Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Problemi con i sistemi operativi di casa Microsoft? Questa è la sezione che fa per te!

OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda sandropasqua » sab nov 01, 2008 10:50 pm

Qualcuno avrà già seguito le prime fasi del problema. Dopo una serie di operazioni + o - standard svolte sul pc di un amica (operazioni che faccio da tempo sul mio pc) si sono manifestati dei guai con perdita di funzionalità del cestino e rallentamento di alcune operazioni ( Post "Utilità di cestino bloccate" e " una provocazione").

NOTA, gli strumenti utilizzati li uso da anni senza guai e sono noti ai più: Easy cleaner RegCleaner jv 16, revo uninstaller, installato avast e spy bot, aggiornamenti di windows tranne sp3. passato a explorer 7. Deframmentato........

Ho eseguito le stesse operazioni operazione su un secondo PC nella stessa abitazione (non in rete). PC vecchio, ben funzionante, ma la pulizia si imponeva (ho trovato tonnellate di file inutilizzati e basi di registro obsolete). PESSIMA IDEA [V]

ORMAI COMINCIO A CREDERE CHE CI SIA STATO QUALCHE MIO GRAVE PROBLEMA DI GESTIONE NEI PROGRAMMI USATI [uhm] (mai successo ma possibilissimo) O CHE LA MIA CHIAVE USB SIA (non ci credo) PORTATRICE SANA DI GROSSO VIRUS [boh]

Risultato: il pc necessita di più di 10 min per partire (prima volava), perdita funzionalità cestino, messaggi di errore (Impossibile caricare o eseguire il file « system » specificato nel registro. Verificate che il file esista nel pc o sopprimete il riferimento nel registro -- problema ora apparentemente sparito), memoria imballata, file di registro credo in poltiglia, disco che gira come un matto senza risultati visibili. in Pratica PC tartaruga al limite del blocco.

Tentato ripristino di sistema........ ma ultimo backup troppo tardivo
Tentato Undo dei programmi di pulizia registro ma risulta impossibile essendo i programmi degli stand alone e già cestinati perché il proprietario del pc non li avrebbe usati regolarmente, il cestino con le funzioni sballate ha già cancellato tutti i files!!!!

IN BREVE: GLI HO SFATTO IL PC!! E' la prima volta che mi succede. Chi mi aiuta?? [cry] [cry+]
Il mio computer funziona benissimo........quando funziona
Avatar utente
sandropasqua
Senior Member
Senior Member
 
Messaggi: 166
Iscritto il: dom feb 18, 2007 12:36 pm
Località: Verona

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda crazy.cat » dom nov 02, 2008 10:56 am

La sfiga è sempre in aguato, se non ci sono punti di ripristino da poter usare e recuperare un backup, puoi solo tentare un start - esegui - sfc /scannow e vedere se ti ripristina qualche file di sistema (ma dubito ti servirà a molto).
Poi buona formattazione...
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda sandropasqua » dom nov 02, 2008 7:34 pm

Forse col vostro aiuto qualcosa si puo' salvare. [uhm] E forse il pc non é spappolato, é solo confuso.
Il PC oggi va meglio (poco ma meglio), mistero dell'informatica. Ho aumentato la memoria virtuale portandola a 1gb
Il mess d'errore " (System) Windows non riesce a accedere alla periferica al percorso o al file specificato. Forse non disponete delle autorizzazioni necessarie per accedere all’elemento" e il seguito "Impossibile caricare o eseguire il file « system » specificato nel registro. Verificate che il file esiste nel pc o sopprimete il riferimento nel registro" sembra sparito

sfc /scannow per ora non possibile (il mio amico non trova il cd di install. [B)] )

Il cestino non va ma avevo risolto sull'altro pc con Amantide. Posto nuovo Log (scusate ma non riesco a allegare file. Ma come si fa che non trovo? A volte sono proprio tonto [acc2] [fischio] ). volete guardarci?

Grazie mille
________________________________________________________________

ComboFix 08-11-01.06 - Jean-Pierre 2008-11-02 17:39:06.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.8 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Jean-Pierre\Bureau\Combofix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\setup.exe
C:\WINDOWS\config\svchost.exe
C:\WINDOWS\jestertb.dll
C:\WINDOWS\pi.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system32\dao350.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-02 au 2008-11-02 ))))))))))))))))))))))))))))))))))))
.

2008-11-01 20:52 . 2008-11-01 20:52 445,016 --a------ C:\WINDOWS\system32\perfh040.dat
2008-11-01 20:52 . 2008-11-01 20:52 63,614 --a------ C:\WINDOWS\system32\perfc040.dat
2008-11-01 16:25 . 2008-11-01 16:26 <REP> d-------- C:\Documents and Settings\Jean-Pierre\Application Data\Auslogics
2008-11-01 15:46 . 2008-11-01 15:46 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-11-01 13:47 . 2008-11-01 13:47 <REP> d-------- C:\Program Files\Auslogics
2008-11-01 13:07 . 2008-11-01 13:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-11-01 13:07 . 2008-11-01 13:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-01 13:05 . 2008-11-01 13:05 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-11-01 12:57 . 2008-04-11 19:51 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-11-01 12:57 . 2008-05-01 15:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-11-01 12:56 . 2008-08-28 11:04 333,056 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-11-01 12:56 . 2008-06-14 18:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-11-01 12:56 . 2008-08-14 10:51 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-11-01 12:55 . 2008-08-14 14:44 2,182,400 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-11-01 12:55 . 2008-08-14 14:44 2,138,112 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-11-01 12:55 . 2008-08-14 14:44 2,059,776 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-11-01 12:55 . 2008-08-14 14:44 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-11-01 12:55 . 2008-09-15 16:39 1,846,144 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-11-01 12:51 . 2008-11-01 12:51 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-11-01 12:50 . 2008-10-15 17:59 332,800 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-11-01 12:44 . 2008-11-01 12:44 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-11-01 12:44 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-11-01 12:44 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-11-01 12:42 . 2008-11-01 12:42 <REP> d-------- C:\Program Files\Wanadoo
2008-11-01 12:42 . 2008-11-01 12:42 <REP> d-------- C:\Program Files\SAGEM
2008-11-01 12:41 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-11-01 12:41 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-11-01 12:41 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-11-01 12:41 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-11-01 12:34 . 2008-11-01 12:34 <REP> d-------- C:\Program Files\VSO
2008-11-01 12:33 . 2008-11-01 12:33 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-11-01 12:33 . 2008-11-01 12:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-08 12:19 . 2008-10-08 12:19 18,486 -rahs---- C:\WINDOWS\system32\cradle_of_filth.vbe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 17:20 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2008-10-21 17:20 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2008-10-21 17:20 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2008-10-01 13:20 13,312 ----a-w C:\WINDOWS\system32\svrapi.dll
2008-09-25 10:31 --------- d-----w C:\Program Files\QuickTime
2008-09-25 10:31 --------- d-----w C:\Program Files\Apple Software Update
2008-09-25 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-05 22:30 952,360 ------w C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-08-20 05:37 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-08-20 05:37 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-08-20 05:37 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-08-20 05:37 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-08-20 05:37 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-08-14 13:44 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2003-05-22 14:03 14,866,678 ----a-w C:\Documents and Settings\Dani\Mes documents.zip
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-05-02 49152]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2004-10-08 16384]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [2004-08-23 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCam Go Sti Service Application"="wbcgosvc" [X]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 4640768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-11-04 53248]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 32768]
"nwiz"="nwiz.exe" [2003-05-02 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2004-10-08 573440]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-10-08 196608]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2002-08-25 110592]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoHardwareTab"= 1 (0x1)
"NoRecycleFiles"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.CJPG"= ctwbjpg.dll
"SENTINEL"= snti386.dll
"MSACM.NSPAC"= NSPAC32.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 FLASHREADER;%FLASHREADER.SvcDesc%;C:\WINDOWS\system32\Drivers\causb.sys [2001-12-04 68164]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-01-07 165888]
S3 WBCGOHAL;WBCGOHAL;C:\WINDOWS\system32\DRIVERS\Wbcgohal.sys [2001-12-22 6592]
S3 WBCGOVID;Video Blaster WebCam Go (WDM);C:\WINDOWS\system32\DRIVERS\wbcgovid.sys [2001-12-21 86656]
S3 WCGOHAL;WCGOHAL;C:\WINDOWS\system32\drivers\wbcgohal.sys [2001-12-22 6592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292babda-325a-11dd-9b7c-000c6e45d9ca}]
\Shell\AutoRun\command - G:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f65feba-a1a8-11d8-96b2-000c6e45d9ca}]
\Shell\AutoRun\command - G:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9989dfa-2da4-11dd-9b73-000c6e45d9ca}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc9a193c-4912-11dd-9b96-000c6e45d9ca}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-09-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Winspn - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O9 -: { - C:\Program Files\Messenger\msmsgs.exe
O9 -: {C:\Program Files\Messenger\msmsgs.exe - -
O15 -: Trusted Zone: *.musicmatch.com
O18 -: Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\itss50.dll

O16 -: DirectAnimation Java Classes - C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 17:47:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-11-02 17:51:55 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-02 16:50:48

Avant-CF: 7 645 167 616 octets libres
Après-CF: 8,273,084,416 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

188 --- E O F --- 2008-11-01 14:47:54
Il mio computer funziona benissimo........quando funziona
Avatar utente
sandropasqua
Senior Member
Senior Member
 
Messaggi: 166
Iscritto il: dom feb 18, 2007 12:36 pm
Località: Verona


Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda Amantide » dom nov 02, 2008 7:40 pm

Sai cosa ti dico? Butta tutti i programmi di pulizia che hai usato fino d'ora e usa solo CCleaner per la pulizia del registro ed Malwarebytes' Anti-Malware e ComboFix contro i malware.

Il pc era pieno di schifezzuole, ma qualcosa ha già eliminato Combofix.
Ora con calma controllo il log e ti dirò se c'è altro da eliminare.

Per inserire il log devi cliccare sul bottone con suscritto LOG
Codice: Seleziona tutto
[LOG][/LOG]

ed inserire il log in mezzo
Codice: Seleziona tutto
[LOG]qui va incollato il log[/LOG]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda sandropasqua » dom nov 02, 2008 7:54 pm

Grazie per l'intervento, attendo con ansia e speranza. [sh]
Seguo il tuo consiglio. Butto via tutti i programmi
Il mio computer funziona benissimo........quando funziona
Avatar utente
sandropasqua
Senior Member
Senior Member
 
Messaggi: 166
Iscritto il: dom feb 18, 2007 12:36 pm
Località: Verona

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda sandropasqua » dom nov 02, 2008 8:21 pm

Rifatto giro di Combo fix giusto per gioco.
Avuto messaggio carino che traduco per la vostra gioia (il PC é in francese)
"system32 non é riconosciuto come comando interno o esterno, programma eseguibile o file di comando" [std]

Altri indizi farebbero pensare a una partecipazione di causa del sistema di accesso a internet e driver relativi (livebox di Wanadoo) Sembra quasi che il pc cambi parte della sua configurazione a ogni volta

ciao ciao
Il mio computer funziona benissimo........quando funziona
Avatar utente
sandropasqua
Senior Member
Senior Member
 
Messaggi: 166
Iscritto il: dom feb 18, 2007 12:36 pm
Località: Verona

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda Amantide » dom nov 02, 2008 8:34 pm

Scarica The Avenger, estrailo in una cartella ed avvia il file avenger.exe.
Incolla il seguente spript nello spazio bianco sotto alla voce Input script here, togli la spunta alla voce Scan for rootkits e clicca su Execute.

Files to delete:
C:\WINDOWS\system32\cradle_of_filth.vbe

Il pc dovrebbe riavviarsi, se così non fosse, riavvialo manualmente.
Al riavvio dovrebbe apparire il log avenger.txt, posta qui il suo contenuto.

Fatto questo, assicurati di inserire nel pc tutte le unità rimovibili come Pen Drive ed hard disk esterni, che sono venuti in contatto con questo pc, e fai la scansione con Perlovga Removal Tool come spiegato qui.

Elimina anche dal registro di sistema questi valori indicati in rosso:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoHardwareTab"= 1 (0x1)
"NoRecycleFiles"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)


Alla fine rifai la scansione con Combofix ed allega qui il nuovo report.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda sandropasqua » lun nov 03, 2008 11:10 am

ci sto lavorando. Fatto nuovo scan con Avast, trovati nuovi mostri. A ogni nuovo avvio é sempre una sorpresa! Verso le 13.00 dovrei avere una risposta. Siete grandi (grazie Amantide!!!)
Il mio computer funziona benissimo........quando funziona
Avatar utente
sandropasqua
Senior Member
Senior Member
 
Messaggi: 166
Iscritto il: dom feb 18, 2007 12:36 pm
Località: Verona

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda sandropasqua » lun nov 03, 2008 2:39 pm

Infine ecco il tutto!!

Combofix insiste con il suo messaggio
"system32 non é riconosciuto come comando interno o esterno, programma eseguibile o file di comando"

Il pc in modalità provvisoria viaggia come una scheggia!!!!!! Dopo ricerca e eradicazione vari virus (vedi log) la situazione non é molto cambiata. [V] Cosa lo rallenta da paura in modalità normale [cry] ? A voi la risposta (vi prego vi prego vi prego!!!)

Cestino riparato [applauso+]

Log Avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\cradle_of_filth.vbe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Log Avast

2008-11-01 16:02 SYSTEM 1244 aswServ::AavmStart ERROR...
2008-11-01 16:18 Jean-Pierre 1244 Sign of "Win32:AutoRun-NE [Wrm]" has been found in "C:\WINDOWS\System.exe" file.
2008-11-01 20:58 SYSTEM 1232 Sign of "Win32:AutoRun-NE [Wrm]" has been found in "C:\WINDOWS\System.exe" file.
2008-11-01 21:43 SYSTEM 1240 aswServ::AavmStart ERROR...
2008-11-02 16:42 SYSTEM 1236 Sign of "Win32:AutoRun-NE [Wrm]" has been found in "C:\WINDOWS\System.exe" file.
2008-11-02 17:10 SYSTEM 1236 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://download267.mediafire.com/zhyxe1 ... allino.exe (C:\WINDOWS\TEMP\_avast4_\unp238950325.tmp) returning error, 0000A413.
2008-11-03 09:33 Jean-Pierre 1236 Sign of "VBS:Encrypted-gen" has been found in "C:\avenger\cradle_of_filth.vbe" file.
2008-11-03 09:45 Jean-Pierre 3432 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
2008-11-03 09:58 Jean-Pierre 3432 Sign of "Win32:Blaster-B [Wrm]" has been found in "C:\WINDOWS\system32\TFTP2080" file.
2008-11-03 10:05 Jean-Pierre 3432 Sign of "Win32:Sasser-N [Wrm]" has been found in "C:\WINDOWS\system32\4355_up.exe" file.
2008-11-03 10:08 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\WINDOWS\Config\System.exe" file.
2008-11-03 10:11 Jean-Pierre 3432 Sign of "Win32:SdBot-gen44 [Trj]" has been found in "C:\WINDOWS\Debug\DCPROMO.LOG" file.
2008-11-03 11:50 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP1\A0000151.exe" file.
2008-11-03 11:50 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP1\A0000152.exe" file.
2008-11-03 11:50 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP1\A0000153.inf" file.
2008-11-03 11:50 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP1\A0000155.EXE\[Embedded#SYSTEM]" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001576.EXE\[Embedded#SYSTEM]" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001578.inf" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001579.exe" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001580.exe" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001669.exe" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001670.exe" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001671.inf" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001673.EXE\[Embedded#SYSTEM]" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001756.exe" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001757.exe" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001758.inf" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001760.EXE\[Embedded#SYSTEM]" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP3\A0001823.inf" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP3\A0001825.exe" file.
2008-11-03 11:51 Jean-Pierre 3432 Sign of "Win32:AutoRun-NE [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP3\A0001845.exe" file.
2008-11-03 11:52 Jean-Pierre 3432 Sign of "Win32:Sasser-N [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP4\A0003064.exe" file.
2008-11-03 11:52 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP4\A0003065.exe" file.
2008-11-03 11:54 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "C:\Qoobox\Quarantine\C\Autorun.inf.vir" file.
2008-11-03 11:54 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\Qoobox\Quarantine\C\WINDOWS\Config\Svchost.exe.vir" file.
2008-11-03 11:54 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\Qoobox\Quarantine\C\WINDOWS\_System_.exe.zip\system.exe\[Embedded#SYSTEM]" file.
2008-11-03 11:54 Jean-Pierre 3432 Sign of "Win32:AutoRun-NE [Wrm]" has been found in "C:\Qoobox\Quarantine\C\WINDOWS\_System_.exe.zip\system.exe" file.
2008-11-03 11:54 Jean-Pierre 3432 Sign of "Win32:AutoRun-NE [Wrm]" has been found in "C:\Qoobox\Quarantine\C\WINDOWS\System.exe.vir" file.
2008-11-03 11:54 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "C:\Recycled\INFO.EXE\[Embedded#SYSTEM]" file.
2008-11-03 11:55 Jean-Pierre 3432 Sign of "VBS:Encrypted-gen" has been found in "C:\Avenger\cradle_of_filth.vbe" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "D:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP1\A0000156.inf" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "D:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP1\A0000158.EXE\[Embedded#SYSTEM]" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "D:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001640.EXE\[Embedded#SYSTEM]" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "D:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001642.inf" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "D:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001674.inf" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "D:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001676.EXE\[Embedded#SYSTEM]" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "D:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001761.inf" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "D:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP2\A0001763.EXE\[Embedded#SYSTEM]" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "VBS:Malware-gen" has been found in "D:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP3\A0001829.inf" file.
2008-11-03 11:57 Jean-Pierre 3432 Sign of "Win32:VB-HIP [Wrm]" has been found in "D:\Recycled\INFO.EXE\[Embedded#SYSTEM]" file.


Log Combofix

ComboFix 08-11-02.05 - Jean-Pierre 2008-11-03 14:05:11.3 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.7 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jean-Pierre\Bureau\Combofix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mdhash.dll' c:\windows\system32\mdhsh.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 ))))))))))))))))))))))))))))))))))))
.

2008-11-02 19:24 . 2001-08-17 21:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2008-11-02 19:23 . 2001-08-17 20:12 97,354 --a------ c:\windows\system32\dllcache\aspndis3.sys
2008-11-02 19:22 . 2001-08-17 21:28 762,780 --a------ c:\windows\system32\dllcache\3cwmcru.sys
2008-11-02 19:20 . 2001-08-23 17:46 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2008-11-02 18:33 . 2008-11-02 18:33 <REP> d--hs---- C:\FOUND.003
2008-11-01 20:52 . 2008-11-01 20:52 445,016 --a------ c:\windows\system32\perfh040.dat
2008-11-01 20:52 . 2008-11-01 20:52 63,614 --a------ c:\windows\system32\perfc040.dat
2008-11-01 16:25 . 2008-11-01 16:26 <REP> d-------- c:\documents and settings\Jean-Pierre\Application Data\Auslogics
2008-11-01 15:46 . 2008-11-01 15:46 <REP> d-------- c:\windows\system32\fr-fr
2008-11-01 13:47 . 2008-11-01 13:47 <REP> d-------- c:\program files\Auslogics
2008-11-01 13:07 . 2008-11-01 13:07 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-01 13:07 . 2008-11-01 13:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-01 13:05 . 2008-11-01 13:05 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-01 12:57 . 2008-04-11 19:51 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll
2008-11-01 12:56 . 2008-08-28 11:04 333,056 --------- c:\windows\system32\dllcache\srv.sys
2008-11-01 12:55 . 2008-08-14 14:44 2,138,112 --a------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-01 12:55 . 2008-08-14 14:44 2,059,776 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-01 12:55 . 2008-08-14 14:44 2,017,792 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-01 12:55 . 2008-09-15 16:39 1,846,144 --------- c:\windows\system32\dllcache\win32k.sys
2008-11-01 12:51 . 2008-11-01 12:51 <REP> d-------- c:\windows\system32\LogFiles
2008-11-01 12:44 . 2008-11-01 12:44 <REP> d-------- c:\windows\system32\AlertModule
2008-11-01 12:44 . 2004-08-23 14:49 40,960 --a------ c:\windows\system32\FTRTSVC.exe
2008-11-01 12:44 . 2005-10-06 14:55 36,864 --a------ c:\windows\system32\IfHelper.dll
2008-11-01 12:42 . 2008-11-01 12:42 <REP> d-------- c:\program files\Wanadoo
2008-11-01 12:42 . 2008-11-01 12:42 <REP> d-------- c:\program files\SAGEM
2008-11-01 12:41 . 2007-07-30 19:19 38,232 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-01 12:41 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-01 12:41 . 2007-07-30 19:19 30,040 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-01 12:41 . 2007-07-30 19:18 21,336 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-01 12:34 . 2008-11-01 12:34 <REP> d-------- c:\program files\VSO
2008-11-01 12:33 . 2008-11-01 12:33 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-01 12:33 . 2008-11-01 12:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 17:20 21,840 ----a-w c:\windows\system32\SIntfNT.dll
2008-10-21 17:20 17,212 ----a-w c:\windows\system32\SIntf32.dll
2008-10-21 17:20 12,067 ----a-w c:\windows\system32\SIntf16.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-01 13:20 13,312 ----a-w c:\windows\system32\svrapi.dll
2008-09-25 10:31 --------- d-----w c:\program files\QuickTime
2008-09-25 10:31 --------- d-----w c:\program files\Apple Software Update
2008-09-25 10:27 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-08-20 05:37 474,624 ------w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:37 152,064 ------w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:37 1,495,040 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-20 05:37 1,056,768 ------w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:37 1,024,000 ----a-w c:\windows\system32\dllcache\browseui.dll
2008-08-14 13:44 2,182,400 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:44 2,182,400 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 13:44 2,059,776 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 09:51 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
2003-05-22 14:03 14,866,678 ----a-w c:\documents and settings\Dani\Mes documents.zip
.

((((((((((((((((((((((((((((( snapshot@2008-11-02_17.49.34.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 07:10:06 53,248 ----a-w c:\windows\system32\dllcache\1394bus.sys
+ 2001-08-17 21:06:48 11,264 ----a-w c:\windows\system32\dllcache\1394vdbg.sys
+ 2001-08-23 16:46:44 689,216 ----a-w c:\windows\system32\dllcache\3dfxvs.dll
+ 2001-08-17 19:48:32 148,352 ----a-w c:\windows\system32\dllcache\3dfxvsm.sys
+ 2004-08-04 07:00:04 12,288 ----a-w c:\windows\system32\dllcache\4mmdat.sys
+ 2004-08-04 07:10:10 48,128 ----a-w c:\windows\system32\dllcache\61883.sys
+ 2004-08-20 00:09:20 100,352 ----a-w c:\windows\system32\dllcache\6to4svc.dll
+ 2001-08-23 16:46:44 38,400 ----a-w c:\windows\system32\dllcache\8514a.dll
+ 2001-01-03 15:12:26 78,948 ----a-w c:\windows\system32\dllcache\a3d.dll
+ 2001-08-23 16:46:58 462,848 ----a-w c:\windows\system32\dllcache\a3dapi.dll
+ 2001-08-17 20:52:00 23,552 ----a-w c:\windows\system32\dllcache\abp480n5.sys
+ 2002-08-28 22:00:48 231,552 ----a-w c:\windows\system32\dllcache\ac97ali.sys
+ 2001-08-17 19:20:04 96,256 ----a-w c:\windows\system32\dllcache\ac97intc.sys
+ 2001-08-17 19:20:16 297,728 ----a-w c:\windows\system32\dllcache\ac97sis.sys
+ 2002-08-28 22:00:56 84,480 ----a-w c:\windows\system32\dllcache\ac97via.sys
+ 2004-08-20 00:09:50 189,952 ----a-w c:\windows\system32\dllcache\accwiz.exe
+ 2001-08-23 16:46:58 61,952 ----a-w c:\windows\system32\dllcache\acerscad.dll
+ 2004-08-20 00:09:20 1,852,416 ----a-w c:\windows\system32\dllcache\acgenral.dll
+ 2004-08-20 00:09:20 450,048 ----a-w c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-20 00:09:20 137,728 ----a-w c:\windows\system32\dllcache\aclua.dll
+ 2004-08-20 00:09:20 119,296 ----a-w c:\windows\system32\dllcache\aclui.dll
+ 2004-08-19 23:51:54 188,672 ----a-w c:\windows\system32\dllcache\acpi.sys
+ 2002-08-30 11:00:00 12,032 ----a-w c:\windows\system32\dllcache\acpiec.sys
+ 2004-08-20 00:09:20 244,736 ----a-w c:\windows\system32\dllcache\acspecfc.dll
+ 2004-08-20 00:09:20 194,048 ----a-w c:\windows\system32\dllcache\activeds.dll
+ 2004-08-20 00:09:50 4,096 ----a-w c:\windows\system32\dllcache\actmovie.exe
+ 2004-08-20 00:09:20 101,888 ----a-w c:\windows\system32\dllcache\actxprxy.dll
+ 2004-08-20 00:09:20 116,224 ----a-w c:\windows\system32\dllcache\acxtrnal.dll
+ 2001-08-17 20:53:02 7,424 ----a-w c:\windows\system32\dllcache\adicvls.sys
+ 2001-08-17 19:11:18 20,160 ----a-w c:\windows\system32\dllcache\adm8511.sys
+ 2001-08-17 19:19:10 584,448 ----a-w c:\windows\system32\dllcache\adm8810.sys
+ 2001-08-17 19:19:14 553,984 ----a-w c:\windows\system32\dllcache\adm8820.sys
+ 2001-08-17 19:19:14 747,392 ----a-w c:\windows\system32\dllcache\adm8830.sys
+ 2004-08-20 00:09:20 29,696 ----a-w c:\windows\system32\dllcache\admexs.dll
+ 2004-08-20 00:09:20 20,540 ----a-w c:\windows\system32\dllcache\admin.dll
+ 2004-08-20 00:09:50 16,439 ----a-w c:\windows\system32\dllcache\admin.exe
+ 2002-08-28 22:00:48 10,880 ----a-w c:\windows\system32\dllcache\admjoy.sys
+ 2004-08-20 00:09:20 43,520 ----a-w c:\windows\system32\dllcache\admwprox.dll
+ 2001-08-17 19:11:16 46,112 ----a-w c:\windows\system32\dllcache\adptsf50.sys
+ 2001-08-17 21:07:32 101,888 ----a-w c:\windows\system32\dllcache\adpu160m.sys
+ 2004-08-20 00:09:20 290,816 ----a-w c:\windows\system32\dllcache\adsiis51.dll
+ 2004-08-20 00:09:20 175,616 ----a-w c:\windows\system32\dllcache\adsldp.dll
+ 2004-08-20 00:09:20 143,360 ----a-w c:\windows\system32\dllcache\adsldpc.dll
+ 2004-08-20 00:09:20 68,096 ----a-w c:\windows\system32\dllcache\adsmsext.dll
+ 2004-08-20 00:09:20 263,680 ----a-w c:\windows\system32\dllcache\adsnt.dll
+ 2004-08-20 00:09:20 4,255 ----a-w c:\windows\system32\dllcache\adv01nt5.dll
+ 2004-08-20 00:09:20 3,967 ----a-w c:\windows\system32\dllcache\adv02nt5.dll
+ 2004-08-20 00:09:20 3,615 ----a-w c:\windows\system32\dllcache\adv05nt5.dll
+ 2004-08-20 00:09:20 3,647 ----a-w c:\windows\system32\dllcache\adv07nt5.dll
+ 2004-08-20 00:09:20 3,135 ----a-w c:\windows\system32\dllcache\adv08nt5.dll
+ 2004-08-20 00:09:20 3,711 ----a-w c:\windows\system32\dllcache\adv09nt5.dll
+ 2004-08-20 00:09:20 3,775 ----a-w c:\windows\system32\dllcache\adv11nt5.dll
+ 2004-08-20 00:09:20 685,056 ----a-w c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 06:39:36 142,464 ----a-w c:\windows\system32\dllcache\aec.sys
+ 2004-08-20 00:09:20 24,064 ----a-w c:\windows\system32\dllcache\agentanm.dll
+ 2004-08-20 00:09:20 214,016 ----a-w c:\windows\system32\dllcache\agentctl.dll
+ 2004-08-20 00:09:20 41,984 ----a-w c:\windows\system32\dllcache\agentdp2.dll
+ 2004-08-20 00:09:20 58,880 ----a-w c:\windows\system32\dllcache\agentdpv.dll
+ 2004-08-20 00:09:20 49,152 ----a-w c:\windows\system32\dllcache\agentmpx.dll
+ 2004-08-20 00:09:20 24,064 ----a-w c:\windows\system32\dllcache\agentpsh.dll
+ 2004-08-20 00:09:20 44,032 ----a-w c:\windows\system32\dllcache\agentsr.dll
+ 2004-08-20 00:09:50 256,512 ----a-w c:\windows\system32\dllcache\agentsvr.exe
+ 2004-08-04 07:07:42 42,368 ----a-w c:\windows\system32\dllcache\agp440.sys
+ 2004-08-04 07:07:42 44,928 ----a-w c:\windows\system32\dllcache\agpcpq.sys
+ 2004-08-20 00:09:20 24,064 ----a-w c:\windows\system32\dllcache\agtintl.dll
+ 2001-08-17 20:52:02 12,800 ----a-w c:\windows\system32\dllcache\aha154x.sys
+ 2004-08-20 00:09:50 98,304 ----a-w c:\windows\system32\dllcache\ahui.exe
+ 2001-08-17 21:07:36 55,168 ----a-w c:\windows\system32\dllcache\aic78u2.sys
+ 2001-08-17 21:07:38 56,960 ----a-w c:\windows\system32\dllcache\aic78xx.sys
+ 2004-08-20 00:09:52 44,544 ----a-w c:\windows\system32\dllcache\alg.exe
+ 2001-08-17 19:11:18 27,678 ----a-w c:\windows\system32\dllcache\ali5261.sys
+ 2001-08-17 20:49:02 26,624 ----a-w c:\windows\system32\dllcache\alifir.sys
+ 2001-08-17 20:51:56 5,248 ----a-w c:\windows\system32\dllcache\aliide.sys
+ 2004-08-04 07:07:42 42,752 ----a-w c:\windows\system32\dllcache\alim1541.sys
+ 2004-08-20 00:09:20 17,408 ----a-w c:\windows\system32\dllcache\alrsvc.dll
+ 2001-08-17 19:11:20 16,969 ----a-w c:\windows\system32\dllcache\amb8002.sys
+ 2004-08-04 07:07:42 43,008 ----a-w c:\windows\system32\dllcache\amdagp.sys
+ 2004-08-19 23:52:42 41,216 ----a-w c:\windows\system32\dllcache\amdk6.sys
+ 2004-08-19 23:52:42 41,600 ----a-w c:\windows\system32\dllcache\amdk7.sys
+ 2001-08-17 20:52:04 12,032 ----a-w c:\windows\system32\dllcache\amsint.sys
+ 2004-08-20 00:09:20 70,656 ----a-w c:\windows\system32\dllcache\amstream.dll
+ 2002-08-28 21:59:12 36,224 ----a-w c:\windows\system32\dllcache\an983.sys
+ 2001-08-17 20:47:22 6,272 ----a-w c:\windows\system32\dllcache\apmbatt.sys
+ 2004-08-20 00:09:20 110,080 ----a-w c:\windows\system32\dllcache\appconf.dll
+ 2004-08-20 00:09:20 126,976 ----a-w c:\windows\system32\dllcache\apphelp.dll
+ 2004-08-20 00:09:20 176,640 ----a-w c:\windows\system32\dllcache\appmgmts.dll
+ 2004-08-20 00:09:20 302,592 ----a-w c:\windows\system32\dllcache\appmgr.dll
+ 2004-08-20 00:09:20 334,336 ----a-w c:\windows\system32\dllcache\aqueue.dll
+ 2004-08-04 06:58:30 60,800 ----a-w c:\windows\system32\dllcache\arp1394.sys
+ 2001-08-17 20:52:00 26,496 ----a-w c:\windows\system32\dllcache\asc.sys
+ 2001-08-17 20:52:04 22,400 ----a-w c:\windows\system32\dllcache\asc3350p.sys
+ 2001-08-17 20:51:58 14,848 ----a-w c:\windows\system32\dllcache\asc3550.sys
+ 2004-08-20 00:09:20 377,344 ----a-w c:\windows\system32\dllcache\asp51.dll
+ 2004-08-20 00:09:52 30,720 ----a-w c:\windows\system32\dllcache\asr_fmt.exe
+ 2004-08-20 00:09:52 32,768 ----a-w c:\windows\system32\dllcache\asr_pfu.exe
+ 2004-08-20 00:09:20 65,024 ----a-w c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 07:05:04 14,336 ----a-w c:\windows\system32\dllcache\asyncmac.sys
+ 2004-08-20 00:09:52 25,088 ----a-w c:\windows\system32\dllcache\at.exe
+ 2004-08-04 06:59:42 95,360 ----a-w c:\windows\system32\dllcache\atapi.sys
+ 2001-08-23 16:46:44 96,128 ----a-w c:\windows\system32\dllcache\ati.dll
+ 2001-08-23 15:59:32 77,824 ----a-w c:\windows\system32\dllcache\ati.sys
+ 2004-08-04 06:29:30 56,623 ----a-w c:\windows\system32\dllcache\ati1btxx.sys
+ 2004-08-04 06:29:30 11,615 ----a-w c:\windows\system32\dllcache\ati1mdxx.sys
+ 2004-08-04 06:29:30 12,047 ----a-w c:\windows\system32\dllcache\ati1pdxx.sys
+ 2004-08-04 06:29:30 30,671 ----a-w c:\windows\system32\dllcache\ati1raxx.sys
+ 2004-08-04 06:29:30 63,663 ----a-w c:\windows\system32\dllcache\ati1rvxx.sys
+ 2004-08-04 06:29:32 26,367 ----a-w c:\windows\system32\dllcache\ati1snxx.sys
+ 2004-08-04 06:29:32 21,343 ----a-w c:\windows\system32\dllcache\ati1ttxx.sys
+ 2004-08-04 06:29:32 36,463 ----a-w c:\windows\system32\dllcache\ati1tuxx.sys
+ 2004-08-04 06:29:32 29,455 ----a-w c:\windows\system32\dllcache\ati1xbxx.sys
+ 2004-08-04 06:29:32 34,735 ----a-w c:\windows\system32\dllcache\ati1xsxx.sys
+ 2004-08-20 00:09:20 229,376 ----a-w c:\windows\system32\dllcache\ati2cqag.dll
+ 2004-08-20 00:09:20 377,984 ----a-w c:\windows\system32\dllcache\ati2dvaa.dll
+ 2004-08-20 00:09:20 201,728 ----a-w c:\windows\system32\dllcache\ati2dvag.dll
+ 2004-08-19 23:53:38 327,168 ----a-w c:\windows\system32\dllcache\ati2mtaa.sys
+ 2004-08-19 23:53:40 701,440 ----a-w c:\windows\system32\dllcache\ati2mtag.sys
+ 2004-08-20 00:09:20 870,784 ----a-w c:\windows\system32\dllcache\ati3d1ag.dll
+ 2004-08-20 00:09:20 1,888,992 ----a-w c:\windows\system32\dllcache\ati3duag.dll
+ 2001-08-17 19:49:04 46,464 ----a-w c:\windows\system32\dllcache\atibt829.sys
+ 2001-08-23 16:46:44 382,592 ----a-w c:\windows\system32\dllcache\atidrab.dll
+ 2001-08-23 16:46:44 137,216 ----a-w c:\windows\system32\dllcache\atidrae.dll
+ 2001-08-23 16:46:44 268,160 ----a-w c:\windows\system32\dllcache\atidvai.dll
+ 2001-08-23 16:47:26 37,376 ----a-w c:\windows\system32\dllcache\atievxx.exe
+ 2001-08-23 15:59:36 289,920 ----a-w c:\windows\system32\dllcache\atimpab.sys
+ 2001-08-23 15:59:36 75,392 ----a-w c:\windows\system32\dllcache\atimpae.sys
+ 2001-08-23 15:59:38 281,728 ----a-w c:\windows\system32\dllcache\atimtai.sys
+ 2004-08-04 06:29:28 57,856 ----a-w c:\windows\system32\dllcache\atinbtxx.sys
+ 2004-08-04 06:29:28 13,824 ----a-w c:\windows\system32\dllcache\atinmdxx.sys
+ 2004-08-04 06:29:30 14,336 ----a-w c:\windows\system32\dllcache\atinpdxx.sys
+ 2004-08-04 06:29:30 52,224 ----a-w c:\windows\system32\dllcache\atinraxx.sys
+ 2004-08-04 06:29:30 104,960 ----a-w c:\windows\system32\dllcache\atinrvxx.sys
+ 2004-08-04 06:29:30 28,672 ----a-w c:\windows\system32\dllcache\atinsnxx.sys
+ 2004-08-04 06:29:30 13,824 ----a-w c:\windows\system32\dllcache\atinttxx.sys
+ 2004-08-04 06:29:32 73,216 ----a-w c:\windows\system32\dllcache\atintuxx.sys
+ 2004-08-04 06:29:32 31,744 ----a-w c:\windows\system32\dllcache\atinxbxx.sys
+ 2004-08-04 06:29:32 63,488 ----a-w c:\windows\system32\dllcache\atinxsxx.sys
+ 2001-08-17 19:49:36 10,240 ----a-w c:\windows\system32\dllcache\atipcxxx.sys
+ 2001-08-23 16:46:44 104,832 ----a-w c:\windows\system32\dllcache\atiraged.dll
+ 2001-08-23 15:59:40 70,784 ----a-w c:\windows\system32\dllcache\atiragem.sys
+ 2001-08-17 19:49:12 49,920 ----a-w c:\windows\system32\dllcache\atirtcap.sys
+ 2001-08-17 19:49:18 26,880 ----a-w c:\windows\system32\dllcache\atirtsnd.sys
+ 2001-08-17 19:49:22 17,152 ----a-w c:\windows\system32\dllcache\atitunep.sys
+ 2001-08-17 19:49:28 17,152 ----a-w c:\windows\system32\dllcache\atitvsnd.sys
+ 2001-08-17 19:49:38 9,472 ----a-w c:\windows\system32\dllcache\ativmdcd.sys
+ 2004-08-20 00:09:20 32,768 ----a-w c:\windows\system32\dllcache\ativtmxx.dll
+ 2001-08-17 19:49:44 19,456 ----a-w c:\windows\system32\dllcache\ativttxx.sys
+ 2004-08-20 00:09:20 516,768 ----a-w c:\windows\system32\dllcache\ativvaxx.dll
+ 2001-08-17 19:49:48 26,624 ----a-w c:\windows\system32\dllcache\ativxbar.sys
+ 2001-08-17 19:49:34 23,552 ----a-w c:\windows\system32\dllcache\atixbar.sys
+ 2004-08-20 00:09:20 58,880 ----a-w c:\windows\system32\dllcache\atl.dll
+ 2004-08-20 00:09:52 11,264 ----a-w c:\windows\system32\dllcache\atmadm.exe
+ 2004-08-04 06:58:30 59,904 ----a-w c:\windows\system32\dllcache\atmarpc.sys
+ 2004-08-20 00:08:02 285,696 ----a-w c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 06:58:34 55,936 ----a-w c:\windows\system32\dllcache\atmlane.sys
+ 2004-08-20 00:09:20 30,208 ----a-w c:\windows\system32\dllcache\atmlib.dll
+ 2004-08-20 00:09:20 21,183 ----a-w c:\windows\system32\dllcache\atv01nt5.dll
+ 2004-08-20 00:09:20 11,359 ----a-w c:\windows\system32\dllcache\atv02nt5.dll
+ 2004-08-20 00:09:20 25,471 ----a-w c:\windows\system32\dllcache\atv04nt5.dll
+ 2004-08-20 00:09:20 14,143 ----a-w c:\windows\system32\dllcache\atv06nt5.dll
+ 2004-08-20 00:09:20 17,279 ----a-w c:\windows\system32\dllcache\atv10nt5.dll
+ 2004-08-20 00:09:20 42,496 ----a-w c:\windows\system32\dllcache\audiosrv.dll
+ 2004-08-20 00:09:52 14,336 ----a-w c:\windows\system32\dllcache\auditusr.exe
+ 2001-08-17 20:59:44 3,072 ----a-w c:\windows\system32\dllcache\audstub.sys
+ 2004-08-20 00:09:20 20,540 ----a-w c:\windows\system32\dllcache\author.dll
+ 2004-08-20 00:09:52 16,439 ----a-w c:\windows\system32\dllcache\author.exe
+ 2004-08-20 00:09:20 56,832 ----a-w c:\windows\system32\dllcache\authz.dll
+ 2004-08-20 00:09:52 625,152 ----a-w c:\windows\system32\dllcache\autochk.exe
+ 2004-08-20 00:09:52 638,976 ----a-w c:\windows\system32\dllcache\autoconv.exe
+ 2004-08-20 00:09:52 616,960 ----a-w c:\windows\system32\dllcache\autofmt.exe
+ 2004-08-20 00:09:52 11,264 ----a-w c:\windows\system32\dllcache\autolfn.exe
+ 2004-08-04 07:10:10 38,912 ----a-w c:\windows\system32\dllcache\avc.sys
+ 2001-08-17 21:01:12 36,096 ----a-w c:\windows\system32\dllcache\avcaudio.sys
+ 2004-08-04 07:09:58 13,696 ----a-w c:\windows\system32\dllcache\avcstrm.sys
- 2001-10-04 17:16:54 70,352 ----a-w c:\windows\system32\dllcache\avicap.dll
+ 2002-08-30 11:00:00 70,352 ----a-w c:\windows\system32\dllcache\avicap.dll
+ 2004-08-20 00:09:20 85,504 ----a-w c:\windows\system32\dllcache\avifil32.dll
+ 2001-08-23 16:46:58 87,552 ----a-w c:\windows\system32\dllcache\avmcoxp.dll
+ 2001-08-23 16:46:58 144,384 ----a-w c:\windows\system32\dllcache\avmenum.dll
+ 2001-08-17 19:13:48 37,568 ----a-w c:\windows\system32\dllcache\avmwan.sys
+ 2001-08-17 19:19:16 36,992 ----a-w c:\windows\system32\dllcache\aztw2320.sys
+ 2001-08-17 19:13:56 89,952 ----a-w c:\windows\system32\dllcache\b1cbase.sys
+ 2001-08-23 16:00:08 97,248 ----a-w c:\windows\system32\dllcache\b57xp32.sys
+ 2001-08-23 16:46:44 342,336 ----a-w c:\windows\system32\dllcache\banshee.dll
+ 2001-08-17 19:48:28 36,128 ----a-w c:\windows\system32\dllcache\banshee.sys
+ 2004-08-20 00:09:20 52,736 ----a-w c:\windows\system32\dllcache\basesrv.dll
+ 2004-08-20 00:09:20 28,672 ----a-w c:\windows\system32\dllcache\batmeter.dll
+ 2004-08-20 00:09:20 8,704 ----a-w c:\windows\system32\dllcache\batt.dll
+ 2001-08-17 20:57:54 14,080 ----a-w c:\windows\system32\dllcache\battc.sys
+ 2001-08-17 19:11:28 66,557 ----a-w c:\windows\system32\dllcache\bcm42u.sys
+ 2001-08-17 19:11:26 54,271 ----a-w c:\windows\system32\dllcache\bcm42xx5.sys
+ 2001-08-17 19:11:30 26,568 ----a-w c:\windows\system32\dllcache\bcm4e5.sys
+ 2004-08-04 07:10:12 11,776 ----a-w c:\windows\system32\dllcache\bdasup.sys
+ 2004-08-20 00:09:20 17,408 ----a-w c:\windows\system32\dllcache\bidispl.dll
+ 2001-08-23 16:46:58 105,472 ----a-w c:\windows\system32\dllcache\binlsvc.dll
+ 2004-08-20 00:09:20 8,192 ----a-w c:\windows\system32\dllcache\bitsprx2.dll
+ 2004-08-20 00:09:20 7,168 ----a-w c:\windows\system32\dllcache\bitsprx3.dll
+ 2004-08-20 00:09:52 71,680 ----a-w c:\windows\system32\dllcache\blastcln.exe
+ 2001-08-23 16:46:58 19,456 ----a-w c:\windows\system32\dllcache\brbidiif.dll
+ 2001-08-23 16:46:58 9,728 ----a-w c:\windows\system32\dllcache\brcoinst.dll
+ 2001-08-23 16:46:58 12,800 ----a-w c:\windows\system32\dllcache\brevif.dll
+ 2001-08-17 20:12:12 2,944 ----a-w c:\windows\system32\dllcache\brfilt.sys
+ 2001-08-17 20:12:22 12,160 ----a-w c:\windows\system32\dllcache\brfiltlo.sys
+ 2001-08-17 20:12:24 3,968 ----a-w c:\windows\system32\dllcache\brfiltup.sys
+ 2004-08-04 06:59:58 71,552 ----a-w c:\windows\system32\dllcache\bridge.sys
+ 2001-08-23 16:46:58 15,360 ----a-w c:\windows\system32\dllcache\brmfbidi.dll
+ 2001-08-23 16:46:58 81,920 ----a-w c:\windows\system32\dllcache\brmfcwia.dll
+ 2001-08-23 16:46:58 29,696 ----a-w c:\windows\system32\dllcache\brmflpt.dll
+ 2001-08-23 16:47:30 32,256 ----a-w c:\windows\system32\dllcache\brmfrsmg.exe
+ 2001-08-23 16:46:58 41,472 ----a-w c:\windows\system32\dllcache\brmfusb.dll
+ 2004-08-20 00:08:02 70,144 ----a-w c:\windows\system32\dllcache\browselc.dll
+ 2004-08-20 00:09:20 77,312 ----a-w c:\windows\system32\dllcache\browser.dll
+ 2004-08-20 00:09:20 78,336 ----a-w c:\windows\system32\dllcache\browsewm.dll
+ 2001-08-17 20:12:24 3,168 ----a-w c:\windows\system32\dllcache\brparimg.sys
+ 2001-08-23 16:01:54 39,808 ----a-w c:\windows\system32\dllcache\brparwdm.sys
+ 2001-08-23 16:46:58 5,120 ----a-w c:\windows\system32\dllcache\brscnrsm.dll
+ 2001-08-23 16:46:58 9,728 ----a-w c:\windows\system32\dllcache\brserif.dll
+ 2001-08-17 20:12:20 60,416 ----a-w c:\windows\system32\dllcache\brserwdm.sys
+ 2001-08-17 20:12:20 11,008 ----a-w c:\windows\system32\dllcache\brusbmdm.sys
+ 2001-08-17 20:12:22 10,368 ----a-w c:\windows\system32\dllcache\brusbscn.sys
+ 2001-08-17 19:11:24 31,529 ----a-w c:\windows\system32\dllcache\brzwlan.sys
+ 2004-08-20 00:09:20 20,992 ----a-w c:\windows\system32\dllcache\bthci.dll
+ 2004-08-04 07:10:38 17,024 ----a-w c:\windows\system32\dllcache\bthenum.sys
+ 2004-08-04 07:10:38 38,016 ----a-w c:\windows\system32\dllcache\bthmodem.sys
+ 2004-08-04 06:58:38 100,992 ----a-w c:\windows\system32\dllcache\bthpan.sys
+ 2004-08-04 07:10:38 35,456 ----a-w c:\windows\system32\dllcache\bthprint.sys
+ 2004-08-20 00:09:20 30,208 ----a-w c:\windows\system32\dllcache\bthserv.dll
+ 2004-08-04 07:10:34 18,944 ----a-w c:\windows\system32\dllcache\bthusb.sys
+ 2004-08-20 00:09:20 50,688 ----a-w c:\windows\system32\dllcache\btpanui.dll
+ 2001-08-23 16:02:02 14,080 ----a-w c:\windows\system32\dllcache\bulltlp3.sys
+ 2004-08-20 00:08:02 16,896 ----a-w c:\windows\system32\dllcache\cfgmgr32.dll
+ 2004-08-20 00:09:52 188,480 ----a-w c:\windows\system32\dllcache\cfgwiz.exe
+ 2004-08-20 00:09:20 47,104 ----a-w c:\windows\system32\dllcache\coadmin.dll
+ 2004-08-20 00:09:20 611,328 ----a-w c:\windows\system32\dllcache\comctl32.dll
+ 2004-08-20 00:09:22 281,088 ----a-w c:\windows\system32\dllcache\comdlg32.dll
+ 2004-08-20 00:09:22 253,440 ----a-w c:\windows\system32\dllcache\compatui.dll
+ 2004-08-20 00:09:22 604,672 ----a-w c:\windows\system32\dllcache\crypt32.dll
+ 2004-08-20 00:09:22 75,776 ----a-w c:\windows\system32\dllcache\cryptdlg.dll
+ 2004-08-20 00:09:22 33,280 ----a-w c:\windows\system32\dllcache\cryptdll.dll
+ 2004-08-20 00:09:22 54,784 ----a-w c:\windows\system32\dllcache\cryptext.dll
+ 2004-08-20 00:09:22 63,488 ----a-w c:\windows\system32\dllcache\cryptnet.dll
+ 2004-08-20 00:09:22 60,416 ----a-w c:\windows\system32\dllcache\cryptsvc.dll
+ 2004-08-20 00:09:22 530,432 ----a-w c:\windows\system32\dllcache\cryptui.dll
+ 2004-08-20 00:09:22 561,179 ----a-w c:\windows\system32\dllcache\dao360.dll
+ 2004-08-20 00:09:22 16,384 ----a-w c:\windows\system32\dllcache\ds32gt.dll
+ 2004-08-04 06:31:44 137,216 ----a-w c:\windows\system32\dllcache\dssenh.dll
+ 2004-08-20 00:09:24 499,741 ----a-w c:\windows\system32\dllcache\dxmasf.dll
+ 2004-08-20 00:09:26 380,957 ----a-w c:\windows\system32\dllcache\expsrv.dll
+ 2004-08-04 07:14:16 143,360 ----a-w c:\windows\system32\dllcache\fastfat.sys
+ 2004-08-20 00:09:26 184,435 ----a-w c:\windows\system32\dllcache\fp4amsft.dll
+ 2004-08-20 00:09:26 82,035 ----a-w c:\windows\system32\dllcache\fp4anscp.dll
+ 2004-08-20 00:09:26 147,513 ----a-w c:\windows\system32\dllcache\fp4apws.dll
+ 2004-08-20 00:09:26 49,210 ----a-w c:\windows\system32\dllcache\fp4areg.dll
+ 2004-08-20 00:09:26 102,509 ----a-w c:\windows\system32\dllcache\fp4atxt.dll
+ 2004-08-20 00:09:26 41,020 ----a-w c:\windows\system32\dllcache\fp4avnb.dll
+ 2004-08-20 00:09:26 32,826 ----a-w c:\windows\system32\dllcache\fp4avss.dll
+ 2004-08-20 00:09:26 49,212 ----a-w c:\windows\system32\dllcache\fp4awebs.dll
+ 2004-08-20 00:09:26 876,653 ----a-w c:\windows\system32\dllcache\fp4awel.dll
+ 2004-08-20 00:09:54 15,120 ----a-w c:\windows\system32\dllcache\fp98sadm.exe
+ 2004-08-20 00:09:54 109,840 ----a-w c:\windows\system32\dllcache\fp98swin.exe
+ 2004-08-20 00:09:54 188,494 ----a-w c:\windows\system32\dllcache\fpcount.exe
+ 2004-08-20 00:09:26 20,541 ----a-w c:\windows\system32\dllcache\fpexedll.dll
+ 2004-08-20 00:09:26 598,071 ----a-w c:\windows\system32\dllcache\fpmmc.dll
+ 2004-08-20 00:08:12 217,088 ----a-w c:\windows\system32\dllcache\fpmmcsat.dll
+ 2004-08-20 00:09:54 20,538 ----a-w c:\windows\system32\dllcache\fpremadm.exe
+ 2004-08-20 00:09:28 68,608 ----a-w c:\windows\system32\dllcache\iisext51.dll
+ 2004-08-20 00:09:28 64,512 ----a-w c:\windows\system32\dllcache\iismap.dll
+ 2004-08-20 00:09:54 31,232 ----a-w c:\windows\system32\dllcache\iisrstas.exe
+ 2004-08-20 00:09:28 133,632 ----a-w c:\windows\system32\dllcache\iisrtl.dll
+ 2004-08-20 00:09:28 36,921 ----a-w c:\windows\system32\dllcache\imeshare.dll
+ 2004-08-20 00:09:30 842,240 ----a-w c:\windows\system32\dllcache\inetmgr.dll
+ 2004-08-20 00:09:30 13,312 ----a-w c:\windows\system32\dllcache\infoadmn.dll
+ 2004-08-04 07:14:28 74,752 ----a-w c:\windows\system32\dllcache\ipsec.sys
+ 2004-08-20 00:09:30 68,608 ----a-w c:\windows\system32\dllcache\isatq.dll
+ 2004-08-20 00:09:30 143,872 ----a-w c:\windows\system32\dllcache\itircl.dll
+ 2004-08-20 00:09:30 134,144 ----a-w c:\windows\system32\dllcache\itss.dll
+ 2004-08-20 00:09:30 1,048,576 ----a-w c:\windows\system32\dllcache\kernel32.dll
+ 2004-10-28 01:24:00 728,576 ----a-w c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-20 00:09:30 1,028,096 ----a-w c:\windows\system32\dllcache\mfc42.dll
+ 2004-08-20 00:09:30 1,024,000 ----a-w c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-20 00:09:30 22,528 ----a-w c:\windows\system32\dllcache\mfcsubs.dll
+ 2004-08-20 00:09:58 4,639 ----a-w c:\windows\system32\dllcache\mplayer2.exe
+ 2004-08-20 00:08:24 20,480 ----a-w c:\windows\system32\dllcache\msadcer.dll
+ 2004-08-20 00:09:32 61,440 ----a-w c:\windows\system32\dllcache\msadcf.dll
+ 2004-08-20 00:08:24 16,384 ----a-w c:\windows\system32\dllcache\msadcfr.dll
+ 2004-08-20 00:09:32 143,360 ----a-w c:\windows\system32\dllcache\msadco.dll
+ 2004-08-20 00:08:24 16,384 ----a-w c:\windows\system32\dllcache\msadcor.dll
+ 2004-08-20 00:09:32 53,248 ----a-w c:\windows\system32\dllcache\msadcs.dll
+ 2004-08-20 00:09:32 155,648 ----a-w c:\windows\system32\dllcache\msadds.dll
+ 2004-08-20 00:08:24 24,576 ----a-w c:\windows\system32\dllcache\msaddsr.dll
+ 2004-08-20 00:08:24 28,672 ----a-w c:\windows\system32\dllcache\msader15.dll
+ 2004-08-20 00:09:32 536,576 ----a-w c:\windows\system32\dllcache\msado15.dll
+ 2004-08-20 00:09:32 180,224 ----a-w c:\windows\system32\dllcache\msadomd.dll
+ 2004-08-20 00:09:32 57,344 ----a-w c:\windows\system32\dllcache\msador15.dll
+ 2004-08-20 00:09:32 200,704 ----a-w c:\windows\system32\dllcache\msadox.dll
+ 2004-08-20 00:09:34 57,344 ----a-w c:\windows\system32\dllcache\msadrh15.dll
+ 2004-08-20 00:09:34 36,864 ----a-w c:\windows\system32\dllcache\mscpxl32.dll
+ 2004-08-20 00:09:34 4,096 ----a-w c:\windows\system32\dllcache\msdadc.dll
+ 2004-08-20 00:09:34 4,096 ----a-w c:\windows\system32\dllcache\msdaenum.dll
+ 2004-08-20 00:09:34 4,096 ----a-w c:\windows\system32\dllcache\msdaer.dll
+ 2004-08-20 00:09:34 233,472 ----a-w c:\windows\system32\dllcache\msdaora.dll
+ 2004-08-20 00:09:34 77,824 ----a-w c:\windows\system32\dllcache\msdaosp.dll
+ 2004-08-20 00:08:24 16,384 ----a-w c:\windows\system32\dllcache\msdaprsr.dll
+ 2004-08-20 00:09:34 200,704 ----a-w c:\windows\system32\dllcache\msdaprst.dll
+ 2004-08-20 00:09:34 204,800 ----a-w c:\windows\system32\dllcache\msdaps.dll
+ 2004-08-20 00:09:34 118,784 ----a-w c:\windows\system32\dllcache\msdarem.dll
+ 2004-08-20 00:08:24 16,384 ----a-w c:\windows\system32\dllcache\msdaremr.dll
+ 2004-08-20 00:09:34 4,096 ----a-w c:\windows\system32\dllcache\msdasc.dll
+ 2004-08-20 00:09:34 315,392 ----a-w c:\windows\system32\dllcache\msdasql.dll
+ 2004-08-20 00:08:24 16,384 ----a-w c:\windows\system32\dllcache\msdasqlr.dll
+ 2004-08-20 00:09:34 20,480 ----a-w c:\windows\system32\dllcache\msdatt.dll
+ 2004-08-20 00:09:34 4,096 ----a-w c:\windows\system32\dllcache\msdaurl.dll
+ 2004-08-20 00:09:34 36,864 ----a-w c:\windows\system32\dllcache\msdfmap.dll
+ 2004-08-20 00:08:24 4,126 ----a-w c:\windows\system32\dllcache\msdxmlc.dll
+ 2004-08-20 00:09:34 512,029 ----a-w c:\windows\system32\dllcache\msexch40.dll
+ 2004-08-20 00:09:34 319,517 ----a-w c:\windows\system32\dllcache\msexcl40.dll
+ 2004-08-20 00:09:34 1,507,356 ----a-w c:\windows\system32\dllcache\msjet40.dll
+ 2004-08-20 00:09:34 184,351 ----a-w c:\windows\system32\dllcache\msjint40.dll
+ 2004-08-20 00:09:34 102,400 ----a-w c:\windows\system32\dllcache\msjro.dll
+ 2004-08-20 00:09:34 53,279 ----a-w c:\windows\system32\dllcache\msjter40.dll
+ 2004-08-20 00:09:34 241,693 ----a-w c:\windows\system32\dllcache\msjtes40.dll
+ 2004-08-20 00:09:34 213,023 ----a-w c:\windows\system32\dllcache\msltus40.dll
+ 2004-08-20 00:09:34 143,360 ----a-w c:\windows\system32\dllcache\msorcl32.dll
+ 2004-08-20 00:09:34 348,189 ----a-w c:\windows\system32\dllcache\mspbde40.dll
+ 2004-08-20 00:09:34 421,919 ----a-w c:\windows\system32\dllcache\msrd2x40.dll
+ 2004-08-20 00:09:34 315,423 ----a-w c:\windows\system32\dllcache\msrd3x40.dll
+ 2004-08-20 00:09:34 552,989 ----a-w c:\windows\system32\dllcache\msrepl40.dll
+ 2004-08-20 00:09:34 258,077 ----a-w c:\windows\system32\dllcache\mstext40.dll
+ 2004-08-20 00:09:34 343,040 ----a-w c:\windows\system32\dllcache\msvcrt.dll
+ 2004-08-04 06:58:26 61,440 ----a-w c:\windows\system32\dllcache\msvcrt40.dll
+ 2004-08-20 00:09:34 831,519 ----a-w c:\windows\system32\dllcache\mswdat10.dll
+ 2004-08-20 00:09:34 614,429 ----a-w c:\windows\system32\dllcache\mswstr10.dll
+ 2004-08-20 00:09:34 24,576 ----a-w c:\windows\system32\dllcache\msxactps.dll
+ 2004-08-20 00:09:34 348,189 ----a-w c:\windows\system32\dllcache\msxbde40.dll
+ 2004-08-04 07:14:32 91,776 ----a-w c:\windows\system32\dllcache\ndiswan.sys
+ 2004-08-20 00:09:36 364,544 ----a-w c:\windows\system32\dllcache\npdsplay.dll
+ 2004-08-20 00:09:36 10,240 ----a-w c:\windows\system32\dllcache\npwmsdrm.dll
+ 2004-08-20 00:09:14 733,184 ----a-w c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 07:15:10 574,592 ----a-w c:\windows\system32\dllcache\ntfs.sys
+ 2004-08-20 00:09:36 249,856 ----a-w c:\windows\system32\dllcache\odbc32.dll
+ 2004-08-20 00:09:36 16,384 ----a-w c:\windows\system32\dllcache\odbc32gt.dll
+ 2004-08-20 00:10:00 32,768 ----a-w c:\windows\system32\dllcache\odbcad32.exe
+ 2004-08-20 00:09:36 135,168 ----a-w c:\windows\system32\dllcache\odbcconf.dll
+ 2004-08-20 00:10:00 69,632 ----a-w c:\windows\system32\dllcache\odbcconf.exe
+ 2004-08-20 00:09:36 106,496 ----a-w c:\windows\system32\dllcache\odbccp32.dll
+ 2004-08-20 00:09:36 65,536 ----a-w c:\windows\system32\dllcache\odbccr32.dll
+ 2004-08-20 00:09:36 65,536 ----a-w c:\windows\system32\dllcache\odbccu32.dll
+ 2004-08-20 00:08:44 98,304 ----a-w c:\windows\system32\dllcache\odbcint.dll
+ 2004-08-20 00:08:44 61,712 ----a-w c:\windows\system32\dllcache\odbcji32.dll
+ 2004-08-20 00:09:36 278,559 ----a-w c:\windows\system32\dllcache\odbcjt32.dll
+ 2004-08-20 00:09:36 147,456 ----a-w c:\windows\system32\dllcache\odbctrac.dll
+ 2004-08-20 00:09:36 20,511 ----a-w c:\windows\system32\dllcache\oddbse32.dll
+ 2004-08-20 00:09:36 20,510 ----a-w c:\windows\system32\dllcache\odexl32.dll
+ 2004-08-20 00:09:36 20,510 ----a-w c:\windows\system32\dllcache\odfox32.dll
+ 2004-08-20 00:09:36 20,510 ----a-w c:\windows\system32\dllcache\odpdx32.dll
+ 2004-08-20 00:09:36 20,511 ----a-w c:\windows\system32\dllcache\odtext32.dll
+ 2005-01-14 08:56:44 1,284,608 ----a-w c:\windows\system32\dllcache\ole32.dll
+ 2004-08-20 00:09:36 553,472 ----a-w c:\windows\system32\dllcache\oleaut32.dll
+ 2004-08-20 00:09:36 487,424 ----a-w c:\windows\system32\dllcache\oledb32.dll
+ 2004-08-20 00:09:36 77,824 ----a-w c:\windows\system32\dllcache\oledb32r.dll
+ 2004-08-20 00:09:36 83,456 ----a-w c:\windows\system32\dllcache\olepro32.dll
+ 2004-08-20 00:09:40 431,616 ----a-w c:\windows\system32\dllcache\riched20.dll
+ 2004-08-04 06:31:44 152,576 ----a-w c:\windows\system32\dllcache\rsaenh.dll
+ 2004-08-20 00:09:40 64,000 ----a-w c:\windows\system32\dllcache\samlib.dll
+ 2004-08-20 00:09:40 431,104 ----a-w c:\windows\system32\dllcache\samsrv.dll
+ 2004-08-20 00:09:40 144,896 ----a-w c:\windows\system32\dllcache\schannel.dll
+ 2004-08-20 00:09:40 159,744 ----a-w c:\windows\system32\dllcache\scrobj.dll
+ 2004-08-20 00:09:40 151,552 ----a-w c:\windows\system32\dllcache\scrrun.dll
+ 2004-08-20 00:10:02 78,848 ----a-w c:\windows\system32\dllcache\sdbinst.exe
+ 2004-08-02 13:20:40 4,569 ----a-w c:\windows\system32\dllcache\secupd.dat
+ 2004-08-19 15:09:42 1,003,520 ----a-w c:\windows\system32\dllcache\setupapi.dll
+ 2004-08-20 00:09:40 5,120 ----a-w c:\windows\system32\dllcache\sfc.dll
+ 2004-08-20 00:09:40 1,548,288 ----a-w c:\windows\system32\dllcache\sfcfiles.dll
+ 2004-08-20 00:09:40 65,536 ----a-w c:\windows\system32\dllcache\shimeng.dll
+ 2004-08-20 00:09:40 20,536 ----a-w c:\windows\system32\dllcache\shtml.dll
+ 2004-08-20 00:10:02 16,437 ----a-w c:\windows\system32\dllcache\shtml.exe
+ 2004-08-20 00:09:42 25,600 ----a-w c:\windows\system32\dllcache\slayerxp.dll
+ 2004-08-20 00:09:42 189,440 ----a-w c:\windows\system32\dllcache\smtpadm.dll
+ 2004-08-20 00:09:42 2,134,528 ----a-w c:\windows\system32\dllcache\smtpsnap.dll
+ 2004-08-20 00:09:46 8,192 ----a-w c:\windows\system32\dllcache\staxmem.dll
+ 2004-08-20 00:09:46 246,302 ----a-w c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-20 00:10:04 107,520 ----a-w c:\windows\system32\dllcache\sysocmgr.exe
+ 2004-08-20 00:10:04 32,827 ----a-w c:\windows\system32\dllcache\tcptest.exe
+ 2004-08-20 00:09:02 16,384 ----a-w c:\windows\system32\dllcache\tcptsat.dll
+ 2004-08-20 00:09:46 119,808 ----a-w c:\windows\system32\dllcache\umpnpmgr.dll
+ 2004-08-20 00:09:46 30,749 ----a-w c:\windows\system32\dllcache\vbajet32.dll
+ 2004-08-20 00:10:04 506,368 ----a-w c:\windows\system32\dllcache\winlogon.exe
+ 2004-08-20 00:09:48 176,640 ----a-w c:\windows\system32\dllcache\wintrust.dll
+ 2008-11-03 12:47:00 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_4d0.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-05-02 49152]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2004-10-08 16384]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCam Go Sti Service Application"=":wbcgosvc" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-11-04 53248]
"nwiz"="nwiz.exe" [2003-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2004-10-08 573440]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-10-08 196608]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\~Disabled
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2002-08-25 110592]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.CJPG"= ctwbjpg.dll
"SENTINEL"= snti386.dll
"MSACM.NSPAC"= NSPAC32.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 FLASHREADER;%FLASHREADER.SvcDesc%;c:\windows\system32\Drivers\causb.sys [2001-12-04 68164]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-01-07 165888]
S3 WBCGOHAL;WBCGOHAL;c:\windows\system32\DRIVERS\Wbcgohal.sys [2001-12-22 6592]
S3 WBCGOVID;Video Blaster WebCam Go (WDM);c:\windows\system32\DRIVERS\wbcgovid.sys [2001-12-21 86656]
S3 WCGOHAL;WCGOHAL;c:\windows\system32\drivers\wbcgohal.sys [2001-12-22 6592]
.
Contenu du dossier 'Tâches planifiées'

2008-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WOOKIT - :c:\progra~1\WANADOO\Shell.exe
HKLM-Run-NeroCheck - :c:\windows\system32\NeroCheck.exe
HKLM-Run-QuickTime Task - :c:\program files\QuickTime\qttask.exe
HKLM-Run-EPSON Stylus Photo RX420 Series - :c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
HKLM-Run-WOOWATCH - :c:\progra~1\WANADOO\Watch.exe
HKLM-Run-WOOTASKBARICON - :c:\progra~1\WANADOO\GestMaj.exe


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
O9 -: { - c:\program files\Messenger\msmsgs.exe
O9 -: {c:\program files\Messenger\msmsgs.exe - -
O15 -: Trusted Zone: *.musicmatch.com
O18 -: Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Fichiers communs\Microsoft Shared\Information Retrieval\itss50.dll

O16 -: DirectAnimation Java Classes - c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 14:21:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\FTRTSVC.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
.
**************************************************************************
.
Heure de fin: 2008-11-03 14:26:39 - La machine a redémarré [Jean-Pierre]
ComboFix-quarantined-files.txt 2008-11-03 13:26:12
ComboFix2.txt 2008-11-02 16:51:58

Avant-CF: 7,161,053,184 octets libres
Après-CF: 7,174,275,072 octets libres

562 --- E O F --- 2008-11-01 14:47:54


Grazie ancora e come sempre
Il mio computer funziona benissimo........quando funziona
Avatar utente
sandropasqua
Senior Member
Senior Member
 
Messaggi: 166
Iscritto il: dom feb 18, 2007 12:36 pm
Località: Verona

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda Amantide » lun nov 03, 2008 4:31 pm

Avast ha anche rimosso i file rilevati?

Ma il Perlovga Removal Tool non hai usato? [uhm]

Fai anche la scansione completa con Malwarebytes' Anti-Malware.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda sandropasqua » mar nov 04, 2008 1:32 am

da bravo studente mi sono applicato.

Avast ha eliminato i files e perlovga é stato usato.

Domani é l'ultimo giorno a casa dei miei amici. ultima possibilità e ultimo log
Malwarebytes, trovato virus

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1361
Windows 5.1.2600 Service Pack 2

04/11/2008 01:27:27
mbam-log-2008-11-04 (01-27-27).txt

Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 137271
Temps écoulé: 1 hour(s), 0 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{5A61509B-5E8D-4F49-8D4F-EEE38C59207F}\RP4\A0003049.sys (Rootkit.Agent) -> Quarantined and deleted successfully.



INsisto sul fatto che il pc in mod^provvisoria funziona da dio, quando é normale avanza molto a fatica.
non so più che dire

ciao ciao
Il mio computer funziona benissimo........quando funziona
Avatar utente
sandropasqua
Senior Member
Senior Member
 
Messaggi: 166
Iscritto il: dom feb 18, 2007 12:36 pm
Località: Verona

Re: OK, PANICO.Sistema in pappa.Il sistema s'imballa' ullalla'

Messaggioda Amantide » mar nov 04, 2008 12:32 pm

sandropasqua ha scritto:ultima possibilità e ultimo log
Malwarebytes, trovato virus

Si tratta di un virus oramai inattivo, intrappolato nel punto di ripristino di sistema.

sandropasqua ha scritto:INsisto sul fatto che il pc in mod^provvisoria funziona da dio, quando é normale avanza molto a fatica.

L'ultima cosa che puoi provare è quella che ho consigliato anche qui.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sistema Operativo

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising