Vai al contenuto

  • Connettiti con Facebook Log In with Google      Connettiti   
  • Registrati

Foto
- - - - -

Chiavette Usb Inaccessibili Con Doppio Click


  • Per cortesia connettiti per rispondere
11 risposte a questa discussione

#1 Paolo_1966

Paolo_1966

    Newbie

  • Members
  • Stelletta
  • 8 messaggi

Inviato 07 giugno 2009 - 12:15

Allora ragazzi ho un Acer Aspire 9424WSMi con sopra installato quale sistema operativo Microsoft Windows XP - Media Center Edition con service pack 2.
Ho anche alcune chiavette USB (quasi tutte della TDK tranne una Kingston) che uso per lavoro.
Il mio problema ่ questo : da un po' di tempo a questa parte non riesco pi๙ ad accedere al contenuto di tali chiavette USB con un semplice doppio click sull'icona della chiavetta da "Risorse del computer" (il doppio click pare non produrre alcun effetto), ma devo invece per forza usare il tasto destro e scegliere la voce "esplora" oppure all'Autoplay all'inserimento sempre della stessa la voce "Aprire cartella per visualizzare file".
Non che il problema mi stia sconvolgendo la vita.....:-) ma gradirei, se possibile, conoscere il perch่ di tutto ci๒ ed al limite, qualora fosse possibile, porvi rimedio.
Grazie anticipatamente della Vs preziosa collaborazione e consigli.

Saluti
Paolo

#2 astrus

astrus

    Advanced Member

  • Moderatore
  • StellettaStellettaStellettaStelletta
  • 200 messaggi

Inviato 07 giugno 2009 - 03:22

buon giorno Paolo, impostando la visualizzazione dei file nascosti da strumenti->Opzioni cartella-> scheda "Visualizzazione"->qui selezioni "Visualizza cartelle e file nascosti"->OK
Apri una delle chiavette che ti dเ il problema e controlla se presente un file nominato autorun.inf, in caso click destro e apri con blocco note.
Quindi riportane il contenuto
Not everything that can be counted counts, and not everything that counts can be counted. (Einstein)

#3 Paolo_1966

Paolo_1966

    Newbie

  • Members
  • Stelletta
  • 8 messaggi

Inviato 07 giugno 2009 - 06:20

Ecco fatto.....l'ho cercato ed ho fatto un bel copia ed incolla...te lo riporto qui sotto :

"[autorun]
open=driver\usb\†—–“อ€ŒŽ
action=Open
shell\open=Open
shell\open\command=driver\usb\†—–“อ€ŒŽ
Usb_Driver installed

Grazie anticipatamente e cordiali saluti
Paolo

#4 astrus

astrus

    Advanced Member

  • Moderatore
  • StellettaStellettaStellettaStelletta
  • 200 messaggi

Inviato 07 giugno 2009 - 07:18

Sembrano i postumi di un'infezione,si potrebbe dare una controllata. farei una scansione con combofix che puoi trovare QUI.
Una volta scaricato disattiva momentaneamente la protezione del tuo antivirus e scollegati da internet,quindi lanci combofix con la chiavetta inserita e gli lasci fare una scansione.
Al termine della scansione ti rilascerเ un file di testo con una piccola analisi del sistema,riportane il contenuto.
Not everything that can be counted counts, and not everything that counts can be counted. (Einstein)

#5 Paolo_1966

Paolo_1966

    Newbie

  • Members
  • Stelletta
  • 8 messaggi

Inviato 07 giugno 2009 - 10:01

Eccomi Astrus, ho appena eseguito tutto quello che tu mi hai chiesto. Ho disabilitato l'antivirus AVG Free 8.5 (il PC non era connesso alla rete Internet.
Ti fornisco il report di ComboFix :

ComboFix 09-06-07.01 - Ligia 07/06/2009 22.42.41.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2046.1640 [GMT 2:00]
Eseguito da: c:\documents and settings\Ligia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
I seguenti file sono stati disabilitati durante la scansione:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\WinPCap
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2009-05-07 al 2009-06-07 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 14:38 . 2009-05-04 14:38 -------- d-----w- c:\programmi\LowRateVoip
2009-04-11 12:50 . 2009-04-11 12:50 -------- d-----w- c:\documents and settings\Ligia\Dati applicazioni\Intel
2009-04-11 12:49 . 2009-04-11 12:49 188 ----a-w- c:\windows\system32\eDataSecurity.dat
2009-04-05 14:08 . 2009-04-05 14:08 0 ----a-w- c:\windows\nsreg.dat
2009-04-05 13:52 . 2009-04-05 13:52 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-05 13:52 . 2009-04-05 13:52 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-05 13:52 . 2009-04-05 13:52 325640 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-04-05 13:52 . 2007-02-27 12:50 27656 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-04-05 13:49 . 2009-04-05 13:48 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-04-05 13:49 . 2009-04-05 13:48 165216 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-04-05 13:49 . 2009-04-05 13:48 15688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-01-07 22:29 . 2009-04-26 10:06 73728 --sh--r- c:\windows\mmc32.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"ntiMUI"="c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7397376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-19 86016]
"LaunchAp"="c:\programmi\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"LManager"="c:\programmi\Launch Manager\HotkeyApp.exe" [2006-04-19 69632]
"CtrlVol"="c:\programmi\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\programmi\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\programmi\Launch Manager\Wbutton.exe" [2006-04-20 86016]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"LogitechCameraAssistant"="c:\programmi\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]
"LogitechVideo[inspector]"="c:\programmi\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-03-06 393728]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-10 57393]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-10 40960]
"SetDefPrt"="c:\programmi\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\programmi\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 933888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-05 1932568]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"WindowsLive"="mmc32.exe" - c:\windows\mmc32.exe [2009-01-07 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-1-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-05 13:52 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\LowRateVoip\\LowRateVoip.exe"=
"f:\\driver\\usb\\†—–“อ€ŒŽ"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/02/2009 9.56.31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/04/2009 15.52.51 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05/04/2009 15.52.52 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [05/04/2009 15.52.41 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/04/2009 15.52.41 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22.34.38 951632]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [06/11/2006 12.37.47 1097728]
S1 mailKmd;mailKmd; [x]
S3 USB_RNDIS_51;Conitech Modem Router ADSL 2/2+ Combo;c:\windows\system32\drivers\usb8023.sys [07/09/2004 5.00.00 12672]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:48]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-eLockMonitor - c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
SafeBoot-procexp90.Sys


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://it.intl.acer.yahoo.com/
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
TCP: {29277FAC-F4B1-470A-89E3-1E0AC88377F9} = 193.70.192.25,193.70.152.25
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 22:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(6844)
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\brsvc01a.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
c:\windows\system32\brss01a.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\eHome\ehRecvr.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-07 22.53.00 - Il pc ่ stato riavviato
ComboFix-quarantined-files.txt 2009-06-07 20:52

Pre-Run: 25.526.337.536 byte disponibili
Post-Run: 25.750.077.440 byte disponibili

201 --- E O F --- 2009-04-05 14:42


Buona serata ed ancora 1000 ringraziamenti per il tuo prezioso aiuto.
Saluti, Paolo

#6 astrus

astrus

    Advanced Member

  • Moderatore
  • StellettaStellettaStellettaStelletta
  • 200 messaggi

Inviato 08 giugno 2009 - 09:58

Buon d์ Paolo, scarica il file CFScript.txt che ti ho allegato e salvalo nella cartella in cui hai combofix.
Disconnettiti da internet e sempra a chiavetta inserita trascina il file CFScript sull'icona di combofix che dovrebbe ripartire per una nuova scansione,lasciagliela eseguire.
Al termine riavvia,se all'interno della chiavetta ่ ancora presente il file utorun.inf eliminalo, poi controlla se con la chiavetta hai sempre lo stesso problema.

Allega File(s)


Not everything that can be counted counts, and not everything that counts can be counted. (Einstein)

#7 Paolo_1966

Paolo_1966

    Newbie

  • Members
  • Stelletta
  • 8 messaggi

Inviato 08 giugno 2009 - 11:28

Grazie adesso provo!!! Volevo farti sapere cosa mi dice l'antivirus sia alla scansione di ognuna delle chiavette sia a quella dell'intero PC.

Con le chiavette :

E:\driver\usb\†—–“อ€ŒŽ
Win32:Spyware-gen [Trj]
Cavallo di Troia
090607-0, 07/06/2009




Con l'intero PC :

"Infezione";"Trojan IRC/BackDoor.SdBot4.KQI";"C:\WINDOWS\mmc32.exe";"";"07/06/2009, 23.37.38"
"Avviso";"Rilevata chiave del Registro di sistema con riferimento al file infetto C:\WINDOWS\mmc32.exe";"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsLive";"";"07/06/2009, 23.11.11"
"Infezione";"Trojan IRC/BackDoor.SdBot4.KQI";"C:\WINDOWS\mmc32.exe";"";"07/06/2009, 23.11.11"
"Infezione";"Trojan IRC/BackDoor.SdBot4.KQI";"C:\WINDOWS\mmc32.exe";"";"07/06/2009, 23.10.54"
"Infezione";"Trojan Generic_c.IKY";"C:\Documents and Settings\Ligia\Dati applicazioni\Sun\Java\Deployment\cache\6.0\43\7d3deceb-4dd809fa";"";"06/04/2009, 12.34.24"
"Avviso";"Rilevato Tracking cookie.Doubleclick";"C:\Documents and Settings\Ligia\Cookies\ligia@doubleclick[1].txt";"";"05/04/2009, 17.14.25"
"Avviso";"Rilevato Tracking cookie.Webtrends";"C:\Documents and Settings\Ligia\Cookies\ligia@m.webtrends[1].txt";"";"05/04/2009, 17.14.24"
"Infezione";"Virus rilevato SpySheriff";"C:\Documents and Settings\Ligia\Impostazioni locali\Temporary Internet Files\Content.IE5\JZR8LOBA\functions.js[1].php";"";"05/04/2009, 17.11.27"

Saluti ed ancora mille grz......Paolo

#8 astrus

astrus

    Advanced Member

  • Moderatore
  • StellettaStellettaStellettaStelletta
  • 200 messaggi

Inviato 08 giugno 2009 - 03:36

Conferma l'infezione, il file autorun.inf all'interno della chiavetta punta a driver\usb\†—–“อ€ŒŽ.
Al momento com'่ la situazione? Che operazioni hai eseguito?
Not everything that can be counted counts, and not everything that counts can be counted. (Einstein)

#9 Paolo_1966

Paolo_1966

    Newbie

  • Members
  • Stelletta
  • 8 messaggi

Inviato 08 giugno 2009 - 04:26

Allora ho eseguito alla lettera quanto da te richiestomi. Eccoti il report :

ComboFix 09-06-07.01 - Ligia 08/06/2009 16.56.01.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2046.1569 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Ligia\Desktop\ComboFix.exe
Opzioni usate :: C:\Documents and Settings\Ligia\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\mmc32.exe"
"f:\autorun.inf"
.
I seguenti file sono stati disabilitati durante la scansione:
C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-05-08 al 2009-06-08 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 07:12:42 . 2006-09-30 23:58:08 75346 ----a-w- C:\WINDOWS\system32\perfc010.dat
2009-06-08 07:12:42 . 2006-09-30 23:58:08 449362 ----a-w- C:\WINDOWS\system32\perfh010.dat
2009-05-04 14:38:16 . 2009-05-04 14:38:15 0 d-----w- C:\Programmi\LowRateVoip
2009-04-11 12:50:24 . 2009-04-11 12:50:22 0 d-----w- C:\Documents and Settings\Ligia\Dati applicazioni\Intel
2009-04-11 12:49:02 . 2009-04-11 12:49:00 188 ----a-w- C:\WINDOWS\system32\eDataSecurity.dat
2009-04-05 14:08:38 . 2009-04-05 14:08:37 0 ----a-w- C:\WINDOWS\nsreg.dat
2009-04-05 13:52:54 . 2009-04-05 13:52:53 10520 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2009-04-05 13:52:54 . 2009-04-05 13:52:52 108552 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2009-04-05 13:52:52 . 2009-04-05 13:52:51 325640 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2009-04-05 13:52:52 . 2007-02-27 12:50:27 27656 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2009-04-05 13:49:00 . 2009-04-05 13:48:59 25440 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-04-05 13:49:00 . 2009-04-05 13:48:58 165216 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-04-05 13:49:00 . 2009-04-05 13:48:58 15688 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-07_20.48.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 13:43:56 . 2009-06-08 13:43:58 16384 C:\WINDOWS\Temp\Perflib_Perfdata_f80.dat
+ 2009-06-08 15:11:53 . 2009-06-08 15:11:54 16384 C:\WINDOWS\Temp\Perflib_Perfdata_598.dat
- 2005-10-13 10:24:04 . 2007-07-27 07:41:38 26488 C:\WINDOWS\system32\spupdsvc.exe
+ 2005-10-13 10:24:04 . 2008-07-09 07:42:36 26488 C:\WINDOWS\system32\spupdsvc.exe
- 2007-01-31 09:16:03 . 2007-11-30 11:19:30 18808 C:\WINDOWS\system32\spmsg.dll
+ 2007-01-31 09:16:03 . 2008-07-09 07:42:34 18808 C:\WINDOWS\system32\spmsg.dll
+ 2004-09-07 03:00:00 . 2009-02-06 09:54:18 35328 C:\WINDOWS\system32\sc.exe
- 2006-09-30 23:58:08 . 2008-04-24 07:23:36 63350 C:\WINDOWS\system32\perfc009.dat
+ 2006-09-30 23:58:08 . 2009-06-08 07:12:42 63350 C:\WINDOWS\system32\perfc009.dat
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 91648 C:\WINDOWS\system32\mtxoci.dll
- 2004-09-07 03:00:00 . 2006-03-01 18:43:38 66560 C:\WINDOWS\system32\mtxclu.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 66560 C:\WINDOWS\system32\mtxclu.dll
- 2004-09-07 03:00:00 . 2004-09-07 03:00:00 58880 C:\WINDOWS\system32\msdtclog.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 58880 C:\WINDOWS\system32\msdtclog.dll
+ 2004-09-07 03:00:00 . 2009-02-06 09:54:18 35328 C:\WINDOWS\system32\dllcache\sc.exe
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 91648 C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 66560 C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2004-09-07 03:00:00 . 2006-03-01 18:43:38 66560 C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2004-09-07 03:00:00 . 2004-09-07 03:00:00 58880 C:\WINDOWS\system32\dllcache\msdtclog.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 58880 C:\WINDOWS\system32\dllcache\msdtclog.dll
+ 2004-09-07 03:00:00 . 2005-07-26 04:27:36 60416 C:\WINDOWS\system32\dllcache\colbact.dll
- 2004-09-07 03:00:00 . 2005-07-26 03:40:24 60416 C:\WINDOWS\system32\dllcache\colbact.dll
+ 2004-09-07 03:00:00 . 2005-07-26 04:27:36 60416 C:\WINDOWS\system32\colbact.dll
- 2004-09-07 03:00:00 . 2005-07-26 03:40:24 60416 C:\WINDOWS\system32\colbact.dll
+ 2009-06-08 01:01:17 . 2007-11-30 12:39:38 26488 C:\WINDOWS\$hf_mig$\KB960803\update\spcustom.dll
+ 2009-06-08 01:01:17 . 2007-11-30 12:39:40 18808 C:\WINDOWS\$hf_mig$\KB960803\spmsg.dll
+ 2009-06-08 01:01:54 . 2007-11-30 12:39:38 26488 C:\WINDOWS\$hf_mig$\KB952004\update\spcustom.dll
+ 2009-06-08 01:01:54 . 2007-11-30 12:39:40 18808 C:\WINDOWS\$hf_mig$\KB952004\spmsg.dll
+ 2008-06-12 14:09:17 . 2008-06-12 14:09:18 91648 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxoci.dll
+ 2008-06-12 14:09:17 . 2008-06-12 14:09:18 66560 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxclu.dll
+ 2008-06-12 14:09:16 . 2008-06-12 14:09:16 58880 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtclog.dll
+ 2008-06-12 14:21:26 . 2008-06-12 14:21:26 91648 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\mtxoci.dll
+ 2008-06-12 14:21:26 . 2008-06-12 14:21:26 66560 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\mtxclu.dll
+ 2008-06-12 14:21:26 . 2008-06-12 14:21:26 58880 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\msdtclog.dll
+ 2008-06-12 13:47:59 . 2008-06-12 13:48:00 91648 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\mtxoci.dll
+ 2008-06-12 13:47:59 . 2008-06-12 13:48:00 66560 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\mtxclu.dll
+ 2008-06-12 13:47:58 . 2008-06-12 13:47:58 58880 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\msdtclog.dll
+ 2006-02-07 15:26:16 . 2008-02-17 02:33:16 367104 C:\WINDOWS\system32\xpsp3res.dll
+ 2004-09-07 03:00:00 . 2008-12-16 12:47:50 351232 C:\WINDOWS\system32\winhttp.dll
- 2004-09-07 03:00:00 . 2004-09-07 03:00:00 351232 C:\WINDOWS\system32\winhttp.dll
+ 2004-09-07 03:00:00 . 2009-02-06 09:41:06 227840 C:\WINDOWS\system32\wbem\wmiprvse.exe
+ 2004-09-07 03:00:00 . 2009-02-10 16:32:40 453120 C:\WINDOWS\system32\wbem\wmiprvsd.dll
+ 2004-09-07 03:00:00 . 2009-02-09 10:02:40 473088 C:\WINDOWS\system32\wbem\fastprox.dll
+ 2004-09-07 03:00:00 . 2009-02-09 09:50:06 111104 C:\WINDOWS\system32\services.exe
+ 2004-09-07 03:00:00 . 2009-02-09 10:02:40 401408 C:\WINDOWS\system32\rpcss.dll
- 2006-09-30 23:58:08 . 2008-04-24 07:23:36 402740 C:\WINDOWS\system32\perfh009.dat
+ 2006-09-30 23:58:08 . 2009-06-08 07:12:42 402740 C:\WINDOWS\system32\perfh009.dat
+ 2004-09-07 03:00:00 . 2009-03-06 13:59:52 286208 C:\WINDOWS\system32\pdh.dll
+ 2004-09-07 03:00:00 . 2009-02-09 10:02:40 736768 C:\WINDOWS\system32\ntdll.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 161792 C:\WINDOWS\system32\msdtcuiu.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 956928 C:\WINDOWS\system32\msdtctm.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 428032 C:\WINDOWS\system32\msdtcprx.dll
+ 2004-09-07 03:00:00 . 2009-02-09 10:02:40 734208 C:\WINDOWS\system32\lsasrv.dll
+ 2004-09-07 03:00:00 . 2008-04-21 21:26:38 219136 C:\WINDOWS\system32\dllcache\wordpad.exe
+ 2004-09-07 03:00:00 . 2009-02-06 09:41:06 227840 C:\WINDOWS\system32\dllcache\wmiprvse.exe
+ 2004-09-07 03:00:00 . 2009-02-10 16:32:40 453120 C:\WINDOWS\system32\dllcache\wmiprvsd.dll
- 2004-09-07 05:00:00 . 2004-09-07 05:00:00 351232 C:\WINDOWS\system32\dllcache\winhttp.dll
+ 2004-09-07 05:00:00 . 2008-12-16 12:47:50 351232 C:\WINDOWS\system32\dllcache\winhttp.dll
+ 2004-09-07 05:00:00 . 2009-02-09 09:50:06 111104 C:\WINDOWS\system32\dllcache\services.exe
+ 2004-09-07 05:00:00 . 2009-02-09 10:02:40 401408 C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2004-09-07 03:00:00 . 2009-03-06 13:59:52 286208 C:\WINDOWS\system32\dllcache\pdh.dll
+ 2004-09-07 05:00:00 . 2009-02-09 10:02:40 736768 C:\WINDOWS\system32\dllcache\ntdll.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 161792 C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 956928 C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2004-09-07 03:00:00 . 2008-06-12 14:16:44 428032 C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2004-09-07 05:00:00 . 2009-02-09 10:02:40 734208 C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2004-09-07 03:00:00 . 2009-02-09 10:02:40 473088 C:\WINDOWS\system32\dllcache\fastprox.dll
+ 2004-09-07 05:00:00 . 2009-02-09 10:02:40 684032 C:\WINDOWS\system32\dllcache\advapi32.dll
+ 2004-09-07 03:00:00 . 2009-02-09 10:02:40 684032 C:\WINDOWS\system32\advapi32.dll
+ 2009-06-08 01:01:17 . 2007-11-30 12:39:40 402296 C:\WINDOWS\$hf_mig$\KB960803\update\updspapi.dll
+ 2009-06-08 01:01:17 . 2007-11-30 12:39:40 763768 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe
+ 2009-06-08 01:01:17 . 2007-11-30 12:39:40 233848 C:\WINDOWS\$hf_mig$\KB960803\spuninst.exe
+ 2008-12-16 12:23:05 . 2008-12-16 12:23:06 354304 C:\WINDOWS\$hf_mig$\KB960803\SP3QFE\winhttp.dll
+ 2008-12-16 12:30:23 . 2008-12-16 12:30:24 354304 C:\WINDOWS\$hf_mig$\KB960803\SP3GDR\winhttp.dll
+ 2008-12-16 12:39:00 . 2008-12-16 12:39:00 354304 C:\WINDOWS\$hf_mig$\KB960803\SP2QFE\winhttp.dll
+ 2009-06-08 01:01:54 . 2007-11-30 12:39:38 402296 C:\WINDOWS\$hf_mig$\KB952004\update\updspapi.dll
+ 2009-06-08 01:01:54 . 2007-11-30 12:39:38 763768 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe
+ 2009-06-08 01:01:54 . 2007-11-30 12:39:40 233848 C:\WINDOWS\$hf_mig$\KB952004\spuninst.exe
+ 2008-06-12 14:09:16 . 2008-06-12 14:09:16 161792 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll
+ 2008-06-12 14:09:16 . 2008-06-12 14:09:16 956928 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtctm.dll
+ 2008-06-12 14:09:16 . 2008-06-12 14:09:16 428032 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll
+ 2008-06-12 14:21:26 . 2008-06-12 14:21:26 161792 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\msdtcuiu.dll
+ 2008-06-12 14:21:26 . 2008-06-12 14:21:26 956928 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\msdtctm.dll
+ 2008-06-12 14:21:26 . 2008-06-12 14:21:26 428032 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\msdtcprx.dll
+ 2008-06-12 13:47:59 . 2008-06-12 13:48:00 161792 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\msdtcuiu.dll
+ 2008-06-12 13:47:59 . 2008-06-12 13:48:00 956928 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\msdtctm.dll
+ 2008-06-12 13:47:58 . 2008-06-12 13:47:58 428032 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\msdtcprx.dll
- 2005-09-29 18:27:40 . 2008-08-14 12:37:10 2146304 C:\WINDOWS\system32\ntoskrnl.exe
+ 2005-09-29 18:27:40 . 2009-02-09 11:41:14 2146304 C:\WINDOWS\system32\ntoskrnl.exe
- 2005-09-29 18:28:30 . 2008-08-14 12:37:08 2024448 C:\WINDOWS\system32\ntkrnlpa.exe
+ 2005-09-29 18:28:30 . 2009-02-09 11:41:26 2024448 C:\WINDOWS\system32\ntkrnlpa.exe
+ 2006-12-19 17:44:48 . 2009-02-09 11:41:12 2189824 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2006-12-19 17:44:37 . 2008-08-14 12:37:08 2024448 C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 17:44:37 . 2009-02-09 11:41:26 2024448 C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 17:44:52 . 2009-02-09 11:41:22 2066688 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 17:44:52 . 2008-08-14 12:37:14 2066688 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 17:44:40 . 2009-02-09 11:41:14 2146304 C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2006-12-19 17:44:40 . 2008-08-14 12:37:10 2146304 C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2005-09-29 18:28:36 . 2009-02-09 11:41:12 2189824 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2005-09-29 18:28:30 . 2008-08-14 12:37:08 2024448 C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2005-09-29 18:28:30 . 2009-02-09 11:41:26 2024448 C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2005-09-29 18:27:54 . 2008-08-14 12:37:14 2066688 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2005-09-29 18:27:54 . 2009-02-09 11:41:22 2066688 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2005-09-29 18:27:40 . 2009-02-09 11:41:14 2146304 C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2005-09-29 18:27:40 . 2008-08-14 12:37:10 2146304 C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 03:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 20:40:06 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 15:09:52 32768]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 14:32:58 761945]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 18:51:54 53248]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 15:15:08 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 03:00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 03:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 03:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 03:00:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 07:43:00 7397376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-19 07:43:00 86016]
"LaunchAp"="C:\Programmi\Launch Manager\LaunchAp.exe" [2005-07-25 11:36:40 32768]
"LManager"="C:\Programmi\Launch Manager\HotkeyApp.exe" [2006-04-19 13:08:08 69632]
"CtrlVol"="C:\Programmi\Launch Manager\CtrlVol.exe" [2003-09-16 12:28:26 20480]
"LMgrOSD"="C:\Programmi\Launch Manager\OSDCtrl.exe" [2005-07-25 08:45:00 241664]
"Wbutton"="C:\Programmi\Launch Manager\Wbutton.exe" [2006-04-20 07:23:58 86016]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 13:00:50 345088]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 16:47:56 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 20:12:24 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 14:39:28 204800]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 12:40:54 413696]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 08:39:54 225280]
"LogitechCameraAssistant"="C:\Programmi\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 13:47:48 331776]
"LogitechVideo[inspector]"="C:\Programmi\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55:20 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 16:22:22 262144]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-03-06 15:01:58 393728]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 02:00:36 132496]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 08:22:30 155648]
"PaperPort PTD"="C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-10 23:01:42 57393]
"IndexSearch"="C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-10 23:28:24 40960]
"SetDefPrt"="C:\Programmi\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 16:02:22 49152]
"ControlCenter2.0"="C:\Programmi\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 19:36:10 933888]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-04-05 13:52:42 1932568]
"AGRSMMSG"="AGRSMMSG.exe" - C:\WINDOWS\AGRSMMSG.exe [2005-12-12 12:50:02 88204]
"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2006-07-21 15:56:38 16261632]
"SkyTel"="SkyTel.EXE" - C:\WINDOWS\SkyTel.exe [2006-05-16 17:04:26 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 03:00:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-1-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-05 13:52:54 10520 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Programmi\\LowRateVoip\\LowRateVoip.exe"=

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [14/02/2009 9.56.31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [05/04/2009 15.52.51 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [05/04/2009 15.52.52 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [05/04/2009 15.52.41 908056]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [05/04/2009 15.52.41 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22.34.38 951632]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\drivers\lv321av.sys [06/11/2006 12.37.47 1097728]
S1 mailKmd;mailKmd; [x]
S3 USB_RNDIS_51;Conitech Modem Router ADSL 2/2+ Combo;C:\WINDOWS\system32\drivers\usb8023.sys [07/09/2004 5.00.00 12672]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-08 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 20:34:48 . 2009-04-05 13:48:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://it.intl.acer.yahoo.com/
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
TCP: {29277FAC-F4B1-470A-89E3-1E0AC88377F9} = 193.70.192.25,193.70.152.25
FF - ProfilePath -
.


Fammi sapere cosa ne pensi, cordiali saluti.
Paolo

#10 Paolo_1966

Paolo_1966

    Newbie

  • Members
  • Stelletta
  • 8 messaggi

Inviato 08 giugno 2009 - 04:28

Subito dopo il report mi ha dato anche questo log :

ComboFix 09-06-07.01 - Ligia 08/06/2009 16.56.01.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2046.1569 [GMT 2:00]
Eseguito da: c:\documents and settings\Ligia\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Ligia\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\mmc32.exe"
"f:\autorun.inf"
.
I seguenti file sono stati disabilitati durante la scansione:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-05-08 al 2009-06-08 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 07:12 . 2006-09-30 23:58 75346 ----a-w- c:\windows\system32\perfc010.dat
2009-06-08 07:12 . 2006-09-30 23:58 449362 ----a-w- c:\windows\system32\perfh010.dat
2009-05-04 14:38 . 2009-05-04 14:38 -------- d-----w- c:\programmi\LowRateVoip
2009-04-11 12:50 . 2009-04-11 12:50 -------- d-----w- c:\documents and settings\Ligia\Dati applicazioni\Intel
2009-04-11 12:49 . 2009-04-11 12:49 188 ----a-w- c:\windows\system32\eDataSecurity.dat
2009-04-05 14:08 . 2009-04-05 14:08 0 ----a-w- c:\windows\nsreg.dat
2009-04-05 13:52 . 2009-04-05 13:52 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-05 13:52 . 2009-04-05 13:52 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-05 13:52 . 2009-04-05 13:52 325640 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-04-05 13:52 . 2007-02-27 12:50 27656 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-04-05 13:49 . 2009-04-05 13:48 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-04-05 13:49 . 2009-04-05 13:48 165216 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-04-05 13:49 . 2009-04-05 13:48 15688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-07_20.48.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 13:43 . 2009-06-08 13:43 16384 c:\windows\Temp\Perflib_Perfdata_f80.dat
+ 2009-06-08 15:11 . 2009-06-08 15:11 16384 c:\windows\Temp\Perflib_Perfdata_598.dat
- 2005-10-13 10:24 . 2007-07-27 07:41 26488 c:\windows\system32\spupdsvc.exe
+ 2005-10-13 10:24 . 2008-07-09 07:42 26488 c:\windows\system32\spupdsvc.exe
- 2007-01-31 09:16 . 2007-11-30 11:19 18808 c:\windows\system32\spmsg.dll
+ 2007-01-31 09:16 . 2008-07-09 07:42 18808 c:\windows\system32\spmsg.dll
+ 2004-09-07 03:00 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe
- 2006-09-30 23:58 . 2008-04-24 07:23 63350 c:\windows\system32\perfc009.dat
+ 2006-09-30 23:58 . 2009-06-08 07:12 63350 c:\windows\system32\perfc009.dat
+ 2004-09-07 03:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-09-07 03:00 . 2006-03-01 18:43 66560 c:\windows\system32\mtxclu.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-09-07 03:00 . 2004-09-07 03:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2004-09-07 03:00 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-09-07 03:00 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-09-07 03:00 . 2006-03-01 18:43 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-09-07 03:00 . 2004-09-07 03:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-09-07 03:00 . 2005-07-26 04:27 60416 c:\windows\system32\dllcache\colbact.dll
- 2004-09-07 03:00 . 2005-07-26 03:40 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-09-07 03:00 . 2005-07-26 04:27 60416 c:\windows\system32\colbact.dll
- 2004-09-07 03:00 . 2005-07-26 03:40 60416 c:\windows\system32\colbact.dll
+ 2009-06-08 01:01 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB960803\update\spcustom.dll
+ 2009-06-08 01:01 . 2007-11-30 12:39 18808 c:\windows\$hf_mig$\KB960803\spmsg.dll
+ 2009-06-08 01:01 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952004\update\spcustom.dll
+ 2009-06-08 01:01 . 2007-11-30 12:39 18808 c:\windows\$hf_mig$\KB952004\spmsg.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 91648 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxoci.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 66560 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxclu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 58880 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtclog.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 91648 c:\windows\$hf_mig$\KB952004\SP3GDR\mtxoci.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 66560 c:\windows\$hf_mig$\KB952004\SP3GDR\mtxclu.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 58880 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtclog.dll
+ 2008-06-12 13:47 . 2008-06-12 13:48 91648 c:\windows\$hf_mig$\KB952004\SP2QFE\mtxoci.dll
+ 2008-06-12 13:47 . 2008-06-12 13:48 66560 c:\windows\$hf_mig$\KB952004\SP2QFE\mtxclu.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 58880 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtclog.dll
+ 2006-02-07 15:26 . 2008-02-17 02:33 367104 c:\windows\system32\xpsp3res.dll
+ 2004-09-07 03:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-09-07 03:00 . 2004-09-07 03:00 351232 c:\windows\system32\winhttp.dll
+ 2004-09-07 03:00 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-09-07 03:00 . 2009-02-10 16:32 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-09-07 03:00 . 2009-02-09 10:02 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-09-07 03:00 . 2009-02-09 09:50 111104 c:\windows\system32\services.exe
+ 2004-09-07 03:00 . 2009-02-09 10:02 401408 c:\windows\system32\rpcss.dll
- 2006-09-30 23:58 . 2008-04-24 07:23 402740 c:\windows\system32\perfh009.dat
+ 2006-09-30 23:58 . 2009-06-08 07:12 402740 c:\windows\system32\perfh009.dat
+ 2004-09-07 03:00 . 2009-03-06 13:59 286208 c:\windows\system32\pdh.dll
+ 2004-09-07 03:00 . 2009-02-09 10:02 736768 c:\windows\system32\ntdll.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-09-07 03:00 . 2009-02-09 10:02 734208 c:\windows\system32\lsasrv.dll
+ 2004-09-07 03:00 . 2008-04-21 21:26 219136 c:\windows\system32\dllcache\wordpad.exe
+ 2004-09-07 03:00 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2004-09-07 03:00 . 2009-02-10 16:32 453120 c:\windows\system32\dllcache\wmiprvsd.dll
- 2004-09-07 05:00 . 2004-09-07 05:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-09-07 05:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-09-07 05:00 . 2009-02-09 09:50 111104 c:\windows\system32\dllcache\services.exe
+ 2004-09-07 05:00 . 2009-02-09 10:02 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2004-09-07 03:00 . 2009-03-06 13:59 286208 c:\windows\system32\dllcache\pdh.dll
+ 2004-09-07 05:00 . 2009-02-09 10:02 736768 c:\windows\system32\dllcache\ntdll.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-09-07 03:00 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-09-07 05:00 . 2009-02-09 10:02 734208 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-09-07 03:00 . 2009-02-09 10:02 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-09-07 05:00 . 2009-02-09 10:02 684032 c:\windows\system32\dllcache\advapi32.dll
+ 2004-09-07 03:00 . 2009-02-09 10:02 684032 c:\windows\system32\advapi32.dll
+ 2009-06-08 01:01 . 2007-11-30 12:39 402296 c:\windows\$hf_mig$\KB960803\update\updspapi.dll
+ 2009-06-08 01:01 . 2007-11-30 12:39 763768 c:\windows\$hf_mig$\KB960803\update\update.exe
+ 2009-06-08 01:01 . 2007-11-30 12:39 233848 c:\windows\$hf_mig$\KB960803\spuninst.exe
+ 2008-12-16 12:23 . 2008-12-16 12:23 354304 c:\windows\$hf_mig$\KB960803\SP3QFE\winhttp.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\$hf_mig$\KB960803\SP3GDR\winhttp.dll
+ 2008-12-16 12:39 . 2008-12-16 12:39 354304 c:\windows\$hf_mig$\KB960803\SP2QFE\winhttp.dll
+ 2009-06-08 01:01 . 2007-11-30 12:39 402296 c:\windows\$hf_mig$\KB952004\update\updspapi.dll
+ 2009-06-08 01:01 . 2007-11-30 12:39 763768 c:\windows\$hf_mig$\KB952004\update\update.exe
+ 2009-06-08 01:01 . 2007-11-30 12:39 233848 c:\windows\$hf_mig$\KB952004\spuninst.exe
+ 2008-06-12 14:09 . 2008-06-12 14:09 161792 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 956928 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtctm.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 428032 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 161792 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtcuiu.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 956928 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtctm.dll
+ 2008-06-12 14:21 . 2008-06-12 14:21 428032 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtcprx.dll
+ 2008-06-12 13:47 . 2008-06-12 13:48 161792 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtcuiu.dll
+ 2008-06-12 13:47 . 2008-06-12 13:48 956928 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtctm.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 428032 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtcprx.dll
- 2005-09-29 18:27 . 2008-08-14 12:37 2146304 c:\windows\system32\ntoskrnl.exe
+ 2005-09-29 18:27 . 2009-02-09 11:41 2146304 c:\windows\system32\ntoskrnl.exe
- 2005-09-29 18:28 . 2008-08-14 12:37 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2005-09-29 18:28 . 2009-02-09 11:41 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2006-12-19 17:44 . 2009-02-09 11:41 2189824 c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-12-19 17:44 . 2008-08-14 12:37 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 17:44 . 2009-02-09 11:41 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 17:44 . 2009-02-09 11:41 2066688 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 17:44 . 2008-08-14 12:37 2066688 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 17:44 . 2009-02-09 11:41 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2006-12-19 17:44 . 2008-08-14 12:37 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2005-09-29 18:28 . 2009-02-09 11:41 2189824 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-09-29 18:28 . 2008-08-14 12:37 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-09-29 18:28 . 2009-02-09 11:41 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-09-29 18:27 . 2008-08-14 12:37 2066688 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-09-29 18:27 . 2009-02-09 11:41 2066688 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-09-29 18:27 . 2009-02-09 11:41 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2005-09-29 18:27 . 2008-08-14 12:37 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"ntiMUI"="c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7397376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-19 86016]
"LaunchAp"="c:\programmi\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"LManager"="c:\programmi\Launch Manager\HotkeyApp.exe" [2006-04-19 69632]
"CtrlVol"="c:\programmi\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\programmi\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\programmi\Launch Manager\Wbutton.exe" [2006-04-20 86016]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"LogitechCameraAssistant"="c:\programmi\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]
"LogitechVideo[inspector]"="c:\programmi\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-03-06 393728]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-10 57393]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-10 40960]
"SetDefPrt"="c:\programmi\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\programmi\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 933888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-05 1932568]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-1-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-05 13:52 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\LowRateVoip\\LowRateVoip.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/02/2009 9.56.31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/04/2009 15.52.51 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05/04/2009 15.52.52 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [05/04/2009 15.52.41 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/04/2009 15.52.41 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22.34.38 951632]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [06/11/2006 12.37.47 1097728]
S1 mailKmd;mailKmd; [x]
S3 USB_RNDIS_51;Conitech Modem Router ADSL 2/2+ Combo;c:\windows\system32\drivers\usb8023.sys [07/09/2004 5.00.00 12672]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:48]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://it.intl.acer.yahoo.com/
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
TCP: {29277FAC-F4B1-470A-89E3-1E0AC88377F9} = 193.70.192.25,193.70.152.25
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 17:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(7144)
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\browselc.dll
c:\programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\brsvc01a.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
c:\windows\system32\brss01a.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\eHome\ehRecvr.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-06-08 17.17.06 - Il pc ่ stato riavviato
ComboFix-quarantined-files.txt 2009-06-08 15:17
ComboFix2.txt 2009-06-07 20:53

Pre-Run: 25.474.301.952 byte disponibili
Post-Run: 25.456.934.912 byte disponibili

296 --- E O F --- 2009-06-08 01:03


Buona serata, Paolo

p.s. cmq ora la chiavetta si apre finalmente con un semplice doppio click, tutto sembra essere tornato alla normalitเ.
Ancora 1000 grazie!!!!

#11 astrus

astrus

    Advanced Member

  • Moderatore
  • StellettaStellettaStellettaStelletta
  • 200 messaggi

Inviato 08 giugno 2009 - 06:41

dal log di combofix non risulta nient'altro di "anomalo"
Not everything that can be counted counts, and not everything that counts can be counted. (Einstein)

#12 Paolo_1966

Paolo_1966

    Newbie

  • Members
  • Stelletta
  • 8 messaggi

Inviato 09 giugno 2009 - 10:12

Grazie ancora infinitamente x il tuo preziosissimo aiuto!!!

Cordiali saluti
Paolo




0 utente(i) stanno leggendo questa discussione

0 utenti, 0 ospiti, 0 utenti anonimi