www.MegaLab.it

[Gabbo]

Malwarebytes' Anti-Malware 1.30
Versione del database: 1414
Windows 5.1.2600 Service Pack 2

20/11/2008 18.22.21
mbam-log-2008-11-20 (18-22-21).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 55444
Tempo trascorso: 5 minute(s), 27 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\Interface\{0a5cf7ae-8eb0-4fc3-bab4-ba6208a143d5} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a1bb759a-6f7b-415b-82d9-15eeb844e9e6} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[Amantide]

Malwarebytes non ha trovato nulla di rilevante, a questo punto direi che l'infezione non c'è più e sono rimasti solo i problemi di alcuni servizi disabilitati.
Prova ad usare Gargaroz per ripristinarli.

[Gabbo]

Nell' installazione, mi dà errore RegSvr32con codice in uscita 0x4, e non mi fa installare Gargaroz

[Amantide]

E' un problema in fase di risoluzione, segui questo topic.

[Gabbo]

Mmmm, sul topix mi pare di capire che il problema sia, per ora, irrisolto. Comunque sono riuscito a fare la scansione con Combofix:

ComboFix 08-11-19.08 - Andre 2008-11-20 22:44:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.572 [GMT 1:00]
Eseguito da: c:\documents and settings\Andre\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\219352.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-10-20 al 2008-11-20 )))))))))))))))))))))))))))))))))))
.

2008-11-20 21:37 . 2008-11-20 21:37 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\Sports Interactive
2008-11-20 21:37 . 2008-05-30 14:11 3,850,760 --a--c--- c:\windows\system32\D3DX9_38.dll
2008-11-20 21:37 . 2008-05-30 14:11 1,491,992 --a--c--- c:\windows\system32\D3DCompiler_38.dll
2008-11-20 21:37 . 2008-05-30 14:19 507,400 --a--c--- c:\windows\system32\XAudio2_1.dll
2008-11-20 21:37 . 2008-03-05 16:03 479,752 --a--c--- c:\windows\system32\XAudio2_0.dll
2008-11-20 21:37 . 2008-05-30 14:11 467,984 --a--c--- c:\windows\system32\d3dx10_38.dll
2008-11-20 21:37 . 2008-05-30 14:18 238,088 --a--c--- c:\windows\system32\xactengine3_1.dll
2008-11-20 21:37 . 2008-05-30 14:17 65,032 --a--c--- c:\windows\system32\XAPOFX1_0.dll
2008-11-20 21:37 . 2008-05-30 14:17 25,608 --a--c--- c:\windows\system32\X3DAudio1_4.dll
2008-11-20 21:35 . 2008-11-20 21:35 <DIR> d----c--- c:\windows\Logs
2008-11-20 18:12 . 2008-11-20 18:19 <DIR> d----c--- c:\programmi\Malwarebytes' Anti-Malware
2008-11-20 18:12 . 2008-11-20 18:12 <DIR> d-------- c:\documents and settings\Andre\Dati applicazioni\Malwarebytes
2008-11-20 18:12 . 2008-11-20 18:12 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-20 18:12 . 2008-10-22 16:10 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-20 18:12 . 2008-10-22 16:10 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2008-11-18 22:00 . 2008-11-19 15:58 <DIR> d----c--- c:\programmi\PokerStars.IT
2008-11-10 17:58 . 2008-11-10 17:58 <DIR> d----c--- c:\programmi\SUPERAntiSpyware
2008-11-10 17:58 . 2008-11-10 17:58 <DIR> d-------- c:\documents and settings\Andre\Dati applicazioni\SUPERAntiSpyware.com
2008-11-10 17:58 . 2008-11-10 17:58 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-11-10 17:57 . 2008-11-10 17:57 <DIR> d----c--- c:\programmi\File comuni\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 21:12 --------- d-----w c:\documents and settings\Andre\Dati applicazioni\Sports Interactive
2008-11-20 20:27 --------- dc----w c:\programmi\Sports Interactive
2008-11-18 21:12 --------- dc----w c:\programmi\PokerStars
2008-10-30 16:28 --------- dc----w c:\programmi\eMule
2008-10-29 19:36 --------- dc----w c:\programmi\McAfee
2008-10-24 11:10 453,632 -c--a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 17:57 --------- dc----w c:\programmi\Microsoft Silverlight
2008-10-08 18:47 --------- d-----w c:\documents and settings\Andre\Dati applicazioni\CyberLink
2008-10-08 13:23 105,920 -c--a-w c:\windows\system32\drivers\ndisio.sys
2008-10-08 13:18 --------- dc----w c:\documents and settings\LocalService\Dati applicazioni\SACore
2008-10-04 11:09 --------- dc----w c:\programmi\File comuni\McAfee
2008-10-04 11:09 --------- dc----w c:\documents and settings\All Users\Dati applicazioni\McAfee
2008-09-30 15:43 1,286,152 -c--a-w c:\windows\system32\msxml4.dll
2008-09-28 10:59 --------- dc----w c:\programmi\XoftSpySE
2008-09-15 15:38 1,846,016 -c--a-w c:\windows\system32\win32k.sys
2008-09-04 16:44 1,106,944 -c--a-w c:\windows\system32\msxml3.dll
2008-08-26 07:57 826,368 -c--a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-23_21.25.57.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-15 15:14:09 1,846,912 -c--a-w c:\windows\$hf_mig$\KB954211\SP2QFE\win32k.sys
+ 2008-09-15 15:24:38 1,846,400 -c--a-w c:\windows\$hf_mig$\KB954211\SP3GDR\win32k.sys
+ 2008-09-15 15:19:00 1,847,040 -c--a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:40 18,808 -c--a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:40 233,848 -c--a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:38 26,488 -c--a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:42:38 763,768 -c--a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:40 402,296 -c--a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:36 388,608 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 16:21:53 6,068,224 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:43 193,024 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:44 1,162,752 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:44 233,472 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:48:10 15,584 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:48:15 215,776 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:48:08 22,752 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:48:33 724,192 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:49:24 390,880 -c--a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2007-11-30 12:39:40 18,808 -c--a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:40 233,848 -c--a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:38 26,488 -c--a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 -c--a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:40 402,296 -c--a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 09:48:52 138,368 -c--a-w c:\windows\$hf_mig$\KB956803\SP2QFE\afd.sys
+ 2008-08-14 10:04:36 138,496 -c--a-w c:\windows\$hf_mig$\KB956803\SP3GDR\afd.sys
+ 2008-08-14 10:34:26 138,496 -c--a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:19:29 18,808 -c--a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:19:29 233,848 -c--a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:19:25 26,488 -c--a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:19:30 763,768 -c--a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:19:30 402,296 -c--a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 13:22:07 2,148,864 -c--a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlmp.exe
+ 2008-08-14 13:22:50 2,069,760 -c--a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
+ 2008-08-14 13:22:06 2,027,520 -c--a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrpamp.exe
+ 2008-08-14 13:22:50 2,192,896 -c--a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
+ 2008-08-14 13:55:01 2,148,864 -c--a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 17:25:08 2,069,760 -c--a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 13:54:55 2,027,520 -c--a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 17:25:04 2,192,896 -c--a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:19:29 18,808 -c--a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:19:29 233,848 -c--a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:19:25 26,488 -c--a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 -c--a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:42:45 402,296 -c--a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-08-28 10:35:33 333,056 -c--a-w c:\windows\$hf_mig$\KB957095\SP2QFE\srv.sys
+ 2008-09-08 10:41:42 333,824 -c--a-w c:\windows\$hf_mig$\KB957095\SP3GDR\srv.sys
+ 2008-09-08 11:37:19 333,824 -c--a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:19:29 18,808 -c--a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:19:29 233,848 -c--a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:19:25 26,488 -c--a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:19:30 763,768 -c--a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:19:30 402,296 -c--a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2007-11-30 12:39:40 233,848 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:40 402,296 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2008-03-20 08:06:49 1,845,248 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-11-30 12:39:40 233,848 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:40 402,296 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:19:29 233,848 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:19:30 402,296 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2007-02-28 16:06:10 2,141,184 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlmp.exe
+ 2007-02-28 16:06:09 2,020,864 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2007-02-28 16:06:09 2,020,864 -c----w c:\windows\$NtUninstallKB956841$\ntkrpamp.exe
+ 2007-02-28 16:06:10 2,141,184 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:19:29 233,848 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:42:45 402,296 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:19:29 233,848 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:19:30 402,296 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2008-11-20 20:36:24 53,248 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-11-20 20:36:24 12,800 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-11-20 20:36:24 473,600 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-11-20 20:36:20 2,676,224 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:20 2,846,720 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:21 563,712 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:21 567,296 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:21 576,000 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:22 577,024 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:22 577,536 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:23 577,536 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:23 578,560 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:25 578,560 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-20 20:36:25 145,920 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-11-20 20:36:25 159,232 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-11-20 20:36:25 364,544 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-11-20 20:36:25 178,176 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-11-20 20:36:24 223,232 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2006-05-05 09:41:46 453,120 -c----w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 16:06:10 2,141,184 -c----w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:37:10 2,146,304 -c----w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 16:06:17 2,063,104 -c----w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:37:13 2,066,688 -c----w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 16:06:09 2,020,864 -c----w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:37:08 2,024,448 -c----w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 16:06:16 2,185,856 -c----w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:37:11 2,189,696 -c----w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-20 18:02:28 163,328 -c--a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 -c--a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-06-23 16:15:47 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:15:47 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:15:47 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:15:47 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:15:47 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:22:17 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:15:47 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:15:47 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:15:47 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:15:47 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:15:48 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:15:48 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:15:48 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:22:32 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:15:48 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:15:48 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:15:48 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 08:15:50 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:15:49 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:15:49 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:15:49 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:15:49 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:15:49 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:48:15 215,776 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:15:49 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:15:49 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:15:49 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:15:49 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-11-12 16:16:15 32,768 -c--a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-09-10 09:29:03 593,920 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-12 16:17:52 593,920 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-09-10 09:29:03 12,288 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-12 16:17:52 12,288 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-10 09:29:03 86,016 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-12 16:17:52 86,016 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-09-10 09:29:03 135,168 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-12 16:17:52 135,168 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-10 09:29:03 11,264 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-12 16:17:52 11,264 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-09-10 09:29:03 27,136 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-12 16:17:52 27,136 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-10 09:29:03 4,096 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-12 16:17:52 4,096 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-10 09:29:04 794,624 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-12 16:17:52 794,624 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-09-10 09:29:03 249,856 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-12 16:17:52 249,856 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-09-10 09:29:03 61,440 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-12 16:17:52 61,440 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-09-10 09:29:04 23,040 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-12 16:17:52 23,040 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-09-10 09:29:03 286,720 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-12 16:17:52 286,720 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-09-10 09:29:03 409,600 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-12 16:17:51 409,600 -c--a-r c:\windows\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-10 16:58:28 18,944 -c--a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-11-10 16:58:28 65,024 -c--a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2006-02-03 07:41:26 14,032 -c--a-w c:\windows\LastGood\system32\x3daudio1_0.dll
+ 2006-09-28 15:03:28 15,128 -c--a-w c:\windows\LastGood\system32\x3daudio1_1.dll
+ 2007-06-20 19:45:20 18,280 -c--a-w c:\windows\LastGood\system32\x3daudio1_2.dll
+ 2005-03-18 15:23:10 53,248 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 15:23:10 12,800 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 15:23:14 473,600 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 11:38:58 2,676,224 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 15:23:10 145,920 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 15:23:10 159,232 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 15:23:14 364,544 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 15:23:12 178,176 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 15:23:14 223,232 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 14:53:06 2,846,720 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 18:32:54 563,712 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 16:23:14 567,296 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 14:15:56 576,000 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 16:21:34 577,024 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 13:11:52 577,536 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 16:20:50 577,536 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 06:40:48 578,560 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 10:27:50 578,560 -c--a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2000-08-31 06:00:00 28,672 -c--a-w c:\windows\Nircmd.exe
+ 2000-08-31 07:00:00 28,672 -c--a-w c:\windows\Nircmd.exe
- 2000-08-31 06:00:00 161,792 -c--a-w c:\windows\swreg.exe
+ 2000-08-31 07:00:00 161,792 -c--a-w c:\windows\swreg.exe
- 2008-06-23 16:15:47 124,928 -c--a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:57:14 124,928 -c--a-w c:\windows\system32\advpack.dll
+ 2007-03-12 15:42:30 1,123,696 -c--a-w c:\windows\system32\D3DCompiler_33.dll
+ 2007-05-16 15:45:16 1,124,720 -c--a-w c:\windows\system32\D3DCompiler_34.dll
+ 2007-07-19 17:14:42 1,358,192 -c--a-w c:\windows\system32\D3DCompiler_35.dll
+ 2007-10-12 14:14:00 1,374,232 -c--a-w c:\windows\system32\D3DCompiler_36.dll
+ 2008-03-05 14:56:58 1,420,824 -c--a-w c:\windows\system32\D3DCompiler_37.dll
+ 2007-03-15 15:57:58 443,752 -c--a-w c:\windows\system32\d3dx10_33.dll
+ 2007-05-16 15:45:16 443,752 -c--a-w c:\windows\system32\d3dx10_34.dll
+ 2007-07-19 17:14:42 444,776 -c--a-w c:\windows\system32\d3dx10_35.dll
+ 2007-10-02 08:56:34 444,776 -c--a-w c:\windows\system32\d3dx10_36.dll
+ 2008-02-05 22:07:36 462,864 -c--a-w c:\windows\system32\d3dx10_37.dll
+ 2005-02-05 18:45:26 2,222,800 -c--a-w c:\windows\system32\d3dx9_24.dll
+ 2005-03-18 16:19:58 2,337,488 -c--a-w c:\windows\system32\d3dx9_25.dll
+ 2005-05-26 14:34:52 2,297,552 -c--a-w c:\windows\system32\d3dx9_26.dll
+ 2005-07-22 18:59:04 2,319,568 -c--a-w c:\windows\system32\d3dx9_27.dll
+ 2005-12-05 17:09:18 2,323,664 -c--a-w c:\windows\system32\d3dx9_28.dll
+ 2006-02-03 07:43:16 2,332,368 -c--a-w c:\windows\system32\d3dx9_29.dll
+ 2006-03-31 11:40:58 2,388,176 -c--a-w c:\windows\system32\d3dx9_30.dll
+ 2006-09-28 15:05:20 2,414,360 -c--a-w c:\windows\system32\d3dx9_31.dll
+ 2006-11-29 12:06:18 3,426,072 -c--a-w c:\windows\system32\d3dx9_32.dll
+ 2007-03-12 15:42:30 3,495,784 -c--a-w c:\windows\system32\d3dx9_33.dll
+ 2007-05-16 15:45:16 3,497,832 -c--a-w c:\windows\system32\d3dx9_34.dll
+ 2007-07-19 17:14:42 3,727,720 -c--a-w c:\windows\system32\d3dx9_35.dll
+ 2007-10-12 14:14:00 3,734,536 -c--a-w c:\windows\system32\d3dx9_36.dll
+ 2008-03-05 14:56:58 3,786,760 -c--a-w c:\windows\system32\D3DX9_37.dll
- 2008-06-23 16:15:47 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:57:14 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
- 2008-06-23 16:15:47 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:57:14 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:15:47 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:57:14 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 16:15:47 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:57:14 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-06-23 16:15:47 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:57:14 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-06-23 09:22:17 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:39:58 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:15:47 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:57:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-06-23 16:15:47 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:57:15 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-06-23 16:15:47 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:57:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:15:47 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:57:15 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:15:48 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 16:58:43 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-06-23 16:15:48 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:57:17 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-06-23 16:15:48 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:57:17 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-06-23 09:22:32 625,664 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-06-23 16:15:48 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:57:18 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-05 09:41:46 453,120 -c--a-w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c--a-w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-06-23 16:15:48 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:57:18 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-23 16:15:48 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:57:18 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-24 08:15:50 3,592,192 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 08:57:22 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-06-23 16:15:49 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:57:20 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 16:15:49 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:57:21 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 16:15:49 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:57:21 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:38 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:44:18 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:29:46 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:30 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 16:06:10 2,141,184 -c--a-w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:37:10 2,146,304 -c--a-w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 16:06:17 2,063,104 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:37:13 2,066,688 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:06:09 2,020,864 -c--a-w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:37:08 2,024,448 -c--a-w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:06:16 2,185,856 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 13:37:11 2,189,696 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:15:49 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:57:21 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-06-23 16:15:49 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:57:21 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2008-06-23 16:15:49 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:57:21 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-06-23 16:15:49 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:57:22 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-06-23 16:15:49 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:57:22 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-03-20 08:06:49 1,845,248 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 15:38:29 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2008-06-23 16:15:49 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:57:22 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-06-20 10:44:38 138,368 -c--a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w c:\windows\system32\drivers\afd.sys
- 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\drivers\srv.sys
- 2008-06-23 16:15:47 347,136 -c--a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:57:14 347,136 -c--a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 16:15:47 214,528 -c--a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:57:14 214,528 -c--a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 16:15:47 133,120 -c--a-w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:57:14 133,120 -c--a-w c:\windows\system32\extmgr.dll
- 2008-07-16 17:41:57 333,872 -c--a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-16 16:33:52 333,872 -c--a-w c:\windows\system32\FNTCACHE.DAT
- 2008-06-23 16:15:47 63,488 -c--a-w c:\windows\system32\icardie.dll
+ 2008-08-26 07:57:14 63,488 -c--a-w c:\windows\system32\icardie.dll
- 2008-06-23 09:22:17 70,656 -c--a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:39:58 70,656 -c--a-w c:\windows\system32\ie4uinit.exe
- 2008-06-23 16:15:47 153,088 -c--a-w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:57:14 153,088 -c--a-w c:\windows\system32\ieakeng.dll
- 2008-06-23 16:15:47 230,400 -c--a-w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:57:15 230,400 -c--a-w c:\windows\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c--a-w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\ieakui.dll
- 2008-06-23 16:15:47 383,488 -c--a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:57:15 383,488 -c--a-w c:\windows\system32\ieapfltr.dll
- 2008-06-23 16:15:47 384,512 -c--a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:57:15 384,512 -c--a-w c:\windows\system32\iedkcs32.dll
- 2008-06-23 16:15:48 6,066,176 -c--a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 16:58:43 6,066,176 -c--a-w c:\windows\system32\ieframe.dll
- 2008-06-23 16:15:48 44,544 -c--a-w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:57:17 44,544 -c--a-w c:\windows\system32\iernonce.dll
- 2008-06-23 16:15:48 267,776 -c--a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 07:57:17 267,776 -c--a-w c:\windows\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c--a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c--a-w c:\windows\system32\ieudinit.exe
- 2008-06-23 16:15:48 27,648 -c--a-w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:57:18 27,648 -c--a-w c:\windows\system32\jsproxy.dll
- 2008-08-26 20:28:12 16,208,504 -c--a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:26 17,318,336 -c--a-w c:\windows\system32\MRT.exe
- 2008-06-23 16:15:48 459,264 -c--a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:57:18 459,264 -c--a-w c:\windows\system32\msfeeds.dll
- 2008-06-23 16:15:48 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:57:18 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll
- 2008-06-24 08:15:50 3,592,192 -c--a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 08:57:22 3,593,216 -c--a-w c:\windows\system32\mshtml.dll
- 2008-06-23 16:15:49 477,696 -c--a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:57:20 477,696 -c--a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 16:15:49 193,024 -c--a-w c:\windows\system32\msrating.dll
+ 2008-08-26 07:57:21 193,024 -c--a-w c:\windows\system32\msrating.dll
- 2008-06-23 16:15:49 671,232 -c--a-w c:\windows\system32\mstime.dll
+ 2008-08-26 07:57:21 671,232 -c--a-w c:\windows\system32\mstime.dll
- 2004-09-07 20:00:00 1,392,671 -c--a-w c:\windows\system32\msvbvm60.dll
+ 2004-02-23 20:42:40 1,386,496 -c--a-w c:\windows\system32\msvbvm60.dll
- 2006-08-17 12:29:46 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:30 332,800 -c--a-w c:\windows\system32\netapi32.dll
- 2007-02-28 16:06:09 2,020,864 -c--a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:37:08 2,024,448 -c--a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 16:06:10 2,141,184 -c--a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:37:10 2,146,304 -c--a-w c:\windows\system32\ntoskrnl.exe
- 2008-06-23 16:15:49 102,912 -c--a-w c:\windows\system32\occache.dll
+ 2008-08-26 07:57:21 102,912 -c--a-w c:\windows\system32\occache.dll
- 2008-09-23 17:04:52 53,572 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-20 19:31:21 53,572 ----a-w c:\windows\system32\perfc009.dat
- 2008-09-23 17:04:52 64,118 ----a-w c:\windows\system32\perfc010.dat
+ 2008-11-20 19:31:21 64,118 ----a-w c:\windows\system32\perfc010.dat
- 2008-09-23 17:04:52 381,828 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-20 19:31:21 381,828 ----a-w c:\windows\system32\perfh009.dat
- 2008-09-23 17:04:52 427,054 ----a-w c:\windows\system32\perfh010.dat
+ 2008-11-20 19:31:21 427,054 ----a-w c:\windows\system32\perfh010.dat
- 2008-06-23 16:15:49 44,544 -c--a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:57:21 44,544 -c--a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:40 18,808 -c----w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:06:04 18,808 -c----w c:\windows\system32\spmsg.dll
- 2008-06-23 16:15:49 105,984 -c--a-w c:\windows\system32\url.dll
+ 2008-08-26 07:57:21 105,984 -c--a-w c:\windows\system32\url.dll
- 2008-06-23 16:15:49 1,159,680 -c--a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:57:22 1,159,680 -c--a-w c:\windows\system32\urlmon.dll
- 2008-06-23 16:15:49 233,472 -c--a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:57:22 233,472 -c--a-w c:\windows\system32\webcheck.dll
+ 2006-02-03 07:41:26 14,032 -c--a-w c:\windows\system32\x3daudio1_0.dll
+ 2007-03-05 11:42:18 15,128 -c--a-w c:\windows\system32\x3daudio1_1.dll
+ 2007-10-22 02:37:16 17,928 -c--a-w c:\windows\system32\X3DAudio1_2.dll
+ 2008-03-05 15:00:06 25,608 -c--a-w c:\windows\system32\X3DAudio1_3.dll
+ 2006-02-03 07:42:06 230,096 -c--a-w c:\windows\system32\xactengine2_0.dll
+ 2006-03-31 11:39:48 229,584 -c--a-w c:\windows\system32\xactengine2_1.dll
+ 2007-10-22 02:39:54 267,272 -c--a-w c:\windows\system32\xactengine2_10.dll
+ 2006-05-31 06:24:16 230,168 -c--a-w c:\windows\system32\xactengine2_2.dll
+ 2006-07-28 08:30:32 236,824 -c--a-w c:\windows\system32\xactengine2_3.dll
+ 2006-09-28 15:05:56 237,848 -c--a-w c:\windows\system32\xactengine2_4.dll
+ 2006-12-08 11:02:00 251,672 -c--a-w c:\windows\system32\xactengine2_5.dll
+ 2007-01-24 14:27:30 255,848 -c--a-w c:\windows\system32\xactengine2_6.dll
+ 2007-04-04 17:55:00 261,480 -c--a-w c:\windows\system32\xactengine2_7.dll
+ 2007-06-20 19:46:04 266,088 -c--a-w c:\windows\system32\xactengine2_8.dll
+ 2007-07-19 23:57:12 267,112 -c--a-w c:\windows\system32\xactengine2_9.dll
+ 2008-03-05 15:03:20 238,088 -c--a-w c:\windows\system32\xactengine3_0.dll
+ 2006-03-31 11:39:24 62,672 -c--a-w c:\windows\system32\xinput1_1.dll
+ 2006-07-28 08:30:14 62,744 -c--a-w c:\windows\system32\xinput1_2.dll
+ 2007-04-04 17:53:42 81,768 -c--a-w c:\windows\system32\xinput1_3.dll
+ 2005-12-05 17:07:30 61,136 -c--a-w c:\windows\system32\xinput9_1_0.dll
+ 2008-09-30 15:42:08 1,286,152 -c--a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12 91,656 -c--a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-07 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ntiMUI"="c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-09-07 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 346112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"CCUTRAYICON"="c:\programmi\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-06-05 303104]
"NMSSupport"="c:\programmi\File comuni\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 375296]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"ShStatEXE"="c:\programmi\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\programmi\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-01-01 45056]
Acer WLAN 11g USB Dongle.lnk - c:\programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-05-05 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Acer Zone\\Picture Slide DVD\\Component\\CLSLDVD.exe"=
"c:\\Programmi\\Acer Zone\\Plug and Record\\Component\\ARAWP.exe"=
"c:\\Programmi\\Acer Zone\\Plug and Record\\Component\\DVAX2Process.exe"=
"c:\\Programmi\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2009\\fm.exe"=

R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFECP13.SYS [1998-09-25 52800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\programmi\McAfee\SiteAdvisor\McSACore.exe" [2008-10-04 203280]
R3 int15.sys;int15.sys;\??\c:\acer\Empowering Technology\eRecovery\int15.sys [2007-01-01 69632]
R3 LVHybrid;LVHybrid service;c:\windows\system32\DRIVERS\LVHybrid.sys [2006-05-15 892032]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);c:\windows\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c8cdb4-0959-11dd-a6b5-f5d1bc6ffc4a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \pendrive2007\default.htm
.
Contenuto della cartella 'Scheduled Tasks'

2008-07-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 16:17]

2008-11-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 16:17]

2008-11-10 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2004-09-07 21:00]

2008-11-20 c:\windows\Tasks\XoftSpySE 2.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2008-08-19 23:37]

2008-08-25 c:\windows\Tasks\XoftSpySE.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2008-08-19 23:37]
.
- - - - ORFÃOS REMOVIDOS - - - -

SafeBoot-nynwrrfl.sys
SafeBoot-ppjuwjmq.sys


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.tuttomercatoweb.com/?action=search&section=1
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Baba\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe -
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Baba\Menu Avvio\Programmi\IMVU\Run IMVU.lnk -

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 22:46:27
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-11-20 22:47:37
ComboFix-quarantined-files.txt 2008-11-20 21:47:23
ComboFix2.txt 2008-09-23 19:26:32

Pre-Run: 98,574,819,328 byte disponibili
Post-Run: 99,089,399,808 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

596 --- E O F --- 2008-11-12 16:19:55

[Amantide]

Siccome in questi log spunta sempre qualcosa di nuovo, forse è meglio se approfondiamo un po' la situazione.

Fai anche la scansione con Kaspersky online, salva il report della scansione ed allegalo qui, forse in questo modo riusciremo a capire cosa ricrea di continuo questi file infetti.

[Gabbo]

Devo fare lo scan di "my Computer", "critical areas"o di qualche altra cosa?

[Amantide]

"My computer"

[Gabbo]

La scansione l'avrei anche fatta... però i risultati me li ha salvati con un' estensione stranissima che poi non riesce a riaprire...

[Amantide]

La scansione l'avrei anche fatta... però i risultati me li ha salvati con un' estensione stranissima che poi non riesce a riaprire...

Che estensione è? Dovresti riuscire ad aprirlo con il browser.

[Gabbo]

Mi dice: "Tipo: FILE REPORT", sul browser non so come funziona.

[Amantide]

Prova a cliccare sul file con il tasto destro>> seleziona Apri con...>> Internet Explorer.

[Gabbo]

Scusa per la mia lunga assenza, comunque mi si sono presentati nuovi problemi, oltre a non aver risolto quello della connessione..... Infatti accendendo il pc mi appare una finestra con scritto: " impossibile gestire un'eccezione generata dall' applicazione ID processo: 0x934 (2356), ID thread: 0x950 (2384)" mi chiede poi o di fare il debug o di terminare l' operazione, se scelgo di fare il debug mi dà: "Il debugger JiT registrato non è disponibile. Durante il tentativo di avvio del debugger JIT con il comando sottostanteè stato restituito al codice di errore 0x2 (2). Controllare le impostazioni di sistema. cordbg.exe!a0860." Cosa vuol dire tutto ciò? Io comunqe ho tentato di fare una scansione col vecchio di link di Kaspersky, ma non me la fa iniziare perché dice che devo scaricare l' aggiornamento 1.5 di Java, cosa che io avevo già fatto......... Cosa devo fare?

[Gabbo]

Inoltre da quando si presentano queste cose noto che il pc è molto rallentato in alcune funzioni, ad esempio su internet a caricare le pagine, ma anche a caricare applicazioni...

[Amantide]

Allora, facendo un po' di ricerche, pare di capire che il problema sia dovuto al McAfee.

Prova a disinstallarlo, utilizzando questo specifico tool di rimozione e reinstallare l'ultima versione aggiornata o meglio ancora un antivirus più efficace.

[Gabbo]

Ok grazie, magari non è che mi potresti linkare qualche installazione di un AntiVirus che mi consigli? eseguendo quel tool ad un certo punto si interrompe e si apre la finestra: "MacAfee Enterprise software detected. Cannot continue. Please contact MacAfee Technical Support"

[Amantide]

Ok, allora prova prima a disinstallare McAfee normalmente, dal pannello di controllo, e poi ripassa anche il tool.

Come antivirus ti posso consigliare Antivir.

[Gabbo]

Nel frattempo accendendo il browser internet explorer sono apparse due finestre che dicono che ho il compuuter pieno di virus e malware e mi propongono una scansione... come devo agire?

[Amantide]

Nel frattempo accendendo il browser internet explorer sono apparse due finestre che dicono che ho il compuuter pieno di virus e malware e mi propongono una scansione... come devo agire?

Sono proprio queste finestre ad essere i virus

Intanto sostituisci l'antivirus e fai la scansione completa con quello nuovo. Posta qui il suo report della scansione.

[Gabbo]

Avira AntiVir Personal
Report file date: lunedì 30 marzo 2009 19:45

Scanning for 1330401 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ZLATAN

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 22/03/2009 19:52:07
ANTIVIR3.VDF : 7.1.2.229 276480 Bytes 29/03/2009 19:52:09
Engineversion : 8.2.0.129
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
AESCRIPT.DLL : 8.1.1.70 369019 Bytes 29/03/2009 19:52:14
AESCN.DLL : 8.1.1.8 127346 Bytes 29/03/2009 19:52:13
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.11 397687 Bytes 29/03/2009 19:52:13
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.111 1679736 Bytes 29/03/2009 19:52:12
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.31 340341 Bytes 29/03/2009 19:52:09
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 12:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programmi\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: lunedì 30 marzo 2009 19:45

Starting search for hidden objects.
'134130' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'mpbtn.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
Scan process 'Mctray.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned
Scan process 'IntelHCTAgent.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ELService.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'AlertService.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
C:\WINDOWS\system32\dmconfig32.dll
[DETECTION] Is the TR/Spy.Gen Trojan

The registry was scanned ( '93' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Andre\icqr.exe
[DETECTION] Is the TR/Virtl.24793 Trojan
C:\Documents and Settings\Andre\qanbk.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\Andre\vrkxe.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\Andre\Impostazioni locali\Temporary Internet Files\Content.IE5\7B58YTTH\live-tv-5331[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
C:\Documents and Settings\Andre\Impostazioni locali\Temporary Internet Files\Content.IE5\WHH1DH0E\live-tv-5427[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
C:\Documents and Settings\Baba\Documenti\LimeWire\Incomplete\T-3555427-next to me last shadow monkeys (320k stereo).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Incomplete\T-5045425-vento barbara casini (rare track).snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\CD 1 - Muse - In your world.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\come musica giovanotti - greatest hits.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.2 Trojan
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\come musica jovanotti.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\dire straights MTV.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\jet plane bjork - greatest hits.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.3 Trojan
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\jet plane bjork.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\johnny lee.mp3y
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\kings of convenience [160k quality].mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\le onde einaudi - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\one day i ll fly away moulin [256k quality].mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\one love aiden CD quality.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\rainy day coldplay.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\yoko shimomura dearly beloved.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.3 Trojan
C:\Documents and Settings\Baba\Documenti\Musica\musica\da MP3\da monti\simple plan - always.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Baba\Impostazioni locali\Temp\photo.zip
[0] Archive type: ZIP
photo1226.jpeg-www.myspace.com
[DETECTION] Is the TR/Mondera.19456 Trojan
C:\QooBox\Quarantine\C\WINDOWS\system32\219352.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\2uecalpy.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\104626.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bot.68098 back-door program
C:\WINDOWS\system32\3.tmp
[DETECTION] Is the TR/Agent2.crv Trojan
C:\WINDOWS\system32\5.tmp
[DETECTION] Is the TR/Agent2.crv Trojan
C:\WINDOWS\system32\6.tmp
[DETECTION] Is the TR/Agent2.crv Trojan
C:\WINDOWS\system32\CA5.tmp
[DETECTION] Is the TR/Agent2.crv Trojan
C:\WINDOWS\system32\dmconfig32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
C:\WINDOWS\system32\secupdat.dat
[DETECTION] Is the TR/Spy.Gen Trojan
C:\WINDOWS\system32\drivers\ifusubjl.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.dwi root kit
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\ndisio.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\NetworkService32\76.crack.zip
[0] Archive type: ZIP
crack.by.ORiON/crack.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\system32\NetworkService32\77.keygen.zip
[0] Archive type: ZIP
keygen.from.Black.X/keygen.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\system32\NetworkService32\78.serial.zip
[0] Archive type: ZIP
keymaker_by_CORE/CORE10k.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
keymaker_by_CORE/keymaker.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\system32\NetworkService32\79.setup.zip
[0] Archive type: ZIP
keygen_from_iFLUENCE/keygen.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\system32\NetworkService32\80.music.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\WINDOWS\system32\NetworkService32\81.music.snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\WINDOWS\system32\NetworkService32\83.music.au
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\WINDOWS\system32\NetworkService32\84.video.wmv
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
Begin scan in 'D:\' <ACERDATA>
D:\documenti\Musica\musica\da MP3\da monti\simple plan - always.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

Beginning disinfection:
C:\WINDOWS\system32\dmconfig32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4ed54bb1.qua'!
C:\Documents and Settings\Andre\icqr.exe
[DETECTION] Is the TR/Virtl.24793 Trojan
[NOTE] The file was moved to '4a4215e0.qua'!
C:\Documents and Settings\Andre\qanbk.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a3f15de.qua'!
C:\Documents and Settings\Andre\vrkxe.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a3c15ef.qua'!
C:\Documents and Settings\Andre\Impostazioni locali\Temporary Internet Files\Content.IE5\7B58YTTH\live-tv-5331[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4a4715e6.qua'!
C:\Documents and Settings\Andre\Impostazioni locali\Temporary Internet Files\Content.IE5\WHH1DH0E\live-tv-5427[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4cc82aa7.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Incomplete\T-3555427-next to me last shadow monkeys (320k stereo).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a0415ab.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Incomplete\T-5045425-vento barbara casini (rare track).snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a0615ab.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\CD 1 - Muse - In your world.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49f115c3.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\come musica giovanotti - greatest hits.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.2 Trojan
[NOTE] The file was moved to '4a3e15ee.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\come musica jovanotti.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a3e15ef.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\dire straights MTV.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a4315e9.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\jet plane bjork - greatest hits.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.3 Trojan
[NOTE] The file was moved to '4a4515e6.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\jet plane bjork.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '420dbda7.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\johnny lee.mp3y
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a3915f1.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\kings of convenience [160k quality].mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a3f15ec.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\le onde einaudi - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49f115ea.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\one day i ll fly away moulin [256k quality].mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a3615f4.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\one love aiden CD quality.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a3615f5.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\rainy day coldplay.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a3a15e9.qua'!
C:\Documents and Settings\Baba\Documenti\LimeWire\Saved\yoko shimomura dearly beloved.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.3 Trojan
[NOTE] The file was moved to '4a3c15f8.qua'!
C:\Documents and Settings\Baba\Documenti\Musica\musica\da MP3\da monti\simple plan - always.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a3e15f3.qua'!
C:\Documents and Settings\Baba\Impostazioni locali\Temp\photo.zip
[NOTE] The file was moved to '4a4015f3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\219352.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a0a15bc.qua'!
C:\WINDOWS\2uecalpy.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a361600.qua'!
C:\WINDOWS\system32\104626.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bot.68098 back-door program
[NOTE] The file was moved to '4a0515bc.qua'!
C:\WINDOWS\system32\3.tmp
[DETECTION] Is the TR/Agent2.crv Trojan
[NOTE] The file was moved to '4a4515ba.qua'!
C:\WINDOWS\system32\5.tmp
[DETECTION] Is the TR/Agent2.crv Trojan
[NOTE] The file was moved to '4cd37843.qua'!
C:\WINDOWS\system32\6.tmp
[DETECTION] Is the TR/Agent2.crv Trojan
[NOTE] The file was moved to '4cdf98a3.qua'!
C:\WINDOWS\system32\CA5.tmp
[DETECTION] Is the TR/Agent2.crv Trojan
[NOTE] The file was moved to '4a0615cd.qua'!
C:\WINDOWS\system32\dmconfig32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4a3415fa.qua'!
C:\WINDOWS\system32\secupdat.dat
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4a3415f2.qua'!
C:\WINDOWS\system32\drivers\ifusubjl.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.dwi root kit
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4a4615f3.qua'!
C:\WINDOWS\system32\drivers\ndisio.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] TR/Rootkit.Gen:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru]
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4a3a15f6.qua'!
C:\WINDOWS\system32\NetworkService32\76.crack.zip
[NOTE] The file was moved to '49ff15ca.qua'!
C:\WINDOWS\system32\NetworkService32\77.keygen.zip
[NOTE] The file was moved to '49ff15cb.qua'!
C:\WINDOWS\system32\NetworkService32\78.serial.zip
[NOTE] The file was moved to '49ff15cc.qua'!
C:\WINDOWS\system32\NetworkService32\79.setup.zip
[NOTE] The file was moved to '49ff15cd.qua'!
C:\WINDOWS\system32\NetworkService32\80.music.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49ff15c4.qua'!
C:\WINDOWS\system32\NetworkService32\81.music.snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49ff15c6.qua'!
C:\WINDOWS\system32\NetworkService32\83.music.au
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49ff15c8.qua'!
C:\WINDOWS\system32\NetworkService32\84.video.wmv
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49ff15c9.qua'!
D:\documenti\Musica\musica\da MP3\da monti\simple plan - always.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a3e15fe.qua'!


End of the scan: lunedì 30 marzo 2009 20:55
Used time: 1:07:32 Hour(s)

The scan has been done completely.

11812 Scanned directories
649385 Files were scanned
48 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
43 Files were moved to quarantine
0 Files were renamed
5 Files cannot be scanned
649332 Files not concerned
10179 Archives were scanned
6 Warnings
45 Notes
134130 Objects were scanned with rootkit scan
0 Hidden objects were found