ho fatto un copia e incolla con un file awf.
questo è il risultato
Find AWF report by noahdfear ©2006
bak folders found
~~~~~~~~~~~
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\WINDOWS\BAK
01/06/2006 11.26 20.480 FixCamera.exe
19/06/2006 13.37 262.144 tsnp2std.exe
15/05/2006 15.52 675.840 vsnp2std.exe
3 File 958.464 byte
2 Directory 139.035.025.408 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\HP\KBD\BAK
11/02/2003 20.02 61.440 KBD.EXE
1 File 61.440 byte
2 Directory 139.035.025.408 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\PROGRA~1\ITUNES\BAK
07/05/2004 23.06 286.720 iTunesHelper.exe
1 File 286.720 byte
2 Directory 139.035.021.312 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\PROGRA~1\MESSEN~1\BAK
0 File 0 byte
2 Directory 139.035.021.312 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\PROGRA~1\MSNMES~1\BAK
0 File 0 byte
2 Directory 139.035.021.312 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\WINDOWS\CREATOR\BAK
17/12/2003 23.31 118.784 Remind_XP.exe
1 File 118.784 byte
2 Directory 139.035.021.312 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\WINDOWS\SMINST\BAK
14/04/2004 20.43 233.472 RECGUARD.EXE
1 File 233.472 byte
2 Directory 139.035.021.312 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\WINDOWS\SYSTEM\BAK
10/04/2007 20.42 182 hpsysdrv.DAT
07/05/1998 16.04 52.736 hpsysdrv.exe
2 File 52.918 byte
2 Directory 139.035.021.312 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\WINDOWS\SYSTEM32\BAK
07/06/2004 18.44 659.456 hphmon06.exe
20/05/2004 09.47 249.856 keyhook.exe
16/10/2002 16.57 81.920 ps2.exe
3 File 991.232 byte
2 Directory 139.035.021.312 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK
24/06/2004 21.10 339.968 atiptaxx.exe
1 File 339.968 byte
2 Directory 139.035.021.312 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK
0 File 0 byte
2 Directory 139.035.021.312 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\PROGRA~1\HP\{AAC4F~1\BAK
07/06/2004 18.53 49.152 hphupd06.exe
1 File 49.152 byte
2 Directory 139.035.017.216 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK
01/01/2004 12.25 32.881 jusched.exe
1 File 32.881 byte
2 Directory 139.035.017.216 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: AC55-C3C0
Directory di C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
15/12/2006 02.23 75.520 jusched.exe
1 File 75.520 byte
2 Directory 139.035.017.216 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
20480 1 Jun 2006 "C:\WINDOWS\FixCamera.exe1176139730"
20480 1 Jun 2006 "C:\WINDOWS\bak\FixCamera.exe"
24076 9 Apr 2007 "C:\WINDOWS\tsnp2std.exe"
262144 19 Jun 2006 "C:\WINDOWS\bak\tsnp2std.exe"
262144 19 Jun 2006 "C:\Programmi\File comuni\snp2std\tsnp2std.exe"
24076 9 Apr 2007 "C:\WINDOWS\vsnp2std.exe"
675840 15 May 2006 "C:\WINDOWS\bak\vsnp2std.exe"
675840 15 May 2006 "C:\Programmi\File comuni\snp2std\vsnp2std.exe"
24076 9 Apr 2007 "C:\hp\KBD\KBD.EXE"
61440 11 Feb 2003 "C:\hp\KBD\bak\KBD.EXE"
286720 7 May 2004 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
24076 9 Apr 2007 "C:\WINDOWS\CREATOR\Remind_XP.exe"
118784 17 Dec 2003 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
24076 9 Apr 2007 "C:\WINDOWS\SMINST\RECGUARD.EXE"
233472 14 Apr 2004 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
246 9 Apr 2007 "C:\WINDOWS\system\hpsysdrv.dat"
182 10 Apr 2007 "C:\WINDOWS\system\bak\hpsysdrv.DAT"
24076 9 Apr 2007 "C:\WINDOWS\system\hpsysdrv.exe"
52736 7 May 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
24076 9 Apr 2007 "C:\WINDOWS\system32\hphmon06.exe"
659456 7 Jun 2004 "C:\WINDOWS\system32\bak\hphmon06.exe"
24076 9 Apr 2007 "C:\WINDOWS\system32\keyhook.exe"
249856 20 May 2004 "C:\WINDOWS\system32\bak\keyhook.exe"
24076 9 Apr 2007 "C:\WINDOWS\system32\ps2.exe"
81920 16 Oct 2002 "C:\hp\drivers\keyboard\PS2.EXE"
81920 16 Oct 2002 "C:\WINDOWS\system32\bak\ps2.exe"
24076 9 Apr 2007 "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
339968 24 Jun 2004 "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
24076 9 Apr 2007 "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
49152 7 Jun 2004 "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe"
24076 9 Apr 2007 "C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
24076 5 Apr 2007 "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
32881 1 Jan 2004 "C:\Programmi\Java\j2re1.4.2_03\bin\bak\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"
32881 19 Nov 2003 "C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\Directory temporanea 2 per core1.zip\bin\jusched.exe"
36972 15 Sep 2004 "C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\Directory temporanea 3 per core1.zip\bin\jusched.exe"
24076 9 Apr 2007 "C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
24076 5 Apr 2007 "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
32881 1 Jan 2004 "C:\Programmi\Java\j2re1.4.2_03\bin\bak\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"
32881 19 Nov 2003 "C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\Directory temporanea 2 per core1.zip\bin\jusched.exe"
36972 15 Sep 2004 "C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\Directory temporanea 3 per core1.zip\bin\jusched.exe"
end of report
questo è fatto con HiJackThis per favore aiuto
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.05.27, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\WINDOWS\system32\bak\keyhook.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\HP_Proprietario\Documenti\spireware\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [spywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176215706078
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC28E14-E33A-42E0-AF57-38B7DC4C2EB3}: NameServer = 85.37.17.5 85.38.28.77
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--
End of file - 9192 bytes