
+ 2010-05-26 18:53 . 2006-10-17 10:56 45568 c:\windows\ie8\mshta.exe
+ 2010-05-26 18:53 . 2006-10-17 10:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2010-05-26 18:53 . 2008-10-16 20:04 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-05-26 18:53 . 2006-10-17 11:05 40960 c:\windows\ie8\licmgr10.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 27648 c:\windows\ie8\jsproxy.dll
+ 2010-05-26 18:53 . 2006-11-07 02:26 92672 c:\windows\ie8\inseng.dll
+ 2010-05-26 18:53 . 2006-10-17 10:57 36352 c:\windows\ie8\imgutil.dll
+ 2010-05-26 18:53 . 2006-11-07 02:26 55296 c:\windows\ie8\iesetup.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 44544 c:\windows\ie8\iernonce.dll
+ 2010-05-26 18:53 . 2008-04-14 02:13 81920 c:\windows\ie8\ieencode.dll
+ 2010-05-26 18:53 . 2008-10-16 13:13 70656 c:\windows\ie8\ie4uinit.exe
+ 2010-05-26 18:53 . 2008-10-16 20:04 63488 c:\windows\ie8\icardie.dll
+ 2010-05-26 18:53 . 2006-10-17 10:44 60416 c:\windows\ie8\hmmapi.dll
+ 2010-05-26 18:53 . 2008-04-14 02:13 35328 c:\windows\ie8\corpol.dll
+ 2010-05-26 18:53 . 2006-11-07 02:26 71680 c:\windows\ie8\admparse.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2007-01-28 17:48 . 2008-04-14 02:13 121856 c:\windows\system32\xmllite.dll
+ 2007-01-28 17:48 . 2009-01-07 16:21 121856 c:\windows\system32\xmllite.dll
+ 2005-04-27 14:43 . 2009-03-08 02:34 914944 c:\windows\system32\wininet.dll
+ 2006-10-17 11:05 . 2009-03-08 02:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2002-09-10 12:00 . 2009-03-08 02:34 236544 c:\windows\system32\webcheck.dll
+ 2002-09-10 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll
- 2002-09-10 12:00 . 2008-10-16 20:04 105984 c:\windows\system32\url.dll
+ 2002-09-10 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\url.dll
- 2002-09-10 12:00 . 2009-11-06 08:18 395200 c:\windows\system32\perfh009.dat
+ 2002-09-10 12:00 . 2010-03-28 11:35 395200 c:\windows\system32\perfh009.dat
+ 2002-09-10 12:00 . 2009-03-08 02:34 109568 c:\windows\system32\occache.dll
+ 2002-09-10 12:00 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll
+ 2002-09-10 12:00 . 2009-03-08 02:34 193536 c:\windows\system32\msrating.dll
- 2002-09-10 12:00 . 2006-11-07 20:03 156160 c:\windows\system32\msls31.dll
+ 2002-09-10 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\msls31.dll
+ 2006-11-07 20:03 . 2009-03-08 02:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20 265720 c:\windows\system32\msdbg2.dll
+ 2002-09-10 12:00 . 2009-03-08 02:33 726528 c:\windows\system32\jscript.dll
+ 2006-11-07 20:03 . 2009-03-08 02:22 164352 c:\windows\system32\ieui.dll
+ 2002-09-10 12:00 . 2009-03-08 02:31 183808 c:\windows\system32\iepeers.dll
+ 2002-09-10 12:00 . 2009-03-08 12:09 391536 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 10:27 . 2009-03-08 02:11 445952 c:\windows\system32\ieapfltr.dll
+ 2002-09-10 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\ieakui.dll
+ 2002-09-10 12:00 . 2009-03-08 02:33 229376 c:\windows\system32\ieaksie.dll
+ 2002-09-10 12:00 . 2009-03-08 02:33 125952 c:\windows\system32\ieakeng.dll
+ 2002-09-10 12:00 . 2009-03-08 02:32 173056 c:\windows\system32\ie4uinit.exe
+ 2002-09-10 12:00 . 2009-03-08 02:31 216064 c:\windows\system32\dxtrans.dll
+ 2002-09-10 12:00 . 2009-03-08 02:31 348160 c:\windows\system32\dxtmsft.dll
+ 2006-05-10 05:23 . 2009-03-08 02:34 914944 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-07 20:03 . 2009-03-08 02:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2006-09-18 14:15 . 2009-03-08 02:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2006-10-17 11:05 . 2008-10-16 20:04 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 11:05 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-10-17 11:04 . 2009-03-08 02:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:23 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-03-08 02:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2002-09-10 12:00 . 2006-11-07 20:03 156160 c:\windows\system32\dllcache\msls31.dll
+ 2002-09-10 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-05-08 18:40 . 2009-03-08 02:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-03-08 02:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 11:04 . 2009-03-08 12:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2006-05-10 05:23 . 2009-03-08 02:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 02:27 . 2009-03-08 12:09 391536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-08 18:40 . 2009-03-08 02:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2002-09-10 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 02:27 . 2009-03-08 02:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 02:26 . 2009-03-08 02:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 02:26 . 2009-03-08 02:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-05-10 05:23 . 2009-03-08 02:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:23 . 2009-03-08 02:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-11-07 02:26 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2002-09-10 12:00 . 2009-03-08 02:32 128512 c:\windows\system32\advpack.dll
+ 2010-03-17 18:59 . 2010-03-17 18:59 219648 c:\windows\Installer\3ff74.msi
+ 2010-05-20 08:15 . 2010-05-20 08:15 228352 c:\windows\Installer\2a514.msi
+ 2010-04-01 20:00 . 2010-04-01 20:00 791552 c:\windows\Installer\1da41be.msi
+ 2010-05-13 20:05 . 2010-05-13 20:05 372736 c:\windows\Installer\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}\iTunesIco.exe
+ 2010-05-26 18:53 . 2008-10-16 20:04 826368 c:\windows\ie8\wininet.dll
+ 2010-05-26 18:53 . 2006-10-17 11:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2010-05-26 18:53 . 2008-10-16 20:04 233472 c:\windows\ie8\webcheck.dll
+ 2010-05-26 18:53 . 2007-07-12 23:30 765952 c:\windows\ie8\vgx.dll
+ 2010-05-26 18:53 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 105984 c:\windows\ie8\url.dll
+ 2010-05-26 18:55 . 2009-01-07 16:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-05-26 18:55 . 2009-01-07 16:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-05-26 18:53 . 2006-09-06 15:43 215776 c:\windows\ie8\spuninst.exe
+ 2010-05-26 18:53 . 2008-10-16 20:04 102912 c:\windows\ie8\occache.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 671232 c:\windows\ie8\mstime.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 193024 c:\windows\ie8\msrating.dll
+ 2010-05-26 18:53 . 2006-11-07 20:03 156160 c:\windows\ie8\msls31.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 477696 c:\windows\ie8\mshtmled.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 459264 c:\windows\ie8\msfeeds.dll
+ 2010-05-26 18:53 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2010-05-26 18:53 . 2008-10-15 07:06 633632 c:\windows\ie8\iexplore.exe
+ 2010-05-26 18:53 . 2006-11-07 20:03 180736 c:\windows\ie8\ieui.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 267776 c:\windows\ie8\iertutil.dll
+ 2010-05-26 18:53 . 2006-11-07 20:03 287744 c:\windows\ie8\ieproxy.dll
+ 2010-05-26 18:53 . 2006-11-07 20:03 191488 c:\windows\ie8\iepeers.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 384512 c:\windows\ie8\iedkcs32.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 383488 c:\windows\ie8\ieapfltr.dll
+ 2010-05-26 18:53 . 2008-10-15 07:04 161792 c:\windows\ie8\ieakui.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 230400 c:\windows\ie8\ieaksie.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 153088 c:\windows\ie8\ieakeng.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 214528 c:\windows\ie8\dxtrans.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 347136 c:\windows\ie8\dxtmsft.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 124928 c:\windows\ie8\advpack.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2004-12-07 18:18 . 2009-03-08 02:34 1206784 c:\windows\system32\urlmon.dll
+ 2002-09-10 12:00 . 2009-03-08 02:41 5937152 c:\windows\system32\mshtml.dll
+ 2006-10-17 10:57 . 2009-03-08 02:32 1985024 c:\windows\system32\iertutil.dll
+ 2006-09-05 22:01 . 2009-02-06 19:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2010-04-01 20:02 . 2009-10-16 00:33 3003680 c:\windows\system32\DRVSTORE\usbaapl_E0F497D6C8B1C59AEB6422181BF0AFABD8356D47\usbaaplrc.dll
+ 2006-05-10 05:23 . 2009-03-08 02:34 1206784 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-05-19 15:09 . 2009-03-08 02:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-08 18:40 . 2009-03-08 02:32 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-08 18:40 . 2009-02-06 19:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 16:20 . 2009-01-07 16:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2010-05-13 20:05 . 2010-05-13 20:05 4795392 c:\windows\Installer\225718.msi
+ 2010-05-13 19:57 . 2010-05-13 19:57 3168768 c:\windows\Installer\224f16.msi
+ 2010-05-13 19:56 . 2010-05-13 19:56 1984000 c:\windows\Installer\224ee5.msi
+ 2010-04-01 20:07 . 2010-04-01 20:07 9472000 c:\windows\Installer\1da4987.msi
+ 2010-05-26 18:53 . 2008-10-16 20:04 1160192 c:\windows\ie8\urlmon.dll
+ 2010-05-26 18:53 . 2008-12-13 06:36 3593216 c:\windows\ie8\mshtml.dll
+ 2010-05-26 18:53 . 2008-10-16 20:04 6066176 c:\windows\ie8\ieframe.dll
+ 2010-05-26 18:53 . 2007-04-17 09:32 2455488 c:\windows\ie8\ieapfltr.dat
+ 2006-11-07 20:03 . 2009-03-08 02:39 11063808 c:\windows\system32\ieframe.dll
+ 2007-05-08 18:40 . 2009-03-08 02:39 11063808 c:\windows\system32\dllcache\ieframe.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\programmi\MessengerPlus! 3\MsgPlus.exe" [2006-09-30 190024]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"{D90C7C2D-1D84-82F1-1F3F-1DD6D8F76C95}"="c:\documents and settings\Andrea\Dati applicazioni\Agunmy\yfon.exe" [2006-04-29 140279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AME_CSA"="amecsa.cpl" [2002-04-29 720896]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]
"DivX Video Duplicator OLR"="c:\progra~1\DIVXVI~1\BVRPOlr.exe" [2003-06-12 49152]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2006-3-12 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\XStyle v2\\XStyle.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\mIrc\\mirc.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\mirc2\\mirc.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/06/2010 21.17.47 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/06/2010 21.17.47 19024]
R3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [11/06/2005 1.52.35 110839]
S2 NetDDEdsdmNetDDEdsdm;DDE DSDM di rete NetDDEdsdmNetDDEdsdm;c:\windows\system32\1041f.exe srv --> c:\windows\system32\1041f.exe srv [?]
S3 AtmElan;LAN ATM emulata;c:\windows\system32\drivers\atmlane.sys [10/09/2002 14.00.00 55808]
S3 AtmLane;Emulazione LAN ATM;c:\windows\system32\drivers\atmlane.sys [10/09/2002 14.00.00 55808]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [15/09/2007 21.30.12 1527900]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\6txvkwq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 00:53
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\documents and settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\ntuser_mssec.exe 61440 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
N‰[hQ]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1960408961-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
N‰[hQ\OpenWithList]
@Class="Shell"
.
Ora fine scansione: 2010-06-09 01:06:23
ComboFix-quarantined-files.txt 2010-06-08 23:06
ComboFix2.txt 2010-01-24 13:35
ComboFix3.txt 2010-01-23 14:34
ComboFix4.txt 2009-02-14 22:23

Pre-Run: 26.518.056.960 byte disponibili
Post-Run: 26.697.478.144 byte disponibili

- - End Of File - - 0F1ACC8149B05975D36A7DEDF8A2494F
Pompeo_3
Utente Junior
 
Post: 62
Iscritto il: 10/10/07 21:37

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi Pompeo_3 » 09/06/10 02:50

Ecco il secondo

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4182

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/06/2010 3.48.18
mbam-log-2010-06-09 (03-48-18).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 231887
Tempo trascorso: 2 ore, 30 minuti, 51 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 1
Cartelle infette: 0
File infetti: 9

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e4d8d902-51ff-45f5-a636-06b4591af5ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.135 85.255.112.9 -> Quarantined and deleted successfully.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\WINDOWS\system32\CFB8F0\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CFB8F0\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CFB8F0\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CFB8F0\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CFB8F0\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CFB8F0\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CFB8F0\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\ntuser_mssec.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1041f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Pompeo_3
Utente Junior
 
Post: 62
Iscritto il: 10/10/07 21:37

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi Pompeo_3 » 09/06/10 03:55

Deve essere successo qualcosa perchè non mi apre più il programma di chat che usavo (xstyle v2).
Pompeo_3
Utente Junior
 
Post: 62
Iscritto il: 10/10/07 21:37

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi -> EleKtrA <- » 09/06/10 15:08

Se hai problemi con xstyle v2, prova a reinstallare il programma.

Ora ti guiderò in una serie di Step per cercare di ottimizzare il computer.

Step 1: Pulizia dei file temporanei
Scarica TFC by OldTimer sul desktop
chiudi tutti i programmi
avvia TFC, clicca su "star"
al termine della scansione ti chiederà il riavvio, dai ok.

Step 2: Pulizia e disinstallazione dei tool usati
Scarica OTC by OldTimer sul desktop
doppio clic per eseguirlo
clicca su "CleanUP" > "Yes" > "Yes"
riavvia.

Step 4: aggiornamento dei software
- Scarica e installa l'ultima versione di Adobe Reader
- Scarica e installa l'ultima versione di Java Sun
- Aggiorna Adobe FlashPlayer:
1. Scarica il programma di disinstallazione di FlashPlayer
2. Scarica l'ultima versione di FlashPlayer per IE
3. Scarica l'ultima versione di FlashPlayer per FF
4. Chiudi tutti i browser (IE, Opera, Firefox, Chrome, etc)
5. Esegui il programma di disinstallazione scaricato al punto 1.
6. Esegui il programma di installazione scaricato al punto 2.
7. Esegui il programma di installazione scaricato al punto 3.

Step 5: Correzione piccoli errori e velocizzazione del Sistema

- Esegui una deframmentazione degli hardisk, puoi usare IObit SmartDefrag.
Oppure con l' utility interna di windows:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.

- Esegui uno Scandisk:
Apri Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Seleziona entrambe le opzioni:
correggi automaticamente gli errori del File system,
cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento:
Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Clicca su "SI" per pianificare l'operazione al prossimo avvio.

Step 6: Allega un nuovo log di hijackthis per controllo e fix di chiavi inutili in avvio.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi Pompeo_3 » 10/06/10 16:37

Fatto tutto.
Ecco il log finale

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.34.12, on 10/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivX Video Duplicator OLR] C:\PROGRA~1\DIVXVI~1\BVRPOlr.exe /DivX Video Duplicator
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: opmai.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: DDE DSDM di rete NetDDEdsdmNetDDEdsdm (NetDDEdsdmNetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\1041f.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 11085 bytes

(Ho provato a reinstallare xstyle ma non funziona lo stesso...)
Pompeo_3
Utente Junior
 
Post: 62
Iscritto il: 10/10/07 21:37

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi Pompeo_3 » 10/06/10 16:52

Ho reinstallato nuovamente xstyle ed adesso funziona regolarmente.
:)
Pompeo_3
Utente Junior
 
Post: 62
Iscritto il: 10/10/07 21:37

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi -> EleKtrA <- » 10/06/10 23:12

Perfetto, ora fixa queste voci che ti indico per velocizzare l'avvio di windows.
Disattiva il teatimer di Spybot che potrebbe interferire con le modifiche al registro.

Con tutte le applicazioni chiuse e disconnesso da internet
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"
Codice: Seleziona tutto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivX Video Duplicator OLR] C:\PROGRA~1\DIVXVI~1\BVRPOlr.exe /DivX Video Duplicator
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

Conosci questa applicazione?
opmai.exe

In caso di risposta negativa fixa anche questa voce
O4 - .DEFAULT User Startup: opmai.exe (User 'Default user')

Ti occorrono le toolbar di Epson e Yahoo?

Scarica PSERV.CPL
Clicca con il tasto destro sul nome del servizio
AVG Anti-Spyware Guard
seleziona "Delete"

Nuovo log di hijackthis al termine.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi Pompeo_3 » 11/06/10 09:31

una volta scaricato pserv.cpl, il programma non mi si avvia: dice che il file può essere corrotto o incompleto.
Pompeo_3
Utente Junior
 
Post: 62
Iscritto il: 10/10/07 21:37

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi -> EleKtrA <- » 11/06/10 14:15

Procedi manualmente:

Da Start > esegui >digita:
sc stop AVG Anti-Spyware Guard (e dai l'OK)

Poi ancora Start > esegui >digita:
sc delete AVG Anti-Spyware Guard (e dai l'OK)

Controlla che il servizio sia stato cancellato da
Start > tutti i programmi > accessori > Esegui > digita: SERVICES.MSC (ok)
oppure da Pannello di controllo > Strumenti di amministrazione.

Ricorda di allegare un nuovo log e risposndere alle domande.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi Pompeo_3 » 11/06/10 21:13

Fatto.
Ecco il log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.11.45, on 11/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\XStyle v2\XStyle.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: opmai.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4D8D902-51FF-45F5-A636-06B4591AF5AE}: NameServer = 85.255.116.135 85.255.112.9
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: DDE DSDM di rete NetDDEdsdmNetDDEdsdm (NetDDEdsdmNetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\1041f.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 10172 bytes
Pompeo_3
Utente Junior
 
Post: 62
Iscritto il: 10/10/07 21:37

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi -> EleKtrA <- » 12/06/10 06:42

Bene, in questo log non compare la voce, immagino tu l'abbia fixata.
O4 - .DEFAULT User Startup: opmai.exe

Se non usi le toolbar disinstallare da pannello di controllo.
Malwarebytes puoi tenerlo installato e programmare delle scansioni settimanali, ricordandoti di aggiornarlo.

Come controllo finale potresti eseguire una scansione online,
allega il report se vengono rilevate minacce.

ESET Online Scanner
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi Pompeo_3 » 12/06/10 11:33

Ok, grazie mille :***
Pompeo_3
Utente Junior
 
Post: 62
Iscritto il: 10/10/07 21:37

Re: Log Hijackthis...c'è da eliminare qualcosa?

Postdi -> EleKtrA <- » 12/06/10 12:42

Devo aggiungere una cosa che mi era sfuggita.

Hai disinstallato Zone Alarm?
Trattandosi di un software difficile da disinstallare in modo pulito, ti consiglio di eseguire questo tool:
Zone Alarm Removal Tool

poi controlla che il servizio vsmon sia stato cancellato.
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50


Torna a Sicurezza e Privacy


Topic correlati a "Log Hijackthis...c'è da eliminare qualcosa?":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti