www.MegaLab.it

da **Totori** » mer ago 19, 2009 12:23 am

Salve, avrei bisogno di una mano! In pratica il mio pc (desktop) è stato infettato da due virus:

-TR/Crypt.XPACK.Gen
-TR/Tiny.705

Inoltre, avendo winpatrol attivo, questo continua ad indicarmi due modifiche alle quali ovviamente non dò alcun consenso, ovvero:

-C:\WINDOWS\system32\sdra64.exe --- che cerca di inserirsi nel menù di avvio;
-C:\WINDOWS\system32\hs7f3uhduhfukde.dll --- indicato dallo stesso win patrol come Browser helper object

Ho già il file di hijackthis che riporto di seguito...

Spero di aver indicato tutto e che possiate aiutarmi. Grazie in anticipo per la disponibilità [:)]

Logfile of HijackThis v1.99.1
Scan saved at 1.13.05, on 19/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\htpatch.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Tori\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: C:\WINDOWS\system32\hs7f3uhduhfukde.dll - {BD56A320-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\hs7f3uhduhfukde.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S82.tmp" /EF "HKCU"
O4 - Global Startup: Esegui il programma di registrazione.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8139EA4F-DFEB-4648-90A3-B12D52787417}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6594924-0DAE-4769-8A1F-AD80C7C60592}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: UpdateCheck - {25D64156-7B33-42E4-ACC4-076C626DC370} - C:\WINDOWS\system32\mstmdm.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

da **ste_95** » mer ago 19, 2009 7:43 am

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto: [LOG]qui va inserito il log[/LOG]

da **Totori** » mer ago 19, 2009 8:22 am

Ste, guarda che ho scaricato combofix e appena ho cliccato due volte sull'icona avira mi ha rilevato una minaccia. Non ho fatto in tempo a vedere cosa fosse...inoltre mi è cominciata a spuntare una finestra di combofix che mi indica l'impossibilità a lavorare con l'antvirus attivo. Che succede???

da **ste_95** » mer ago 19, 2009 8:44 am

Riscaricalo e quando lo esegui disabilita l'antivirus. [;)]

da **Totori** » mer ago 19, 2009 4:26 pm

Finalmente sono riuscito a ottenere il log di combofix...

ComboFix 09-08-18.04 - Tori 19/08/2009 17.10.37.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.512.298 [GMT 2:00]
Eseguito da: c:\documents and settings\Tori\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1670765621
c:\documents and settings\All Users\Dati applicazioni\18385004
c:\documents and settings\All Users\Dati applicazioni\18385004\18385004
c:\documents and settings\All Users\Dati applicazioni\18385004\18385004.exe
c:\documents and settings\All Users\Dati applicazioni\18385004\pc18385004ins
c:\documents and settings\Tori\Dati applicazioni\inst.exe
c:\documents and settings\Tori\RavMonLog
C:\jfhsanka.exe
c:\windows\Installer\1bd0ca.msp
c:\windows\system32\drivers\smss.exe
c:\windows\system32\hs7f3uhduhfukde.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\msxml71.dll
c:\windows\system32\sdra64.exe
C:\yfkouhh.exe

La copia infetta di c:\windows\system32\mspmsnsv.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\system32\dllcache\MsPMSNSv.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-07-19 al 2009-08-19 )))))))))))))))))))))))))))))))))))
.

2009-08-18 19:54 . 2009-08-18 19:55 67584 ----a-w- C:\erjjsk.exe
2009-08-18 19:52 . 2009-08-18 19:53 86939 ----a-w- C:\hflqw.exe
2009-08-18 19:52 . 2009-08-18 19:53 105472 ----a-w- C:\nkxqjvxt.exe
2009-08-14 14:56 . 2006-02-26 21:46 81408 ----a-r- c:\windows\system32\drivers\Rtnicxp.sys
2009-08-14 14:55 . 2009-08-14 14:55 -------- d-----w- c:\windows\OPTIONS
2009-08-14 14:55 . 2009-08-14 14:55 -------- d-----w- c:\programmi\Realtek
2009-08-14 10:26 . 2009-08-14 15:06 -------- d-----w- C:\Netgear
2009-08-10 22:52 . 2009-08-10 22:52 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\System Restore
2009-08-10 22:51 . 2009-06-01 20:36 3184128 ----a-w- c:\documents and settings\Tori\Dati applicazioni\Mozilla\Firefox\Profiles\ajg9q58f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-08-10 22:51 . 2009-04-23 10:47 28672 ----a-w- c:\documents and settings\Tori\Dati applicazioni\Mozilla\Firefox\Profiles\ajg9q58f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-08-10 22:51 . 2009-03-19 21:57 40960 ----a-w- c:\documents and settings\Tori\Dati applicazioni\Mozilla\Firefox\Profiles\ajg9q58f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-08-10 22:51 . 2009-03-19 21:46 102400 ----a-w- c:\documents and settings\Tori\Dati applicazioni\Mozilla\Firefox\Profiles\ajg9q58f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-08-02 10:39 . 2009-08-02 10:39 -------- d-----w- c:\programmi\7-Zip
2009-07-24 20:20 . 2009-07-24 20:20 -------- d-----w- c:\documents and settings\Tori\Dati applicazioni\AVS4YOU
2009-07-24 20:20 . 2009-07-24 20:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-07-24 20:20 . 2009-07-24 20:20 -------- d-----w- c:\programmi\AVS4YOU
2009-07-24 20:20 . 2009-07-24 20:20 -------- d-----w- c:\programmi\File comuni\AVSMedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 10:33 . 2007-12-18 23:59 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-08-14 14:55 . 2007-12-18 20:49 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-13 23:23 . 2009-01-04 21:41 -------- d-----w- c:\documents and settings\Tori\Dati applicazioni\uTorrent
2009-07-24 23:41 . 2008-02-13 22:21 -------- d-----w- c:\documents and settings\Tori\Dati applicazioni\dvdcss
2009-07-24 20:12 . 2008-03-22 13:41 -------- d-----w- c:\programmi\Elaborate Bytes
2009-07-22 16:27 . 2008-01-05 00:01 -------- d-----w- c:\programmi\eMule
2009-07-15 07:32 . 2008-02-27 15:17 -------- d-----w- c:\documents and settings\Tori\Dati applicazioni\Vso
2001-10-20 17:00 . 2009-06-03 21:31 102400 --sha-r- c:\windows\system32\mstmdm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 271936]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-02 185896]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Esegui il programma di registrazione.lnk - c:\programmi\WiFiConnector\NintendoWFCReg.exe [2008-9-11 1175552]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2008-10-30 692224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UpdateCheck"= {25D64156-7B33-42E4-ACC4-076C626DC370} - c:\windows\system32\mstmdm.dll [2001-10-20 102400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Tori\\Desktop\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14344:TCP"= 14344:TCP:NortonAV
"14464:TCP"= 14464:TCP:NortonAV
"14124:TCP"= 14124:TCP:NortonAV
"15455:TCP"= 15455:TCP:NortonAV
"18403:TCP"= 18403:TCP:NortonAV
"15794:TCP"= 15794:TCP:NortonAV
"16182:TCP"= 16182:TCP:NortonAV
"18294:TCP"= 18294:TCP:NortonAV
"14129:TCP"= 14129:TCP:NortonAV
"15989:TCP"= 15989:TCP:NortonAV
"12913:TCP"= 12913:TCP:NortonAV
"18807:TCP"= 18807:TCP:NortonAV
"14302:TCP"= 14302:TCP:NortonAV
"17785:TCP"= 17785:TCP:NortonAV
"13019:TCP"= 13019:TCP:NortonAV
"13053:TCP"= 13053:TCP:NortonAV

S3 iadusb;Libero IAD LAN Modem;c:\windows\system32\drivers\glauiad.sys [22/12/2007 3.33.05 30371]
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-DSLAGENTEXE - c:\program files\Libero\Adsl\dslagent.exe
HKLM-Run-LaunchList - c:\programmi\Pinnacle\Studio 10\LaunchList.exe

.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {8139EA4F-DFEB-4648-90A3-B12D52787417} = 193.70.152.15,193.70.152.25
TCP: {E6594924-0DAE-4769-8A1F-AD80C7C60592} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Tori\Dati applicazioni\Mozilla\Firefox\Profiles\ajg9q58f.default\
FF - component: c:\documents and settings\Tori\Dati applicazioni\Mozilla\Firefox\Profiles\ajg9q58f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 17:19
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\???/??[???????[???[???????????????????[???[ C?????[$??????[????????????S??[????????m??[???w????(???{??w???w???????w???w???[????????d???b6?[%??[???[????"??[A??[???[.??wZ??[?3?[?3?[????st.I???????[????d???0=?[?K?[

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,21,c1,ab,2c,9d,
2c,51,7c,e2,63,26,f1,3f,c8,ff,68,4f,e2,04,57,5f,88,c5,20,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,ec,ed,20,90,35,
6e,95,16,6a,9c,d6,61,af,45,84,18,c9,d8,8f,03,bc,fd,3e,a7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,8c,af,8c,aa,05,
0a,a1,a9,ff,7c,85,e0,43,d4,0e,fe,fd,56,eb,a5,38,c4,81,f9,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,2b,8a,1b,d0,8a,
4f,18,88,86,8c,21,01,be,91,eb,e7,f2,71,fa,8b,96,78,15,b9,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,0b,43,fe,76,4b,
dc,9e,ea,f5,1d,4d,73,a8,13,5c,05,76,ac,0d,18,ad,21,96,94,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,cd,78,9e,a4,40,
9c,40,e8,df,20,58,62,78,6b,cf,c8,7d,97,43,93,6b,ab,8b,94,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,26,3f,ae,e1,8f,
de,39,48,fb,a7,78,e6,12,2f,9a,ea,a5,48,1c,ed,fd,5f,cd,c6,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,30,c1,6d,71,6c,
d9,ba,88,01,3a,48,fc,e8,04,4a,f1,e9,3a,16,0e,a3,94,17,af,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,11,b3,1e,d6,68,
11,d2,ad,f6,0f,4e,58,98,5b,89,c9,57,78,a9,da,f1,c6,79,01,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,3c,fd,11,85,67,
c9,a3,11,3d,ce,ea,26,2d,45,aa,78,65,11,c4,a1,4e,66,9e,03,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,4f,95,02,92,2b,
13,6a,05,2a,b7,cc,b5,b9,7f,41,e7,43,0b,f1,69,94,62,4d,ae,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,6f,c7,22,b1,
54,7d,ac,6c,43,2d,1e,aa,22,2f,9c,eb,e0,86,4a,80,28,ba,dd,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1876)
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\mstmdm.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programmi\a-squared Free\a2service.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Logitech\KhalShared\KHALMNPR.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-19 17.28.11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-19 15:28

Pre-Run: 12.459.483.136 byte disponibili
Post-Run: 12.585.213.952 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

232 --- E O F --- 2009-03-25 21:51

da **ste_95** » mer ago 19, 2009 6:17 pm

Totori ha scritto:2009-08-18 19:54 . 2009-08-18 19:55 67584 ----a-w- C:\erjjsk.exe
2009-08-18 19:52 . 2009-08-18 19:53 86939 ----a-w- C:\hflqw.exe
2009-08-18 19:52 . 2009-08-18 19:53 105472 ----a-w- C:\nkxqjvxt.exe

Questi mandali su www.virustotal.com e controllane l'esito.

da **Totori** » gio ago 20, 2009 12:23 am

Premesso che non so cosa prendere come riferimento da virus total, ti indico di seguito:

C:\erjjsk.exe ------------- viene definito come trojan dropper o hijacker (13/40)
C:\hflqw.exe -------------- nessun antivirus indica niente in merito
C:\nkxqjvxt.exe --------- La maggior parte degli antivirus lo identifica come trojan o hig risk worm (14/40)

Volevo dirti ancora una cosa. Riguardando il log di combofix ho notato il file c:\windows\system32\sdra64.exe, che è lo stesso file che tenta più volte di impostarsi nel menu di avvio... [uhm]

da **ste_95** » gio ago 20, 2009 9:56 am

Totori ha scritto:C:\erjjsk.exe ------------- viene definito come trojan dropper o hijacker (13/40)
C:\nkxqjvxt.exe --------- La maggior parte degli antivirus lo identifica come trojan o hig risk worm (14/40)

Questi due cancellali a mano.

Riguardando il log di combofix ho notato il file c:\windows\system32\sdra64.exe, che è lo stesso file che tenta più volte di impostarsi nel menu di avvio...

Infatti è tra i file eliminati. [;)]

da **Totori** » gio ago 20, 2009 9:39 pm

Tutto ok, cancellati! Devo fare altro???
Scusa l'ignoranza...quindi combofix ha già ripulito tutto??? Pensavo che effettuasse un semplice controllo del pc [std]

da **ste_95** » ven ago 21, 2009 7:49 am

Totori ha scritto:Pensavo che effettuasse un semplice controllo del pc

Controlla cancellando anche i file che ritiene nocivi. [;)]

Dovresti essere a posto a questo punto.

da **Totori** » ven ago 21, 2009 9:56 am

Ok! Allora grazie per la disponibilità e per avermi aiutato!!! [ciao]

Ciao

da **ste_95** » ven ago 21, 2009 1:09 pm

da tX » mer set 09, 2009 5:46 pm

niente da fare, un passaggio di Combofix non mi aiuta: che fare? [cry]

(alcuni files rislutano ancora infettati da TR/Crypt.XPACK.Gen)

ComboFix 09-09-08.09 - Federico 09/09/2009 18.36.50.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1272 [GMT 2:00]
Eseguito da: c:\documents and settings\Federico\Desktop\CombosFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\All Users\Menu Avvio\Programmi\325 USB PC Camera
c:\documents and settings\All Users\Menu Avvio\Programmi\325 USB PC Camera \AMCap.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\325 USB PC Camera \Uninstall.lnk
c:\documents and settings\Federico\Dati applicazioni\inst.exe
c:\windows\system32\2
c:\windows\system32\2\BiMMonNT.dll
c:\windows\system32\azip32.dll
F:\Autorun.inf
G:\autorun.inf

c:\windows\system32\userinit.exe . . . è infetto!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\inf\unregmp2.exe . . . è infetto!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\mspaint.exe . . . è infetto!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\notepad.exe . . . è infetto!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\sndvol32.exe . . . è infetto!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\tourstart.exe . . . è infetto!! . . .Failed to restore. Attempting to replace on reboot

.
((((((((((((((((((((((((( Files Creati Da 2009-08-09 al 2009-09-09 )))))))))))))))))))))))))))))))))))
.

2009-09-09 05:20 . 2009-09-09 05:20 -------- d-----w- C:\VundoFix Backups
2009-09-09 04:54 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-09 04:54 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-08 19:06 . 2009-09-08 19:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\YoGen
2009-09-08 05:23 . 2009-09-08 05:23 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-06 13:02 . 2009-09-06 13:02 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{C79A30AF-08C1-49CF-8F27-526F179A478D}
2009-09-06 13:02 . 2009-09-06 13:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Native Instruments
2009-09-06 13:02 . 2009-09-06 13:02 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{902029B2-957E-4066-85FA-30DA31731718}
2009-09-06 13:02 . 2009-09-06 13:02 -------- d-----w- c:\programmi\Native Instruments
2009-09-06 13:02 . 2009-09-06 13:02 -------- d-----w- c:\programmi\File comuni\Native Instruments
2009-09-04 23:25 . 2009-09-08 19:39 -------- d-----w- C:\VueScan
2009-08-31 11:27 . 2009-08-31 11:27 -------- d-----w- c:\programmi\Microsoft Works
2009-08-25 21:55 . 2009-08-25 21:55 2153024 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-08-23 22:34 . 2009-08-23 22:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avanquest Bluetooth SDK
2009-08-23 22:31 . 2009-08-23 22:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BVRP Software
2009-08-23 22:31 . 2009-08-23 22:31 -------- d-----w- c:\documents and settings\Federico\Impostazioni locali\Dati applicazioni\Sony Ericsson
2009-08-23 22:27 . 2009-08-23 22:27 -------- d-----w- c:\programmi\Sony Ericsson
2009-08-23 22:27 . 2009-08-23 22:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sony Ericsson
2009-08-23 22:26 . 2009-08-23 22:27 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-23 22:26 . 2009-08-23 22:26 -------- d-----w- c:\windows\system32\LogFiles
2009-08-23 17:00 . 2009-08-23 17:00 152576 ----a-w- c:\documents and settings\Federico\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-22 13:38 . 2009-09-08 04:51 172032 ----a-w- c:\documents and settings\Federico\Dati applicazioni\Mozilla\Firefox\Profiles\t9q7vbht.default\FlashGot.exe
2009-08-20 16:17 . 2009-08-20 16:18 -------- d-----w- c:\documents and settings\Federico\Dati applicazioni\vlc
2009-08-20 16:16 . 2009-08-20 16:16 -------- d-----w- c:\programmi\VideoLAN
2009-08-19 05:14 . 2009-08-19 05:14 -------- d-----w- c:\documents and settings\Federico\dwhelper
2009-08-12 23:36 . 2008-04-14 02:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-12 05:20 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 20:45 . 2009-08-10 20:45 -------- d-----w- c:\programmi\Wanadoo Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 16:38 . 2009-06-11 15:12 -------- d-----w- c:\documents and settings\Federico\Dati applicazioni\uTorrent
2009-09-09 05:16 . 2009-06-13 10:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-09 05:16 . 2009-06-13 10:40 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-09 05:14 . 2009-06-10 23:53 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-09-08 20:37 . 2009-06-11 23:55 -------- d-----w- c:\documents and settings\Federico\Dati applicazioni\foobar2000
2009-09-07 22:44 . 2009-06-11 16:02 -------- d-----w- c:\documents and settings\Federico\Dati applicazioni\Skype
2009-09-07 22:03 . 2009-06-11 16:03 -------- d-----w- c:\documents and settings\Federico\Dati applicazioni\skypePM
2009-09-03 18:18 . 2009-06-12 07:14 -------- d-----w- c:\programmi\JDownloader 0.6.111
2009-08-23 22:28 . 2009-08-23 22:28 148736 ----a-w- c:\documents and settings\All Users\Dati applicazioni\hpe142.dll
2009-08-23 22:27 . 2009-06-10 23:42 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-23 17:10 . 2009-06-12 07:16 -------- d-----w- c:\programmi\Java
2009-08-23 17:10 . 2004-08-19 12:00 84242 ----a-w- c:\windows\system32\perfc010.dat
2009-08-23 17:10 . 2004-08-19 12:00 488954 ----a-w- c:\windows\system32\perfh010.dat
2009-08-22 11:15 . 2009-06-11 20:10 -------- d-----w- c:\programmi\Mp3tag
2009-08-19 08:56 . 2009-06-10 23:01 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 17:53 . 2009-08-08 17:53 -------- d-----w- c:\documents and settings\Federico\Dati applicazioni\Stardock
2009-08-08 15:08 . 2009-08-08 15:02 -------- d-----w- c:\programmi\Digital Guitar Tuner 2.3
2009-08-08 15:04 . 2009-08-08 14:57 -------- d-----w- c:\programmi\AP Tuner
2009-08-07 21:20 . 2009-06-11 15:33 -------- d-----w- c:\documents and settings\Federico\Dati applicazioni\BSplayer PRO
2009-08-07 20:04 . 2009-08-07 18:06 1924440 ----a-w- c:\documents and settings\Federico\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-08-07 18:25 . 2009-06-10 23:03 1466040 ----a-w- c:\documents and settings\Federico\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-07 17:50 . 2009-06-13 17:48 -------- d-----w- c:\programmi\File comuni\Adobe
2009-08-07 17:14 . 2009-08-07 17:14 -------- d-----w- c:\programmi\File comuni\Control Panels
2009-08-07 17:10 . 2009-08-07 17:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ALM
2009-08-07 16:50 . 2009-08-07 16:50 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-08-05 08:59 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:05 . 2009-06-11 16:13 -------- d-----w- c:\programmi\Trillian
2009-08-01 14:25 . 2009-08-01 14:25 -------- d-----w- c:\programmi\DATA BECKER
2009-08-01 13:36 . 2009-08-01 13:36 -------- d-----w- c:\programmi\Poladroid
2009-08-01 13:28 . 2009-08-01 13:24 -------- d-----w- c:\programmi\Flickr Uploadr
2009-08-01 13:28 . 2009-08-01 13:28 -------- d-----w- c:\documents and settings\Federico\Dati applicazioni\Flickr
2009-07-27 18:50 . 2009-06-11 07:21 -------- d-----w- c:\documents and settings\Federico\Dati applicazioni\Apple Computer
2009-07-25 03:23 . 2009-06-12 07:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2004-08-19 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 21:58 . 2009-07-08 21:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-08 21:58 . 2009-07-08 21:58 47360 ----a-w- c:\documents and settings\Federico\Dati applicazioni\pcouffin.sys
2009-07-08 21:58 . 2009-07-08 21:58 47360 ----a-w- c:\documents and settings\Federico\Dati applicazioni\pcouffin.sys
2009-07-08 20:24 . 2009-07-08 20:24 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-08 20:24 . 2009-06-22 21:35 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 20:24 . 2009-06-22 21:35 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-02 22:21 . 2009-07-02 22:23 757760 ----a-w- c:\windows\iun6002.exe
2009-06-26 16:49 . 2004-08-19 12:00 669184 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:49 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:25 . 2004-08-19 12:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-19 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-19 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-19 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-19 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-19 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-19 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 23:18 . 2009-06-15 23:18 137 ----a-w- c:\documents and settings\Federico\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-06-15 10:43 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-13 10:26 . 2009-06-13 10:26 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2009-06-12 07:16 . 2009-06-12 07:16 152576 ----a-w- c:\documents and settings\Federico\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2006-05-03 09:06 . 2009-06-17 07:15 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-06-17 07:15 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-06-17 07:15 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-19 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-19 . D81759006D620D41F7FD1D2A4A10C7F3 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-19 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-19 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-19 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-19 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-19 12:00 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-19 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-19 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2009-07-18 . E0F562646D092A4331F395C7FF2082EA . 3090432 . . [6.00.2900.5848] . . c:\windows\system32\mshtml.dll
[-] 2009-07-18 . E0F562646D092A4331F395C7FF2082EA . 3090432 . . [6.00.2900.5848] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-07-18 . BC76BE4EB17F5915DAB7D9374B5F6A3E . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2009-04-29 . 99007AC96F8440F8FAF543CA5E5F0109 . 3089920 . . [6.00.2900.5803] . . c:\windows\$NtUninstallKB972260$\mshtml.dll
[-] 2009-04-29 . AD361BA2FFC722CCE2A968056697428E . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB969897$\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-19 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2004-08-19 . 8AB08C18BED548F7A534E9650911F660 . 2151936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-19 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-19 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-19 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-19 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-06-26 . 0B823D7A32D727B3088319D51D2EC7C7 . 669184 . . [6.00.2900.5835] . . c:\windows\system32\wininet.dll
[-] 2009-06-26 . 0B823D7A32D727B3088319D51D2EC7C7 . 669184 . . [6.00.2900.5835] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-06-26 . 3EA1BC97CDA43FE367F293DE72E6EB39 . 670720 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-04-29 . 9654C66FDD3BCC600C9F967E7429D9F4 . 669184 . . [6.00.2900.5803] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2009-04-29 . AFBC8C279B490FECC5077A104F6FED4F . 670720 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2004-08-19 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-19 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2004-08-19 12:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 02:13 . C5B8FF892ECDBE965E1E3F47013E7917 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-19 12:00 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll

[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-19 . 4B42A1C0085CE18E4BE81A25A3D1C9CF . 2018816 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-19 12:00 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2009-07-13 288048]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"Sony Ericsson PC Suite"="c:\programmi\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-06-23 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"amd_dc_opt"="c:\programmi\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"zBrowser Launcher"="c:\programmi\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"CpuIdle"="c:\programmi\CpuIdle\cpuidle.exe" [2009-06-13 836608]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2009-04-10 37888]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-02 577536]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2002-11-08 19968]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
PrintAndFax.lnk - c:\programmi\Fastweb\PrintAndFax\FaxMonitor.exe [2005-11-3 970856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Programmi\\Trillian\\trillian.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Federico\\Desktop\\hfs.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\File comuni\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Documents and Settings\\Federico\\Desktop\\rapidshare\\Robot Arena 2 (Portable)\\Robot Arena 2.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programmi\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance -->

c:\programmi\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\programmi\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [24/08/2009 0.27.55 90112]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [26/06/2009 16.29.19 33792]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programmi\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance -->

c:\programmi\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [11/06/2009 17.50.02 14156]
R3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [28/05/2009 15.32.24 108032]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24/08/2009 0.28.29 27632]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [11/06/2009 16.58.43 10253056]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [24/08/2009 0.28.13 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [24/08/2009 0.28.13 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [24/08/2009 0.28.13 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [24/08/2009 0.28.14 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [24/08/2009 0.28.14 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [24/08/2009 0.28.14 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [24/08/2009 0.28.14 115752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-09 c:\windows\Tasks\AWC Update.job
- c:\programmi\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-15 08:15]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device...
IE: Send To Bluetooth
FF - ProfilePath - c:\documents and settings\Federico\Dati applicazioni\Mozilla\Firefox\Profiles\t9q7vbht.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it&source=iglk
FF - component: c:\documents and settings\Federico\Dati applicazioni\Mozilla\Firefox\Profiles\t9q7vbht.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npWebLaunch.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-HijackThis - c:\docume~1\Federico\IMPOST~1\Temp\Rar$EX00.578\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 18:45
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3004)
c:\programmi\Logitech\MouseWare\System\LgWndHk.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\programmi\Logitech\iTouch\iTchHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-09-09 18.48.28
ComboFix-quarantined-files.txt 2009-09-09 16:48

Pre-Run: 993.558.528 byte disponibili
Post-Run: 982.392.832 byte disponibili

468 --- E O F --- 2009-08-26 05:23

da tX » mer set 09, 2009 6:51 pm

edito e aggiungo la descrizione della tragedia: al riavvio (dopo un passaggio di malwarebytes) userinit.exe da' errore. provando a entrare in mod provvisoria, idem con explorer.exe, di conseguenza non posso neanche piu' accedere ai miei files ne' per backup ne' per diagnostica...
sono senza speranza?

da **ste_95** » mer set 09, 2009 7:07 pm

Devi riuscire ad entrare nella console di ripristino di emergenza dal CD di Windows e dare il comando sfc /scannow.

da tX » mer set 16, 2009 10:51 pm

ste_95 ha scritto:Devi riuscire ad entrare nella console di ripristino di emergenza dal CD di Windows e dare il comando sfc /scannow.

ho formattato.
è stata l'unica. [cry]

www.MegaLab.it

TR/Crypt.XPACK.Gen e TR/Tiny.705

TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Re: TR/Crypt.XPACK.Gen e TR/Tiny.705

Chi c’è in linea