Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

virus conficker?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

virus conficker?

Messaggioda pinkfloyd8 » mer feb 02, 2011 8:52 pm

ciao a tutti,nel mio pc si è bloccato Avast, non si avviano alcuni programmi, non si avvia in provvisoria, non riuscivo a fare scansioni. Con GMER ho visto che SVCHOST.EXE era infetto da rootkit. Pur seguendo le indicazioni trovate in rete non sono riuscito a fare una vera pulizia perché AVENGER non parte e in manuale non sono riuscito a pulire bene le sottocartelle in HKEY_LM\SYSTEM\CURRENTCONTROLSET\SERVICES\cdqfctpef ed altri 7 simili. Continuo a non riuscire a disinstallare AVAST ma COMBOFIX ed il removal tool di Kaspersky finalmente funzionano (trovato un trojan DOWNLOADER.SCRIPT.GENERIC). Allego la prima parte del file di combofix. Ringrazio in anticipo per l'aiuto. [grazie]

ComboFix 11-01-31.02 - 02/02/2011 16.27.23.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.959.515 [GMT 1:00]
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
C:\windows\regedit.exe . . . è infetto!!
((((((((((((((((((((((((( Files Creati Da 2011-01-02 al 2011-02-02 )))))))))))))))))))))))))))))))))))
2011-02-02 15:06 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\16236072.sys
2011-02-02 15:06 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\1623607.sys
2011-02-02 15:06 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\16236071.sys
2011-02-02 14:40 . 2011-02-02 15:06 -------- d-----w- c:\windows\LastGood
2011-02-01 08:33 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{38407BEC-6C21-46BA-A297-93691FDD6F77}\mpengine.dll
2011-01-27 19:05 . 2011-01-27 19:09 -------- d-----w- c:\programmi\Windows Live Safety Center
2011-01-25 19:44 . 2011-01-25 19:52 -------- d-----w- c:\documents and settings\CTP\Dati applicazioni\vlc
2011-01-25 15:26 . 2008-04-14 02:14 14336 -c--a-w- c:\windows\system32\dllcache\svchost.exe
2011-01-25 15:26 . 2008-04-14 02:14 14336 ----a-w- c:\windows\system32\svchost.exe
2011-01-21 14:26 . 2011-01-13 08:41 294608 ------w- c:\windows\system32\drivers\aswSP.sys
2011-01-21 14:26 . 2011-01-13 08:37 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-21 14:26 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-21 14:26 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-21 14:26 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-21 14:26 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-21 14:26 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-21 14:25 . 2011-01-13 08:47 188216 ------w- c:\windows\system32\aswBoot.exe
2011-01-21 14:25 . 2011-01-21 14:25 -------- d-----w- c:\programmi\Alwil Software
2011-01-21 14:17 . 2008-04-14 02:13 120832 -c--a-w- c:\windows\system32\dllcache\aclui.dll
2011-01-21 14:17 . 2008-04-14 02:13 120832 ----a-w- c:\windows\system32\aclui.dll
2011-01-20 15:49 . 2011-01-20 15:51 -------- d-----w- c:\programmi\Unlocker
2011-01-19 19:37 . 2011-01-19 19:37 -------- d-----w- c:\doc and settings\CTP\Dati applic\Canneverbe Limited
2011-01-19 19:37 . 2011-01-19 19:37 -------- d-----w- c:\doc and settings\All Users\Dati applic\Canneverbe Limited
2011-01-19 19:36 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-01-19 19:35 . 2011-01-19 19:36 -------- d-----w- c:\programmi\CDBurnerXP
2011-01-13 16:25 . 2011-01-14 17:01 -------- d-----w- c:\doc and set\CTP\Impostazioni locali\Dati applic\AskToolbar
2011-01-13 16:23 . 2011-01-13 16:23 -------- d-----w- c:\documents and settings\CTP\Dati applicazioni\Nero
2011-01-13 15:59 . 2011-01-13 15:59 -------- d-----w- c:\programmi\File comuni\Nero
2011-01-13 15:59 . 2011-01-13 16:00 -------- d-----w- c:\programmi\Nero
2011-01-12 19:51 . 2011-01-12 19:52 -------- d-----w- c:\programmi\Microsoft Silverlight
2011-01-12 19:51 . 2011-01-12 20:18 -------- d-----w- C:\1f26f6e59734654d4be3b5ab54477c64
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
2011-01-13 09:41 . 2007-05-08 14:18 5890896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-12-23 12:05 . 2010-12-23 12:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-23 12:05 . 2010-06-25 15:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-23 12:04 . 2010-12-23 12:04 0 ----a-w- c:\windows\system32\REN2A3.tmp
2010-12-23 12:04 . 2010-12-23 12:04 0 ----a-w- c:\windows\system32\REN2A2.tmp
2010-12-23 12:04 . 2010-12-23 12:04 0 ----a-w- c:\windows\system32\REN2A1.tmp
2010-11-29 16:42 . 2010-12-21 13:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2010-12-21 13:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2006-07-26 07:31 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:51 . 2004-08-19 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-19 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\win\ServPackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-19 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-19 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . .
c:\win\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-19 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-19 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-19 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 1231D4353698E19495DC8A929B8B74EB . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 1A794D21BC51EEA1F908505E918FCC4E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-19 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2008-04-14 02:13 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:13 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\comres.dll
[-] 2008-04-14 02:13 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-19 12:00 . B979BBBA74F4F5DB69C3A5DFDC52828C . 845824 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\rpcss.dll
[-] 2005-07-26 . CC41F9D29EDD55037A4C26E70C175528 . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . F683B6ED87C7DCE1FB51A7D113DE0346 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . 1A2A2A1AB10CF25ABF99CC79909C2DB5 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . A5BC1A3B9F42ED4AB65804CEC4A7F69C . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-19 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\services.exe
[-] 2004-08-19 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-19 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2010-08-23 . 5DC6E15B3989AF66D09F39786FD7154E . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 5DC6E15B3989AF66D09F39786FD7154E . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . B01635393A2B490FE49B7F97A9E41071 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\comctl32.dll
[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . 837B282813808C17E9C94E56300AA29E . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-19 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-19 . D81759006D620D41F7FD1D2A4A10C7F3 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\win\ServPackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\es.dll
[-] 2005-07-26 04:40 . 659C04BB6086E480966FFD0D44F1CC4D . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:27 . 4CC4C2B7CCB5FCAEF5B73A26AB914B0D . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-19 12:00 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\win\ServPackFiles\i386\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\kernel32.dll
[-] 2007-04-16 . 6D9421A648F26B8640C63D0F8F2B7D48 . 1030144 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . EB1428078E1D10FDEC060857AA526A9F . 1028608 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 4BBAA51F3CE5852AE38C98F3E1272580 . 1029120 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . 967C4531EA54A7AFC019220206863D1B . 1028096 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-19 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 78BE48208966D99840C6F3DC76619C6E . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . B737A3DA2C0A605CE2C7E118C59F38C7 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-19 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2010-11-06 . A31163076E0D5AED751B3253FA62FC44 . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 4F82A743CF2FBAFE4A085EB073AD9173 . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\mshtml.dll
[-] 2010-11-06 . 4F82A743CF2FBAFE4A085EB073AD9173 . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-09-10 . 5735C175E0EF67A372374AAAED099DA0 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . B33D831E06B389528B0A97466DA59449 . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 3E0358C6C60B7D136743000790A28335 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . 3152E3D40DFDDCD584D4A1B2D43A43FF . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . DE364398A00B79DD448874155977EC0B . 3595264 . . [7.00.6000.16825] . . c:\windows\ie8\mshtml.dll
[-] 2009-01-16 . 0FB585ED87F8D0B0F19934EE1D733B24 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . CA3BD4783DC7CA85E949EA6FF5906617 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C352D6D2EFC11942BA84B996BAFFB182 . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . 6325783D4583E0EEBF26AA1286F26E70 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . 6EA04EE075C69345AB9B90C7A8740A04 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . BBB7E4E7A8A232AD5B995B8049B56711 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . 080DEB244585EB5772F6E6DEA75B4380 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 8E52FEC7D214C3B62871F8637F204114 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 . 4BE72F3F57BF111BE500F6681006E3D4 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 3B3A745E1C92A877C3F237ADFBA8348C . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\mshtml.dll
[-] 2008-03-01 . 571EAAB1E810CE9595C67A0EC9AE6DCF . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 14154D51ED61852B3AD4845103302ECE . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . 8A10F937FC26806AB238CEAFB2E619C5 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . D5BE7B893C3A37E76463B58FF8810DB5 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 20CEFA564453AE90B668577DA3E012E4 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 27680AEB8ED2343C69D05F665C447DF7 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . 3E683B552768A47E47FEF830903A4F76 . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . 83705F017125985C07964E407253C437 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . 4BED338DBA8C8B78B37D69BAE5034FEC . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . DE81A35A4498C290C299ED52EC48973D . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 32685B855911A32246D19EDF511C63A1 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1C6DCEC72870CDBAC7DAF9DE872C3767 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-23 . 03278E07A5E7076F2D74D57FB345F9AB . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-02-27 . 675BAF15B7B80F76D30D3BE29EEBE950 . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-07 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-10-23 . F1EE6DE370CE70DDB7F70E77D1F5BCD2 . 3082240 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2006-10-23 . F1EE6DE370CE70DDB7F70E77D1F5BCD2 . 3082240 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll
[-] 2006-10-23 . F967DF3EE3E31140C768F6C3532450E1 . 3076096 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-09-14 . 821158579970DDD1CE374CB04C37C37C . 3075584 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454_0$\mshtml.dll
[-] 2006-09-14 . A0460213A8966258B8408C135D1EC42F . 3079680 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . E5DA5106711A065786C5193FE84CD17E . 3079168 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-07-28 . 59A1AB75AB6BC8703AAB6995067F37E5 . 3075072 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-05-19 . BF0D7886F0DA27D6ABB237BC0806AE77 . 3073536 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-05-19 . 6C8542632F5B9158AEA56B40D4B6FD97 . 3076096 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB916281$\mshtml.dll

[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-19 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-19 . F1B3C3DE9374C4A7B29A92BD749404B5 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\mswsock.dll
[-] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
[-] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 9D6561AA09637E38E6449C711343CCAD . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 3A4C429F316C510C3E4C5F2FC7372C26 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-19 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-11-06 . DC9B370A01F1BCD9DB40C5010335AF59 . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . C1118FF7E47EDB4B07E7B4B2B69B6A89 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\wininet.dll
[-] 2010-11-06 . C1118FF7E47EDB4B07E7B4B2B69B6A89 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-09-10 . B0CB9761B8E29FA3B5A76308A1450539 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 939FD4412E1EE25C91BD95562CFF1912 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . FA2483ACCF72BD0516587B98303410AF . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . A5E6F403200AF075E03210FDFE019C18 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 0F74B461F95EC8373FFF5990DC619A75 . 826368 . . [7.00.6000.16827] . . c:\windows\ie8\wininet.dll
[-] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . EF1520F95DD25F48C18502005F5EE995 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . A4C79606C0D9835E8A5A8E5E5804AE60 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . F303CFED3D8B8348A54F7A53DDC7CCA0 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . D590241CADEC69A1BC157DC0452C92D1 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 4B54220877703198E55F61CB7B87979E . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . BF9D17259082632F03F3FF5759C6AE32 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . FE184A2B736F216CCC22ABEEBB40787D . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . C1089010BCC3FD01056D26E9A36BBB79 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\wininet.dll
[-] 2008-03-01 . 61D4F43D26EC9D21BEB6F38F22B396AB . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 93DB90BE4A10EC784DDC9C8601A28AA6 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . ED2A73AB0EBA3C4CB6794077CD09EC95 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . 39CCDA0E9B778792B06C1B9D794A9776 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 419A6F3D56E469BCBE71128A78463DA4 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 714D8A2B05B2AAF0C6A39241A1ED914F . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 21AA12B75CE02358E0AD8C706680869F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 69D5497609B4FB0981F17074671E072B . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 0C7D45E58E856198D7C4018976627E01 . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 2513EAEB6C4172C7D7B5148CC41F7222 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 53E94666CAF76FCBC79CFAB8C296767A . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . D34691A9CA8188C89F5A5FA47DC07F68 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-23 . BC9EA33FE795C9734B76198FA50BA0AB . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-02-27 . 8164EDED30E6625AC6AF12A7D15B0FBA . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-07 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-10-23 . 2CDE29A401B990086FC91969D3C6B66A . 667136 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2006-10-23 . 2CDE29A401B990086FC91969D3C6B66A . 667136 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll
[-] 2006-10-23 . DB61007ADE457193785E3D886381A994 . 661504 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-09-14 . D1ECA43C392B30527B16971B385C665F . 661504 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454_0$\wininet.dll
[-] 2006-09-14 . E7E30349DB0E0E2203DF5A4DD651DB85 . 667136 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . E189791BF401B57E3B4F6DA28082EC82 . 667136 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-06-23 . EC8D1299C1FE0094AFB125A9D89FE635 . 661504 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-05-10 . 0DB0E3399BE75BBC6448FCBFF9AD55E3 . 666112 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-05-10 . E9967B85C3B594B3556EC1C78A25AD06 . 660992 . . [6.00.2900.2904] . . c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB916281$\wininet.dll

[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ws2help.dll
[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-19 . 0C1F495C1761C126BC820F4DE4C8B967 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
Avatar utente
pinkfloyd8
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio gen 27, 2011 5:30 pm

virus conficker? seconda parte

Messaggioda pinkfloyd8 » mer feb 02, 2011 8:54 pm

Allego seconda parte del log di Combofix

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2010-12-22 2216960]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"SmartRAM"="c:\programmi\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\CTP\Menu Avvio\Programmi\Esecuzione automatica\
kaspersy tool_22_02.02.2011_16-54.lnk - c:\documents and settings\CTP\Desktop\Virus Removal Tool\kaspersy tool_22_02.02.2011_16-54\startup.exe [2011-2-2 72208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\HiClass 4.3R2\\TDChalk.exe"=
"c:\\Programmi\\HiClass 4.3R2\\TDOvrSet.exe"=
"c:\\Programmi\\HiClass 4.3R2\\TDSetup.exe"=
"c:\\Programmi\\HiClass 4.3R2\\TeachCmd.exe"=
"c:\\Programmi\\HiClass 4.3R2\\TeacherMain.exe"=
"c:\\Programmi\\HiClass 4.3R2\\VRecordClt_Personal.exe"=
"c:\\Programmi\\HiClass 4.3R2\\VRecordSrv_Personal.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2150:TCP"= 2150:TCP:Services
"2800:TCP"= 2800:TCP:Services

R0 16236072;16236072 Boot Guard Driver;c:\windows\system32\drivers\16236072.sys [02/02/2011 16.06.11 37392]
R0 CDD_HOST;CDD_HOST;c:\windows\system32\drivers\CDD_HOST.sys [09/07/2009 9.59.26 19968]
R1 16236071;16236071;c:\windows\system32\drivers\16236071.sys [02/02/2011 16.06.11 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/01/2011 15.26.19 294608]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25/06/2010 15.20.35 142592]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [06/05/2009 15.55.36 8399]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [13/10/2008 11.05.38 88176]
R2 NAUpdate;@c:\programmi\Nero\Update\NASvc.exe,-200;c:\programmi\Nero\Update\NASvc.exe [04/05/2010 12.07.22 503080]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [26/07/2006 10.54.26 6016]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
R3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\Rockey4USB.sys [14/01/2008 15.14.03 12928]
R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [17/01/2008 18.02.23 792576]
R3 TDKeybd;TDKeybd;c:\windows\system32\drivers\TDKeybd.sys [09/07/2009 9.59.18 7168]
R4 78882901;78882901;c:\windows\system32\DRIVERS\78882901.sys --> c:\windows\system32\DRIVERS\78882901.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 kaspersy tool_22_02.02.2011_16-54drv;kaspersy tool_22_02.02.2011_16-54drv;c:\windows\system32\drivers\1623607.sys [02/02/2011 16.06.11 315408]
S1 TDVideo;TDVideo;\??\c:\windows\system32\Drivers\TDVideo.sys --> c:\windows\system32\Drivers\TDVideo.sys [?]
S2 nzzyhjgii;Center Monitor;c:\windows\system32\svchost.exe -k netsvcs [25/01/2011 16.26.11 14336]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [06/05/2009 15.55.57 11003]
S3 RTLVLAN;D-Link VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [06/05/2009 15.55.37 16384]
S4 gswserv;GeSWall service;c:\programmi\geswall\gswserv.exe --> c:\programmi\geswall\gswserv.exe [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - 16236071
*NewlyCreated* - 16236072
.
Contenuto della cartella 'Scheduled Tasks'

2011-02-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-04-21 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-21 14:48]

2011-02-02 c:\windows\Tasks\User_Feed_Synchronization-{080B6394-A17B-466E-AAF8-02AB5FA883EE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

2011-02-02 c:\windows\Tasks\User_Feed_Synchronization-{2C5F8605-29CA-43C9-8A5D-6CAA2991FDB1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

2011-02-02 c:\windows\Tasks\User_Feed_Synchronization-{D3F5FF43-FF7F-4A4E-804D-1DE9AE4B1BEC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
------ Scansione supplementare -------
uStart Page = hxxp://share.dschola.it/ctp66martiri/default.aspx
uSearchURL,(Default) = hxxp://it.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {CF3C7372-902D-4261-AF1D-8B3642949781} = 87.253.101.9,87.253.101.10
TCP: {EF3C8E81-6F41-4639-B77A-C9B6BE85EA62} = 87.253.101.9,87.253.101.10
FF - ProfilePath - c:\documents and settings\CTP\Dati applicazioni\Mozilla\Firefox\Profiles\u259t4b4.default\
FF - prefs.js: browser.search.selectedEngine - Casella di ricerca Secure
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\programmi\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\programmi\Java\jre6\bin\jusched.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 16:42
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

[-] 2010-07-16 . 73E284809F5B963374DB8FFAF39AD824 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 73E284809F5B963374DB8FFAF39AD824 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 705E8550BA69B3A8828E8836CF647AF4 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ole32.dll
[-] 2005-07-26 . D5622B6D4CD43F2223718820C0A178AD . 1284608 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . FDCB65B500C748D9D36BCCD20156B7C5 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7E958544A86CDB308F849BAB7EC78908 . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 7313DD91D93A33472E76D857EE7FFDE8 . 1284608 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-19 . 66364440C71911D07468F3791206FB87 . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll

[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EC73FF04C4700137413C48DAE1F7756A . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\usp10.dll
[-] 2004-08-19 . D80FEA125DC5860E4BC786AE07DE6DB8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . FAD73705BED0910E910DE852B0F8AEBC . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 89F95338182388B65DC381AEAAB62079 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\hnetcfg.dll
[-] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-19 . 250D4F4E1E27543C121378268FE07208 . 346624 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll

[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\appmgmts.dll
[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-19 . 00E50CD4D9247CB56EFC1360C32AB755 . 175104 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-19 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-19 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2010-09-18 07:18 . A656C2591548FF037C61BADF969D88D0 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . B4E33B4CC916871D83C276CA29AFDD55 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . B4E33B4CC916871D83C276CA29AFDD55 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\mfc40u.dll
[-] 2006-11-01 19:18 . BB6786F692227DD59F1C872CCA19282D . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-19 12:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-19 12:00 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2010-04-28 . E24DAC79581355DC65A3637DD88EE635 . 2070656 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . CB7CEC44C39B622E1B23214B60C7789E . 2070528 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-04-28 . CB7CEC44C39B622E1B23214B60C7789E . 2070528 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-04-28 . CB7CEC44C39B622E1B23214B60C7789E . 2070528 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . E303C3372889CADDA37B39876BA55660 . 2069760 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ntkrnlpa.exe
[-] 2007-02-28 . F89D8E24FBE047506D60B850D00BDEE3 . 2063104 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 49BAEA1D9379DF8CD897AFF9F49BC9DE . 2061312 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2006-12-19 . 0943F29440085D86A1B9B9C2356B45B4 . 2063104 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 7373BD87175412862CF9E534C6AA5EC9 . 2061312 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 8F485CF9683F1220BA27D10281052FCE . 2060544 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2004-08-19 . 4DC3A3626B02C39AA69AAE6F64BFBC2D . 2060544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-19 12:00 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 5BD44542E87E1343E8D69EB95DF7685D . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 66A6CC644A3453E2C912CF5DFFE9F2DC . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\dsound.dll
[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-19 . E99A5DF2A937580361D6C698E4620DBA . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\d3d9.dll
[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-19 . CC954D05B696D408EA1A962651FC6F83 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ddraw.dll
[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-19 . 613E66ACE3FAE6523E6F1A0183AF7F2D . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\olepro32.dll
[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-19 12:00 . CB6B225CC6C85CDA0430EF12441EA5B6 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\perfctrs.dll
[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-19 . 8058A9383E61C45D25B93B26605F2A80 . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\version.dll
[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-19 . 9B5A59851D9A237C86210E07E2195A12 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

[-] 2010-04-28 . EFC64EB67A642F8B7190AC5BAB1B403C . 2193664 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-04-28 . EFC64EB67A642F8B7190AC5BAB1B403C . 2193664 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-28 . EFC64EB67A642F8B7190AC5BAB1B403C . 2193664 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-28 . 52219984EC19C4066F15EED46E3ACA55 . 2193792 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 98DC3ECBFF9994180A03298B7471F60F . 2192896 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\ntoskrnl.exe
[-] 2007-02-28 . 763EA08993B467A3AF048EF185B1F805 . 2185856 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5EC517CC0865808DF80D2184B0131D27 . 2184064 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2006-12-19 . ECB771F4CC4B5CD2B19B294FBD56F75D . 2185728 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . B33A2A0E76D3A2FAA044B197E345458C . 2184064 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 84E6643DB22C06128576AFBF89DFEE70 . 2183040 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2004-08-19 . 4591CF1F202181113DE2996E79A2905A . 2184704 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\w32time.dll
[-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-19 . 8B97D00E5C6A593EBB605CE4B8A5CAA5 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll

[-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\wiaservc.dll
[-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D954F36C577677B9A8041CF0D937D155 . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . 385CF0E9C4679D23E1E8715AF2116D03 . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-19 . 2BB718BB4252909C389B3966492B0F30 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\siteadvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
. Ora fine scansione: 2011-02-02 16:53:55 ComboFix-quarantined-files.txt 2011-02-02 15:53
Pre-Run: 52.168.916.992 byte disponibili Post-Run: 52.793.470.976 byte disponibili
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 610D7DB707F79113E22BC5A7C696F315
Avatar utente
pinkfloyd8
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio gen 27, 2011 5:30 pm

Re: virus conficker?

Messaggioda farbix89 » mer feb 02, 2011 8:57 pm

Ripeti tutte le scansioni in provvisoria.

Segui queste istruzioni,ripeti anche la scansione di Combofix,sempre in provvisoria.
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm


Re: virus conficker?

Messaggioda pinkfloyd8 » mer feb 02, 2011 9:02 pm

Purtroppo quando parte in provvisoria dopo aver caricato le istruzioni di avvio si blocca con la classica schermata nera ed il cursore lampeggiante in alto
Avatar utente
pinkfloyd8
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio gen 27, 2011 5:30 pm

Re: virus conficker?

Messaggioda farbix89 » mer feb 02, 2011 9:39 pm

Bel problema.

Vai con i CD di scansione:

Avira,Kaspersky e GDATA
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm

Re: virus conficker?

Messaggioda pinkfloyd8 » gio feb 03, 2011 2:48 pm

Purtroppo, non potendo andare in provvisoria, le scansioni con gli antivirus ora mi risultano pulite. Qualcuno sa dirmi se nel log di combofix che ho allegato in precedenza c'è qualche errore e cosa si può fare per eliminarlo? Grazie [V]
Avatar utente
pinkfloyd8
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio gen 27, 2011 5:30 pm

Re: virus conficker?

Messaggioda hashcat » gio feb 03, 2011 4:38 pm

pinkfloyd8 ha scritto:ciao a tutti,nel mio pc si è bloccato Avast, non si avviano alcuni programmi, non si avvia in provvisoria, non riuscivo a fare scansioni. Con GMER ho visto che SVCHOST.EXE era infetto da rootkit. Pur seguendo le indicazioni trovate in rete non sono riuscito a fare una vera pulizia perché AVENGER non parte e in manuale non sono riuscito a pulire bene le sottocartelle in HKEY_LM\SYSTEM\CURRENTCONTROLSET\SERVICES\cdqfctpef ed altri 7 simili. Continuo a non riuscire a disinstallare AVAST ma COMBOFIX ed il removal tool di Kaspersky finalmente funzionano (trovato un trojan DOWNLOADER.SCRIPT.GENERIC). Allego la prima parte del file di combofix. Ringrazio in anticipo per l'aiuto. [grazie]


Prima di tutto sembra che tu possieda Windows xp nella versione service pack 2 quindi ti consiglio di aggiornarlo al sp3.

Controlla su virustotal.com i seguenti file:

Codice: Seleziona tutto
c:\windows\system32\DRIVERS\78882901.sys
c:\windows\system32\drivers\TDKeybd.sys
c:\windows\system32\drivers\Rockey4USB.sys
c:\windows\system32\drivers\vnccom.SYS
c:\windows\system32\drivers\16236071.sys
c:\windows\system32\drivers\16236072.sys
c:\windows\system32\drivers\1623607.sys
c:\windows\system32\svchost.exe
c:\windows\system32\dllcache\svchost.exe


A chi servisse il log completo di Combofix eccolo qua:
http://paste2.org/p/1226036

Se sei veramente infetto da conficker scarica questi removal tool:

http://www.bdtools.net/download/bd_rem_tool.zip
http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/stinger.aspx
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/D.exe
ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

Così dovresti rimuovere ogni traccia di Conficker, poi installa un valido firewall come Comodo o Outpost nella versione gratuita.

Se i file analizzati su Virustotal sono infetti segnalami quali sono e ti spiegherò come eliminarli anche se non credo che la tua infezione sia opera del conficker.

Se non sbaglio possiedi malwarebytes installato, se è l'ultima versione aggiorna il database e fai una scansione completa, rimuovi tutte le infezioni e posta il log.

Poi:

  • Scarica hijackthis, fai un'analisi e salva il log, poi postalo qui
  • Scarica ed esegui SUPERAntispyware portable, aggiorna il database ed esegui una scansione completa del computer, elimina tutto quello che trova e posta il log.
  • Scarica Vipre Rescue estrailo, dovrebbe avviarsi da solo, non ha bisogno di aggiornamenti e provvederà a mettere tutto in quarantena automaticamente.
  • A questo punto scarica, installa Hitman pro e segui questo video:

    Immagine

    al termine della scansione attiva la licenza di prova gratuita per 30 giorni e rimuovi le minacce.
  • Per riattivare la modalità provvisoria sotto windows xp:
    Script xp sp2
    Script xp sp3
  • Riavvia il computer e vedi come va

Buon lavoro [weponed]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus conficker?

Messaggioda hashcat » gio feb 03, 2011 5:10 pm

Una volta terminato il procedimento sopra indicato prova a reinstallare Avast [8D]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus conficker?

Messaggioda pinkfloyd8 » gio feb 03, 2011 5:14 pm

Ti ringrazio per la risposta celere, adesso provo a fare tutto quello che mi hai detto, ci vorrà un po' di tempo anche perché non sono un esperto. XP è già nella versione SP3 perché ho sempre fatto gli aggiornamenti consigliati. A presto !! [:)]
Avatar utente
pinkfloyd8
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio gen 27, 2011 5:30 pm

Re: virus conficker?

Messaggioda hashcat » gio feb 03, 2011 5:26 pm

pinkfloyd8 ha scritto:Ti ringrazio per la risposta celere, adesso provo a fare tutto quello che mi hai detto, ci vorrà un po' di tempo anche perché non sono un esperto. XP è già nella versione SP3 perché ho sempre fatto gli aggiornamenti consigliati. A presto !! [:)]


Strano dal log di combofix mi sembrava di aver letto che si trattasse del service pack 2

Se c'è qualche passaggio che non capisci chiedi pure [brindisi]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus conficker?

Messaggioda hashcat » ven feb 04, 2011 2:30 pm

hashcat ha scritto:Strano dal log di combofix mi sembrava di aver letto che si trattasse del service pack 2


[acc2] Ho ricontrollato ed effettivamente avevo letto male
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus conficker?

Messaggioda pinkfloyd8 » ven feb 04, 2011 8:32 pm

ciao, purtroppo è finita male perché ora non va più. Hijack e i vari tool non hanno evidenziato niente ed anche GMER non trova più i rootkit rilevati in precedenza mentre invece esistono ancora dei valori nelle cartelle infette nel registro che non si possono eliminare. Speravo che i disinstallatori, che finalmente hanno funzionato nella cartella di AVAST bloccata, mi permettessero di risolvere il problema invece al riavvio richiesto WIN XP parte, ma quando deve passare alla schermata degli account iniziali si blocca su una schermata nera e si riavvia. In provvisoria carica i files di avvio ma poi si blocca sulla schermata nera col cursore lampeggiante. Forzando mi dà schermata blu con errore 0xC000021a. Penso di utilizzare un pc muletto per salvare i documenti e poi di formattare il tutto. Un ringraziamento particolare a hashcat per i consigli. [cry]
Avatar utente
pinkfloyd8
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio gen 27, 2011 5:30 pm

Re: virus conficker?

Messaggioda hashcat » ven feb 04, 2011 9:12 pm

pinkfloyd8 ha scritto:ciao, purtroppo è finita male perché ora non va più. Hijack e i vari tool non hanno evidenziato niente ed anche GMER non trova più i rootkit rilevati in precedenza mentre invece esistono ancora dei valori nelle cartelle infette nel registro che non si possono eliminare. Speravo che i disinstallatori, che finalmente hanno funzionato nella cartella di AVAST bloccata, mi permettessero di risolvere il problema invece al riavvio richiesto WIN XP parte, ma quando deve passare alla schermata degli account iniziali si blocca su una schermata nera e si riavvia. In provvisoria carica i files di avvio ma poi si blocca sulla schermata nera col cursore lampeggiante. Forzando mi dà schermata blu con errore 0xC000021a. Penso di utilizzare un pc muletto per salvare i documenti e poi di formattare il tutto. Un ringraziamento particolare a hashcat per i consigli. [cry]


Se ti va prima di formattare potresti indicarmi l'esito della scansione di questi file da virustotal.com:

Codice: Seleziona tutto
c:\windows\system32\DRIVERS\78882901.sys
c:\windows\system32\drivers\TDKeybd.sys
c:\windows\system32\drivers\Rockey4USB.sys
c:\windows\system32\drivers\vnccom.SYS
c:\windows\system32\drivers\16236071.sys
c:\windows\system32\drivers\16236072.sys
c:\windows\system32\drivers\1623607.sys


Per quanto riguarda la cancellazione delle chiavi e dei valori di registro infetti se me li indichi ti spiego come fare per provare ad eliminarli.

Oppure prova per conto tuo con RegASSASSIN che è progettato appositamente per cancellare le chiavi di registro bloccate.

Oppure con Emsisoft BlitzBlank, se preferisci mi comunichi i file, chiavi e valori di registro che vuoi eliminare e ti preparo lo script per BlitzBlank che probabilmente non verrà bloccato perché è pressochè sconosciuto e molto recente.

La decisione è tua, comunque vada buona fortuna! [;)]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus conficker?

Messaggioda pinkfloyd8 » mer feb 09, 2011 8:02 pm

[:)] EVVIVA!!! Sono riuscito a far ripartire il pc. Era proprio il WIN32/CONFICKER(alias WIN32.WORM.DOWNADUP.GEN)che bloccando AVAST mi ha fatto entrare in seguito anche il Win32/Malware.gen. Prima che si bloccasse del tutto avevo seguito le istruzioni Microsoft KB962007 che evidentemente hanno funzionato. Ho messo l'HD su un muletto e fatto girare con KUBUNTU riuscendo ad eliminare la cartella di AVAST corrotto e scansionare con VIRUSTOTAL. Rimontato l'hd sul mio pc mi dava quell'errore in partenza ma seguendo i consigli di HASHCAT e quelli presi da http://www.icompute.info/System_restore_from_xp_cd.htmsono riuscito a farlo ripartire in provvisoria: gli ho fatto girare E-SCAN Internet Security Suite che mi ha tolto un MALWARE.WIN32-GEN e un BACKDOOR IRC. Sono ritornato nel registro a togliere le cartelle di MALWAREBYTES bloccate e miracolosamente tutto ha ripreso a sembrare normale. Ho solo dovuto ripristinare alcuni driver. Allego ugualmente il file di scansione con VIRUSTOTAL come richiesto. Un ringraziamento doveroso a tutti quelli che mi hanno aiutato. [grazie] [brindisi] [ciao]

SYSTEM32\drivers\TDKeybd.sys
File already submitted: The file sent has already been analysed by VirusTotal in the past.
This is same basic info regarding the sample itself and its last analysis:
MD5: cae8b29253cb08e28d2ee2e7f9c7bb10
Date first seen: 2009-04-23 09:20:12 (UTC)
Date last seen: 2009-04-23 09:20:12 (UTC)
Detection ratio: 0/40

SYSTEM32\drivers\Rockey4USB.sys
MD5: e7b17e52e9dd2f37874c60c43b5d0047
Date first seen: 2009-04-09 13:11:06 (UTC)
Date last seen: 2010-11-02 12:32:25 (UTC)
Detection ratio: 0/43

SYSTEM32\drivers\vnccom.sys
MD5: b67632451f760797bb183e1fb99f4b39
Date first seen: 2009-02-05 17:47:40 (UTC)
Date last seen: 2011-01-21 15:01:35 (UTC)
Detection ratio: 1/43
eSafe 7.0.17.0 2011.01.20 Win32.Banker

SYSTEM32\drivers\16236071.sys
MD5: 7dd41b7ac1fbb1dbf20bb1f4e4fbe58c
Date first seen: 2009-10-02 18:22:12 (UTC)
Date last seen: 2011-02-04 15:30:44 (UTC)
Detection ratio: 0/43



SYSTEM32\drivers\16236072.sys
MD5: a305fad3719c5db0c13d1c2bfd08a04d
Date first seen: 2009-11-25 16:43:41 (UTC)
Date last seen: 2011-02-04 15:30:35 (UTC)
Detection ratio: 0/43

SYSTEM32\drivers\1623607.sys
MD5: 66ef49622baa18e4d4f1fe4bae1d51b8
Date first seen: 2009-10-16 16:44:03 (UTC)
Date last seen: 2011-02-07 03:38:09 (UTC)
Detection ratio: 0/43

SYSTEM32\svchost.exe
MD5: bb8363abec09aa2f9b363484e282117c
Date first seen: 2008-06-03 19:37:06 (UTC)
Date last seen: 2011-02-07 09:50:38 (UTC)
Detection ratio: 0/41
File name:
svchost.exe
Submission date:
2011-02-07 14:19:25 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)



SYSTEM32\dllcache\svchost.exe
MD5: bb8363abec09aa2f9b363484e282117c
Date first seen: 2008-06-03 19:37:06 (UTC)
Date last seen: 2011-02-07 14:19:25 (UTC)
Detection ratio: 0/43
File name:
svchost.exe
Submission date:
2011-02-07 14:25:23 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)
Avatar utente
pinkfloyd8
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio gen 27, 2011 5:30 pm

Re: virus conficker?

Messaggioda hashcat » mer feb 09, 2011 10:05 pm

pinkfloyd8 ha scritto:[:)] EVVIVA!!! Sono riuscito a far ripartire il pc. Era proprio il WIN32/CONFICKER(alias WIN32.WORM.DOWNADUP.GEN)che bloccando AVAST mi ha fatto entrare in seguito anche il Win32/Malware.gen. Prima che si bloccasse del tutto avevo seguito le istruzioni Microsoft KB962007 che evidentemente hanno funzionato. Ho messo l'HD su un muletto e fatto girare con KUBUNTU riuscendo ad eliminare la cartella di AVAST corrotto e scansionare con VIRUSTOTAL. Rimontato l'hd sul mio pc mi dava quell'errore in partenza ma seguendo i consigli di HASHCAT e quelli presi da http://www.icompute.info/System_restore_from_xp_cd.htmsono riuscito a farlo ripartire in provvisoria: gli ho fatto girare E-SCAN Internet Security Suite che mi ha tolto un MALWARE.WIN32-GEN e un BACKDOOR IRC. Sono ritornato nel registro a togliere le cartelle di MALWAREBYTES bloccate e miracolosamente tutto ha ripreso a sembrare normale. Ho solo dovuto ripristinare alcuni driver. Allego ugualmente il file di scansione con VIRUSTOTAL come richiesto. Un ringraziamento doveroso a tutti quelli che mi hanno aiutato. [grazie] [brindisi] [ciao]

SYSTEM32\drivers\TDKeybd.sys
File already submitted: The file sent has already been analysed by VirusTotal in the past.
This is same basic info regarding the sample itself and its last analysis:
MD5: cae8b29253cb08e28d2ee2e7f9c7bb10
Date first seen: 2009-04-23 09:20:12 (UTC)
Date last seen: 2009-04-23 09:20:12 (UTC)
Detection ratio: 0/40

SYSTEM32\drivers\Rockey4USB.sys
MD5: e7b17e52e9dd2f37874c60c43b5d0047
Date first seen: 2009-04-09 13:11:06 (UTC)
Date last seen: 2010-11-02 12:32:25 (UTC)
Detection ratio: 0/43

SYSTEM32\drivers\vnccom.sys
MD5: b67632451f760797bb183e1fb99f4b39
Date first seen: 2009-02-05 17:47:40 (UTC)
Date last seen: 2011-01-21 15:01:35 (UTC)
Detection ratio: 1/43
eSafe 7.0.17.0 2011.01.20 Win32.Banker

SYSTEM32\drivers\16236071.sys
MD5: 7dd41b7ac1fbb1dbf20bb1f4e4fbe58c
Date first seen: 2009-10-02 18:22:12 (UTC)
Date last seen: 2011-02-04 15:30:44 (UTC)
Detection ratio: 0/43



SYSTEM32\drivers\16236072.sys
MD5: a305fad3719c5db0c13d1c2bfd08a04d
Date first seen: 2009-11-25 16:43:41 (UTC)
Date last seen: 2011-02-04 15:30:35 (UTC)
Detection ratio: 0/43

SYSTEM32\drivers\1623607.sys
MD5: 66ef49622baa18e4d4f1fe4bae1d51b8
Date first seen: 2009-10-16 16:44:03 (UTC)
Date last seen: 2011-02-07 03:38:09 (UTC)
Detection ratio: 0/43

SYSTEM32\svchost.exe
MD5: bb8363abec09aa2f9b363484e282117c
Date first seen: 2008-06-03 19:37:06 (UTC)
Date last seen: 2011-02-07 09:50:38 (UTC)
Detection ratio: 0/41
File name:
svchost.exe
Submission date:
2011-02-07 14:19:25 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)



SYSTEM32\dllcache\svchost.exe
MD5: bb8363abec09aa2f9b363484e282117c
Date first seen: 2008-06-03 19:37:06 (UTC)
Date last seen: 2011-02-07 14:19:25 (UTC)
Detection ratio: 0/43
File name:
svchost.exe
Submission date:
2011-02-07 14:25:23 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)


Bene, sono felice che tutto si è risolto e che il mio aiuto seppur limitato ti abbia aiutato [^]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising