Pc scattoso a tratti

Pubblicità
Jostino

Jostino

Utente Attivo
Messaggi
105
Reazioni
0
Punteggio
38
Salve ragazzi, è un pezzo che non passava per di qua, sfortunatamente torno per un problema che è sorto da una settimana neanche.
Dunque il mio problema è sorto quando ho iniziato a sentire dei rallentamenti e scatti durante l'ascolto di canzoni varie su Windows Media Player, pensavo fosse un rallentamento dovuto alle troppe cose aperte (browser e altri programmi), ma ho notato subito che anche senza nulla accesso (oltre al player) le canzoni sembravano rovinate e rallentate. Ho pensato a qualche mp3 danneggiato, ma poi ho notato rallentamenti anche nell'audio di accensione del pc e rallentamenti veri e propri del pc (anche nella selezione dell'utente di winzoz). Per non parlare poi dell'accensione del Browser (firefox, chrome e opera) e delle varie operazioni su di esso divenute più lunghe del solito. Ho fatto una scansione con malwarebytes e ho trovato 5 virus, eliminati, problema non risolto.
Quindi ho fatto una scansione con Hijackthis e questo è il report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22.32.43, on 22/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Unlocker\UnlockerAssistant.exe
D:\Programmi\Lightscreen\lightscreen.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\Mozilla Firefox\plugin-container.exe
D:\Programmi\Mozilla Firefox\plugin-container.exe
D:\AAA Cercasi Documenti\dtaskmanager\DTaskManager\DTaskManager.exe
D:\Programmi\Xfire\Xfire.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programmi\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programmi\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Programmi\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Lightscreen] D:\Programmi\Lightscreen\lightscreen.exe -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: &Download by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - D:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4981 bytes
Clicca per espandere...

Non capisco bene da cosa sia dipeso, ho controllato pure i punti di ripristino e ce ne sarebbe uno disponibile il 2 di novembre, prima che iniziasse tutto, ma non ho ancora provato a settarlo. Se avete bisogno di altre info dite pure, le caratteristiche del pc sono presenti nella schermatina apposita del forum di ogni utente :)

Grazie infinite!!

Jostino
 
Ciao. Allega insieme al log di MalwareBytes anche il log di ComboFix:
Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato da te dopo l'utilizzo del software stesso.
Lo stesso vale per me; questo tool non è un giocattolo e non è destinato all'utilizzo quotidiano. Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, sarai costretto ad avviarla dalle Risorse del computer. Una precauzione in più, una possibile minaccia in meno
 
Scusate per aver postato nella sezione errata, ma credevo che fosse un problema dovuta al pc e non ad una minaccia dovuta da un virus. Ad ogni modo grazie della risposta FDAC, faccio come hai detto e posto sia il log di combofix che quello di malwarebytes appena ho fatto!

EDIT:
Ho fatto con combofix intanto prima di andare ad allenamento, quando torno faccio pure con malwarebytes, intanto metto il primo log:
ComboFix 11-11-23.01 - Nicola 23/11/2011 19.24.47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.895.579 [GMT 1:00]
Eseguito da: c:\documents and settings\Nicola\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Nicola\Dati applicazioni\Bc
c:\documents and settings\Nicola\Dati applicazioni\cacaoweb
c:\documents and settings\Nicola\Dati applicazioni\cacaoweb\adstorage.db
c:\documents and settings\Nicola\Dati applicazioni\cacaoweb\errorlog.txt
c:\documents and settings\Nicola\Dati applicazioni\cacaoweb\npdfile.dat
c:\documents and settings\Nicola\Dati applicazioni\cacaoweb\storage.db
c:\documents and settings\Nicola\Dati applicazioni\chrtmp
c:\documents and settings\Nicola\Dati applicazioni\OfferBox
c:\documents and settings\Nicola\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\Nicola\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Nicola\WINDOWS
c:\windows\IsUn0410.exe
c:\windows\ndl.dl
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
d:\programmi\Adobe\ARM\1.0\AcrobatUpdater.exe
d:\programmi\Adobe\ARM\1.0\ReaderUpdater.exe
d:\programmi\Adobe\Updater6\Adobe_Updater.exe
d:\programmi\Adobe\Updater6\AdobeUpdaterInstallMgr.exe
d:\programmi\cacaoweb
d:\programmi\cacaoweb\cacaoweb.exe
d:\programmi\INSTALL.LOG
d:\programmi\Java\Java Update\jusched.exe
d:\programmi\WinPCap
d:\programmi\WinPCap\daemon_mgm.exe
d:\programmi\WinPCap\INSTALL.LOG
d:\programmi\WinPCap\NetMonInstaller.exe
d:\programmi\WinPCap\npf_mgm.exe
d:\programmi\WinPCap\rpcapd.exe
d:\programmi\WinPCap\Uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_XPROTECTOR
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-23 al 2011-11-23 )))))))))))))))))))))))))))))))))))
.
.
2011-11-22 23:44 . 2011-11-22 23:45 -------- d-----w- d:\programmi\Defraggler
2011-11-22 23:28 . 2011-11-22 23:28 -------- d-----w- c:\windows\$regcmp$
2011-11-22 23:28 . 2011-11-22 23:28 -------- d-----w- d:\programmi\Registry Clean Expert
2011-11-21 22:35 . 2011-11-21 22:35 388096 ----a-r- c:\documents and settings\Nicola\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-19 12:27 . 2011-11-19 12:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NCH Software
2011-11-19 12:26 . 2011-11-19 12:26 -------- d-----w- c:\documents and settings\Nicola\Dati applicazioni\NCH Software
2011-11-19 10:37 . 2011-11-19 10:37 -------- d-----w- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\HHD Software
2011-11-16 18:28 . 2011-11-16 19:11 -------- d-----w- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\SISContents
2011-11-16 11:44 . 2011-11-16 11:47 -------- d-----w- c:\documents and settings\Nicola\Dati applicazioni\Garmin
2011-11-13 14:19 . 2011-11-13 14:34 2829 ----a-w- c:\windows\War3Unin.pif
2011-11-13 14:19 . 2011-11-13 14:34 139264 ----a-w- c:\windows\War3Unin.exe
2011-11-13 12:47 . 2011-11-13 12:47 -------- d-----w- c:\documents and settings\Nicola\Dati applicazioni\GameRanger
2011-10-28 10:58 . 2011-10-28 10:58 -------- d-----w- C:\gPotato.eu
2011-10-25 13:46 . 2011-10-25 13:46 -------- d-----w- c:\documents and settings\Nicola\Dati applicazioni\FOG Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 19:15 . 2011-09-06 22:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 20:06 . 2011-10-23 20:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-23 20:06 . 2010-08-10 08:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-09-09 17:53 . 2010-09-05 10:02 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-09-02 07:47 . 2011-09-02 07:47 4065 ----a-w- c:\windows\system32\sdbackup.reg
2011-08-31 16:00 . 2010-09-27 14:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-11-07 01:19 . 2010-12-08 16:31 568832 ----a-w- d:\programmi\opera\program\plugins\msvcp90.dll
2007-11-07 01:19 . 2010-12-08 16:31 655872 ----a-w- d:\programmi\opera\program\plugins\msvcr90.dll
2011-11-10 22:04 . 2011-03-24 17:23 134104 ----a-w- d:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lightscreen"="d:\programmi\Lightscreen\lightscreen.exe" [2010-03-17 563200]
"AlcoholAutomount"="d:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-11-17 1622016]
"UnlockerAssistant"="d:\programmi\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"LogMeIn Hamachi Ui"="d:\programmi\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^DynDNS Updater Tray Icon.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- d:\programmi\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- d:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-07 16:58 137536 ----atw- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2007-12-11 02:59 307200 ----a-w- d:\programmi\Syncrosoft\POS\H2O\cledx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 14:15 221184 ----a-w- d:\progra~1\INSTAL~2\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-05-16 08:58 86960 ----a-w- d:\programmi\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 14:18 1955208 ----a-w- d:\programmi\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 16:00 449608 ----a-w- d:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-11-17 15:29 7700480 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-11-17 15:29 86016 ------w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-09-21 22:15 3077528 ----a-w- d:\programmi\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2011-09-20 10:39 801792 ----a-w- d:\programmi\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- d:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- d:\programmi\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"rpcapd"=3 (0x3)
"NMap"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"BlueSoleil Hid Service"=3 (0x3)
"gupdate"=2 (0x2)
"TunngleService"=3 (0x3)
"PnkBstrA"=3 (0x3)
"pgsql-8.0"=3 (0x3)
"NIHardwareService"=2 (0x2)
"IDriverT"=3 (0x3)
"ICQ Service"=2 (0x2)
"MBAMService"=2 (0x2)
"DynDNS Updater"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\Opera\\opera.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\Xfire\\Xfire.exe"=
"d:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"d:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"d:\\GIOCHI\\Call of Duty\\CoDMP.exe"=
"d:\\Programmi\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"d:\\Programmi\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\Steam\\Steam.exe"=
"d:\\Programmi\\Tunngle\\TnglCtrl.exe"=
"d:\\Programmi\\Tunngle\\Tunngle.exe"=
"d:\\Programmi\\uTorrent\\uTorrent.exe"=
"d:\\GIOCHI\\Football Manager 2011\\fm.exe"=
"c:\\Documents and Settings\\Nicola\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"d:\\GIOCHI\\Zoo Tycoon 2\\zt.exe"=
"d:\\Programmi\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Programmi\\Steam\\steamapps\\common\\simcity 4 deluxe\\Apps\\SimCity 4.exe"=
"d:\\Programmi\\Steam\\steamapps\\common\\simcity 4 deluxe\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Programmi\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"d:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"d:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"d:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"d:\\Programmi\\Skype\\Phone\\Skype.exe"=
"d:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Nicola\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:TCP"= 28960:TCP:CODMPTCP
"28960:UDP"= 28960:UDP:CODMPUDP
"7777:TCP"= 7777:TCP:samp
"7777:UDP"= 7777:UDP:samp udp
"57942:TCP"= 57942:TCP:Pando Media Booster
"57942:UDP"= 57942:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/08/2010 20.22.03 721904]
R3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\drivers\cccp106.sys [18/08/2010 0.01.12 227200]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [26/07/2011 17.16.56 33792]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [29/01/2011 0.32.58 27136]
S0 ksanrfqh;ksanrfqh; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 jatmlano;jatmlano;\??\c:\docume~1\Nicola\IMPOST~1\Temp\jatmlano.sys --> c:\docume~1\Nicola\IMPOST~1\Temp\jatmlano.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/09/2010 15.43.47 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28/04/2011 18.28.05 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28/04/2011 18.28.06 8576]
S3 PORTMON;PORTMON;\??\d:\programmi\Sys Internals Suite\PORTMSYS.SYS --> d:\programmi\Sys Internals Suite\PORTMSYS.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 DynDNS Updater;DynDNS Updater;d:\programmi\DynDNS Updater\DynUpSvc.exe [15/04/2011 20.14.18 93048]
S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\programmi\Firebird\Firebird_1_5\bin\fbguard.exe -s --> d:\programmi\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\programmi\Firebird\Firebird_1_5\bin\fbserver.exe -s --> d:\programmi\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S4 gupdate;Servizio di Google Update (gupdate);"d:\programmi\Google\Update\GoogleUpdate.exe" /svc --> d:\programmi\Google\Update\GoogleUpdate.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programmi\LogMeIn Hamachi\hamachi-2.exe [15/08/2011 15.18.10 1361288]
S4 MBAMService;MBAMService;d:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [27/09/2010 15.43.59 366152]
S4 NIHardwareService;NIHardwareService;d:\programmi\Native Instruments\Hardware\NIHardwareService.exe [08/12/2009 19.26.15 3616768]
S4 TunngleService;TunngleService;d:\programmi\Tunngle\TnglCtrl.exe [29/01/2011 0.32.48 718072]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-19 c:\windows\Tasks\expressburnShakeIcon.job
- d:\programmi\NCH Software\ExpressBurn\expressburn.exe [2011-11-19 12:26]
.
2011-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1547161642-2139871995-1801674531-1003Core.job
- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-09-07 16:58]
.
2011-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1547161642-2139871995-1801674531-1003UA.job
- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-09-07 16:58]
.
2011-03-03 c:\windows\Tasks\mixpadShakeIcon.job
- d:\programmi\NCH Swift Sound\MixPad\mixpad.exe [2010-09-09 21:37]
.
2011-08-08 c:\windows\Tasks\switchShakeIcon.job
- d:\programmi\NCH Swift Sound\Switch\switch.exe [2011-07-07 12:41]
.
2011-06-13 c:\windows\Tasks\wavepadDowngrade.job
- d:\programmi\NCH Swift Sound\WavePad\wavepad.exe [2010-09-09 12:39]
.
2011-11-19 c:\windows\Tasks\wavepadShakeIcon.job
- d:\programmi\NCH Swift Sound\WavePad\wavepad.exe [2010-09-09 12:39]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - d:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Nicola\Dati applicazioni\Mozilla\Firefox\Profiles\eas8fgnv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-cacaoweb - d:\programmi\cacaoweb\cacaoweb.exe
MSConfigStartUp-ewrgetuj - c:\docume~1\Marco\IMPOST~1\Temp\geurge.exe
MSConfigStartUp-SunJavaUpdateSched - d:\programmi\Java\Java Update\jusched.exe
AddRemove-Medieval Total War - c:\windows\IsUn0410.exe
AddRemove-Rogue Spear - c:\windows\IsUn0410.exe
AddRemove-WinPcapInst - d:\programmi\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-23 19:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-2139871995-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB0646C0-B984-27C5-BE8B-BD9308B5074F}*]
"hamnijnlphjcnpib"=hex:6a,61,63,61,62,61,61,61,6c,6f,6e,6c,6b,6a,67,68,62,6d,
65,6d,00,00
"iacogkpcippjecmdcj"=hex:63,61,65,61,62,68,00,7c
"iagnohglnklbginjmo"=hex:6a,61,70,70,6c,70,63,69,6d,64,66,69,67,65,70,67,6b,6a,
67,65,00,ff
"dbcneoljlgillifjbephmcncfmeaiidbcaboijdj"=hex:68,61,68,6c,6c,70,6d,69,6c,6e,
67,64,6b,67,6d,67,00,fe
"jbcneoljlgillifjbephlbdhllhdfgilecpmdhjppldgdaahllod"=hex:68,61,68,6c,6c,70,
6d,69,6c,6e,67,64,6b,67,6d,67,00,fe
"dbcneoljlgillifjbephjbgcncmdfblmebpjpiml"=hex:6a,61,6d,70,6f,6f,67,66,68,61,
6f,6c,6c,61,6d,70,62,67,62,67,00,00
"dbhanbklnkhgamikjfkncjgghcnlcojhgjacglff"=hex:68,61,68,6c,6c,70,6d,69,6c,6e,
67,64,6b,67,6d,67,00,00
"jbhanbklnkhgamikjfknbcilllckcmdkenoignlkboakoiafmeen"=hex:68,61,68,6c,6c,70,
6d,69,6c,6e,67,64,6b,67,6d,67,00,00
"dbhanbklnkhgamikjfknpclbahgnppeflnbedmgd"=hex:62,61,6d,70,00,00
"dbcaebiefeeomlofagggnanmopgepbjkamikplbe"=hex:6a,62,63,6f,6c,6f,62,6e,62,67,
6e,62,6f,6e,69,6a,63,63,62,6d,63,67,6b,61,69,70,6d,62,6f,65,68,69,65,6d,65,\
"jbcaebiefeeomlofagggopjcijidmmbaceahccaiecjfjjebkmin"=hex:66,63,63,6f,6c,6f,
62,6e,62,67,6e,62,63,70,64,67,6e,63,61,6c,6b,6a,63,61,64,6d,64,6d,6e,61,6a,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2580)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
d:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
d:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\wudfhost.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2011-11-23 19:54:14 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-11-23 18:54
.
Pre-Run: 5.227.405.312 byte disponibili
Post-Run: 5.137.690.624 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5642A306187F4E32D01BF26314B2A3A2
Clicca per espandere...
 
Ultima modifica:
il log di malwarebytes non da nulla:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Versione database: 8217

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180

24/11/2011 21.47.13
mbam-log-2011-11-24 (21-47-13).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 212566
Tempo impiegato: 29 minuti, 27 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
Clicca per espandere...
 
Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

Codice: 
File::
c:\docume~1\Nicola\IMPOST~1\Temp\jatmlano.sys 

Driver::
jatmlano
ksanrfqh

Folder::
d:\programmi\Registry Clean Expert

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ksanrfqh]

RegNull::
[HKEY_USERS\S-1-5-21-1547161642-2139871995-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB0646C0-B984-27C5-BE8B-BD9308B5074F}*]


● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

http://img155.imageshack.us/img155/4837/cfscriptop0.gif

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi

P.S. Ripeti la scansione con Malwarebytes, COMPLETA!


Francesco
 
Combofix:

ComboFix 11-11-25.01 - Nicola 25/11/2011 17.07.08.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.895.562 [GMT 1:00]
Eseguito da: c:\documents and settings\Nicola\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Nicola\Desktop\CFScript.txt
.
FILE ::
"c:\docume~1\Nicola\IMPOST~1\Temp\jatmlano.sys"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\programmi\Registry Clean Expert
d:\programmi\Registry Clean Expert\RegDefrg.exe
d:\programmi\Registry Clean Expert\unins000.dat
d:\programmi\Registry Clean Expert\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JATMLANO
-------\Legacy_KSANRFQH
-------\Service_jatmlano
-------\Service_ksanrfqh
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-25 al 2011-11-25 )))))))))))))))))))))))))))))))))))
.
.
2011-11-24 23:58 . 2001-08-17 20:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-11-24 23:58 . 2008-04-13 08:35 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2011-11-24 23:58 . 2001-08-17 20:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-11-24 23:58 . 2001-08-17 19:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2011-11-24 23:58 . 2001-08-17 20:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2011-11-24 23:58 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2011-11-24 23:58 . 2001-08-17 19:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2011-11-24 23:58 . 2001-08-17 21:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2011-11-24 23:58 . 2001-08-17 21:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2011-11-24 23:58 . 2001-08-17 20:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2011-11-24 23:55 . 2001-08-30 22:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-11-24 23:14 . 2011-11-24 23:31 -------- d-----w- d:\programmi\MultiProxy
2011-11-22 23:44 . 2011-11-22 23:45 -------- d-----w- d:\programmi\Defraggler
2011-11-22 23:28 . 2011-11-22 23:28 -------- d-----w- c:\windows\$regcmp$
2011-11-21 22:35 . 2011-11-21 22:35 388096 ----a-r- c:\documents and settings\Nicola\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-19 12:27 . 2011-11-19 12:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NCH Software
2011-11-19 12:26 . 2011-11-19 12:26 -------- d-----w- c:\documents and settings\Nicola\Dati applicazioni\NCH Software
2011-11-19 10:37 . 2011-11-19 10:37 -------- d-----w- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\HHD Software
2011-11-16 18:28 . 2011-11-16 19:11 -------- d-----w- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\SISContents
2011-11-16 11:44 . 2011-11-16 11:47 -------- d-----w- c:\documents and settings\Nicola\Dati applicazioni\Garmin
2011-11-13 14:19 . 2011-11-13 14:34 2829 ----a-w- c:\windows\War3Unin.pif
2011-11-13 14:19 . 2011-11-13 14:34 139264 ----a-w- c:\windows\War3Unin.exe
2011-11-13 12:47 . 2011-11-13 12:47 -------- d-----w- c:\documents and settings\Nicola\Dati applicazioni\GameRanger
2011-10-28 10:58 . 2011-10-28 10:58 -------- d-----w- C:\gPotato.eu
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 19:15 . 2011-09-06 22:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 20:06 . 2011-10-23 20:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-23 20:06 . 2010-08-10 08:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-09-09 17:53 . 2010-09-05 10:02 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-09-02 07:47 . 2011-09-02 07:47 4065 ----a-w- c:\windows\system32\sdbackup.reg
2011-08-31 16:00 . 2010-09-27 14:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-11-07 01:19 . 2010-12-08 16:31 568832 ----a-w- d:\programmi\opera\program\plugins\msvcp90.dll
2007-11-07 01:19 . 2010-12-08 16:31 655872 ----a-w- d:\programmi\opera\program\plugins\msvcr90.dll
2011-11-10 22:04 . 2011-03-24 17:23 134104 ----a-w- d:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-23_18.47.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-19 13:39 . 2008-04-13 17:13 30749 c:\windows\system32\dllcache\vbajet32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 37888 c:\windows\system32\dllcache\url.dll
+ 2010-08-07 17:04 . 2008-03-28 07:09 16384 c:\windows\system32\dllcache\tcptsat.dll
- 2010-08-07 17:04 . 2003-04-14 19:04 16384 c:\windows\system32\dllcache\tcptsat.dll
+ 2008-04-13 17:14 . 2008-04-13 17:14 32827 c:\windows\system32\dllcache\tcptest.exe
+ 2004-08-19 13:39 . 2008-04-13 17:13 25600 c:\windows\system32\dllcache\slayerxp.dll
+ 2008-04-13 17:14 . 2008-04-13 17:14 16437 c:\windows\system32\dllcache\shtml.exe
+ 2008-04-13 17:13 . 2008-04-13 17:13 20536 c:\windows\system32\dllcache\shtml.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 65024 c:\windows\system32\dllcache\shimeng.dll
+ 2004-08-19 13:39 . 2008-04-13 17:14 78336 c:\windows\system32\dllcache\sdbinst.exe
+ 2004-08-19 13:39 . 2008-04-13 17:13 64000 c:\windows\system32\dllcache\samlib.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 84992 c:\windows\system32\dllcache\olepro32.dll
+ 2010-08-07 19:44 . 2008-04-13 17:13 73728 c:\windows\system32\dllcache\oledb32r.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 20511 c:\windows\system32\dllcache\odtext32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 20510 c:\windows\system32\dllcache\odpdx32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 20510 c:\windows\system32\dllcache\odfox32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 20510 c:\windows\system32\dllcache\odexl32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 20511 c:\windows\system32\dllcache\oddbse32.dll
+ 2004-08-19 13:38 . 2008-04-13 17:12 57375 c:\windows\system32\dllcache\odbcji32.dll
+ 2004-08-19 13:38 . 2008-01-23 06:24 98304 c:\windows\system32\dllcache\odbcint.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 65536 c:\windows\system32\dllcache\odbccu32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 65536 c:\windows\system32\dllcache\odbccr32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:14 69632 c:\windows\system32\dllcache\odbcconf.exe
+ 2004-08-19 13:39 . 2008-04-13 17:14 32768 c:\windows\system32\dllcache\odbcad32.exe
+ 2004-08-19 13:39 . 2008-04-13 17:13 16384 c:\windows\system32\dllcache\odbc32gt.dll
+ 2001-12-04 12:00 . 2008-04-13 17:13 68608 c:\windows\system32\dllcache\ocmanage.dll
+ 2001-12-04 12:00 . 2008-04-13 17:13 64000 c:\windows\system32\dllcache\nwapi32.dll
+ 2010-02-23 14:34 . 2008-04-13 18:13 10240 c:\windows\system32\dllcache\npwmsdrm.dll
- 2010-08-07 15:01 . 2008-04-13 17:13 10240 c:\windows\system32\dllcache\npwmsdrm.dll
+ 2004-08-03 21:14 . 2008-04-13 10:20 91520 c:\windows\system32\dllcache\ndiswan.sys
+ 2010-08-07 19:46 . 2008-04-13 17:13 24576 c:\windows\system32\dllcache\msxactps.dll
+ 2004-08-03 20:58 . 2008-04-13 09:30 61440 c:\windows\system32\dllcache\msvcrt40.dll
+ 2004-08-19 13:39 . 2007-04-02 03:49 60192 c:\windows\system32\dllcache\msjter40.dll
+ 2010-08-07 19:57 . 2008-04-13 17:13 36864 c:\windows\system32\dllcache\msdfmap.dll
+ 2010-08-07 19:58 . 2008-04-13 17:13 20480 c:\windows\system32\dllcache\msdatt.dll
+ 2010-08-07 19:57 . 2008-01-23 06:24 16384 c:\windows\system32\dllcache\msdasqlr.dll
+ 2010-08-07 19:45 . 2008-01-23 06:24 16384 c:\windows\system32\dllcache\msdaremr.dll
+ 2010-08-07 19:45 . 2008-01-23 06:24 16384 c:\windows\system32\dllcache\msdaprsr.dll
+ 2010-08-07 19:44 . 2008-04-13 17:13 77824 c:\windows\system32\dllcache\msdaosp.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 36864 c:\windows\system32\dllcache\mscpxl32.dll
+ 2010-08-07 19:53 . 2008-04-13 17:13 57344 c:\windows\system32\dllcache\msadrh15.dll
+ 2010-08-07 19:52 . 2008-04-13 17:13 57344 c:\windows\system32\dllcache\msador15.dll
+ 2010-08-07 19:53 . 2008-01-23 06:24 28672 c:\windows\system32\dllcache\msader15.dll
+ 2010-08-07 19:43 . 2008-01-23 06:24 24576 c:\windows\system32\dllcache\msaddsr.dll
+ 2010-08-07 19:45 . 2008-04-13 17:13 53248 c:\windows\system32\dllcache\msadcs.dll
+ 2010-08-07 19:43 . 2008-01-23 06:24 16384 c:\windows\system32\dllcache\msadcor.dll
+ 2010-08-07 19:57 . 2008-01-23 06:24 16384 c:\windows\system32\dllcache\msadcfr.dll
+ 2010-08-07 19:44 . 2008-04-13 17:13 61440 c:\windows\system32\dllcache\msadcf.dll
+ 2010-08-07 19:51 . 2008-01-23 06:24 20480 c:\windows\system32\dllcache\msadcer.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 22528 c:\windows\system32\dllcache\mfcsubs.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 15872 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-08-07 19:58 . 2008-04-13 17:13 68608 c:\windows\system32\dllcache\isatq.dll
+ 2004-08-03 21:14 . 2008-04-13 10:19 75264 c:\windows\system32\dllcache\ipsec.sys
+ 2010-08-07 19:58 . 2008-04-13 17:13 13312 c:\windows\system32\dllcache\infoadmn.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 36921 c:\windows\system32\dllcache\imeshare.dll
+ 2010-08-07 19:58 . 2008-04-13 17:14 31232 c:\windows\system32\dllcache\iisrstas.exe
+ 2010-08-07 19:58 . 2008-04-13 17:13 65024 c:\windows\system32\dllcache\iismap.dll
+ 2010-08-07 19:59 . 2008-04-13 17:13 68608 c:\windows\system32\dllcache\iisext51.dll
+ 2008-04-13 17:14 . 2008-04-13 17:14 20538 c:\windows\system32\dllcache\fpremadm.exe
+ 2008-04-13 17:13 . 2008-04-13 17:13 20541 c:\windows\system32\dllcache\fpexedll.dll
+ 2008-04-13 17:14 . 2008-04-13 17:14 15120 c:\windows\system32\dllcache\fp98sadm.exe
+ 2008-04-13 17:13 . 2008-04-13 17:13 49212 c:\windows\system32\dllcache\fp4awebs.dll
+ 2008-04-13 17:13 . 2008-04-13 17:13 32826 c:\windows\system32\dllcache\fp4avss.dll
+ 2008-04-13 17:13 . 2008-04-13 17:13 41020 c:\windows\system32\dllcache\fp4avnb.dll
+ 2008-04-13 17:13 . 2008-04-13 17:13 49210 c:\windows\system32\dllcache\fp4areg.dll
+ 2008-04-13 17:13 . 2008-04-13 17:13 82035 c:\windows\system32\dllcache\fp4anscp.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 16384 c:\windows\system32\dllcache\ds32gt.dll
+ 2001-12-04 12:00 . 2008-04-13 17:13 32768 c:\windows\system32\dllcache\dispex.dll
+ 2010-08-07 20:00 . 2008-04-13 17:13 39936 c:\windows\system32\dllcache\dimsroam.dll
+ 2010-08-07 20:00 . 2008-04-13 17:13 19456 c:\windows\system32\dllcache\dimsntfy.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 62464 c:\windows\system32\dllcache\cryptsvc.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 64512 c:\windows\system32\dllcache\cryptnet.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 54272 c:\windows\system32\dllcache\cryptext.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 33280 c:\windows\system32\dllcache\cryptdll.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 75264 c:\windows\system32\dllcache\cryptdlg.dll
+ 2010-08-07 19:58 . 2008-04-13 17:13 47104 c:\windows\system32\dllcache\coadmin.dll
+ 2004-08-19 13:37 . 2008-04-13 17:11 16896 c:\windows\system32\dllcache\cfgmgr32.dll
+ 2008-04-13 17:14 . 2008-04-13 17:14 16439 c:\windows\system32\dllcache\author.exe
+ 2008-04-13 17:13 . 2008-04-13 17:13 20540 c:\windows\system32\dllcache\author.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 30208 c:\windows\system32\dllcache\atmlib.dll
- 2010-03-05 14:38 . 2010-03-05 14:38 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-19 13:39 . 2010-03-05 14:38 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 70656 c:\windows\system32\dllcache\amstream.dll
+ 2004-08-19 15:22 . 2008-04-13 16:48 41728 c:\windows\system32\dllcache\amdk7.sys
+ 2004-08-19 15:22 . 2008-04-13 16:48 41344 c:\windows\system32\dllcache\amdk6.sys
+ 2004-08-03 23:07 . 2008-04-13 09:36 43008 c:\windows\system32\dllcache\amdagp.sys
+ 2004-08-19 13:39 . 2008-04-13 17:13 17408 c:\windows\system32\dllcache\alrsvc.dll
+ 2004-08-03 23:07 . 2008-04-13 09:36 42752 c:\windows\system32\dllcache\alim1541.sys
+ 2004-08-19 13:39 . 2008-04-13 17:14 44544 c:\windows\system32\dllcache\alg.exe
+ 2004-08-19 13:39 . 2008-04-13 17:14 98304 c:\windows\system32\dllcache\ahui.exe
+ 2004-08-19 13:39 . 2008-04-13 17:13 24064 c:\windows\system32\dllcache\agtintl.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 20480 c:\windows\system32\dllcache\agt0c0a.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 20992 c:\windows\system32\dllcache\agt0816.dll
+ 2010-08-07 19:54 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0804.dll
+ 2010-08-07 16:55 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt041f.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt041d.dll
+ 2010-08-07 16:55 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0419.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 20480 c:\windows\system32\dllcache\agt0416.dll
+ 2010-08-07 16:55 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0415.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0414.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 20992 c:\windows\system32\dllcache\agt0413.dll
+ 2010-08-07 19:50 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0412.dll
+ 2010-08-07 19:57 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0411.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 20992 c:\windows\system32\dllcache\agt0410.dll
+ 2010-08-07 16:55 . 2007-04-02 09:26 19968 c:\windows\system32\dllcache\agt040e.dll
+ 2010-08-07 19:49 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt040d.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 21504 c:\windows\system32\dllcache\agt040c.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt040b.dll
+ 2001-12-04 12:00 . 2008-04-13 08:32 19968 c:\windows\system32\dllcache\agt0409.dll
+ 2010-08-07 16:55 . 2007-04-02 09:26 22016 c:\windows\system32\dllcache\agt0408.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 21504 c:\windows\system32\dllcache\agt0407.dll
+ 2001-12-04 12:00 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0406.dll
+ 2010-08-07 16:55 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0405.dll
+ 2010-08-07 19:57 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0404.dll
+ 2010-08-07 19:51 . 2007-04-02 09:26 19456 c:\windows\system32\dllcache\agt0401.dll
+ 2004-08-03 23:07 . 2008-04-13 09:36 44928 c:\windows\system32\dllcache\agpcpq.sys
+ 2004-08-03 23:07 . 2008-04-13 09:36 42368 c:\windows\system32\dllcache\agp440.sys
+ 2004-08-19 13:39 . 2008-04-13 17:13 44032 c:\windows\system32\dllcache\agentsr.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 24064 c:\windows\system32\dllcache\agentpsh.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 49152 c:\windows\system32\dllcache\agentmpx.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 57344 c:\windows\system32\dllcache\agentdpv.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 42496 c:\windows\system32\dllcache\agentdp2.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 24064 c:\windows\system32\dllcache\agentanm.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 68096 c:\windows\system32\dllcache\adsmsext.dll
+ 2011-11-24 23:57 . 2001-08-17 19:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2010-08-07 19:58 . 2008-04-13 17:13 43520 c:\windows\system32\dllcache\admwprox.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 61440 c:\windows\system32\dllcache\admparse.dll
+ 2011-11-24 23:57 . 2008-04-13 08:36 10880 c:\windows\system32\dllcache\admjoy.sys
+ 2008-04-13 17:14 . 2008-04-13 17:14 16439 c:\windows\system32\dllcache\admin.exe
+ 2008-04-13 17:13 . 2008-04-13 17:13 20540 c:\windows\system32\dllcache\admin.dll
+ 2010-08-07 19:58 . 2008-04-13 17:13 29696 c:\windows\system32\dllcache\admexs.dll
+ 2011-11-24 23:57 . 2001-08-17 19:11 20160 c:\windows\system32\dllcache\adm8511.sys
+ 2004-08-19 13:39 . 2008-04-13 17:13 98304 c:\windows\system32\dllcache\actxprxy.dll
+ 2001-12-04 12:00 . 2001-12-04 12:00 12160 c:\windows\system32\dllcache\acpiec.sys
+ 2011-11-24 23:57 . 2001-08-30 22:07 61952 c:\windows\system32\dllcache\acerscad.dll
+ 2010-08-07 16:56 . 2004-08-03 20:32 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2011-11-24 23:57 . 2001-08-17 19:20 96256 c:\windows\system32\dllcache\ac97intc.sys
+ 2011-11-24 23:57 . 2001-08-17 20:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2011-11-24 23:57 . 2001-08-30 22:07 98304 c:\windows\system32\dllcache\a3d.dll
+ 2011-11-24 23:57 . 2001-08-30 22:07 38400 c:\windows\system32\dllcache\8514a.dll
+ 2011-11-24 23:57 . 2008-04-13 10:46 48128 c:\windows\system32\dllcache\61883.sys
+ 2011-11-24 23:57 . 2008-04-13 10:40 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2011-11-24 23:57 . 2001-08-17 21:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
+ 2011-11-24 23:57 . 2008-04-13 10:46 53376 c:\windows\system32\dllcache\1394bus.sys
+ 2010-08-07 19:58 . 2008-04-13 17:13 8192 c:\windows\system32\dllcache\staxmem.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 5120 c:\windows\system32\dllcache\sfc.dll
+ 2010-08-07 19:42 . 2008-04-13 17:13 4096 c:\windows\system32\dllcache\msdaurl.dll
+ 2010-08-07 19:52 . 2008-04-13 17:13 4096 c:\windows\system32\dllcache\msdasc.dll
+ 2010-08-07 19:44 . 2008-04-13 17:13 4096 c:\windows\system32\dllcache\msdaer.dll
+ 2010-08-07 19:48 . 2008-04-13 17:13 4096 c:\windows\system32\dllcache\msdaenum.dll
+ 2010-08-07 19:53 . 2008-04-13 17:13 4096 c:\windows\system32\dllcache\msdadc.dll
+ 2010-02-23 14:34 . 2008-04-13 18:14 4639 c:\windows\system32\dllcache\mplayer2.exe
- 2010-08-07 15:01 . 2008-04-13 17:14 4639 c:\windows\system32\dllcache\mplayer2.exe
+ 2010-08-07 20:00 . 2008-04-13 17:12 6144 c:\windows\system32\dllcache\kbdpash.dll
+ 2010-08-07 20:00 . 2008-04-13 17:12 6144 c:\windows\system32\dllcache\kbdnepr.dll
+ 2010-08-07 20:00 . 2008-04-13 17:12 6144 c:\windows\system32\dllcache\kbdiultn.dll
+ 2010-08-07 20:00 . 2008-04-13 17:12 6144 c:\windows\system32\dllcache\kbdbhc.dll
+ 2010-08-07 20:00 . 2008-04-13 17:13 7168 c:\windows\system32\dllcache\bitsprx4.dll
+ 2010-08-07 15:32 . 2008-04-13 17:13 3775 c:\windows\system32\dllcache\adv11nt5.dll
+ 2010-08-07 15:32 . 2008-04-13 17:13 3711 c:\windows\system32\dllcache\adv09nt5.dll
+ 2010-08-07 15:32 . 2008-04-13 17:13 3135 c:\windows\system32\dllcache\adv08nt5.dll
+ 2010-08-07 15:32 . 2008-04-13 17:13 3647 c:\windows\system32\dllcache\adv07nt5.dll
+ 2010-08-07 15:32 . 2008-04-13 17:13 3615 c:\windows\system32\dllcache\adv05nt5.dll
+ 2010-08-07 15:32 . 2008-04-13 17:13 3967 c:\windows\system32\dllcache\adv02nt5.dll
+ 2010-08-07 15:32 . 2008-04-13 17:13 4255 c:\windows\system32\dllcache\adv01nt5.dll
+ 2011-11-24 23:57 . 2001-08-17 20:53 7424 c:\windows\system32\dllcache\adicvls.sys
+ 2004-08-19 13:39 . 2008-04-13 17:14 4096 c:\windows\system32\dllcache\actmovie.exe
+ 2004-08-19 13:39 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-19 13:39 . 2008-04-13 17:14 510464 c:\windows\system32\dllcache\winlogon.exe
+ 2004-08-19 13:39 . 2008-04-13 17:13 668672 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-19 13:39 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2010-12-16 22:30 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 620544 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 124928 c:\windows\system32\dllcache\umpnpmgr.dll
+ 2004-08-19 13:39 . 2008-04-13 17:14 107008 c:\windows\system32\dllcache\sysocmgr.exe
+ 2010-08-07 20:01 . 2008-04-13 17:13 189952 c:\windows\system32\dllcache\smtpadm.dll
+ 2004-08-19 13:39 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2004-08-19 13:39 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2004-08-19 13:39 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
- 2009-06-25 08:25 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 429568 c:\windows\system32\dllcache\samsrv.dll
+ 2004-08-03 20:31 . 2008-04-13 08:37 208384 c:\windows\system32\dllcache\rsaenh.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 433664 c:\windows\system32\dllcache\riched20.dll
+ 2010-08-07 19:56 . 2008-04-13 17:13 487424 c:\windows\system32\dllcache\oledb32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 147456 c:\windows\system32\dllcache\odbctrac.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 278559 c:\windows\system32\dllcache\odbcjt32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 106496 c:\windows\system32\dllcache\odbccp32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 135168 c:\windows\system32\dllcache\odbcconf.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2004-08-03 21:15 . 2008-04-13 10:15 574976 c:\windows\system32\dllcache\ntfs.sys
- 2010-08-07 18:54 . 2009-02-09 10:51 736256 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-19 13:38 . 2009-02-09 10:51 736256 c:\windows\system32\dllcache\ntdll.dll
- 2010-08-07 15:01 . 2008-04-13 17:13 364544 c:\windows\system32\dllcache\npdsplay.dll
+ 2010-02-23 14:34 . 2008-04-13 18:13 364544 c:\windows\system32\dllcache\npdsplay.dll
+ 2004-08-19 13:39 . 2008-10-15 16:36 337408 c:\windows\system32\dllcache\netapi32.dll
- 2010-08-07 18:52 . 2008-10-15 16:36 337408 c:\windows\system32\dllcache\netapi32.dll
+ 2004-08-19 13:39 . 2007-04-02 03:52 355104 c:\windows\system32\dllcache\msxbde40.dll
+ 2004-08-19 13:39 . 2008-01-23 06:24 621344 c:\windows\system32\dllcache\mswstr10.dll
+ 2004-08-19 13:39 . 2007-04-02 03:51 838432 c:\windows\system32\dllcache\mswdat10.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 343040 c:\windows\system32\dllcache\msvcrt.dll
+ 2004-08-19 13:39 . 2007-04-02 03:51 264992 c:\windows\system32\dllcache\mstext40.dll
+ 2004-08-19 13:39 . 2007-04-02 03:51 559904 c:\windows\system32\dllcache\msrepl40.dll
+ 2004-08-19 13:39 . 2007-04-02 03:50 322336 c:\windows\system32\dllcache\msrd3x40.dll
+ 2004-08-19 13:39 . 2007-04-02 03:50 432928 c:\windows\system32\dllcache\msrd2x40.dll
+ 2004-08-19 13:39 . 2007-04-02 03:50 355104 c:\windows\system32\dllcache\mspbde40.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 143360 c:\windows\system32\dllcache\msorcl32.dll
+ 2004-08-19 13:39 . 2007-04-02 03:49 219936 c:\windows\system32\dllcache\msltus40.dll
+ 2004-08-19 13:39 . 2007-04-02 03:49 248608 c:\windows\system32\dllcache\msjtes40.dll
+ 2010-08-07 19:43 . 2008-04-13 17:13 102400 c:\windows\system32\dllcache\msjro.dll
+ 2004-08-19 13:39 . 2008-01-23 06:24 183072 c:\windows\system32\dllcache\msjint40.dll
+ 2004-08-19 13:39 . 2007-04-02 03:48 326432 c:\windows\system32\dllcache\msexcl40.dll
+ 2004-08-19 13:39 . 2007-04-02 03:47 518944 c:\windows\system32\dllcache\msexch40.dll
+ 2010-08-07 19:44 . 2008-04-13 17:13 315392 c:\windows\system32\dllcache\msdasql.dll
+ 2010-08-07 19:56 . 2008-04-13 17:13 118784 c:\windows\system32\dllcache\msdarem.dll
+ 2010-08-07 19:53 . 2008-04-13 17:13 204800 c:\windows\system32\dllcache\msdaps.dll
+ 2010-08-07 19:44 . 2008-04-13 17:13 200704 c:\windows\system32\dllcache\msdaprst.dll
+ 2010-08-07 19:53 . 2008-04-13 17:13 233472 c:\windows\system32\dllcache\msdaora.dll
+ 2010-08-07 19:43 . 2008-04-13 17:13 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-08-07 19:42 . 2008-04-13 17:13 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-08-07 19:48 . 2008-04-13 17:13 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-08-07 19:53 . 2008-04-13 17:13 155648 c:\windows\system32\dllcache\msadds.dll
+ 2010-08-07 19:47 . 2008-04-13 17:13 143360 c:\windows\system32\dllcache\msadco.dll
+ 2010-08-07 19:53 . 2008-04-13 17:13 331776 c:\windows\system32\dllcache\msadce.dll
- 2010-09-18 11:23 . 2010-09-18 11:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-19 13:39 . 2010-09-18 11:23 974848 c:\windows\system32\dllcache\mfc42u.dll
- 2010-12-16 22:39 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2004-08-19 13:39 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2001-12-04 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
- 2010-12-16 22:39 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2004-08-19 13:39 . 2009-06-25 08:25 735744 c:\windows\system32\dllcache\lsasrv.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 735744 c:\windows\system32\dllcache\lsasrv.dll
- 2010-12-16 22:17 . 2009-08-13 15:15 512000 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-19 13:39 . 2009-08-13 15:15 512000 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 138240 c:\windows\system32\dllcache\itss.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 155136 c:\windows\system32\dllcache\itircl.dll
+ 2010-08-07 20:00 . 2008-04-13 17:13 839168 c:\windows\system32\dllcache\inetmgr.dll
+ 2010-08-07 19:58 . 2008-04-13 17:13 133632 c:\windows\system32\dllcache\iisrtl.dll
+ 2010-08-07 17:04 . 2008-03-28 07:09 217088 c:\windows\system32\dllcache\fpmmcsat.dll
- 2010-08-07 17:04 . 2003-04-14 19:04 217088 c:\windows\system32\dllcache\fpmmcsat.dll
+ 2008-04-13 17:13 . 2008-04-13 17:13 598071 c:\windows\system32\dllcache\fpmmc.dll
+ 2008-04-13 17:14 . 2008-04-13 17:14 188494 c:\windows\system32\dllcache\fpcount.exe
+ 2008-04-13 17:14 . 2008-04-13 17:14 109840 c:\windows\system32\dllcache\fp98swin.exe
+ 2008-04-13 17:13 . 2008-04-13 17:13 876653 c:\windows\system32\dllcache\fp4awel.dll
+ 2008-04-13 17:13 . 2008-04-13 17:13 102509 c:\windows\system32\dllcache\fp4atxt.dll
+ 2008-04-13 17:13 . 2008-04-13 17:13 147513 c:\windows\system32\dllcache\fp4apws.dll
+ 2008-04-13 17:13 . 2008-04-13 17:13 184435 c:\windows\system32\dllcache\fp4amsft.dll
+ 2004-08-03 21:14 . 2008-04-13 10:14 143744 c:\windows\system32\dllcache\fastfat.sys
+ 2004-08-19 13:39 . 2008-04-13 17:13 380445 c:\windows\system32\dllcache\expsrv.dll
+ 2004-08-03 20:31 . 2008-04-13 08:37 138752 c:\windows\system32\dllcache\dssenh.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 523776 c:\windows\system32\dllcache\cryptui.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 603136 c:\windows\system32\dllcache\crypt32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 253440 c:\windows\system32\dllcache\compatui.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 281088 c:\windows\system32\dllcache\comdlg32.dll
+ 2004-08-19 13:39 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
- 2010-12-16 22:39 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-13 17:14 . 2008-04-13 17:14 188480 c:\windows\system32\dllcache\cfgwiz.exe
+ 2010-08-07 20:00 . 2008-04-13 17:13 233472 c:\windows\system32\dllcache\azroles.dll
+ 2010-08-07 19:42 . 2008-04-13 17:13 333824 c:\windows\system32\dllcache\aqueue.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 300544 c:\windows\system32\dllcache\appmgr.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 175104 c:\windows\system32\dllcache\appmgmts.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 125952 c:\windows\system32\dllcache\apphelp.dll
+ 2010-08-07 19:59 . 2008-04-13 17:13 109568 c:\windows\system32\dllcache\appconf.dll
+ 2004-08-19 13:39 . 2008-04-13 17:14 256512 c:\windows\system32\dllcache\agentsvr.exe
+ 2004-08-19 13:39 . 2008-04-13 17:13 214016 c:\windows\system32\dllcache\agentctl.dll
+ 2004-08-03 21:14 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2004-08-19 13:39 . 2008-04-13 17:13 101888 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-19 13:39 . 2009-02-09 10:51 683520 c:\windows\system32\dllcache\advapi32.dll
- 2010-08-07 18:54 . 2009-02-09 10:51 683520 c:\windows\system32\dllcache\advapi32.dll
+ 2001-12-04 12:00 . 2008-04-13 17:13 123392 c:\windows\system32\dllcache\adsnw.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 263680 c:\windows\system32\dllcache\adsnt.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 143360 c:\windows\system32\dllcache\adsldpc.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 175616 c:\windows\system32\dllcache\adsldp.dll
+ 2010-08-07 20:00 . 2008-04-13 17:13 290816 c:\windows\system32\dllcache\adsiis51.dll
+ 2011-11-24 23:57 . 2001-08-17 21:07 101888 c:\windows\system32\dllcache\adpu160m.sys
+ 2011-11-24 23:57 . 2001-08-17 19:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2011-11-24 23:57 . 2001-08-17 19:19 553984 c:\windows\system32\dllcache\adm8820.sys
+ 2011-11-24 23:57 . 2001-08-17 19:19 584448 c:\windows\system32\dllcache\adm8810.sys
+ 2004-08-19 13:39 . 2008-04-13 17:13 116224 c:\windows\system32\dllcache\acxtrnal.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 193536 c:\windows\system32\dllcache\activeds.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 245248 c:\windows\system32\dllcache\acspecfc.dll
+ 2004-08-19 13:21 . 2008-04-13 16:47 188416 c:\windows\system32\dllcache\acpi.sys
+ 2004-08-19 13:39 . 2008-04-13 17:13 120832 c:\windows\system32\dllcache\aclui.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 141312 c:\windows\system32\dllcache\aclua.dll
- 2010-08-07 18:55 . 2009-11-21 15:54 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-19 13:39 . 2009-11-21 15:54 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2010-08-07 15:00 . 2008-04-13 17:14 189952 c:\windows\system32\dllcache\accwiz.exe
+ 2011-11-24 23:57 . 2001-08-17 19:20 297728 c:\windows\system32\dllcache\ac97sis.sys
+ 2011-11-24 23:57 . 2008-04-13 08:36 231552 c:\windows\system32\dllcache\ac97ali.sys
+ 2010-08-07 20:00 . 2008-04-13 17:13 136192 c:\windows\system32\dllcache\aaclient.dll
+ 2011-11-24 23:57 . 2001-08-30 22:07 462848 c:\windows\system32\dllcache\a3dapi.dll
+ 2004-08-19 13:39 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2011-11-24 23:57 . 2001-08-17 19:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
+ 2011-11-24 23:57 . 2001-08-30 22:07 689216 c:\windows\system32\dllcache\3dfxvs.dll
+ 2011-11-24 23:57 . 2001-08-17 20:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2010-08-07 20:00 . 2008-04-13 17:13 2134528 c:\windows\system32\dllcache\smtpsnap.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 1571840 c:\windows\system32\dllcache\sfcfiles.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 1001472 c:\windows\system32\dllcache\setupapi.dll
- 2010-07-16 12:05 . 2010-07-16 12:05 1287680 c:\windows\system32\dllcache\ole32.dll
+ 2004-08-19 13:39 . 2010-07-16 12:05 1287680 c:\windows\system32\dllcache\ole32.dll
- 2010-12-16 22:33 . 2010-04-28 18:11 2193664 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-19 13:34 . 2010-04-28 18:11 2193664 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-19 13:39 . 2007-10-22 00:30 1516568 c:\windows\system32\dllcache\msjet40.dll
- 2009-03-21 14:06 . 2009-03-21 14:06 1033728 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-19 13:39 . 2009-03-21 14:06 1033728 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-19 13:39 . 2008-04-13 17:13 1852928 c:\windows\system32\dllcache\acgenral.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lightscreen"="d:\programmi\Lightscreen\lightscreen.exe" [2010-03-17 563200]
"AlcoholAutomount"="d:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-11-17 1622016]
"UnlockerAssistant"="d:\programmi\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"LogMeIn Hamachi Ui"="d:\programmi\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^DynDNS Updater Tray Icon.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- d:\programmi\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- d:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-07 16:58 137536 ----atw- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2007-12-11 02:59 307200 ----a-w- d:\programmi\Syncrosoft\POS\H2O\cledx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 14:15 221184 ----a-w- d:\progra~1\INSTAL~2\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-05-16 08:58 86960 ----a-w- d:\programmi\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 14:18 1955208 ----a-w- d:\programmi\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 16:00 449608 ----a-w- d:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-11-17 15:29 7700480 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-11-17 15:29 86016 ------w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-09-21 22:15 3077528 ----a-w- d:\programmi\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2011-09-20 10:39 801792 ----a-w- d:\programmi\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- d:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- d:\programmi\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"rpcapd"=3 (0x3)
"NMap"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"BlueSoleil Hid Service"=3 (0x3)
"gupdate"=2 (0x2)
"TunngleService"=3 (0x3)
"PnkBstrA"=3 (0x3)
"pgsql-8.0"=3 (0x3)
"NIHardwareService"=2 (0x2)
"IDriverT"=3 (0x3)
"ICQ Service"=2 (0x2)
"MBAMService"=2 (0x2)
"DynDNS Updater"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\Opera\\opera.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\Xfire\\Xfire.exe"=
"d:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"d:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"d:\\GIOCHI\\Call of Duty\\CoDMP.exe"=
"d:\\Programmi\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"d:\\Programmi\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\Steam\\Steam.exe"=
"d:\\Programmi\\Tunngle\\TnglCtrl.exe"=
"d:\\Programmi\\Tunngle\\Tunngle.exe"=
"d:\\Programmi\\uTorrent\\uTorrent.exe"=
"d:\\GIOCHI\\Football Manager 2011\\fm.exe"=
"c:\\Documents and Settings\\Nicola\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"d:\\GIOCHI\\Zoo Tycoon 2\\zt.exe"=
"d:\\Programmi\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Programmi\\Steam\\steamapps\\common\\simcity 4 deluxe\\Apps\\SimCity 4.exe"=
"d:\\Programmi\\Steam\\steamapps\\common\\simcity 4 deluxe\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Programmi\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"d:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"d:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"d:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"d:\\Programmi\\Skype\\Phone\\Skype.exe"=
"d:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Nicola\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:TCP"= 28960:TCP:CODMPTCP
"28960:UDP"= 28960:UDP:CODMPUDP
"7777:TCP"= 7777:TCP:samp
"7777:UDP"= 7777:UDP:samp udp
"57942:TCP"= 57942:TCP:Pando Media Booster
"57942:UDP"= 57942:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/08/2010 20.22.03 721904]
R3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\drivers\cccp106.sys [18/08/2010 0.01.12 227200]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [26/07/2011 17.16.56 33792]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [29/01/2011 0.32.58 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/09/2010 15.43.47 22216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28/04/2011 18.28.05 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28/04/2011 18.28.06 8576]
S3 PORTMON;PORTMON;\??\d:\programmi\Sys Internals Suite\PORTMSYS.SYS --> d:\programmi\Sys Internals Suite\PORTMSYS.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 DynDNS Updater;DynDNS Updater;d:\programmi\DynDNS Updater\DynUpSvc.exe [15/04/2011 20.14.18 93048]
S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\programmi\Firebird\Firebird_1_5\bin\fbguard.exe -s --> d:\programmi\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\programmi\Firebird\Firebird_1_5\bin\fbserver.exe -s --> d:\programmi\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S4 gupdate;Servizio di Google Update (gupdate);"d:\programmi\Google\Update\GoogleUpdate.exe" /svc --> d:\programmi\Google\Update\GoogleUpdate.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programmi\LogMeIn Hamachi\hamachi-2.exe [15/08/2011 15.18.10 1361288]
S4 MBAMService;MBAMService;d:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [27/09/2010 15.43.59 366152]
S4 NIHardwareService;NIHardwareService;d:\programmi\Native Instruments\Hardware\NIHardwareService.exe [08/12/2009 19.26.15 3616768]
S4 TunngleService;TunngleService;d:\programmi\Tunngle\TnglCtrl.exe [29/01/2011 0.32.48 718072]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-19 c:\windows\Tasks\expressburnShakeIcon.job
- d:\programmi\NCH Software\ExpressBurn\expressburn.exe [2011-11-19 12:26]
.
2011-11-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1547161642-2139871995-1801674531-1003Core.job
- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-09-07 16:58]
.
2011-11-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1547161642-2139871995-1801674531-1003UA.job
- c:\documents and settings\Nicola\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-09-07 16:58]
.
2011-03-03 c:\windows\Tasks\mixpadShakeIcon.job
- d:\programmi\NCH Swift Sound\MixPad\mixpad.exe [2010-09-09 21:37]
.
2011-08-08 c:\windows\Tasks\switchShakeIcon.job
- d:\programmi\NCH Swift Sound\Switch\switch.exe [2011-07-07 12:41]
.
2011-06-13 c:\windows\Tasks\wavepadDowngrade.job
- d:\programmi\NCH Swift Sound\WavePad\wavepad.exe [2010-09-09 12:39]
.
2011-11-19 c:\windows\Tasks\wavepadShakeIcon.job
- d:\programmi\NCH Swift Sound\WavePad\wavepad.exe [2010-09-09 12:39]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 127.0.0.1:8088
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - d:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Nicola\Dati applicazioni\Mozilla\Firefox\Profiles\eas8fgnv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Free Registry Defrag_is1 - d:\programmi\Registry Clean Expert\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 17:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
d:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
d:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\wudfhost.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2011-11-25 17:42:18 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-11-25 16:42
ComboFix2.txt 2011-11-23 18:54
.
Pre-Run: 4.746.014.720 byte disponibili
Post-Run: 4.723.179.520 byte disponibili
.
- - End Of File - - D84076EA77FBF852F5DBCCE887F172B1
Clicca per espandere...
 
Ultima modifica:
Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versione database: 8238

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180

26/11/2011 1.21.43
mbam-log-2011-11-26 (01-21-41).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 564229
Tempo impiegato: 4 ore, 5 minuti, 50 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
Clicca per espandere...
 
Ultima modifica:
Conosci questo programma ? MultiProxy

Fammi questo controllino per piacere:
Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/utils/tdsskiller.exe
● posiziona il file scaricato sul Desktop
● doppio click su TDSSKiller.exe per avviare l'applicazione e successivamente sul pulsante Start Scan

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure, clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip, clicca quindi su Continua

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: clicca su Report e salva il contenuto in un file di testo
● è necessario riavviare il sistema: clicca su Riavvia ora
● il report del programma da allegare si trova in C:\ in questa forma:
TDSSKiller.[Version]_[Date]_[Time]_log.txt
 
Ecco qua il report:
13:06:29.0254 2836 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:06:29.0735 2836 ============================================================
13:06:29.0735 2836 Current date / time: 2011/11/27 13:06:29.0735
13:06:29.0735 2836 SystemInfo:
13:06:29.0735 2836
13:06:29.0735 2836 OS Version: 5.1.2600 ServicePack: 3.0
13:06:29.0735 2836 Product type: Workstation
13:06:29.0735 2836 ComputerName: CORRADIN
13:06:29.0735 2836 UserName: Nicola
13:06:29.0735 2836 Windows directory: C:\WINDOWS
13:06:29.0735 2836 System windows directory: C:\WINDOWS
13:06:29.0735 2836 Processor architecture: Intel x86
13:06:29.0735 2836 Number of processors: 1
13:06:29.0735 2836 Page size: 0x1000
13:06:29.0735 2836 Boot type: Normal boot
13:06:29.0735 2836 ============================================================
13:06:31.0287 2836 Initialize success
13:06:42.0844 2688 ============================================================
13:06:42.0844 2688 Scan started
13:06:42.0844 2688 Mode: Manual; SigCheck; TDLFS;
13:06:42.0844 2688 ============================================================
13:06:44.0396 2688 Abiosdsk - ok
13:06:44.0686 2688 abp480n5 - ok
13:06:45.0077 2688 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:06:51.0166 2688 ACPI - ok
13:06:51.0446 2688 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:06:52.0017 2688 ACPIEC - ok
13:06:52.0347 2688 adpu160m - ok
13:06:52.0718 2688 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:06:53.0339 2688 aec - ok
13:06:53.0699 2688 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:06:53.0789 2688 AFD - ok
13:06:54.0110 2688 Aha154x - ok
13:06:54.0380 2688 aic78u2 - ok
13:06:54.0641 2688 aic78xx - ok
13:06:54.0961 2688 AliIde - ok
13:06:55.0262 2688 amsint - ok
13:06:55.0582 2688 asc - ok
13:06:55.0882 2688 asc3350p - ok
13:06:56.0143 2688 asc3550 - ok
13:06:56.0583 2688 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:06:57.0184 2688 AsyncMac - ok
13:06:57.0515 2688 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:06:58.0166 2688 atapi - ok
13:06:58.0426 2688 Atdisk - ok
13:06:58.0767 2688 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:06:59.0418 2688 Atmarpc - ok
13:07:00.0229 2688 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:07:00.0810 2688 audstub - ok
13:07:01.0100 2688 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:07:01.0741 2688 Beep - ok
13:07:02.0031 2688 BlueletAudio (0744aa40fe6fa9c471fa59ccb5ca1f73) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
13:07:02.0061 2688 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
13:07:02.0061 2688 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
13:07:02.0612 2688 BlueletSCOAudio (01d1832f2b13dfaf7384884f7c3e0124) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
13:07:02.0642 2688 BlueletSCOAudio ( UnsignedFile.Multi.Generic ) - warning
13:07:02.0642 2688 BlueletSCOAudio - detected UnsignedFile.Multi.Generic (1)
13:07:03.0173 2688 BT (51eff72092088948933298c12ed23fd1) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
13:07:03.0243 2688 BT ( UnsignedFile.Multi.Generic ) - warning
13:07:03.0243 2688 BT - detected UnsignedFile.Multi.Generic (1)
13:07:03.0614 2688 Btcsrusb (3efdd3cc9118f6290398d94a72458b00) C:\WINDOWS\system32\Drivers\btcusb.sys
13:07:03.0664 2688 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
13:07:03.0664 2688 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
13:07:03.0944 2688 BTHidEnum (e69d9e7854095a9c81acee40d766fe2d) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
13:07:04.0004 2688 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
13:07:04.0004 2688 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
13:07:04.0645 2688 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
13:07:04.0825 2688 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
13:07:04.0825 2688 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
13:07:04.0845 2688 catchme - ok
13:07:05.0146 2688 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:07:05.0797 2688 cbidf2k - ok
13:07:06.0157 2688 CCCP106 (77696f95fd093735eff58e0461af5ec5) C:\WINDOWS\system32\DRIVERS\cccp106.sys
13:07:06.0307 2688 CCCP106 - ok
13:07:06.0618 2688 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:07:06.0688 2688 CCDECODE - ok
13:07:06.0948 2688 cd20xrnt - ok
13:07:07.0249 2688 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:07:07.0910 2688 Cdaudio - ok
13:07:08.0240 2688 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:07:09.0131 2688 Cdfs - ok
13:07:09.0472 2688 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:07:10.0153 2688 Cdrom - ok
13:07:10.0483 2688 Changer - ok
13:07:10.0884 2688 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
13:07:10.0914 2688 CLEDX ( UnsignedFile.Multi.Generic ) - warning
13:07:10.0934 2688 CLEDX - detected UnsignedFile.Multi.Generic (1)
13:07:11.0325 2688 CmdIde - ok
13:07:11.0855 2688 Cpqarray - ok
13:07:12.0346 2688 dac2w2k - ok
13:07:12.0637 2688 dac960nt - ok
13:07:13.0087 2688 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:07:13.0898 2688 Disk - ok
13:07:14.0559 2688 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
13:07:15.0461 2688 dmboot - ok
13:07:15.0771 2688 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\DRIVERS\dmio.sys
13:07:16.0472 2688 dmio - ok
13:07:16.0792 2688 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:07:17.0453 2688 dmload - ok
13:07:17.0764 2688 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:07:18.0515 2688 DMusic - ok
13:07:18.0825 2688 dpti2o - ok
13:07:19.0116 2688 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:07:19.0787 2688 drmkaud - ok
13:07:20.0187 2688 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:07:20.0868 2688 Fastfat - ok
13:07:21.0189 2688 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:07:21.0830 2688 Fdc - ok
13:07:22.0220 2688 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
13:07:23.0172 2688 Fips - ok
13:07:23.0492 2688 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:07:24.0373 2688 Flpydisk - ok
13:07:24.0714 2688 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:07:31.0414 2688 FltMgr - ok
13:07:32.0685 2688 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:07:34.0929 2688 Fs_Rec - ok
13:07:36.0100 2688 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:07:38.0384 2688 Ftdisk - ok
13:07:39.0135 2688 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:07:40.0687 2688 gameenum - ok
13:07:41.0017 2688 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
13:07:41.0097 2688 giveio ( UnsignedFile.Multi.Generic ) - warning
13:07:41.0097 2688 giveio - detected UnsignedFile.Multi.Generic (1)
13:07:41.0458 2688 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:07:42.0099 2688 Gpc - ok
13:07:42.0439 2688 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
13:07:57.0571 2688 hamachi - ok
13:07:58.0292 2688 HCF_MSFT (270ee8e4a17e0fb26845e5f3c0dd0e20) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
13:07:59.0224 2688 HCF_MSFT - ok
13:07:59.0574 2688 hpn - ok
13:08:00.0345 2688 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
13:08:00.0986 2688 HTTP - ok
13:08:01.0347 2688 i2omgmt - ok
13:08:01.0647 2688 i2omp - ok
13:08:01.0997 2688 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:08:02.0568 2688 i8042prt - ok
13:08:02.0969 2688 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
13:08:03.0530 2688 i81x - ok
13:08:03.0890 2688 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:08:04.0491 2688 Imapi - ok
13:08:04.0842 2688 ini910u - ok
13:08:05.0192 2688 IntelIde (027fe9b28fb0f861c181d25923b31e78) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:08:05.0783 2688 IntelIde - ok
13:08:06.0123 2688 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:08:06.0664 2688 intelppm - ok
13:08:07.0005 2688 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:08:07.0565 2688 Ip6Fw - ok
13:08:07.0916 2688 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:08:08.0427 2688 IpFilterDriver - ok
13:08:08.0757 2688 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:08:09.0358 2688 IpInIp - ok
13:08:09.0699 2688 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:08:10.0219 2688 IpNat - ok
13:08:10.0590 2688 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:08:11.0121 2688 IPSec - ok
13:08:11.0461 2688 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:08:11.0721 2688 IRENUM - ok
13:08:12.0062 2688 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:08:12.0603 2688 isapnp - ok
13:08:13.0254 2688 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:08:13.0845 2688 Kbdclass - ok
13:08:14.0225 2688 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:08:14.0806 2688 kmixer - ok
13:08:15.0156 2688 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:08:15.0297 2688 KSecDD - ok
13:08:15.0587 2688 lbrtfdc - ok
13:08:16.0198 2688 ltmodem5 (e767a3a04088c9172b6355b14496dcd0) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
13:08:16.0999 2688 ltmodem5 - ok
13:08:17.0390 2688 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
13:08:17.0450 2688 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
13:08:17.0450 2688 MarvinBus - detected UnsignedFile.Multi.Generic (1)
13:08:17.0780 2688 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
13:08:19.0643 2688 MBAMProtector - ok
13:08:20.0013 2688 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
13:08:20.0063 2688 mcdbus ( UnsignedFile.Multi.Generic ) - warning
13:08:20.0063 2688 mcdbus - detected UnsignedFile.Multi.Generic (1)
13:08:20.0444 2688 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:08:20.0985 2688 mnmdd - ok
13:08:21.0345 2688 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
13:08:21.0886 2688 Modem - ok
13:08:22.0217 2688 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:08:22.0677 2688 MODEMCSA - ok
13:08:23.0008 2688 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:08:23.0508 2688 Mouclass - ok
13:08:23.0839 2688 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:08:24.0340 2688 MountMgr - ok
13:08:24.0630 2688 mraid35x - ok
13:08:25.0001 2688 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:08:25.0551 2688 MRxDAV - ok
13:08:26.0042 2688 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:08:26.0262 2688 MRxSmb - ok
13:08:26.0603 2688 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:08:27.0084 2688 Msfs - ok
13:08:27.0394 2688 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:08:27.0885 2688 MSKSSRV - ok
13:08:28.0205 2688 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:08:28.0696 2688 MSPCLOCK - ok
13:08:29.0016 2688 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:08:29.0497 2688 MSPQM - ok
13:08:29.0838 2688 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:08:30.0348 2688 mssmbios - ok
13:08:30.0629 2688 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
13:08:30.0809 2688 MSTEE - ok
13:08:31.0149 2688 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:08:31.0790 2688 Mup - ok
13:08:32.0141 2688 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:08:32.0191 2688 NABTSFEC - ok
13:08:32.0571 2688 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:08:33.0062 2688 NDIS - ok
13:08:33.0403 2688 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:08:33.0433 2688 NdisIP - ok
13:08:33.0743 2688 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:08:34.0234 2688 NdisTapi - ok
13:08:34.0604 2688 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:08:35.0065 2688 Ndisuio - ok
13:08:35.0416 2688 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:08:35.0896 2688 NdisWan - ok
13:08:36.0247 2688 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:08:36.0307 2688 NDProxy - ok
13:08:36.0647 2688 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:08:37.0138 2688 NetBIOS - ok
13:08:37.0559 2688 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:08:38.0089 2688 NetBT - ok
13:08:38.0570 2688 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:08:39.0031 2688 nm - ok
13:08:39.0391 2688 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
13:08:40.0403 2688 nmwcd - ok
13:08:40.0753 2688 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
13:08:40.0984 2688 nmwcdc - ok
13:08:41.0364 2688 nmwcdnsu (28d40797bcb050321fa6674b08a620c0) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
13:08:41.0614 2688 nmwcdnsu - ok
13:08:41.0945 2688 nmwcdnsuc (7804e9747bc27eddc6a8382bbf35cf25) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
13:08:42.0185 2688 nmwcdnsuc - ok
13:08:42.0606 2688 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:08:43.0087 2688 Npfs - ok
13:08:43.0637 2688 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:08:44.0248 2688 Ntfs - ok
13:08:44.0609 2688 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:08:45.0049 2688 Null - ok
13:08:47.0082 2688 nv (c82f94077e2497e6685da208e2f75b43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:08:49.0045 2688 nv ( UnsignedFile.Multi.Generic ) - warning
13:08:49.0045 2688 nv - detected UnsignedFile.Multi.Generic (1)
13:08:49.0366 2688 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:08:49.0826 2688 NwlnkFlt - ok
13:08:50.0167 2688 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:08:50.0657 2688 NwlnkFwd - ok
13:08:51.0078 2688 P3 (bf634aef90b88c406d3cfa644ee7aaaa) C:\WINDOWS\system32\DRIVERS\p3.sys
13:08:51.0559 2688 P3 - ok
13:08:51.0939 2688 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
13:08:52.0440 2688 Parport - ok
13:08:52.0771 2688 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:08:53.0211 2688 PartMgr - ok
13:08:53.0542 2688 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:08:54.0002 2688 ParVdm - ok
13:08:54.0353 2688 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
13:08:54.0413 2688 pccsmcfd - ok
13:08:54.0813 2688 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
13:08:55.0354 2688 PCI - ok
13:08:55.0665 2688 PCIDump - ok
13:08:55.0975 2688 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\drivers\PCIIde.sys
13:08:56.0456 2688 PCIIde - ok
13:08:56.0826 2688 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:08:57.0317 2688 Pcmcia - ok
13:08:57.0607 2688 PDCOMP - ok
13:08:57.0898 2688 PDFRAME - ok
13:08:58.0228 2688 PDRELI - ok
13:08:58.0509 2688 PDRFRAME - ok
13:08:58.0799 2688 perc2 - ok
13:08:59.0080 2688 perc2hib - ok
13:08:59.0410 2688 PORTMON - ok
13:08:59.0791 2688 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:09:00.0351 2688 PptpMiniport - ok
13:09:00.0732 2688 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:09:01.0223 2688 PSched - ok
13:09:01.0573 2688 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:09:02.0034 2688 Ptilink - ok
13:09:02.0374 2688 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:09:02.0404 2688 PxHelp20 - ok
13:09:02.0695 2688 ql1080 - ok
13:09:03.0055 2688 Ql10wnt - ok
13:09:03.0356 2688 ql12160 - ok
13:09:03.0666 2688 ql1240 - ok
13:09:03.0977 2688 ql1280 - ok
13:09:04.0317 2688 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:09:04.0778 2688 RasAcd - ok
13:09:05.0118 2688 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:09:05.0629 2688 Rasl2tp - ok
13:09:05.0949 2688 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:09:06.0430 2688 RasPppoe - ok
13:09:06.0771 2688 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:09:07.0231 2688 Raspti - ok
13:09:07.0632 2688 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:09:08.0113 2688 Rdbss - ok
13:09:08.0433 2688 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:09:08.0914 2688 RDPCDD - ok
13:09:09.0304 2688 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:09:09.0835 2688 rdpdr - ok
13:09:10.0226 2688 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:09:10.0756 2688 RDPWD - ok
13:09:11.0097 2688 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:09:11.0578 2688 redbook - ok
13:09:11.0958 2688 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:09:12.0419 2688 ROOTMODEM - ok
13:09:12.0849 2688 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:09:13.0330 2688 rtl8139 - ok
13:09:13.0731 2688 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
13:09:13.0761 2688 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
13:09:13.0761 2688 SCDEmu - detected UnsignedFile.Multi.Generic (1)
13:09:14.0151 2688 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:09:14.0402 2688 Secdrv - ok
13:09:14.0762 2688 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:09:15.0343 2688 serenum - ok
13:09:15.0683 2688 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:09:16.0154 2688 Serial - ok
13:09:16.0695 2688 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys
13:09:16.0725 2688 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
13:09:16.0725 2688 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
13:09:17.0045 2688 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys
13:09:17.0075 2688 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
13:09:17.0075 2688 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
13:09:17.0406 2688 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:09:17.0877 2688 Sfloppy - ok
13:09:18.0197 2688 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys
13:09:18.0227 2688 sfsync04 ( UnsignedFile.Multi.Generic ) - warning
13:09:18.0227 2688 sfsync04 - detected UnsignedFile.Multi.Generic (1)
13:09:18.0558 2688 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
13:09:18.0608 2688 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
13:09:18.0608 2688 sfvfs02 - detected UnsignedFile.Multi.Generic (1)
13:09:18.0898 2688 Simbad - ok
13:09:19.0279 2688 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:09:19.0339 2688 SLIP - ok
13:09:19.0649 2688 Sparrow - ok
13:09:19.0950 2688 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
13:09:19.0990 2688 speedfan ( UnsignedFile.Multi.Generic ) - warning
13:09:19.0990 2688 speedfan - detected UnsignedFile.Multi.Generic (1)
13:09:20.0320 2688 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:09:20.0791 2688 splitter - ok
13:09:21.0472 2688 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
13:09:21.0472 2688 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
13:09:21.0482 2688 sptd ( LockedFile.Multi.Generic ) - warning
13:09:21.0482 2688 sptd - detected LockedFile.Multi.Generic (1)
13:09:21.0842 2688 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
13:09:22.0193 2688 sr - ok
13:09:22.0694 2688 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
13:09:22.0874 2688 Srv - ok
13:09:23.0234 2688 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:09:23.0284 2688 streamip - ok
13:09:23.0595 2688 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:09:24.0116 2688 swenum - ok
13:09:24.0466 2688 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:09:24.0957 2688 swmidi - ok
13:09:25.0277 2688 symc810 - ok
13:09:25.0658 2688 symc8xx - ok
13:09:25.0958 2688 sym_hi - ok
13:09:26.0259 2688 sym_u3 - ok
13:09:26.0609 2688 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:09:27.0120 2688 sysaudio - ok
13:09:27.0460 2688 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys
13:09:27.0500 2688 tap0901t ( UnsignedFile.Multi.Generic ) - warning
13:09:27.0500 2688 tap0901t - detected UnsignedFile.Multi.Generic (1)
13:09:28.0011 2688 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:09:28.0352 2688 Tcpip - ok
13:09:28.0672 2688 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:09:29.0163 2688 TDPIPE - ok
13:09:29.0493 2688 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:09:29.0934 2688 TDTCP - ok
13:09:30.0274 2688 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:09:30.0775 2688 TermDD - ok
13:09:31.0116 2688 TosIde - ok
13:09:31.0566 2688 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:09:32.0157 2688 Udfs - ok
13:09:32.0458 2688 ultra - ok
13:09:32.0588 2688 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) D:\Programmi\Unlocker\UnlockerDriver5.sys
13:09:32.0618 2688 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
13:09:32.0618 2688 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
13:09:33.0119 2688 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:09:33.0689 2688 Update - ok
13:09:34.0070 2688 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
13:09:34.0310 2688 upperdev - ok
13:09:34.0711 2688 USBAAPL - ok
13:09:35.0051 2688 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:09:35.0502 2688 usbccgp - ok
13:09:35.0842 2688 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:09:36.0273 2688 usbehci - ok
13:09:36.0594 2688 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:09:37.0214 2688 usbhub - ok
13:09:37.0555 2688 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:09:38.0026 2688 usbohci - ok
13:09:38.0366 2688 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:09:38.0827 2688 usbprint - ok
13:09:39.0147 2688 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:09:39.0618 2688 usbscan - ok
13:09:39.0948 2688 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
13:09:40.0399 2688 usbser - ok
13:09:40.0709 2688 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
13:09:40.0990 2688 UsbserFilt - ok
13:09:41.0330 2688 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:09:41.0811 2688 usbstor - ok
13:09:42.0141 2688 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:09:42.0602 2688 usbuhci - ok
13:09:42.0943 2688 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
13:09:42.0983 2688 VComm ( UnsignedFile.Multi.Generic ) - warning
13:09:42.0983 2688 VComm - detected UnsignedFile.Multi.Generic (1)
13:09:43.0323 2688 VcommMgr (d1ddff84dc3060456c8bc0c47af8cbb2) C:\WINDOWS\system32\Drivers\VcommMgr.sys
13:09:43.0383 2688 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
13:09:43.0383 2688 VcommMgr - detected UnsignedFile.Multi.Generic (1)
13:09:43.0714 2688 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:09:44.0194 2688 VgaSave - ok
13:09:44.0545 2688 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:09:45.0006 2688 viaagp - ok
13:09:45.0316 2688 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:09:45.0767 2688 ViaIde - ok
13:09:46.0117 2688 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
13:09:46.0598 2688 VIAudio - ok
13:09:46.0958 2688 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
13:09:47.0389 2688 VolSnap - ok
13:09:47.0770 2688 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:09:48.0360 2688 Wanarp - ok
13:09:48.0871 2688 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:09:49.0051 2688 Wdf01000 - ok
13:09:49.0352 2688 WDICA - ok
13:09:49.0712 2688 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:09:50.0223 2688 wdmaud - ok
13:09:50.0834 2688 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:09:50.0964 2688 WpdUsb - ok
13:09:51.0325 2688 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:09:51.0385 2688 WSTCODEC - ok
13:09:51.0745 2688 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:09:51.0896 2688 WudfPf - ok
13:09:52.0316 2688 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:09:52.0366 2688 WudfRd - ok
13:09:52.0627 2688 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:09:52.0957 2688 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:09:52.0957 2688 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:09:52.0987 2688 Boot (0x1200) (b76b948459c27865afcc4cdd265d2e9d) \Device\Harddisk0\DR0\Partition0
13:09:52.0987 2688 \Device\Harddisk0\DR0\Partition0 - ok
13:09:53.0037 2688 Boot (0x1200) (6f446b014b7abb4cb99b713489da4184) \Device\Harddisk0\DR0\Partition1
13:09:53.0047 2688 \Device\Harddisk0\DR0\Partition1 - ok
13:09:53.0057 2688 ============================================================
13:09:53.0057 2688 Scan finished
13:09:53.0057 2688 ============================================================
13:09:53.0298 2116 Detected object count: 23
13:09:53.0298 2116 Actual detected object count: 23
13:10:24.0352 2116 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0352 2116 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0352 2116 BlueletSCOAudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0352 2116 BlueletSCOAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0382 2116 BT ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0382 2116 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0412 2116 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0412 2116 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0452 2116 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0452 2116 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0482 2116 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0482 2116 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0512 2116 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0512 2116 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0542 2116 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0542 2116 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0573 2116 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0573 2116 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0603 2116 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0603 2116 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0603 2116 nv ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0603 2116 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0633 2116 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0633 2116 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0673 2116 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0673 2116 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0703 2116 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0703 2116 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0733 2116 sfsync04 ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0733 2116 sfsync04 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0773 2116 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0773 2116 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0803 2116 speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0803 2116 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0843 2116 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:10:24.0843 2116 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:10:24.0873 2116 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0873 2116 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0873 2116 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0873 2116 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0903 2116 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0903 2116 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0933 2116 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:24.0933 2116 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:24.0963 2116 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:10:24.0963 2116 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Clicca per espandere...
 
Log:
Webroot AntiZeroAccess 0.8 Log File Execution time: 27/11/2011 - 19:13 Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3 19:13:58 - CheckSystem - Begin to check system... 19:13:58 - OpenRootDrive - Opening system root volume and physical drive.... 19:14:00 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x061A7927 sectors. 19:14:00 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 19:14:01 - InstallAndStartDriver - Main driver was installed and now is running. 19:14:01 - CheckSystem - Disk class driver state is OK. 19:14:13 - CheckFile - Unable to read "sptd.sys" file. CreateFile last eror: 0x00000020. 19:14:15 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 19:14:15 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 19:14:15 - Execution Ended!
Clicca per espandere...
 
Pubblicità
Pubblicità
Indietro
Top