Condividi:        

rootkit o virus wcescomm.exe

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: m.paolo, antoo69, -> EleKtrA <-

rootkit o virus wcescomm.exe

Postdi fabio85 » 27/09/12 10:43

Salve a tutti, sono Fabio e ho un grosso problema con questa bestia di virus o quello che che è. Ho provato ad entrare in modalità provvisoria ma me lo impedisce. Il malware in questione si avvia sempre in automatico con il pc e non posso evitarlo neanche da msconfig. Sembra che possegga i privilegi di amministratore di sistema! ho fatto una scansione completa con avira ma non trova nulla. Dato che il pc non si connette dal 10 settembre ho aggiornato l'antivir manualmente ma non trova nulla. Premetto che non voglio dover formattare, cosa posso fare per uccidere questo programma maligno?
Il percorso che mi indica glary utilities è: f:\programmi\microsoft activesync\wcescomm.exe
tra l'altro activesync l'ho eliminato.
Come nome indica H\PC Connection Agent (malwarebytes anti-malware)
Vi prego aiutatemi! Potete contattarmi anche sulla mail.
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Sponsor
 

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 27/09/12 11:46

ho provato combofix ma mi da una serie di errori e non parte la sua scansione. Sono sempre più disperato...
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi FrancescoFDAC » 27/09/12 13:04

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, ha nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione

Scarica OTL By OldTimer: http://oldtimer.geekstogo.com/OTL.exe
● posiziona il tool scaricato sul Desktop
● doppio click sull'icona del programma per avviarlo
● metti il segno di spunta a Scan All Users
● clicca sul bottone Quick Scan
● attendi pazientemente la fine della scansione
● alla fine della scansione, verranno generati 2 logs: allegali
OTListIt.txt (aperto)
Extra.txt (minimizzato)
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 27/09/12 13:59

Ti ringrazio da subito. Per ora ho agito con hijackthis e questo è il log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.13.26, on 27/09/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
F:\Programmi\Sandboxie\SbieSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\Avira\AntiVir Desktop\sched.exe
F:\Programmi\Avira\AntiVir Desktop\avguard.exe
F:\Programmi\Avira\AntiVir Desktop\avshadow.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Avira\AntiVir Desktop\avgnt.exe
F:\WINDOWS\system32\dllhost.exe
F:\Documents and Settings\USER\Desktop\HijackThis.exe
F:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programmi\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "F:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "F:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-21-1390067357-261478967-839522115-1003\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-1390067357-261478967-839522115-1009\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1390067357-261478967-839522115-1009\..\RunOnce: [NeroHomeFirstStart] F:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (User '?')
O8 - Extra context menu item: &Search - ?p=ZUxdm266YYIT
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://F:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - F:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {63BAECA2-9E3C-45DE-B2B1-BBC5FA99958E} (MCCWrapperObj Class) - http://aiuto.alice.it/ata/static/instal ... _4-1-5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://aiuto.alice.it/ata/static/instal ... er_6.6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: F:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - F:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - F:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - F:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - F:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia - F:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 7602 bytes


Ora opero con i tuoi tool
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi FrancescoFDAC » 27/09/12 14:05

Chiariamo fin da subito che se non richiedo il log di Hijackthis non serve che tu lo esegua!

Attendo i log.

Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 27/09/12 14:32

FrancescoFDAC ha scritto:Chiariamo fin da subito che se non richiedo il log di Hijackthis non serve che tu lo esegua!

Attendo i log.

Francesco

Ok Francesco, solo quello che hai chiesto. Non so come si allega su questo forum quindi ti posto i risultati.

15:26:21.0203 3148 SetPrivileges failed!
15:26:21.0203 3148 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:26:21.0218 3148 ============================================================
15:26:21.0218 3148 Current date / time: 2012/09/27 15:26:21.0218
15:26:21.0218 3148 SystemInfo:
15:26:21.0218 3148
15:26:21.0218 3148 OS Version: 5.1.2600 ServicePack: 2.0
15:26:21.0218 3148 Product type: Workstation
15:26:21.0218 3148 ComputerName: UTENTE-8F489A77
15:26:21.0218 3148 UserName: USER
15:26:21.0218 3148 Windows directory: F:\WINDOWS
15:26:21.0218 3148 System windows directory: F:\WINDOWS
15:26:21.0218 3148 Processor architecture: Intel x86
15:26:21.0218 3148 Number of processors: 2
15:26:21.0218 3148 Page size: 0x1000
15:26:21.0218 3148 Boot type: Normal boot
15:26:21.0218 3148 ============================================================
15:26:23.0937 3148 !crdlk
15:26:23.0953 3148 Initialize success
15:26:23.0953 3148 ============================================================
15:26:25.0359 3176 ============================================================
15:26:25.0359 3176 Scan started
15:26:25.0359 3176 Mode: Manual;
15:26:25.0359 3176 ============================================================
15:26:25.0656 3176 ================ Scan system memory ========================
15:26:25.0656 3176 System memory - ok
15:26:25.0671 3176 ================ Scan services =============================
15:26:25.0796 3176 Abiosdsk - ok
15:26:25.0828 3176 abp480n5 - ok
15:26:25.0906 3176 ACPI - ok
15:26:25.0968 3176 ACPIEC - ok
15:26:26.0015 3176 AdobeFlashPlayerUpdateSvc - ok
15:26:26.0046 3176 adpu160m - ok
15:26:26.0078 3176 aec - ok
15:26:26.0171 3176 AFD - ok
15:26:26.0437 3176 Aha154x - ok
15:26:26.0484 3176 aic78u2 - ok
15:26:26.0531 3176 aic78xx - ok
15:26:26.0578 3176 Alerter - ok
15:26:26.0640 3176 ALG - ok
15:26:26.0671 3176 AliIde - ok
15:26:26.0718 3176 Ambfilt - ok
15:26:26.0750 3176 amsint - ok
15:26:26.0812 3176 AntiVirScheduler - ok
15:26:26.0843 3176 AntiVirService - ok
15:26:26.0937 3176 AppMgmt - ok
15:26:26.0984 3176 asc - ok
15:26:27.0031 3176 asc3350p - ok
15:26:27.0078 3176 asc3550 - ok
15:26:27.0187 3176 Aspi32 - ok
15:26:27.0250 3176 aspnet_state - ok
15:26:27.0296 3176 asuskbnt - ok
15:26:27.0312 3176 AsyncMac - ok
15:26:27.0375 3176 atapi - ok
15:26:27.0437 3176 Atdisk - ok
15:26:27.0484 3176 ATKKeyboardService - ok
15:26:27.0546 3176 Atmarpc - ok
15:26:27.0578 3176 AudioSrv - ok
15:26:27.0625 3176 audstub - ok
15:26:27.0671 3176 avgio - ok
15:26:27.0734 3176 avgntflt - ok
15:26:27.0781 3176 avipbb - ok
15:26:27.0828 3176 Beep - ok
15:26:27.0890 3176 BITS - ok
15:26:27.0953 3176 Browser - ok
15:26:27.0984 3176 cbidf2k - ok
15:26:28.0046 3176 cd20xrnt - ok
15:26:28.0093 3176 Cdaudio - ok
15:26:28.0156 3176 Cdfs - ok
15:26:28.0218 3176 Cdrom - ok
15:26:28.0265 3176 Changer - ok
15:26:28.0312 3176 CiSvc - ok
15:26:28.0375 3176 ClipSrv - ok
15:26:28.0421 3176 clr_optimization_v2.0.50727_32 - ok
15:26:28.0484 3176 cmdAgent - ok
15:26:28.0515 3176 cmdGuard - ok
15:26:28.0578 3176 cmdHlp - ok
15:26:28.0625 3176 CmdIde - ok
15:26:28.0671 3176 COMSysApp - ok
15:26:28.0765 3176 Cpqarray - ok
15:26:28.0828 3176 CryptSvc - ok
15:26:28.0859 3176 dac2w2k - ok
15:26:28.0906 3176 dac960nt - ok
15:26:28.0953 3176 DcCam - ok
15:26:29.0015 3176 DcFpoint - ok
15:26:29.0062 3176 DCFS2K - ok
15:26:29.0078 3176 DcLps - ok
15:26:29.0125 3176 DcomLaunch - ok
15:26:29.0187 3176 DcPTP - ok
15:26:29.0218 3176 Dhcp - ok
15:26:29.0265 3176 Disk - ok
15:26:29.0312 3176 dmadmin - ok
15:26:29.0359 3176 dmboot - ok
15:26:29.0421 3176 dmio - ok
15:26:29.0484 3176 dmload - ok
15:26:29.0546 3176 dmserver - ok
15:26:29.0593 3176 DMusic - ok
15:26:29.0625 3176 Dnscache - ok
15:26:29.0671 3176 dpti2o - ok
15:26:29.0750 3176 drmkaud - ok
15:26:29.0765 3176 EIO - ok
15:26:29.0812 3176 EPSONStatusAgent2 - ok
15:26:29.0875 3176 ERSvc - ok
15:26:29.0906 3176 Eventlog - ok
15:26:29.0953 3176 EventSystem - ok
15:26:30.0031 3176 Exportit - ok
15:26:30.0093 3176 Fastfat - ok
15:26:30.0140 3176 FastUserSwitchingCompatibility - ok
15:26:30.0187 3176 Fdc - ok
15:26:30.0218 3176 FETNDIS - ok
15:26:30.0281 3176 FETNDISB - ok
15:26:30.0328 3176 Fips - ok
15:26:30.0359 3176 Flpydisk - ok
15:26:30.0421 3176 FltMgr - ok
15:26:30.0468 3176 FontCache3.0.0.0 - ok
15:26:30.0500 3176 Fs_Rec - ok
15:26:30.0562 3176 Ftdisk - ok
15:26:30.0609 3176 gameenum - ok
15:26:30.0640 3176 Gpc - ok
15:26:30.0703 3176 gusvc - ok
15:26:30.0750 3176 HDAudBus - ok
15:26:30.0812 3176 helpsvc - ok
15:26:30.0875 3176 HidServ - ok
15:26:30.0906 3176 HidUsb - ok
15:26:30.0953 3176 hpn - ok
15:26:31.0000 3176 HTTP - ok
15:26:31.0062 3176 HTTPFilter - ok
15:26:31.0093 3176 i2omgmt - ok
15:26:31.0140 3176 i2omp - ok
15:26:31.0171 3176 i8042prt - ok
15:26:31.0203 3176 IDriverT - ok
15:26:31.0250 3176 idsvc - ok
15:26:31.0296 3176 Imapi - ok
15:26:31.0328 3176 ImapiService - ok
15:26:31.0390 3176 ini910u - ok
15:26:31.0453 3176 Inspect - ok
15:26:31.0484 3176 IntcAzAudAddService - ok
15:26:31.0515 3176 IntelIde - ok
15:26:31.0562 3176 intelppm - ok
15:26:31.0593 3176 Ip6Fw - ok
15:26:31.0625 3176 IpFilterDriver - ok
15:26:31.0671 3176 IpInIp - ok
15:26:31.0703 3176 IpNat - ok
15:26:31.0750 3176 IPSec - ok
15:26:31.0781 3176 irda - ok
15:26:31.0828 3176 IRENUM - ok
15:26:31.0859 3176 Irmon - ok
15:26:31.0890 3176 irsir - ok
15:26:31.0953 3176 isapnp - ok
15:26:31.0984 3176 JavaQuickStarterService - ok
15:26:32.0031 3176 Kbdclass - ok
15:26:32.0093 3176 kmixer - ok
15:26:32.0140 3176 KodakCCS - ok
15:26:32.0171 3176 KSecDD - ok
15:26:32.0218 3176 lanmanserver - ok
15:26:32.0250 3176 lanmanworkstation - ok
15:26:32.0296 3176 lbrtfdc - ok
15:26:32.0390 3176 LmHosts - ok
15:26:32.0421 3176 MBAMProtector - ok
15:26:32.0453 3176 MBAMService - ok
15:26:32.0500 3176 McciCMService - ok
15:26:32.0531 3176 Messenger - ok
15:26:32.0593 3176 mnmdd - ok
15:26:32.0625 3176 mnmsrvc - ok
15:26:32.0671 3176 Modem - ok
15:26:32.0703 3176 Monfilt - ok
15:26:32.0750 3176 Mouclass - ok
15:26:32.0781 3176 mouhid - ok
15:26:32.0828 3176 MountMgr - ok
15:26:32.0859 3176 mraid35x - ok
15:26:32.0890 3176 MREMP50 - ok
15:26:32.0937 3176 MREMPR5 - ok
15:26:32.0968 3176 MRENDIS5 - ok
15:26:33.0015 3176 MRESP50 - ok
15:26:33.0046 3176 MRxDAV - ok
15:26:33.0078 3176 MRxSmb - ok
15:26:33.0125 3176 MSDTC - ok
15:26:33.0171 3176 Msfs - ok
15:26:33.0218 3176 MSIServer - ok
15:26:33.0250 3176 MSKSSRV - ok
15:26:33.0296 3176 MSPCLOCK - ok
15:26:33.0328 3176 MSPQM - ok
15:26:33.0375 3176 mssmbios - ok
15:26:33.0421 3176 ms_mpu401 - ok
15:26:33.0453 3176 Mup - ok
15:26:33.0500 3176 NBService - ok
15:26:33.0531 3176 NDIS - ok
15:26:33.0578 3176 NdisTapi - ok
15:26:33.0625 3176 Ndisuio - ok
15:26:33.0671 3176 NdisWan - ok
15:26:33.0703 3176 NDProxy - ok
15:26:33.0750 3176 NetBIOS - ok
15:26:33.0781 3176 NetBT - ok
15:26:33.0828 3176 NetDDE - ok
15:26:33.0875 3176 NetDDEdsdm - ok
15:26:33.0921 3176 Netlogon - ok
15:26:33.0953 3176 Netman - ok
15:26:34.0000 3176 NetTcpPortSharing - ok
15:26:34.0031 3176 NitroReaderDriverReadSpool2 - ok
15:26:34.0078 3176 Nla - ok
15:26:34.0125 3176 NMIndexingService - ok
15:26:34.0171 3176 nmwcd - ok
15:26:34.0203 3176 nmwcdc - ok
15:26:34.0234 3176 NPF - ok
15:26:34.0281 3176 Npfs - ok
15:26:34.0312 3176 Ntfs - ok
15:26:34.0359 3176 NtLmSsp - ok
15:26:34.0390 3176 NtmsSvc - ok
15:26:34.0437 3176 NTSIM - ok
15:26:34.0468 3176 Null - ok
15:26:34.0515 3176 nv - ok
15:26:34.0546 3176 NVSvc - ok
15:26:34.0593 3176 nvUpdatusService - ok
15:26:34.0640 3176 NwlnkFlt - ok
15:26:34.0671 3176 NwlnkFwd - ok
15:26:34.0718 3176 ose - ok
15:26:34.0796 3176 Parport - ok
15:26:34.0843 3176 PartMgr - ok
15:26:34.0890 3176 ParVdm - ok
15:26:34.0937 3176 pccsmcfd - ok
15:26:34.0968 3176 PCI - ok
15:26:35.0015 3176 PCIDump - ok
15:26:35.0046 3176 PCIIde - ok
15:26:35.0093 3176 Pcmcia - ok
15:26:35.0140 3176 Pcouffin - ok
15:26:35.0171 3176 PDCOMP - ok
15:26:35.0218 3176 PDFRAME - ok
15:26:35.0250 3176 PDRELI - ok
15:26:35.0296 3176 PDRFRAME - ok
15:26:35.0328 3176 perc2 - ok
15:26:35.0375 3176 perc2hib - ok
15:26:35.0484 3176 PlugPlay - ok
15:26:35.0531 3176 PolicyAgent - ok
15:26:35.0562 3176 PptpMiniport - ok
15:26:35.0609 3176 ProtectedStorage - ok
15:26:35.0687 3176 Ptilink - ok
15:26:35.0718 3176 PxHelp20 - ok
15:26:35.0765 3176 ql1080 - ok
15:26:35.0796 3176 Ql10wnt - ok
15:26:35.0843 3176 ql12160 - ok
15:26:35.0875 3176 ql1240 - ok
15:26:35.0921 3176 ql1280 - ok
15:26:35.0953 3176 RasAcd - ok
15:26:36.0000 3176 RasAuto - ok
15:26:36.0031 3176 Rasirda - ok
15:26:36.0078 3176 Rasl2tp - ok
15:26:36.0125 3176 RasMan - ok
15:26:36.0171 3176 RasPppoe - ok
15:26:36.0218 3176 Raspti - ok
15:26:36.0250 3176 Rdbss - ok
15:26:36.0296 3176 RDPCDD - ok
15:26:36.0343 3176 rdpdr - ok
15:26:36.0421 3176 RDPWD - ok
15:26:36.0453 3176 RDSessMgr - ok
15:26:36.0500 3176 redbook - ok
15:26:36.0546 3176 RemoteAccess - ok
15:26:36.0593 3176 RemoteRegistry - ok
15:26:36.0625 3176 ROOTMODEM - ok
15:26:36.0671 3176 RpcLocator - ok
15:26:36.0718 3176 RpcSs - ok
15:26:36.0765 3176 RSVP - ok
15:26:36.0796 3176 SABProcEnum - ok
15:26:36.0843 3176 SamSs - ok
15:26:36.0875 3176 SbieDrv - ok
15:26:36.0937 3176 SbieSvc - ok
15:26:36.0984 3176 SCardSvr - ok
15:26:37.0031 3176 Schedule - ok
15:26:37.0078 3176 SeaPort - ok
15:26:37.0109 3176 Secdrv - ok
15:26:37.0156 3176 seclogon - ok
15:26:37.0203 3176 SENS - ok
15:26:37.0250 3176 serenum - ok
15:26:37.0281 3176 Serial - ok
15:26:37.0328 3176 ServiceLayer - ok
15:26:37.0437 3176 Sfloppy - ok
15:26:37.0484 3176 SharedAccess - ok
15:26:37.0531 3176 ShellHWDetection - ok
15:26:37.0562 3176 Simbad - ok
15:26:37.0609 3176 SkypeUpdate - ok
15:26:37.0671 3176 Sparrow - ok
15:26:37.0703 3176 splitter - ok
15:26:37.0750 3176 Spooler - ok
15:26:37.0796 3176 sr - ok
15:26:37.0828 3176 srservice - ok
15:26:37.0875 3176 Srv - ok
15:26:37.0906 3176 SSDPSRV - ok
15:26:37.0968 3176 ssmdrv - ok
15:26:38.0000 3176 StarOpen - ok
15:26:38.0046 3176 StillCam - ok
15:26:38.0093 3176 stisvc - ok
15:26:38.0125 3176 swenum - ok
15:26:38.0171 3176 swmidi - ok
15:26:38.0218 3176 SwPrv - ok
15:26:38.0265 3176 symc810 - ok
15:26:38.0296 3176 symc8xx - ok
15:26:38.0343 3176 sym_hi - ok
15:26:38.0375 3176 sym_u3 - ok
15:26:38.0421 3176 sysaudio - ok
15:26:38.0468 3176 SysmonLog - ok
15:26:38.0515 3176 taphss - ok
15:26:38.0562 3176 TapiSrv - ok
15:26:38.0593 3176 Tcpip - ok
15:26:38.0656 3176 TDPIPE - ok
15:26:38.0703 3176 TDTCP - ok
15:26:38.0734 3176 TermDD - ok
15:26:38.0781 3176 TermService - ok
15:26:38.0828 3176 Themes - ok
15:26:38.0859 3176 TlntSvr - ok
15:26:38.0906 3176 TosIde - ok
15:26:38.0953 3176 TrkWks - ok
15:26:39.0015 3176 uagp35 - ok
15:26:39.0046 3176 Udfs - ok
15:26:39.0093 3176 ultra - ok
15:26:39.0140 3176 Update - ok
15:26:39.0203 3176 upnphost - ok
15:26:39.0234 3176 upperdev - ok
15:26:39.0281 3176 UPS - ok
15:26:39.0328 3176 usbccgp - ok
15:26:39.0359 3176 usbehci - ok
15:26:39.0406 3176 usbhub - ok
15:26:39.0437 3176 usbprint - ok
15:26:39.0500 3176 usbscan - ok
15:26:39.0531 3176 usbser - ok
15:26:39.0578 3176 UsbserFilt - ok
15:26:39.0625 3176 USBSTOR - ok
15:26:39.0656 3176 usbuhci - ok
15:26:39.0703 3176 USB_RNDIS - ok
15:26:39.0750 3176 VgaSave - ok
15:26:39.0796 3176 ViaIde - ok
15:26:39.0843 3176 viamraid - ok
15:26:39.0875 3176 Video3D - ok
15:26:39.0921 3176 VolSnap - ok
15:26:39.0968 3176 VSS - ok
15:26:40.0046 3176 W32Time - ok
15:26:40.0109 3176 Wanarp - ok
15:26:40.0140 3176 Wdf01000 - ok
15:26:40.0187 3176 WDICA - ok
15:26:40.0218 3176 wdmaud - ok
15:26:40.0281 3176 WebClient - ok
15:26:40.0343 3176 winmgmt - ok
15:26:40.0453 3176 WmdmPmSN - ok
15:26:40.0500 3176 Wmi - ok
15:26:40.0562 3176 WmiApSrv - ok
15:26:40.0609 3176 WpdUsb - ok
15:26:40.0640 3176 WS2IFSL - ok
15:26:40.0687 3176 wscsvc - ok
15:26:40.0734 3176 wuauserv - ok
15:26:40.0781 3176 WudfPf - ok
15:26:40.0828 3176 WudfRd - ok
15:26:40.0859 3176 WudfSvc - ok
15:26:40.0906 3176 WZCSVC - ok
15:26:40.0953 3176 xmlprov - ok
15:26:41.0015 3176 ================ Scan global ===============================
15:26:41.0093 3176 [Global] - ok
15:26:41.0109 3176 ================ Scan MBR ==================================
15:26:41.0109 3176 ================ Scan VBR ==================================
15:26:41.0109 3176 ============================================================
15:26:41.0109 3176 Scan finished
15:26:41.0109 3176 ============================================================
15:26:41.0171 3168 Detected object count: 0
15:26:41.0171 3168 Actual detected object count: 0
15:26:44.0000 3144 Deinitialize success
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 27/09/12 14:34

OTL logfile created on: 27/09/2012 15.13.08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,63% Memory free
3,35 Gb Paging File | 2,93 Gb Available in Paging File | 87,29% Paging File free
Paging file location(s): F:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Programmi
Drive C: | 149,05 Gb Total Space | 78,90 Gb Free Space | 52,93% Space Free | Partition Type: NTFS
Drive E: | 1,87 Gb Total Space | 1,82 Gb Free Space | 97,05% Space Free | Partition Type: FAT32
Drive F: | 149,04 Gb Total Space | 71,63 Gb Free Space | 48,06% Space Free | Partition Type: NTFS

Computer Name: UTENTE-8F489A77 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/27 15.01.54 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\USER\desktop\OTL.exe
PRC - [2012/08/25 22.27.58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- F:\Programmi\Sandboxie\SbieSvc.exe
PRC - [2012/05/15 12.18.00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- F:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/03/11 23.13.21 | 001,983,232 | ---- | M] (COMODO) -- F:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/09/20 09.30.41 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/19 15.45.48 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14.39.09 | 000,281,768 | ---- | M] (Avira GmbH) -- F:\Programmi\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21.11.21 | 000,076,968 | ---- | M] (Avira GmbH) -- F:\Programmi\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007/06/13 15.22.28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/27 22.51.42 | 000,301,056 | ---- | M] () -- F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
MOD - [2012/05/15 12.18.00 | 000,357,184 | ---- | M] () -- F:\Programmi\NVIDIA Corporation\nview\nvShell.dll
MOD - [2011/07/20 16.40.27 | 000,355,688 | ---- | M] () -- F:\Programmi\Avira\AntiVir Desktop\sqlite3.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/01 13.52.18 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- F:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/25 22.27.58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- F:\Programmi\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/07/03 13.46.44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- F:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19.12.14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- F:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 12.18.00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- F:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/04/22 13.51.04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- F:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/04/15 01.05.30 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/11 23.39.56 | 000,175,632 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- F:\Programmi\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012/03/11 23.13.21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/20 09.30.41 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/19 15.45.48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler)
SRV - [2007/05/16 09.27.28 | 000,271,920 | ---- | M] (Nero AG) [Disabled | Stopped] -- F:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2005/10/18 15.00.10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) [Disabled | Stopped] -- F:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005/04/04 01.41.10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- F:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/05/24 13.35.52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- F:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/07/28 20.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/09 03.01.00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- F:\Programmi\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\npf.sys -- (NPF)
DRV - [2012/08/25 22.27.54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- F:\Programmi\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/07/03 13.46.44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/22 13.51.38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/03/11 23.13.46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 23.13.45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 23.13.44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- F:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/01/09 17.28.20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17.28.20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17.28.20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17.28.20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/09/20 09.30.44 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/20 09.30.44 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/03 16.33.46 | 006,404,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/09/04 00.24.40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/06/17 14.28.21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14.28.11 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/18 07.17.00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07.16.00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/19 10.55.40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Programmi\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/19 10.55.40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Programmi\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2005/10/21 03.47.05 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2005/10/20 16.30.00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/10/18 15.01.38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/11/22 18.36.40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- F:\Programmi\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18.36.34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- F:\Programmi\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/04 01.08.22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/07/07 11.27.28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | Disabled | Stopped] -- F:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/07/07 09.55.12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | Disabled | Stopped] -- F:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/06/02 14.19.00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Disabled | Stopped] -- F:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/05/20 09.41.54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | Disabled | Stopped] -- F:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 09.39.42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | Disabled | Stopped] -- F:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 09.21.10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2001/08/18 00.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 23.51.32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1999/09/10 14.06.00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1390067357-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
IE - HKU\S-1-5-21-1390067357-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1390067357-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-1390067357-261478967-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1390067357-261478967-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MOOI_it
IE - HKU\S-1-5-21-1390067357-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\Programmi\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: F:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: F:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: F:\Programmi\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: F:\Programmi\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: F:\Programmi\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: F:\Programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.it/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.it/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Programmi\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = F:\Programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = F:\Programmi\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = F:\Programmi\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Motive Plugin (Enabled) = F:\Programmi\Common Files\Motive\npMotive.dll
CHR - plugin: Picasa (Enabled) = F:\Programmi\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = F:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = F:\Programmi\Microsoft\Office Live\npOLW.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = F:\Programmi\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = F:\Programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = F:\Programmi\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = F:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = F:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Ricerca Google = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Disattivazione permanente degli annunci personalizzati = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Skype Click to Call = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: MVideoDownload = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pbgdpjejogccpfbncoehmfidcpmcafkj\1.0_0\
CHR - Extension: Gmail = F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/17 13.13.29 | 000,444,049 | R--- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15253 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-1390067357-261478967-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Programmi\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] F:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] F:\Programmi\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKU\S-1-5-21-1390067357-261478967-839522115-1003..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\wcescomm.exe" File not found
O4 - HKU\S-1-5-21-1390067357-261478967-839522115-1009..\RunOnce: [NeroHomeFirstStart] F:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1390067357-261478967-839522115-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - ?p=ZUxdm266YYIT File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://F:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll File not found
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Value error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {63BAECA2-9E3C-45DE-B2B1-BBC5FA99958E} http://aiuto.alice.it/ata/static/instal ... _4-1-5.cab (MCCWrapperObj Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} http://aiuto.alice.it/ata/static/instal ... er_6.6.cab (McciSM Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file:///F:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5E59204-0126-4928-98EB-D7ACCCADD8AF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - F:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - F:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (F:\WINDOWS\system32\guard32.dll) - F:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 () -
O24 - Desktop Components:1 () -
O24 - Desktop WallPaper: F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2001/11/11 08.07.18 | 000,000,112 | ---- | M] () - C:\Autoplay.ply -- [ NTFS ]
O32 - AutoRun File - [2012/04/21 16.44.24 | 002,080,944 | ---- | M] () - C:\AutoRuns.arn -- [ NTFS ]
O32 - AutoRun File - [2012/09/27 13.39.56 | 000,000,127 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5cb897a4-5bae-11e0-a1a9-00138fed3c54}\Shell - "" = AutoRun
O33 - MountPoints2\{5cb897a4-5bae-11e0-a1a9-00138fed3c54}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6522fe4c-3551-11dc-bb2b-937a4b28ff4b}\Shell\AutoRun\command - "" = pkkwng.exe
O33 - MountPoints2\{6522fe4c-3551-11dc-bb2b-937a4b28ff4b}\Shell\open\Command - "" = pkkwng.exe
O33 - MountPoints2\{924971b2-864b-11dd-a3b0-00138fed3c54}\Shell\AutoRun\command - "" = F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{ccfaff54-5d50-11dd-addf-00138fed3c54}\Shell\AutoRun\command - "" = F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{ccfaff54-5d50-11dd-addf-00138fed3c54}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{ce578e31-5643-11dd-a57d-00138fed3c54}\Shell\AutoRun\command - "" = F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{e8793c6b-c810-11e0-a29b-00138fed3c54}\Shell\AutoRun\command - "" = E:\driver\usb\usb3.EXE -- [2010/02/09 16.41.16 | 000,106,496 | RHS- | M] ()
O33 - MountPoints2\{e8793c6b-c810-11e0-a29b-00138fed3c54}\Shell\open\command - "" = E:\driver\usb\usb3.EXE -- [2010/02/09 16.41.16 | 000,106,496 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/27 15.07.20 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- F:\Documents and Settings\USER\Desktop\tdsskiller.exe
[2012/09/27 15.07.20 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\USER\Desktop\OTL.exe
[2012/09/27 14.22.52 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2012/09/27 12.48.25 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dati applicazioni\SUPERSetup
[2012/09/27 12.44.54 | 000,000,000 | ---D | C] -- F:\ComboFix
[2012/09/27 12.40.19 | 000,000,000 | ---D | C] -- F:\Qoobox
[2012/09/27 12.39.30 | 000,000,000 | ---D | C] -- F:\WINDOWS\erdnt
[2012/09/27 12.39.15 | 000,000,000 | --SD | C] -- F:\32788R22FWJFW
[2012/09/27 09.26.24 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- F:\Documents and Settings\USER\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/27 09.26.23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- F:\Documents and Settings\USER\Desktop\HijackThis.exe
[2012/09/27 09.26.22 | 004,769,305 | R--- | C] (Swearware) -- F:\Documents and Settings\USER\Desktop\ComboFix.exe
[2012/09/27 00.33.54 | 000,000,000 | ---D | C] -- F:\WINDOWS\S82P64REYYLLKK4E
[2012/09/26 21.36.03 | 000,000,000 | -H-D | C] -- F:\VritualRoot
[2012/09/26 21.36.03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dati applicazioni\COMODO
[2012/09/10 19.59.17 | 000,000,000 | -HSD | C] -- F:\Config.Msi
[2012/09/01 16.11.55 | 000,000,000 | ---D | C] -- F:\Documents and Settings\USER\Dati applicazioni\NVIDIA
[2012/09/01 15.58.16 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Avvio\Programmi\VideoLAN
[2012/09/01 15.47.00 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dati applicazioni\NVIDIA
[2012/09/01 15.45.11 | 000,065,536 | ---- | C] (Khronos Group) -- F:\WINDOWS\System32\OpenCL.dll
[2012/09/01 15.43.48 | 000,000,000 | ---D | C] -- F:\Programmi\NVIDIA Corporation
[2012/09/01 15.42.52 | 000,000,000 | ---D | C] -- F:\NVIDIA
[2012/09/01 13.53.09 | 000,000,000 | ---D | C] -- F:\Programmi\File comuni\Java
[2012/08/31 15.58.49 | 000,000,000 | ---D | C] -- F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\Wajam
[2012/08/31 15.30.38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\USER\Dati applicazioni\ProgSense
[2012/08/31 15.30.38 | 000,000,000 | ---D | C] -- F:\Downloads
[2012/08/31 15.30.26 | 000,000,000 | ---D | C] -- F:\Documents and Settings\USER\Dati applicazioni\Orbit
[2009/11/19 22.25.55 | 000,047,360 | ---- | C] (VSO Software) -- F:\Documents and Settings\USER\Dati applicazioni\pcouffin.sys
[2004/07/09 05.27.28 | 000,958,464 | ---- | C] (Microsoft Corporation) -- F:\Documents and Settings\USER\dxdiag.exe
[8 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
[54 F:\Documents and Settings\USER\Desktop\*.tmp files -> F:\Documents and Settings\USER\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/27 15.05.24 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2012/09/27 15.01.54 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\USER\Desktop\OTL.exe
[2012/09/27 15.00.18 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- F:\Documents and Settings\USER\Desktop\tdsskiller.exe
[2012/09/27 09.23.06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- F:\Documents and Settings\USER\Desktop\HijackThis.exe
[2012/09/27 09.16.36 | 076,872,943 | ---- | M] () -- F:\Documents and Settings\USER\Desktop\vdf_fusebundle.zip
[2012/09/27 09.14.22 | 004,769,305 | R--- | M] (Swearware) -- F:\Documents and Settings\USER\Desktop\ComboFix.exe
[2012/09/27 09.09.38 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- F:\Documents and Settings\USER\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/27 09.06.52 | 094,820,904 | ---- | M] () -- F:\Documents and Settings\USER\Desktop\avira_free_antivirus_it_12.0.0.330.exe
[2012/09/26 21.13.40 | 001,074,636 | ---- | M] () -- F:\WINDOWS\System32\nvdrsdb0.bin
[2012/09/26 21.13.40 | 000,000,001 | ---- | M] () -- F:\WINDOWS\System32\nvdrssel.bin
[2012/09/26 11.37.07 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2012/09/24 11.52.10 | 000,000,074 | ---- | M] () -- F:\Documents and Settings\USER\default.pls
[2012/09/17 13.13.29 | 000,444,049 | R--- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2012/09/10 19.20.02 | 000,002,528 | ---- | M] () -- F:\Documents and Settings\USER\Dati applicazioni\$_hpcst$.hpc
[2012/09/10 19.16.06 | 000,482,458 | ---- | M] () -- F:\WINDOWS\System32\perfh010.dat
[2012/09/10 19.16.06 | 000,434,838 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2012/09/10 19.16.06 | 000,081,240 | ---- | M] () -- F:\WINDOWS\System32\perfc010.dat
[2012/09/10 19.16.06 | 000,068,828 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2012/09/10 19.13.54 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2012/09/08 20.48.05 | 000,000,069 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini
[2012/09/05 01.58.17 | 000,001,928 | ---- | M] () -- F:\WINDOWS\Sandboxie.ini
[2012/09/01 15.53.51 | 001,074,636 | ---- | M] () -- F:\WINDOWS\System32\nvdrsdb1.bin
[2012/09/01 15.44.58 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\nvdrswr.lk
[2012/08/31 13.15.54 | 000,000,302 | ---- | M] () -- F:\WINDOWS\tasks\GlaryInitialize.job
[8 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
[54 F:\Documents and Settings\USER\Desktop\*.tmp files -> F:\Documents and Settings\USER\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/27 09.26.26 | 076,872,943 | ---- | C] () -- F:\Documents and Settings\USER\Desktop\vdf_fusebundle.zip
[2012/09/27 09.26.07 | 094,820,904 | ---- | C] () -- F:\Documents and Settings\USER\Desktop\avira_free_antivirus_it_12.0.0.330.exe
[2012/09/10 19.20.02 | 000,002,528 | ---- | C] () -- F:\Documents and Settings\USER\Dati applicazioni\$_hpcst$.hpc
[2012/09/01 15.44.59 | 001,074,636 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb0.bin
[2012/09/01 15.44.58 | 001,074,636 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb1.bin
[2012/09/01 15.44.58 | 000,000,001 | ---- | C] () -- F:\WINDOWS\System32\nvdrssel.bin
[2012/09/01 15.44.58 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\nvdrswr.lk
[2012/09/01 15.44.38 | 002,807,708 | ---- | C] () -- F:\WINDOWS\System32\nvdata.data
[2012/09/01 15.44.38 | 000,010,264 | ---- | C] () -- F:\WINDOWS\System32\nvinfo.pb
[2012/08/31 13.03.44 | 000,001,374 | ---- | C] () -- F:\WINDOWS\imsins.BAK
[2011/06/27 18.35.18 | 000,000,218 | ---- | C] () -- F:\Documents and Settings\USER\.recently-used.xbel
[2011/06/27 17.35.33 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\USER\.gtk-bookmarks
[2011/02/11 00.10.34 | 000,000,000 | ---- | C] () -- F:\WINDOWS\EEventManager.INI
[2010/12/27 22.35.39 | 000,147,744 | ---- | C] () -- F:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2010/10/23 00.32.58 | 000,001,928 | ---- | C] () -- F:\WINDOWS\Sandboxie.ini
[2009/11/19 22.26.33 | 000,001,041 | ---- | C] () -- F:\Documents and Settings\USER\Dati applicazioni\vso_ts_preview.xml
[2009/11/19 22.25.55 | 000,087,608 | ---- | C] () -- F:\Documents and Settings\USER\Dati applicazioni\inst.exe
[2009/11/19 22.25.55 | 000,007,887 | ---- | C] () -- F:\Documents and Settings\USER\Dati applicazioni\pcouffin.cat
[2009/11/19 22.25.55 | 000,001,144 | ---- | C] () -- F:\Documents and Settings\USER\Dati applicazioni\pcouffin.inf
[2009/02/28 14.16.04 | 000,004,382 | ---- | C] () -- F:\Documents and Settings\USER\updater.html
[2008/10/09 17.41.40 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\All Users\Dati applicazioni\LauncherAccess.dt
[2008/02/14 18.25.34 | 008,683,520 | ---- | C] () -- F:\Documents and Settings\USER\s-1-5-21-1390067357-261478967-839522115-1003.rrr
[2007/02/26 00.58.25 | 000,000,074 | ---- | C] () -- F:\Documents and Settings\USER\default.pls
[2007/01/25 13.12.40 | 000,000,133 | ---- | C] () -- F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2007/01/25 12.53.10 | 000,138,752 | ---- | C] () -- F:\Documents and Settings\USER\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2007/01/25 13.06.14 | 000,000,227 | RHS- | M] () -- F:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007/08/22 15.12.14 | 001,495,040 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = F:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12.18.59 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = F:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/19 15.39.30 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/15 18.25.50 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2011/06/25 14.19.15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\Installations
[2012/05/29 23.12.22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\Nitro PDF
[2012/06/12 11.02.58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\Nokia
[2012/03/12 21.53.47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\NokiaInstallerCache
[2010/12/27 21.45.44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\NokiaMusic
[2012/05/14 22.18.24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\PC Suite
[2010/05/09 11.20.30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan
[2012/09/27 12.48.25 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\SUPERSetup
[2009/11/19 22.31.26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\vsosdk
[2011/08/06 14.59.04 | 000,000,000 | -H-D | M] -- F:\Documents and Settings\All Users\Dati applicazioni\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}
[2007/06/03 11.16.42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Anvil Studio
[2011/10/15 15.20.47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Auslogics
[2012/05/29 23.11.28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Downloaded Installations
[2009/12/31 18.35.35 | 000,000,000 | -H-D | M] -- F:\Documents and Settings\USER\Dati applicazioni\drivers
[2012/05/02 21.09.24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\EPSON
[2009/11/19 22.25.09 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\GetRightToGo
[2012/08/18 20.04.25 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\GlarySoft
[2011/06/27 18.01.04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\gtk-2.0
[2012/02/09 17.30.06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\it.vodafone.desktopwidget
[2011/11/12 17.03.57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
[2012/09/10 10.35.35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Nitro PDF
[2012/06/12 11.10.19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Nokia
[2010/12/27 16.23.24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Nokia Ovi Suite
[2011/11/12 16.45.19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Nokia Suite
[2012/06/17 16.53.14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Oracle
[2012/08/31 15.56.15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Orbit
[2010/12/26 01.40.03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\PC Suite
[2012/08/31 15.30.38 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\ProgSense
[2008/12/24 14.24.50 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Software Informer
[2012/09/01 18.27.49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\uTorrent
[2011/03/21 17.44.54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\USER\Dati applicazioni\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 3875 bytes -> F:\WINDOWS\NFS: Carbon (testo) Setup Log.txt

< End of report >
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 27/09/12 14:36

OTL Extras logfile created on: 27/09/2012 15.13.08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,63% Memory free
3,35 Gb Paging File | 2,93 Gb Available in Paging File | 87,29% Paging File free
Paging file location(s): F:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Programmi
Drive C: | 149,05 Gb Total Space | 78,90 Gb Free Space | 52,93% Space Free | Partition Type: NTFS
Drive E: | 1,87 Gb Total Space | 1,82 Gb Free Space | 97,05% Space Free | Partition Type: FAT32
Drive F: | 149,04 Gb Total Space | 71,63 Gb Free Space | 48,06% Space Free | Partition Type: NTFS

Computer Name: UTENTE-8F489A77 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1390067357-261478967-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- F:\WINDOWS\system32\rundll32.exe shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Programmi\Windows Live\Messenger\msnmsgr.exe" = F:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"F:\Programmi\Windows Live\Sync\WindowsLiveSync.exe" = F:\Programmi\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"F:\Programmi\Microsoft ActiveSync\rapimgr.exe" = F:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"F:\Programmi\Microsoft ActiveSync\wcescomm.exe" = F:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"F:\Programmi\Microsoft ActiveSync\WCESMgr.exe" = F:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"F:\Programmi\eMule\emule.exe" = F:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"F:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = F:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Programmi\Messenger\msmsgs.exe" = F:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"F:\Programmi\VideoLAN\VLC\vlc.exe" = F:\Programmi\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\Programmi\Electronic Arts\Need for Speed Carbon\NFSC.exe" = F:\Programmi\Electronic Arts\Need for Speed Carbon\NFSC.exe:*:Enabled:NFSC -- ()
"C:\Unreal\System\Unreal.exe" = C:\Unreal\System\Unreal.exe:*:Enabled:Unreal -- ()
"F:\Programmi\Windows Live\Messenger\msnmsgr.exe" = F:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"F:\Programmi\Windows Live\Sync\WindowsLiveSync.exe" = F:\Programmi\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"F:\Programmi\uTorrent\uTorrent.exe" = F:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"F:\Programmi\Skype\Phone\Skype.exe" = F:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = F:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"F:\Programmi\Microsoft ActiveSync\rapimgr.exe" = F:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"F:\Programmi\Microsoft ActiveSync\wcescomm.exe" = F:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"F:\Programmi\Microsoft ActiveSync\WCESMgr.exe" = F:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06240081-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enciclopedia Premium DVD
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0D343C5F-FE5C-4914-91D9-E9E7A440590E}" = Windows Live Writer
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS SmartDoctor
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1859BB19-EF0A-4196-9F48-569499FE7420}" = Raccolta foto di Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26A9CDB0-9827-91E4-550F-71569256A3BD}" = My 190
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6F87E6-66CE-4419-BE0E-1A71F21EB8DB}" = Windows Live Toolbar
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A20A58C4-6784-4B4B-86CC-94E2E3671040}" = Nero 7 Ultra Edition
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D65D46-3708-4F5B-9117-0199C7098D11}" = WanMiniport1st
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Italiano
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D59BC108-CDFF-4353-9B0F-456E6966B6FD}" = Nitro Reader 2
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5
"{EE70E5CC-B1D7-4FC0-7DC5-5460EF22FFC9}" = Widget vodafone.it
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Guida utente" = Epson Stylus SX210_SX410_TX210_TX410 Manuale
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Glary Utilities_is1" = Glary Utilities 2.48.0.1568
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® XP Software" = Indeo® XP Software
"InstallShield_{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS SmartDoctor
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{3C3B2C97-0DAB-482F-9C95-6610827210E3}" = ASUS nVIDIA Driver
"it.vodafone.desktopwidget" = My 190
"it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1" = Widget vodafone.it
"LHTTSITI" = L&H TTS3000 Italiano
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"OldunrealMultimediaUpdate for Unreal 226_is1" = OpenGL 3.0 - OpenAL 0.2 - FMOD 0.2
"Picasa 3" = Picasa 3
"Sandboxie" = Sandboxie 3.74 (32-bit)
"Speccy" = Speccy
"ST6UNST #1" = Giudizi 2000
"Stampante e utility EPSON" = Software per stampante EPSON
"Unreal" = Unreal
"uTorrent" = µTorrent
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 2.0.2
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390067357-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi FrancescoFDAC » 27/09/12 18:29

Metti OTL.exe sul desktop. Avvialo e copia/incolla il codice sottostante nel Custom Scans/Fixes.

Codice: Seleziona tutto
:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | Disabled | Stopped] -- F:\Programmi\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\npf.sys -- (NPF)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O8 - Extra context menu item: &Search - ?p=ZUxdm266YYIT File not found
O8 - Extra context menu item: Google Sidewiki... - res://F:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll File not found
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll File not found
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - AutoRun File - [2001/11/11 08.07.18 | 000,000,112 | ---- | M] () - C:\Autoplay.ply -- [ NTFS ]
O32 - AutoRun File - [2012/04/21 16.44.24 | 002,080,944 | ---- | M] () - C:\AutoRuns.arn -- [ NTFS ]
O32 - AutoRun File - [2012/09/27 13.39.56 | 000,000,127 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5cb897a4-5bae-11e0-a1a9-00138fed3c54}\Shell - "" = AutoRun
O33 - MountPoints2\{5cb897a4-5bae-11e0-a1a9-00138fed3c54}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6522fe4c-3551-11dc-bb2b-937a4b28ff4b}\Shell\AutoRun\command - "" = pkkwng.exe
O33 - MountPoints2\{6522fe4c-3551-11dc-bb2b-937a4b28ff4b}\Shell\open\Command - "" = pkkwng.exe
O33 - MountPoints2\{ccfaff54-5d50-11dd-addf-00138fed3c54}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{e8793c6b-c810-11e0-a29b-00138fed3c54}\Shell\AutoRun\command - "" = E:\driver\usb\usb3.EXE -- [2010/02/09 16.41.16 | 000,106,496 | RHS- | M] ()
O33 - MountPoints2\{e8793c6b-c810-11e0-a29b-00138fed3c54}\Shell\open\command - "" = E:\driver\usb\usb3.EXE -- [2010/02/09 16.41.16 | 000,106,496 | RHS- | M] ()
[2012/09/27 00.33.54 | 000,000,000 | ---D | C] -- F:\WINDOWS\S82P64REYYLLKK4E
[8 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
[54 F:\Documents and Settings\USER\Desktop\*.tmp files -> F:\Documents and Settings\USER\Desktop\*.tmp -> ]
@Alternate Data Stream - 3875 bytes -> F:\WINDOWS\NFS: Carbon (testo) Setup Log.txt

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[CLEARALLRESTOREPOINTS]
[Reboot]


Clicca su Run Fix e dai Ok. Potrebbe essere richiesto un riavvio, accetta.
Si aprirà un report salvalo ed allegalo.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 27/09/12 20:42

Grazie per le dritte! Il risultato della scansione con i comandi del blocco note è questo, in attesa del prossimo passo:

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Unable to delete service\driver key HidServ.
File %SystemRoot%\System32\hidserv.dll not found.
Service SABProcEnum stopped successfully!
Unable to delete service\driver key SABProcEnum.
File F:\Programmi\Internet Explorer\SABProcEnum.sys not found.
Service NPF stopped successfully!
Unable to delete service\driver key NPF.
File system32\drivers\npf.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ scheduled to be deleted on reboot.
File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ .
C:\Autoplay.ply moved successfully.
C:\AutoRuns.arn moved successfully.
E:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cb897a4-5bae-11e0-a1a9-00138fed3c54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cb897a4-5bae-11e0-a1a9-00138fed3c54}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cb897a4-5bae-11e0-a1a9-00138fed3c54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cb897a4-5bae-11e0-a1a9-00138fed3c54}\ not found.
File E:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6522fe4c-3551-11dc-bb2b-937a4b28ff4b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6522fe4c-3551-11dc-bb2b-937a4b28ff4b}\ not found.
File pkkwng.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6522fe4c-3551-11dc-bb2b-937a4b28ff4b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6522fe4c-3551-11dc-bb2b-937a4b28ff4b}\ not found.
File pkkwng.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccfaff54-5d50-11dd-addf-00138fed3c54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccfaff54-5d50-11dd-addf-00138fed3c54}\ not found.
File F:\Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8793c6b-c810-11e0-a29b-00138fed3c54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8793c6b-c810-11e0-a29b-00138fed3c54}\ not found.
E:\driver\usb\usb3.EXE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8793c6b-c810-11e0-a29b-00138fed3c54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8793c6b-c810-11e0-a29b-00138fed3c54}\ not found.
E:\driver\usb\usb3.EXE moved successfully.
Folder move failed. F:\WINDOWS\S82P64REYYLLKK4E scheduled to be moved on reboot.
File delete failed. F:\WINDOWS\System32\SETBC.tmp scheduled to be deleted on reboot.
File delete failed. F:\WINDOWS\System32\SETC8.tmp scheduled to be deleted on reboot.
File delete failed. F:\WINDOWS\System32\SETD1.tmp scheduled to be deleted on reboot.
File delete failed. F:\WINDOWS\System32\SETD2.tmp scheduled to be deleted on reboot.
File delete failed. F:\WINDOWS\System32\SETD3.tmp scheduled to be deleted on reboot.
File delete failed. F:\WINDOWS\System32\SETD6.tmp scheduled to be deleted on reboot.
File delete failed. F:\WINDOWS\System32\SETE3.tmp scheduled to be deleted on reboot.
File delete failed. F:\WINDOWS\System32\SETEC.tmp scheduled to be deleted on reboot.
F:\Documents and Settings\USER\Desktop\~WRL0005.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0006.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0025.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0032.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0189.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0412.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0551.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0557.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0756.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0770.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0816.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0906.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL0914.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1050.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1058.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1102.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1107.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1315.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1348.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1381.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1459.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1509.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1642.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1706.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1805.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL1942.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2185.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2316.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2321.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2427.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2429.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2496.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2521.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2608.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2647.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2660.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2833.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2848.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL2948.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3213.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3235.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3362.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3411.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3433.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3508.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3541.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3567.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3713.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3884.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3921.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3950.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL3972.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL4032.tmp deleted successfully.
F:\Documents and Settings\USER\Desktop\~WRL4041.tmp deleted successfully.
Unable to delete ADS F:\WINDOWS\NFS: Carbon (testo) Setup Log.txt .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: ANGELA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 3277298 bytes
->Flash cache emptied: 456 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: USER
->Temp folder emptied: 6695775 bytes
->Temporary Internet Files folder emptied: 47317563 bytes
->Java cache emptied: 44242737 bytes
->Google Chrome cache emptied: 416073145 bytes
->Flash cache emptied: 15244037 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3601920 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 512,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: ANGELA

User: Default User

User: LocalService

User: NetworkService

User: UpdatusUser

User: USER
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

File move failed. F:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYFLASH]

User: Administrator

User: All Users

User: ANGELA

User: Default User
->Flash cache emptied: 53664 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 53664 bytes

User: USER
->Flash cache emptied: 15214384 bytes

Total Flash Files Cleaned = 15,00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.69.0 log created on 09272012_212835

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi FrancescoFDAC » 28/09/12 13:00

Perchè hai installato Windows sul Disco F:?

Il pc lamenta ancora lo stesso problema?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 28/09/12 15:26

FrancescoFDAC ha scritto:Perchè hai installato Windows sul Disco F:?

Il pc lamenta ancora lo stesso problema?

Il sistema operativo me lo ha installato un tecnico che ha anche assemblato il pc. Ho 2 hard disk: C e F.
Il PC ha ancora gli stessi problemi con questo dannato virus. Ieri ho salvato tutti i file importanti (che non sono contaminati dal virus per fortuna) ed ho portato il pc in assistenza. Mi hanno detto che entro domani mi risolvono il problema (spero senza dover formattare).
Un'altra cosa strana: portai il pc in assistenza 3 giorni fa perchè non mi riconosceva una connessione internet (tramite cavo ethernet) e pensavo fosse guasta la scheda di rete ma l'hanno testata e funziona. Può essere che il virus non mi faccia funzionare i processi per riconoscere la scgeda di rete e farmi connettere? Forse domani lo saprò...
Grazie comunque per l'aiuto.
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi FrancescoFDAC » 28/09/12 15:44

Di solito i Rootkit impediscono al PC di accedere ad internet, penso che sia questo il caso.

Ad ogni modo, fammi sapere come finisce la faccenda.

Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 02/10/12 09:53

Ciao rieccomi. Il tecnico ha dovuto reinstallare il sistema operativo ormai compromesso ma ha potuto salvare tutto con un back up. La scheda di rete mi dava problemi perchè non funziona in auto-negotiation e ho dovuto configurarla per tentativi ma adesso funziona. Il problema che noto ora (mi hanno installato xp service pack 3) e che windows installer mi da problemi (praticamente non si avvia se non manualmente dalla console dei servizi) e che google chrome non si aggiorna più in automatico nonostante il servizio google updater sia sempre avviato. Praticamente è come se il sistema operativo non mi riconoscesse come amministratore! Come posso risolvere? HELP :roll:
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi FrancescoFDAC » 02/10/12 13:19

Prova a reinstallarlo, da qui:
http://download.microsoft.com/download/ ... v3-x86.exe

Per Google Chrome, prova a reinstallarlo nuovamente.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 02/10/12 14:07

FrancescoFDAC ha scritto:Prova a reinstallarlo, da qui:
http://download.microsoft.com/download/ ... v3-x86.exe

Per Google Chrome, prova a reinstallarlo nuovamente.

grazie, ma avevo già provato con l'installer sul sito microsoft. Per google chrome ho risolto mentre per l'installer devo metterlo alla prova...ora però non ho più nulla da installare
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi FrancescoFDAC » 02/10/12 15:32

Esegui la procedura descritta, rigorosamente nel suo ordine, al fine di:
guadagnare spazio su disco
ottimizzare le prestazioni del sistema
mantenere il corretto funzionamento di Windows

Ottimizzazione - post rimozione malware

Il mio consiglio è quello di stampare questa procedura, perché tornerà senz'altro utile in futuro, a te ed ai tuoi conoscenti: condividila pure con loro, non ha controindicazioni di alcun genere ed andrebbe eseguita dopo aver rimosso tutte le infezione presenti nel sistema.
Queste operazioni infatti, andrebbero eseguite almeno una volta al mese (per utilizzatori di Computer assidui il tempo è ridotto a due settimane, eccetto per lo Scandisk, punto 13. della procedura).

Tieni presente che la maggior parte delle chiavi di registro corrotte e danneggiate non si possono ripristinare e riparare correttamente, e l'installazione e la disinstallazione continua dei programmi può causare crash di sistema e fastidiose schermate blu.

Una formattazione consente di ottenere dei massimi benefici, in termini di velocità, stabilità e prestazioni: questa procedura si avvicina maggiormente ai risultati ottenuti tramite una formattazione del disco fisso.

2. Disinstalla i programmi inutilizzati, e tutte le Toolbar

Procedura per Windows XP:
● clicca sul pulsante Start
● apri il Pannello di controllo
● clicca su Installazione applicazioni
● seleziona il programma da disinstallare, e clicca sul tasto Cambia/Rimuovi: partirà la procedura di disinstallazione

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● apri il Pannello di controllo
● clicca su Programmi, e su Programmi e funzionalità
● seleziona il programma da disinstallare, e clicca sul tasto Cambia/Disinstalla: partirà la procedura di disinstallazione

******************************

3. Disinstalla dal Pannello di controllo, in particolare, le seguenti applicazioni:
Adobe Flash Player
Adobe Reader
Java (tutte le versioni installate)

Scarica ed installa, dai siti proposti, le versioni aggiornate dei programmi appena disinstallati:
Adobe Flash Player: http://get.adobe.com/it/flashplayer
Adobe Reader : http://get.adobe.com/it/reader
Java: http://java.com/it/download/index.jsp

Note - riguardo alla procedura:
non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce
● alternativamente ad Abobe Reader, software pesante e soprattutto soggetto a vulnerabilità sfruttabili dai malware presenti nella rete per infettare il sistema, puoi scaricare il veloce e leggerissimo Sumatra PDF Reader, che nulla ha da invidiare al prodotto di casa Adobe: http://blog.kowalczyk.info/software/sum ... eader.html

******************************

4. Disattiva il Ripristino Configurazione di Sistema

Procedura per Windows XP:
● clicca sul pulsante Start
● tasto destro del mouse sull'icona Risorse del computer
● seleziona, dal menù a tendina, la voce Proprietà
● apri la scheda Ripristino configurazione di sistema
● metti la spunta alla voce Disattiva Ripristino configurazione di sistema su tutte le unità
● conferma la modifica, con Applica e OK
riavvia il sistema

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● tasto destro del mouse sull'icona Computer
● seleziona, dal menù a tendina, la voce Proprietà
● clicca, nel menù a sinistra, su Protezione sistema; compare un avviso relativo al Controllo Account Utente: clicca su Continua
● deseleziona la casella di controllo visualizzata accanto al Disco Locale C:
● clicca sul pulsante OK
● conferma la modifica apportata, cliccando sul pulsante Applica e OK
riavvia il sistema

******************************

5. Svuota del suo contenuto la cartella Prefetch

Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Risorse del computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella Prefetch
elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● clicca su Computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella Prefetch
elimina tutte le voci conservate al suo interno, tranne il file Layout.ini: fai attenzione però, a non eliminare la cartella

Nota - riguardo alla procedura:
● la cartella Prefetch contiene i file che il sistema operativo esegue; un'operazione di prefetch consiste nel rendere immediatamente disponibili, nella memoria cache, i file utilizzati più spesso e quelli necessari per il processo di avvio del personal computer.
Il riavvio successivo sarà un po' lento, ma quelli seguenti saranno senza dubbio più veloci

******************************

6. Svuota del suo contenuto la cartella Download

Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Risorse del computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella SoftwareDistribution
● individua ed apri la cartella Download
elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● clicca su Computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella SoftwareDistribution
● individua ed apri la cartella Download
elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Nota - riguardo alla procedura:
● la cartella Download contiene i file di installazione degli aggiornamenti di Windows, che possono essere eliminati senza problemi per recuperare spazio su disco e risolvere fastidiosi problemi di aggiornamenti

******************************

7. Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota: per eseguire correttamente TFC by OldTimer su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

******************************

8. Scarica ed installa CCleaner: http://www.piriform.com/ccleaner/download
Nota - durante l'installazione: non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce

Una volta installato ed avviato, esegui queste operazioni:
● nel menù di sinistra, clicca su Opzioni
● nella finestra successiva, clicca su Impostazioni
● spunta la voce Tipo cancellazione: Sicura (lenta) e nel menù a tendina seleziona la voce DOD 5220.22-M (3 passaggi)
● clicca su Avanzate
● togli la spunta alla voce Cancella file in Windows Temp solo se più vecchi di 24 ore e alla voce Chiedi se salvare un backup dei problemi del registro
● clicca, nel menù a sinistra, su Pulizia: nella sezione Avanzate, metti la spunta alle voci Vecchi dati Prefetch, Disinstallatori Aggiornamenti di Windows e File Log IIS
● apri, in alto, il tab Applicazioni: spunta tutte le voci presenti
termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul bottone Analizza, per cercare i file temporanei
● clicca, in basso a destra, sul bottone Avvia Pulizia, per avviare la pulizia dei file temporanei
● nella finestra che compare, metti la spunta alla voce Non mostrare più questo messaggio, e conferma cliccando sul pulsante OK
● terminata la pulizia, nel menù a sinistra, clicca sulla voce Registro
● clicca sul bottone Trova Problemi, per avviare la ricerca delle voci di registro corrotte e danneggiate
● clicca sul bottone Ripara selezionati... e prosegui con la riparazione: la pulizia del registro ripetila più volte, fino a quando non verranno più rilevati problemi da correggere
● una volta terminate le operazioni, chiudi il programma

Nota: in Windows Seven, manca la voce Disinstallatori Aggiornamenti di Windows, e la voce Tipo cancellazione: Sicura (lenta) DOD 5220.22-M (3 passaggi) è stata sostituita dalla dicitura Sovrascrittura avanzata 83 passaggi

******************************

9. Lancia Hijackthis e pulisci gli ADS (esclusivamente su partizioni formattate in NTFS):
● clicca sulla voce Open the Misc Tools section
● clicca su Open ADS Spy..., nel tab System tools
● in alto, togli la spunta alla voce Quick scan (Windows base folder only)
● clicca, in basso, sul pulsante Scan
● attendi pazientemente il termine della scansione
● se venissero rilevati molti ADS, clicca con il tasto destro sulla prima casellina, e scegli la voce Select all
● clicca, in basso, sul pulsante Remove selected: conferma con
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
● in caso avessi un sistema operativo a 64 Bit, tralascia la procedura. Fai click qui per scoprire se il tuo sistema operativo è a 32 o 64 Bit: http://support.microsoft.com/kb/827218/it

******************************

10. Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Note - riguardo al programma:
OTC by OldTimer va eseguito solamente nel caso tu abbia utilizzato in precedenza particolari programmi che richiedono una particolare procedura di disinstallazione, come ComboFix, FindAWF, GMER, RSIT e TDSS Killer.
● per eseguire correttamente OTC by OldTimer su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

******************************

11. Riabilita il Ripristino Configurazione di Sistema, seguendo la procedura inversa al punto 4

******************************

12. Scarica ed installa Defraggler: http://www.piriform.com/defraggler/download

Nota - durante l'installazione:
non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce

Una volta installato, esegui queste operazioni:
● avvia il programma con un doppio click
● seleziona con il tasto sinistro del mouse l'unità Disco Locale C:
● clicca, in basso a sinistra, sul bottone Deframmenta
● attendi pazientemente il termine delle operazioni

******************************

13. Controlla l'Hard Disk per eventuali errori


Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Esegui
● nello spazio bianco, copia ed incolla questa riga:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
● clicca sul pulsante OK
● attendi pazientemente il termine delle operazioni
● una finestra DOS vuota si aprirà sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi
● allega il file checkhd.txt presente sul Desktop per un controllo

Procedura per Windows Vista e Windows Seven:


● clicca sul pulsante Start
● scegli la voce Tutti i programmi
● clicca su Accessori
● clicca con il tasto destro sull'icona Prompt dei comandi, e scegli la voce Esegui come amministratore
● nello spazio nero, copia ed incolla questa riga:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
● clicca sul pulsante OK
● attendi pazientemente il termine delle operazioni; digita ora exit, sempre nello spazio nero, per uscire dal Prompt dei comandi, e quindi premi il pulsante Invio
● una finestra DOS vuota potrebbe aprirsi sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi
● allega il file checkhd.txt presente sul Desktop per un controllo

******************************

Note - al termine della procedura:
riavvia il sistema
allega un nuovo log di HijackThis
● comunica come funziona il sistema, e quali problemi riscontri attualmente
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 03/10/12 13:56

Allora, premesso che avevo già installato le versioni più recenti dei programmi che mi servivano, ho seguito la procedura che hai impostato. Ora il sistema operativo è in C ed in E ho i file salvati con il back up; F è la chiavetta dove salvo i programmini portable (anche contro i malware). Ecco il log della scansione del disco:

Il file system Š di tipo NTFS.
L'etichetta del volume Š Disco locale .

Avvertenza! Parametro F non specificato
CHKDSK eseguito in modalit… sola lettura.

Verifica dei file in corso (fase 1 di 3)...
Verifica degli indici in corso (fase 2 di 3)...
CHKDSK sta recuperando i file perduti.
Verifica dei descrittori di protezione in corso (fase 3 di 3)...
CHKDSK ha rilevato spazio libero su disco contrassegnato come allocato
nella bitmap della Tabella file master (MFT).
CHKDSK ha rilevato spazio libero su disco contrassegnato come allocato nella bitmap del volume.
Nessun problema rilevato nel file system.
Eseguire CHKDSK con l'opzione /F per le correzioni.

156288320 KB di spazio totale su disco.
16231540 KB in 43223 file.
20708 KB in 5835 indici.
0 KB in settori danneggiati.
142144 KB in uso dal sistema.
65536 KB occupati dal file registro.
139893928 KB disponibili su disco.

4096 byte in ogni unit… di allocazione.
39072080 unit… totali di allocazione su disco.
34973482 unit… di allocazione disponibili su disco.


Questo invece è il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.20.48, on 03/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
F:\Antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1343024091-484061587-1417001333-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1343024091-484061587-1417001333-1005\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Programmi\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe

--
End of file - 6842 bytes

Il sistema sembra (e sembrava anche prima) stabile anche grazie all'uso di glary utilities, di auslogic disk defrag e di malwarebytes. Il problema con l'installer di windows non posso verificarlo perchè non ho più nulla da installare. Mi piacerebbe sapere a cosa servono precisamente OTL e TFC Oldtimer. Ti ringrazio
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27

Re: rootkit o virus wcescomm.exe

Postdi FrancescoFDAC » 03/10/12 14:55

A cosa servono c'è scritto nella note note delle guide.
Personalmente ti ho consigliato altri programmi invece che quelli elencati da te, comunque, fai pure di testa tua!

Il PC è a posto.
Alla prossima!

Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: rootkit o virus wcescomm.exe

Postdi fabio85 » 04/10/12 14:15

FrancescoFDAC ha scritto:A cosa servono c'è scritto nella note note delle guide.
Personalmente ti ho consigliato altri programmi invece che quelli elencati da te, comunque, fai pure di testa tua!

Il PC è a posto.
Alla prossima!

Francesco


Ho eliminato adobe reader, sostituendolo con nitro...per il resto penso che ora sia tutto ok. Grazie :)
fabio85
Utente Junior
 
Post: 14
Iscritto il: 27/09/12 10:27


Torna a Sistemi Operativi Windows


Topic correlati a "rootkit o virus wcescomm.exe":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 26 ospiti