MegaLab.it


http://www.megalab.it/forum/

potenziale virus???

./viewtopic.php?f=33&t=59977&start=0

Pagina 1 di 1

potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:14 pm
da spidilight
Salve a tutti......
da ieri il mio pc,(Acer 5670 con windows xp service pack 3) che usa mozilla firefox per andare su internet, apre da solo delle finestre del web con siti che nn ho mai visto.......sara' un virus??il norton nn mi ha trovato nulla e nemmeno terminator antispyware.
Ho fatto una scansione anche con a-squared free che mi ha trovato ben 25 problemi ad alto rischio.....ho quindi provveduto a cancellarli.........ma il problema persiste......cioe le pagine che si aprivano in automatico continuano a tormentarmi dopo pochi minuti che sono sul web.........
che faccio???????????????????

Allego scansione di hijacktis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.11.35, on 09/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Programmi\Automated Content Enhancer\4.1.0.5240\ACEIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Programmi\Textual Content Provider\1.1.0.1710\TCPIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 11918 bytes

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:25 pm
da ste_95
Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:27 pm
da spidilight
devo usare combofix???ma hijackthis nn serve???

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:29 pm
da gioia271965
spidilight ha scritto:devo usare combofix???ma hijackthis non serve???

Usando combofix vai direttamente al cuore del problema (se esiste naturalmente). E' un modo per accorciare i tempi.... [;)]

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:30 pm
da Berga95
gioia271965 ha scritto:
spidilight ha scritto:devo usare combofix???ma hijackthis non serve???

Usando combofix vai direttamente al cuore del problema (se esiste naturalmente). E' un modo per accorciare i tempi.... [;)]

e se hai fortuna potrebbe risolvere da solo il problema... [;)]

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:32 pm
da spidilight
devo salvarlo sul desktop in una cartella o semplicemente rinominare il file sul desktop????

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:37 pm
da Berga95
spidilight ha scritto:devo salvarlo sul desktop in una cartella o semplicemente rinominare il file sul desktop????

beh, basta che lo salvi sul desktop e fai doppio click...
p.s: durante l'esecuzione il processo explorer.exe (quello che controlla l'interfaccia grafica) potrebbe riavviarsi... ma stai tranquillo...
la prima volta k mi è successo mi è venuto un colpo... xD

EDIT: Ah, giusto, chiudi tutto prima di eseguire combofixxxx.....

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:38 pm
da gioia271965
spidilight ha scritto:devo salvarlo sul desktop in una cartella o semplicemente rinominare il file sul desktop????

Salvalo semplicemente sul desktop rinominandolo...

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:53 pm
da spidilight
mi dice che alcuni file potrebbero nn essere letti (in inglese ) e che devo chiuderli (ma quali sarebbero se nn avevo nessuna applicazione aperte?????) riavviare windows e poi far partire combofix..........nn si riferira al norton o al terminator antispyware????nn dovro' mica disistallarli???????????

grazie per la disponibilita

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 9:57 pm
da Berga95
intanto prova a fare la scansione, poi vediamo...

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 10:01 pm
da spidilight
susate se nn mi sono spiegato bene........ew che la scansione nn la fa proprio.......nn parte

Re: potenziale virus???

MessaggioInviato: mer dic 09, 2009 10:13 pm
da Berga95
spidilight ha scritto:susate se non mi sono spiegato bene........ew che la scansione non la fa proprio.......non parte

Davvero?? Non saprei cosa dirti... [nonono]
Prova a riavviare il pc, ma non credo che cambierà molto...
Anzi, no (idea!) fai la scansione in modalità provvisoria (premi tante volte F8 all'avvio, mi pare) così non carica questi "fantomatici" processi in esecuzione...

Re: potenziale virus???

MessaggioInviato: gio dic 10, 2009 12:27 am
da Drping
Affinchè non ci siano problemi nell'esecuzione di Combofix, tocca disabilitare tutte le applicazioni di protezione in real time attive;
comunque dal log hijackthis non emergono sostanziali problemi, anche se toccherebbe fare un po' di pulizia sul sistema.

Combofix sarà più dettagliato!

Re: potenziale virus???

MessaggioInviato: gio dic 10, 2009 7:47 am
da gioia271965
spidilight ha scritto:susate se non mi sono spiegato bene........ew che la scansione non la fa proprio.......non parte

Per l'esecuzione di scansioni con questo tipo di tool (come anche per Findykill) sono necessarie alcune operazioni preliminari.
1) - Disconnessione da Internet.
2) - Disabilitazione del ripristino di configurazione di sistema.
3) - Disabilitazione del proprio antivirus.
Dopo di che puoi eseguire il programma.

Re: potenziale virus???

MessaggioInviato: ven dic 11, 2009 7:39 pm
da spidilight
ho fatto come mi hai detto ho addirittura disistallato il norton e interrotto e chiuso il terminator spyware ma combofix comincia a lavorare ma nn finiosce neanche se lo lascio scansionare tutta la notte.........sia in modalita preovvisoria che in modalita normale...........qualche idea???

il numero di finestre che si aprono aumenta


ah comunque asquared free mi ha trovato 53 problemi e togliendoli nn mi cambia nulla.......il problema persiste

qualche idea????????
grazie ragazzi

Re: potenziale virus???

MessaggioInviato: ven dic 11, 2009 10:38 pm
da spidilight
posto qui il risultato di combofix ovviamente il problema persiste..............

ComboFix 09-12-11.01 - roberto 11/12/2009 22.34.01.5.2 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.722 [GMT 1:00]
Eseguito da: c:\documents and settings\roberto\Desktop\Spidifix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\oxhoq.dat
c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\oxhoq_nav.dat
c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\oxhoq_navps.dat
c:\programmi\Automated Content Enhancer\4.1.0.5240\ACEIeaddon.dll
c:\programmi\Textual Content Provider\1.1.0.1710\TCPIe.dll
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2009-11-11 al 2009-12-11 )))))))))))))))))))))))))))))))))))
.

2009-12-13 00:52 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-13 00:52 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-13 00:52 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-13 00:52 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-13 00:52 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-13 00:52 . 2009-12-13 00:52 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-12-12 17:07 . 2009-12-12 17:07 -------- d-----w- C:\FOUND.004
2009-12-11 19:38 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-09 16:40 . 2009-12-09 16:40 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-09 14:57 . 2009-12-09 14:57 -------- d-----w- c:\programmi\Crawler
2009-12-09 00:32 . 2009-12-09 00:32 -------- d-----w- c:\programmi\a-squared Free
2009-12-08 22:21 . 2009-12-08 22:21 -------- d-----w- c:\programmi\Trend Micro
2009-12-08 20:36 . 2009-12-08 20:37 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\eMuleTV
2009-12-08 19:58 . 2009-12-08 19:58 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\TVU Networks
2009-12-08 19:58 . 2009-12-08 19:58 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\LocalLow
2009-12-08 19:58 . 2009-12-08 19:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-12-08 19:58 . 2009-12-08 19:58 -------- d-----w- c:\documents and settings\roberto\LocalLow
2009-12-08 12:44 . 2009-12-08 12:44 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Textual Content Provider
2009-12-08 12:43 . 2009-12-08 12:43 -------- d-----w- c:\programmi\Textual Content Provider
2009-12-08 12:43 . 2009-12-08 12:43 -------- d-----w- c:\programmi\Content Management Wizard
2009-12-08 12:43 . 2009-12-08 12:43 -------- d-----w- c:\programmi\Internet Today
2009-12-08 12:43 . 2009-12-08 12:43 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Customized Platform Advancer
2009-12-08 12:43 . 2009-12-08 12:43 -------- d-----w- c:\programmi\Customized Platform Advancer
2009-12-08 12:43 . 2009-12-08 12:43 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Automated Content Enhancer
2009-12-08 12:43 . 2009-12-08 12:43 -------- d-----w- c:\programmi\Automated Content Enhancer
2009-12-08 12:43 . 2009-12-08 12:43 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Web Search Operator
2009-12-08 12:43 . 2009-12-08 12:43 -------- d-----w- c:\programmi\Web Search Operator
2009-12-08 12:42 . 2009-12-08 12:42 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Gameztar Toolbar
2009-12-08 01:59 . 2009-12-08 01:59 353712 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-08 01:52 . 2009-12-08 01:52 -------- d-----w- c:\documents and settings\spidilight\Impostazioni locali\Dati applicazioni\Nokia
2009-12-08 01:50 . 2009-12-08 01:50 -------- d-----w- c:\documents and settings\spidilight\Dati applicazioni\PC Suite
2009-12-07 21:07 . 2009-12-07 21:07 -------- d-----w- c:\programmi\easyMule
2009-12-07 17:27 . 2001-08-30 22:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-07 17:27 . 2008-04-13 18:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-07 17:27 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-07 17:27 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-07 16:35 . 2009-12-07 16:35 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\IsolatedStorage
2009-12-07 16:33 . 2009-12-07 16:33 -------- d-----w- c:\windows\Globalization
2009-12-07 16:33 . 2009-12-07 16:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NokiaMusic
2009-12-07 14:19 . 2009-12-07 14:17 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2009-12-07 14:18 . 2009-12-07 14:18 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-07 14:18 . 2009-12-07 14:18 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-12-07 14:00 . 2009-12-07 14:00 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-12-07 13:59 . 2009-12-07 13:59 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-12-07 13:59 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-07 13:59 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-07 13:58 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-12-07 13:58 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-12-07 13:58 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-12-07 13:58 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-12-07 13:58 . 2009-12-07 13:57 34541248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita_web.exe
2009-12-07 13:58 . 2009-12-07 13:58 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-07 13:58 . 2009-12-07 13:58 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-07 13:58 . 2009-12-07 13:58 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-07 13:58 . 2009-12-07 13:58 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-07 13:57 . 2009-12-07 13:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-06 21:02 . 2009-12-06 21:02 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\Nokia Ovi Suite
2009-12-06 21:01 . 2009-12-06 21:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2009-12-06 20:49 . 2008-04-13 10:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-12-06 20:49 . 2008-04-13 10:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-12-06 20:49 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-06 20:47 . 2009-12-06 20:47 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\Nokia
2009-12-06 20:47 . 2009-12-06 20:47 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Nokia
2009-12-06 20:46 . 2009-12-06 20:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-12-06 20:46 . 2009-12-06 20:46 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\PC Suite
2009-12-06 20:46 . 2009-12-06 20:46 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\NokiaAccount
2009-12-06 20:42 . 2009-12-06 20:42 -------- d-----w- c:\programmi\File comuni\Nokia
2009-12-06 20:41 . 2009-12-06 20:41 -------- d-----w- c:\programmi\DIFX
2009-12-06 20:41 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-06 20:40 . 2009-12-06 20:40 -------- d-----w- c:\windows\system32\DRVSTORE
2009-12-06 20:40 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-06 20:38 . 2009-12-06 20:38 -------- d-----w- c:\windows\system32\LogFiles
2009-12-06 20:38 . 2009-12-06 20:38 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-06 20:37 . 2009-12-06 20:37 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-06 20:37 . 2009-12-06 20:37 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-06 20:37 . 2009-12-06 20:37 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-06 20:37 . 2009-12-06 20:37 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-06 20:37 . 2009-12-06 20:37 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-06 20:37 . 2009-12-06 20:37 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-12-06 20:36 . 2009-12-06 20:36 -------- d-----w- c:\programmi\Nokia
2009-12-06 20:36 . 2009-12-06 20:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2009-12-06 20:36 . 2009-12-06 20:36 94628904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2009-12-05 14:50 . 2009-12-05 14:50 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-12-05 14:45 . 2009-12-05 14:45 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Temp
2009-12-05 14:45 . 2009-12-05 14:45 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-12-05 14:45 . 2009-12-05 14:45 -------- d-----w- c:\programmi\Google
2009-12-05 14:45 . 2009-12-05 14:45 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Google
2009-11-28 11:08 . 2009-11-28 11:08 -------- d-----w- c:\programmi\DVD Decrypter
2009-11-25 20:28 . 2009-08-13 15:15 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2009-11-25 11:50 . 2009-11-25 11:50 -------- d-s---w- c:\documents and settings\spidilight\UserData
2009-11-25 11:32 . 2009-11-25 11:32 -------- d-----w- c:\documents and settings\spidilight\Tracing
2009-11-25 06:58 . 2008-04-13 18:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-11-25 06:56 . 2009-11-25 06:56 -------- d-----w- C:\FOUND.003
2009-11-25 02:35 . 2008-04-13 18:14 294912 ------w- c:\windows\system32\dllcache\dlimport.exe
2009-11-25 02:29 . 2009-11-25 02:29 -------- d-----w- c:\windows\EHome
2009-11-24 11:43 . 2009-11-24 11:43 -------- d--h--w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\acer eNM
2009-11-23 10:24 . 2009-11-23 10:24 -------- d-----w- C:\FOUND.002
2009-11-21 17:59 . 2009-11-21 17:59 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Help
2009-11-21 16:29 . 2009-11-21 16:29 -------- d-----w- c:\documents and settings\spidilight\Dati applicazioni\CyberLink
2009-11-21 16:13 . 2009-11-21 16:14 -------- d-----w- c:\documents and settings\spidilight\Dati applicazioni\Acer
2009-11-20 20:38 . 2009-11-20 20:38 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\InternetCalls
2009-11-20 19:48 . 2009-11-20 19:48 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-11-20 19:47 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-20 11:26 . 2009-11-20 11:26 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-19 23:59 . 2009-11-19 23:59 -------- d-----w- C:\FOUND.001
2009-11-19 23:11 . 2009-11-19 23:11 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\GlarySoft
2009-11-19 23:09 . 2009-11-19 23:09 -------- d-----w- c:\programmi\Glary Utilities
2009-11-19 22:34 . 2005-10-03 16:21 225350 ----a-w- c:\windows\system32\Epm-Po.dll
2009-11-19 00:58 . 2009-11-19 00:58 -------- d-----w- c:\windows\Sun
2009-11-19 00:57 . 2009-11-19 00:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 00:57 . 2009-11-19 00:57 -------- d-----w- c:\programmi\Java
2009-11-19 00:57 . 2009-11-19 16:13 152576 ----a-w- c:\documents and settings\roberto\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-18 21:21 . 2009-11-18 21:21 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\VoipStunt
2009-11-18 20:56 . 2009-11-18 20:56 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\PoivY
2009-11-18 19:42 . 2009-11-18 19:42 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\AdobeUM
2009-11-18 02:06 . 2009-11-18 02:06 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-11-18 02:02 . 2009-11-18 02:02 -------- d-----w- c:\windows\ServicePackFiles
2009-11-18 02:01 . 2009-11-18 02:01 -------- d-----w- c:\programmi\MSXML 4.0
2009-11-18 01:02 . 2009-11-18 01:02 -------- d-----w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\Identities
2009-11-18 00:10 . 2009-11-18 00:10 -------- d-----w- C:\bootprog
2009-11-18 00:09 . 2009-11-18 00:09 -------- d--h--w- c:\windows\PIF
2009-11-17 23:35 . 2009-11-17 23:35 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\Canneverbe_Limited
2009-11-17 23:35 . 2009-11-17 23:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2009-11-17 23:35 . 2009-09-28 19:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-11-17 23:35 . 2009-11-17 23:35 -------- d-----w- c:\programmi\CDBurnerXP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 20:51 . 2003-04-09 00:37 88460 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 20:51 . 2003-04-09 00:37 499224 ----a-w- c:\windows\system32\perfh010.dat
2009-12-08 01:51 . 2009-11-16 01:33 35616 ----a-w- c:\documents and settings\spidilight\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-07 16:35 . 2009-11-15 09:38 35616 ----a-w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-06 20:49 . 2009-12-06 20:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-06 20:49 . 2009-12-06 20:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-25 02:39 . 2003-04-05 04:44 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-17 09:01 . 2009-11-17 09:01 -------- d-----w- c:\programmi\Winamp
2009-11-17 09:01 . 2009-11-17 09:01 -------- d-----w- c:\documents and settings\roberto\Dati applicazioni\Winamp
2009-11-16 01:33 . 2009-11-16 01:33 139 ----a-w- c:\documents and settings\spidilight\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-11-15 15:19 . 2009-11-15 15:19 -------- d-----w- c:\programmi\File comuni\Logitech
2009-11-15 15:19 . 2009-11-15 15:19 -------- d-----w- c:\programmi\File comuni\Acer
2009-11-15 15:19 . 2009-11-15 15:19 -------- d-----w- c:\programmi\Acer
2009-11-15 15:13 . 2009-11-15 09:38 136 ----a-w- c:\documents and settings\roberto\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-11-15 10:24 . 2005-03-09 20:12 657 ----a-w- c:\windows\CLEANUP.CMD
2009-11-15 10:24 . 2004-06-25 01:13 997 ----a-w- c:\windows\HotFix.bat
2009-10-29 05:24 . 2004-08-19 04:00 669696 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-19 04:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-19 04:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-19 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 12:28 . 2009-10-16 12:28 860400 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\en\ustarrs.dll
2009-10-16 12:28 . 2009-10-16 12:28 864496 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\de\ustarrs.dll
2009-10-16 12:28 . 2009-10-16 12:28 4710640 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\UpdateStar.exe
2009-10-16 12:26 . 2009-10-16 12:26 269824 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\UstarRO64.exe
2009-10-16 12:24 . 2009-10-16 12:24 192512 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\UstarRO32.exe
2009-10-16 12:19 . 2009-10-16 12:19 847872 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\ko\ustarrs.dll
2009-10-16 12:19 . 2009-10-16 12:19 876544 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\lt\ustarrs.dll
2009-10-16 12:18 . 2009-10-16 12:18 847872 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\zh\ustarrs.dll
2009-10-16 12:18 . 2009-10-16 12:18 872448 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\uk\ustarrs.dll
2009-10-16 12:18 . 2009-10-16 12:18 872448 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\sv\ustarrs.dll
2009-10-16 12:18 . 2009-10-16 12:18 868352 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\sk\ustarrs.dll
2009-10-16 12:18 . 2009-10-16 12:18 872448 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\ru\ustarrs.dll
2009-10-16 12:18 . 2009-10-16 12:18 876544 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\ro\ustarrs.dll
2009-10-16 12:18 . 2009-10-16 12:18 839680 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\pt\ustarrs.dll
2009-10-16 12:18 . 2009-10-16 12:18 872448 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\pl\ustarrs.dll
2009-10-16 12:18 . 2009-10-16 12:18 876544 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\nl\ustarrs.dll
2009-10-16 12:17 . 2009-10-16 12:17 851968 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\ja\ustarrs.dll
2009-10-16 12:17 . 2009-10-16 12:17 872448 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\it\ustarrs.dll
2009-10-16 12:17 . 2009-10-16 12:17 872448 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\hu\ustarrs.dll
2009-10-16 12:17 . 2009-10-16 12:17 839680 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\fr\ustarrs.dll
2009-10-16 12:17 . 2009-10-16 12:17 876544 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\Es\ustarrs.dll
2009-10-16 12:17 . 2009-10-16 12:17 872448 ----a-w- c:\documents and settings\spidilight\Dati applicazioni\UpdateStar\lang\Cs\ustarrs.dll
2009-10-13 10:33 . 2004-08-19 04:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-19 04:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-19 04:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-25 05:35 . 2004-08-19 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-19 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 15600128]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-12-02 151552]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-11-30 225280]
"LogitechCameraAssistant"="c:\programmi\Acer\OrbiCam\CameraAssistant.exe" [2005-11-29 438272]
"LogitechVideo[inspector]"="c:\programmi\Acer\OrbiCam\InstallHelper.exe" [2005-11-29 13:51 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2005-12-15 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-18 3079680]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-06 458752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-11-06 15:00 2090272 ----a-w- c:\programmi\Nokia\Ovi Player\NokiaOviPlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24/08/2005 7.07.24 692992]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [15/11/2009 16.19.41 1088896]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MDMXSDK
.
------- Scansione supplementare -------
.
uStart Page = hxxp://global.acer.com/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\roberto\Dati applicazioni\Mozilla\Firefox\Profiles\pewmunye.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\programmi\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\programmi\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\programmi\Web Search Operator\4.1.0.1880\FF\components\WSOFFAddOn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-avgnt - c:\programmi\Avira\AntiVir Desktop\avgnt.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LManager = c:\progra~1\LAUNCH~1\QtZgAcer.EXE????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2656945495-406237967-4254011738-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-12-11 22:38:17
ComboFix-quarantined-files.txt 2009-12-11 21:38

Pre-Run: 27.883.569.152 byte disponibili
Post-Run: 27.840.479.232 byte disponibili

- - End Of File - - 451EE935FEAD32579C5C968CC03E4ED7

Re: potenziale virus???

MessaggioInviato: ven dic 11, 2009 10:46 pm
da Amantide
Hai riavviato il computer?

Re: potenziale virus???

MessaggioInviato: ven dic 11, 2009 10:48 pm
da spidilight
certo che l'ho fatto
Tutti gli orari sono UTC + 1 ora [ ora legale ]
Pagina 1 di 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/