Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

AIUTO - INFEZIONE!! Parte 1

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

AIUTO - INFEZIONE!! Parte 1

Messaggioda Fez » mer ott 14, 2009 1:15 am

Salve a tutti.
Ho avuto un po' di problemi con il pc, ho dovuto formattare e poi i problemi sono continuati. Sono riuscito faticosamente ad installare avira ed ha rilevato una serie di infezioni e messo in quarantena i vari worm / dialer ecc.: ma di questo preferivo parlarne dopo. Ho fatto anche un boot con il rescue cd di avira e me ne ha segnalate di nuove, che però nè Malwarebytes, nè Spyhunter vedono. Come faccio per la rimozione?
Ecco le infezioni rilevate dal rescue cd:

ADSPY/Toolbar.P.c.3 : windows/system32/pbitv2.dll
TR/Hijacker.Gen : System Volume Information/_restore{98DF0744-E9D0-4D5D-BAFF-085C137ADB1B}/RP26/A0003857.dll
HIDDENEXT/Crypted: System Volume Information/_restore{98DF0744-E9D0-4D5D-BAFF-085C137ADB1B}/RP26/A0003866.pif
APPL/Processor: System Volume Information/_restore{98DF0744-E9D0-4D5D-BAFF-085C137ADB1B}/RP28/A0004206.exe
TR/Hijacker.Gen: System Volume Information/_restore{98DF0744-E9D0-4D5D-BAFF-085C137ADB1B}/RP28/A0004212.exe
HIDDENEXT/Crypted: System Volume Information/_restore{98DF0744-E9D0-4D5D-BAFF-085C137ADB1B}/RP28/A0004212.exe

Grazie!!
Fez
Quando non sai cosa stai facendo, fallo con la massima attenzione.
Avatar utente
Fez
Aficionado
Aficionado
 
Messaggi: 43
Iscritto il: lun ago 27, 2007 8:29 pm
Località: Dintorni di Firenze

Re: AIUTO - INFEZIONE!! Parte 1

Messaggioda ste_95 » mer ott 14, 2009 6:26 am

Disabilita il ripristino configurazione di sistema.

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: AIUTO - INFEZIONE!! Parte 1

Messaggioda Fez » mer ott 14, 2009 5:24 pm

Eccolo

ComboFix 09-10-13.04 - paolo dondoli 14/10/2009 18.15.13.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1023.614 [GMT 2:00]
Eseguito da: c:\documents and settings\paolo dondoli\Desktop\Elisabetta.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-0C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C8021E7-FFFF-FFFF-0600-CC00ACEF1200}
.

((((((((((((((((((((((((( Files Creati Da 2009-09-14 al 2009-10-14 )))))))))))))))))))))))))))))))))))
.

2009-10-14 16:12 . 2009-10-14 16:14 -------- d-----w- C:\Elisabetta
2009-10-13 23:55 . 2009-10-13 23:55 -------- d-----w- c:\programmi\Enigma Software Group
2009-10-13 23:35 . 2009-10-13 23:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-10-13 22:49 . 2009-10-13 22:49 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Malwarebytes
2009-10-13 22:49 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 22:49 . 2009-10-13 22:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-10-13 22:49 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 22:49 . 2009-10-13 22:49 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-13 05:05 . 2009-10-13 05:05 -------- d-----w- c:\windows\ServicePackFiles
2009-10-13 05:04 . 2009-10-13 05:04 -------- d-----w- c:\programmi\MSXML 4.0
2009-10-12 22:53 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-12 22:53 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-12 22:43 . 2009-06-21 22:05 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-12 22:25 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-12 22:25 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-12 22:25 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-12 22:25 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-12 22:25 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-12 22:24 . 2008-04-11 18:50 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-12 22:24 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-12 22:23 . 2008-10-03 10:15 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-10-12 22:23 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-12 22:23 . 2008-09-04 16:44 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-12 22:19 . 2008-04-21 21:26 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-12 19:13 . 2009-07-28 14:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-12 19:13 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-12 19:13 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-12 19:13 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-12 19:13 . 2009-10-12 19:13 -------- d-----w- c:\programmi\Avira
2009-10-12 19:13 . 2009-10-12 19:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-10-11 20:30 . 2008-10-16 12:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-11 20:08 . 2009-10-11 20:08 -------- d-----w- c:\programmi\VS Revo Group
2009-10-11 19:39 . 2009-10-11 19:39 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Norman
2009-10-09 10:10 . 2009-10-09 10:10 -------- d-----w- c:\programmi\CCleaner
2009-10-09 09:58 . 2009-10-09 09:58 -------- d-----w- c:\windows\Sun
2009-10-08 20:25 . 2009-10-08 20:25 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\OpenOffice.org
2009-10-08 20:06 . 2009-10-08 20:06 -------- d-----w- c:\programmi\JRE
2009-10-08 20:06 . 2009-10-08 20:06 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-10-08 19:28 . 2009-10-08 19:28 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-10-07 22:27 . 2009-10-08 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 21:00 . 2009-10-05 21:00 -------- d-----w- c:\programmi\Audacity
2009-10-05 20:59 . 2009-10-05 20:59 -------- d-----w- c:\programmi\winLAME
2009-10-05 20:59 . 2009-10-05 20:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\winLAME
2009-10-05 20:56 . 2009-10-11 20:02 -------- d-----w- c:\programmi\Alice ti aiuta
2009-10-05 20:55 . 2009-10-05 20:55 -------- d-----w- c:\programmi\Telecom Italia
2009-10-05 19:53 . 2009-10-05 19:53 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Talkback
2009-10-05 19:50 . 2009-10-05 19:50 -------- d-----w- c:\programmi\notepad2
2009-10-05 19:50 . 2007-03-12 21:34 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-10-05 19:50 . 2007-03-12 21:34 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-10-05 19:50 . 2007-03-12 21:34 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-10-05 19:50 . 2009-10-05 19:50 -------- d-----w- c:\programmi\TUGZip
2009-10-05 19:45 . 2009-10-05 19:45 -------- d-----w- c:\programmi\FreeCommander
2009-10-04 07:04 . 2009-10-04 07:04 -------- d-----w- c:\programmi\hp deskjet 3320 series
2009-10-04 07:03 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-04 07:03 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-04 07:02 . 2009-10-04 07:05 -------- d-----w- c:\programmi\Hewlett-Packard
2009-10-04 07:02 . 2009-10-05 06:14 -------- d-----w- c:\documents and settings\BB443B11-7D12-450c-9F85-2D32804655F9\temp
2009-10-04 07:02 . 2009-10-04 07:02 -------- d-----w- c:\documents and settings\BB443B11-7D12-450c-9F85-2D32804655F9
2009-10-03 16:53 . 2009-10-03 16:53 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Ulead Systems
2009-10-02 07:28 . 2009-10-02 07:28 -------- d-----w- c:\programmi\Lame for Audacity
2009-09-29 15:14 . 2009-09-29 15:14 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Motive
2009-09-28 00:56 . 2009-09-28 00:56 -------- d-----w- c:\programmi\File comuni\Adobe
2009-09-28 00:51 . 2009-09-28 00:51 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\AdobeUM
2009-09-26 14:38 . 2009-09-29 10:19 -------- d-----w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\Adobe
2009-09-25 19:47 . 2009-09-25 20:09 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\AIMP
2009-09-25 19:47 . 2009-09-25 19:47 -------- d-----w- c:\programmi\AIMP2
2009-09-23 21:05 . 2009-09-23 21:05 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Thunderbird
2009-09-23 21:05 . 2009-09-23 21:05 -------- d-----w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\Thunderbird
2009-09-23 21:04 . 2009-10-14 15:41 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-09-23 20:50 . 2009-09-23 20:50 0 ----a-w- c:\windows\nsreg.dat
2009-09-23 20:50 . 2009-09-23 20:50 -------- d-----w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\Mozilla
2009-09-23 19:35 . 2009-09-23 19:35 -------- d-s---w- c:\documents and settings\paolo dondoli\UserData
2009-09-23 19:31 . 2009-09-23 19:31 -------- d-----w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\Help
2009-09-23 19:23 . 2009-10-05 20:56 -------- d-----w- c:\windows\Motive
2009-09-22 23:05 . 2004-08-03 21:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 16:12 . 2004-09-03 09:37 74630 ----a-w- c:\windows\system32\perfc010.dat
2009-10-14 16:12 . 2004-09-03 09:37 448112 ----a-w- c:\windows\system32\perfh010.dat
2009-10-11 20:25 . 2009-09-21 19:02 57536 ----a-w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-11 20:02 . 2009-09-22 03:35 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-10-11 19:30 . 2004-09-03 09:36 14336 ------w- c:\windows\system32\svchost.exe
2009-10-08 20:06 . 2009-09-22 03:35 -------- d-----w- c:\programmi\Java
2009-10-05 20:56 . 2009-09-23 19:22 -------- d-----w- c:\programmi\Motive
2009-10-05 20:56 . 2009-09-22 03:35 -------- d-----w- c:\programmi\InstallShield Installation Information
2009-09-23 19:22 . 2009-09-23 19:22 -------- d-----w- c:\programmi\Common Files
2009-09-22 03:38 . 2009-09-22 03:35 -------- d-----w- c:\programmi\ShowTime
2009-09-22 03:38 . 2009-09-22 03:35 -------- d-----w- c:\programmi\Servizi in linea
2009-09-22 03:37 . 2009-09-22 03:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2009-09-22 03:37 . 2009-09-22 03:35 -------- d-----w- c:\programmi\File comuni\SureThing Shared
2009-09-22 03:37 . 2009-09-22 03:35 -------- d-----w- c:\programmi\File comuni\Sonic Shared
2009-08-05 09:05 . 2004-09-03 09:36 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:51 . 2004-09-03 09:36 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:51 . 2004-09-03 09:36 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 18:56 . 2004-09-03 09:36 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_21.52.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-18 08:36 . 2007-04-18 08:36 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2004-09-03 09:52 . 2008-10-16 12:08 34328 c:\windows\system32\wups.dll
+ 2009-10-12 22:19 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2004-09-03 09:36 . 2009-06-15 11:32 78336 c:\windows\system32\telnet.exe
+ 2006-10-16 12:27 . 2008-07-09 07:42 26488 c:\windows\system32\spupdsvc.exe
+ 2006-10-16 12:29 . 2008-07-09 07:42 18808 c:\windows\system32\spmsg.dll
+ 2004-09-03 09:36 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 55808 c:\windows\system32\secur32.dll
+ 2004-09-03 09:36 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe
- 2004-09-03 09:36 . 2006-01-09 18:01 39424 c:\windows\system32\pngfilt.dll
+ 2004-09-03 09:36 . 2009-06-26 16:17 39424 c:\windows\system32\pngfilt.dll
+ 2004-09-03 09:36 . 2009-10-14 16:12 62678 c:\windows\system32\perfc009.dat
- 2004-09-03 09:36 . 2006-10-16 12:39 62678 c:\windows\system32\perfc009.dat
+ 2004-09-03 09:50 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-09-03 09:36 . 2005-07-26 04:40 66560 c:\windows\system32\mtxclu.dll
+ 2004-09-03 09:36 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-09-03 09:50 . 2004-08-19 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-09-03 09:50 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2004-09-03 09:36 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
- 2004-09-03 09:36 . 2005-06-29 01:49 74240 c:\windows\system32\mscms.dll
+ 2004-09-03 09:37 . 2008-06-10 07:17 96768 c:\windows\system32\logagent.exe
- 2004-09-03 09:37 . 2004-08-10 19:46 96768 c:\windows\system32\logagent.exe
+ 2004-09-03 09:36 . 2009-06-26 16:16 16384 c:\windows\system32\jsproxy.dll
+ 2004-09-03 09:36 . 2009-06-26 16:16 96768 c:\windows\system32\inseng.dll
- 2004-09-03 09:36 . 2006-01-09 18:01 96768 c:\windows\system32\inseng.dll
+ 2004-09-03 09:36 . 2009-06-26 16:16 81920 c:\windows\system32\ieencode.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 81920 c:\windows\system32\ieencode.dll
+ 2004-09-03 09:36 . 2009-06-26 16:16 55808 c:\windows\system32\extmgr.dll
- 2004-09-03 09:36 . 2006-01-09 18:01 55808 c:\windows\system32\extmgr.dll
+ 2004-09-03 09:52 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2009-06-15 11:32 . 2009-06-15 11:32 78336 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 20:08 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2009-10-12 22:47 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-06-26 16:17 . 2009-06-26 16:17 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:23 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-09-03 09:37 . 2008-06-10 07:17 96768 c:\windows\system32\dllcache\logagent.exe
- 2004-09-03 09:37 . 2004-08-10 19:46 96768 c:\windows\system32\dllcache\logagent.exe
+ 2009-06-26 16:16 . 2009-06-26 16:16 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-26 16:16 . 2009-06-26 16:16 96768 c:\windows\system32\dllcache\inseng.dll
+ 2009-06-26 16:16 . 2009-06-26 16:16 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-22 11:38 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe
+ 2009-07-29 04:51 . 2009-07-29 04:51 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-26 16:16 . 2009-06-26 16:16 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-10-12 22:47 . 2005-07-26 04:27 60416 c:\windows\system32\dllcache\colbact.dll
+ 2009-06-10 14:23 . 2009-06-10 14:23 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:56 . 2009-07-17 18:56 58880 c:\windows\system32\dllcache\atl.dll
- 2004-09-03 09:50 . 2005-07-26 04:40 60416 c:\windows\system32\colbact.dll
+ 2004-09-03 09:50 . 2005-07-26 04:27 60416 c:\windows\system32\colbact.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 85504 c:\windows\system32\avifil32.dll
+ 2004-09-03 09:36 . 2009-06-10 14:23 85504 c:\windows\system32\avifil32.dll
+ 2004-07-14 22:34 . 2004-07-14 22:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_PerfCounter.dll
+ 2003-02-20 17:09 . 2003-02-20 17:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_mscorsn.dll
+ 2004-07-14 22:32 . 2004-07-14 22:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_CORPerfMonExt.dll
+ 2007-01-15 14:11 . 2007-01-15 14:11 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 17:09 . 2003-02-20 17:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 18:58 . 2007-04-13 18:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 18:57 . 2007-04-13 18:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-20 17:09 . 2003-02-20 17:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 18:57 . 2007-04-13 18:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-14 22:32 . 2004-07-14 22:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-14 23:49 . 2004-07-14 23:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 19:30 . 2007-04-13 19:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-10-13 05:04 . 2009-10-13 05:04 32768 c:\windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2009-10-13 05:08 . 2009-10-13 05:08 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e8b192df\System.Drawing.Design.dll
+ 2009-10-13 05:08 . 2009-10-13 05:08 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_434bf072\CustomMarshalers.dll
+ 2006-12-22 11:02 . 2006-12-22 11:02 6144 c:\windows\system32\mui\0409\mscorees.dll
- 2005-09-23 05:29 . 2005-09-23 05:29 6144 c:\windows\system32\mui\0409\mscorees.dll
+ 2005-05-16 15:42 . 2009-06-23 00:23 368640 c:\windows\system32\xpsp3res.dll
+ 2006-12-21 13:18 . 2006-12-21 13:18 497496 c:\windows\system32\XceedZip.dll
+ 2006-09-11 09:53 . 2006-09-11 09:53 276352 c:\windows\system32\XceedSco.dll
+ 2006-09-11 09:56 . 2006-09-11 09:56 526184 c:\windows\system32\XceedCry.dll
+ 2004-09-03 09:52 . 2008-10-16 12:12 561688 c:\windows\system32\wuapi.dll
+ 2004-09-03 09:37 . 2009-07-13 08:08 286720 c:\windows\system32\wmpdxm.dll
+ 2004-09-03 09:37 . 2007-10-20 04:01 227328 c:\windows\system32\wmasf.dll
+ 2004-09-03 09:36 . 2009-06-10 06:30 132096 c:\windows\system32\wkssvc.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 132096 c:\windows\system32\wkssvc.dll
+ 2004-09-03 09:36 . 2009-06-26 16:17 662016 c:\windows\system32\wininet.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 351232 c:\windows\system32\winhttp.dll
+ 2004-09-03 09:36 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2004-09-03 09:50 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-09-03 09:50 . 2009-02-10 16:32 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-09-03 09:50 . 2009-02-09 10:02 473088 c:\windows\system32\wbem\fastprox.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 417792 c:\windows\system32\vbscript.dll
+ 2004-09-03 09:36 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
+ 2004-09-03 09:36 . 2009-06-26 16:17 617472 c:\windows\system32\urlmon.dll
+ 2004-12-07 08:11 . 2004-12-07 08:11 258352 c:\windows\system32\unicows.dll
+ 2004-09-03 09:37 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
- 2004-09-03 09:36 . 2006-01-09 18:01 474624 c:\windows\system32\shlwapi.dll
+ 2004-09-03 09:36 . 2009-06-26 16:17 474624 c:\windows\system32\shlwapi.dll
+ 2004-09-03 09:36 . 2009-02-09 09:50 111104 c:\windows\system32\services.exe
+ 2004-09-03 09:36 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 144896 c:\windows\system32\schannel.dll
+ 2004-09-03 09:36 . 2009-02-09 10:02 401408 c:\windows\system32\rpcss.dll
+ 2004-09-03 09:36 . 2009-04-15 15:16 584192 c:\windows\system32\rpcrt4.dll
+ 2004-09-03 09:36 . 2009-10-14 16:12 401398 c:\windows\system32\perfh009.dat
- 2004-09-03 09:36 . 2006-10-16 12:39 401398 c:\windows\system32\perfh009.dat
+ 2004-09-03 09:36 . 2009-03-06 13:59 286208 c:\windows\system32\pdh.dll
+ 2004-09-03 09:36 . 2009-02-09 10:02 736768 c:\windows\system32\ntdll.dll
+ 2004-09-03 09:36 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 247296 c:\windows\system32\mswsock.dll
+ 2004-09-03 09:36 . 2008-06-20 17:39 247296 c:\windows\system32\mswsock.dll
+ 2004-09-03 09:50 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2004-09-03 09:36 . 2009-06-26 16:17 532480 c:\windows\system32\mstime.dll
+ 2004-09-03 09:36 . 2009-06-26 16:17 146432 c:\windows\system32\msrating.dll
- 2004-09-03 09:36 . 2006-01-09 18:01 146432 c:\windows\system32\msrating.dll
+ 2004-09-03 09:36 . 2009-06-26 16:17 449024 c:\windows\system32\mshtmled.dll
+ 2004-09-03 09:50 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-09-03 09:50 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-09-03 09:50 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2006-12-22 10:28 . 2006-12-22 10:28 271360 c:\windows\system32\mscoree.dll
+ 2004-09-03 09:36 . 2009-02-09 10:02 734208 c:\windows\system32\lsasrv.dll
+ 2004-09-03 09:36 . 2009-05-07 15:41 346112 c:\windows\system32\localspl.dll
+ 2004-09-03 09:36 . 2009-08-21 06:50 450560 c:\windows\system32\jscript.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 450560 c:\windows\system32\jscript.dll
+ 2004-09-03 09:52 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2004-09-03 09:36 . 2009-06-26 16:16 251392 c:\windows\system32\iepeers.dll
- 2004-09-03 09:36 . 2006-01-09 18:01 251392 c:\windows\system32\iepeers.dll
+ 2004-09-03 09:36 . 2008-10-23 12:59 283648 c:\windows\system32\gdi32.dll
+ 2004-09-03 09:45 . 2009-10-13 05:12 216856 c:\windows\system32\FNTCACHE.DAT
- 2004-09-03 09:45 . 2009-10-11 07:26 216856 c:\windows\system32\FNTCACHE.DAT
+ 2004-09-03 09:36 . 2008-07-07 20:31 253952 c:\windows\system32\es.dll
- 2004-09-03 09:36 . 2006-01-09 18:01 205312 c:\windows\system32\dxtrans.dll
+ 2004-09-03 09:36 . 2009-06-26 16:16 205312 c:\windows\system32\dxtrans.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 357888 c:\windows\system32\dxtmsft.dll
+ 2004-09-03 09:36 . 2009-06-26 16:16 357888 c:\windows\system32\dxtmsft.dll
+ 2004-09-03 09:36 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2004-09-03 09:36 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-09-03 09:36 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2004-09-03 09:36 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-09-03 09:36 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-09-03 09:36 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-09-03 09:36 . 2008-06-20 17:39 148992 c:\windows\system32\dnsapi.dll
+ 2004-09-03 09:52 . 2008-10-16 12:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2004-09-03 09:37 . 2009-07-13 08:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-10-12 22:47 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-02-10 16:32 . 2009-02-10 16:32 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-09-03 09:37 . 2007-10-20 04:01 227328 c:\windows\system32\dllcache\wmasf.dll
+ 2009-06-10 06:30 . 2009-06-10 06:30 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-06-26 16:17 . 2009-06-26 16:17 662016 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2007-12-18 14:40 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2009-06-26 16:17 . 2009-06-26 16:17 617472 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-20 09:52 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 10:45 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2009-07-29 04:51 . 2009-07-29 04:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-26 16:17 . 2009-06-26 16:17 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-10-12 22:47 . 2009-02-09 09:50 111104 c:\windows\system32\dllcache\services.exe
+ 2008-12-05 07:12 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-10-12 22:47 . 2009-02-09 10:02 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-15 15:16 . 2009-04-15 15:16 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-10-12 22:47 . 2009-03-06 13:59 286208 c:\windows\system32\dllcache\pdh.dll
+ 2009-10-12 22:47 . 2009-02-09 10:02 736768 c:\windows\system32\dllcache\ntdll.dll
+ 2008-06-20 17:39 . 2008-06-20 17:39 247296 c:\windows\system32\dllcache\mswsock.dll
+ 2009-08-05 09:05 . 2009-08-05 09:05 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-26 16:17 . 2009-06-26 16:17 532480 c:\windows\system32\dllcache\mstime.dll
+ 2009-06-26 16:17 . 2009-06-26 16:17 146432 c:\windows\system32\dllcache\msrating.dll
+ 2009-06-26 16:17 . 2009-06-26 16:17 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-10-12 22:47 . 2009-02-09 10:02 734208 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:41 . 2009-05-07 15:41 346112 c:\windows\system32\dllcache\localspl.dll
+ 2007-12-18 14:40 . 2009-08-21 06:50 450560 c:\windows\system32\dllcache\jscript.dll
+ 2009-06-26 16:16 . 2009-06-26 16:16 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-23 12:59 . 2008-10-23 12:59 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2009-10-12 22:47 . 2009-02-09 10:02 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2008-07-07 20:31 . 2008-07-07 20:31 253952 c:\windows\system32\dllcache\es.dll
+ 2009-06-26 16:16 . 2009-06-26 16:16 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-06-26 16:16 . 2009-06-26 16:16 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-06-20 17:39 . 2008-06-20 17:39 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2009-06-26 16:16 . 2009-06-26 16:16 151552 c:\windows\system32\dllcache\cdfview.dll
+ 2008-06-20 10:44 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2009-10-12 22:47 . 2009-02-09 10:02 684032 c:\windows\system32\dllcache\advapi32.dll
+ 2006-08-16 11:59 . 2006-08-16 11:59 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-09-03 09:36 . 2009-06-26 16:16 151552 c:\windows\system32\cdfview.dll
- 2004-09-03 09:36 . 2006-01-09 18:01 151552 c:\windows\system32\cdfview.dll
+ 2004-09-03 09:36 . 2009-02-09 10:02 684032 c:\windows\system32\advapi32.dll
- 2004-09-03 09:36 . 2004-08-19 12:00 100352 c:\windows\system32\6to4svc.dll
+ 2004-09-03 09:36 . 2006-08-16 11:59 100352 c:\windows\system32\6to4svc.dll
+ 2003-02-21 02:42 . 2003-02-21 02:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_msvcr71.dll
+ 2004-07-14 22:25 . 2004-07-14 22:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_mscorjit.dll
+ 2004-07-14 22:24 . 2004-07-14 22:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_fusion.dll
+ 2004-07-14 23:49 . 2004-07-14 23:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_aspnet_isapi.dll
- 2004-07-14 22:33 . 2004-07-14 22:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 18:58 . 2007-04-13 18:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 18:56 . 2007-04-13 18:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:25 . 2004-07-14 22:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 19:30 . 2007-04-13 19:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49 . 2004-07-14 23:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-10-13 05:04 . 2009-10-13 05:04 431104 c:\windows\Installer\176e7da.msi
+ 2006-10-16 12:30 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-12 22:53 . 2008-06-14 17:59 272768 c:\windows\Driver Cache\i386\bthport.sys
+ 2009-10-13 05:08 . 2009-10-13 05:08 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b1a97e31\System.Drawing.dll
+ 2009-10-12 22:43 . 2008-04-15 17:55 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2007-05-08 13:06 . 2007-05-08 13:06 1275392 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2004-09-03 09:37 . 2009-05-20 10:44 2355200 c:\windows\system32\WMVCore.dll
+ 2004-09-03 09:37 . 2009-07-13 08:08 5537792 c:\windows\system32\wmp.dll
+ 2004-09-03 09:37 . 2008-06-10 09:37 1026048 c:\windows\system32\WMNetmgr.dll
+ 2004-09-03 09:36 . 2009-04-19 20:08 1846656 c:\windows\system32\win32k.sys
+ 2004-09-03 09:36 . 2008-07-03 13:14 8483840 c:\windows\system32\shell32.dll
+ 2004-09-03 09:36 . 2009-07-18 16:18 1506816 c:\windows\system32\shdocvw.dll
+ 2004-09-03 09:36 . 2009-06-03 19:25 1295872 c:\windows\system32\quartz.dll
+ 2004-09-03 09:36 . 2009-02-09 11:41 2146304 c:\windows\system32\ntoskrnl.exe
+ 2004-08-19 13:34 . 2009-02-09 11:41 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2007-05-08 13:03 . 2007-05-08 13:03 1275392 c:\windows\system32\msxml4.dll
+ 2004-09-03 09:36 . 2008-09-04 16:44 1106944 c:\windows\system32\msxml3.dll
+ 2004-09-03 09:36 . 2009-07-18 16:18 3083264 c:\windows\system32\mshtml.dll
+ 2004-09-03 09:36 . 2009-03-21 14:18 1030144 c:\windows\system32\kernel32.dll
+ 2004-09-03 09:37 . 2009-05-20 10:44 2355200 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-09-03 09:37 . 2009-07-13 08:08 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-09-03 09:37 . 2008-06-10 09:37 1026048 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-04-19 20:08 . 2009-04-19 20:08 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2008-07-03 13:14 . 2008-07-03 13:14 8483840 c:\windows\system32\dllcache\shell32.dll
+ 2009-07-18 16:18 . 2009-07-18 16:18 1506816 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-06-03 19:25 . 2009-06-03 19:25 1295872 c:\windows\system32\dllcache\quartz.dll
+ 2009-10-12 22:47 . 2009-02-09 11:41 2189824 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-10-12 22:47 . 2009-02-09 11:41 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-10-12 22:47 . 2009-02-09 11:41 2066688 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-10-12 22:47 . 2009-02-09 11:41 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-07-18 16:18 . 2009-07-18 16:18 3083264 c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-21 14:18 . 2009-03-21 14:18 1030144 c:\windows\system32\dllcache\kernel32.dll
+ 2009-06-26 16:16 . 2009-06-26 16:16 1056256 c:\windows\system32\dllcache\danim.dll
+ 2009-06-26 16:16 . 2009-06-26 16:16 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-09-03 09:36 . 2009-06-26 16:16 1056256 c:\windows\system32\danim.dll
- 2004-09-03 09:36 . 2006-01-09 18:01 1056256 c:\windows\system32\danim.dll
+ 2004-09-03 09:36 . 2009-06-26 16:16 1023488 c:\windows\system32\browseui.dll
+ 2007-05-25 10:08 . 2007-05-25 10:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2007-04-13 19:35 . 2007-04-13 19:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 19:35 . 2007-04-13 19:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-14 22:28 . 2004-07-14 22:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_mscorwks.dll
+ 2004-07-14 22:26 . 2004-07-14 22:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_mscorsvr.dll
+ 2004-07-15 12:29 . 2004-07-15 12:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3824\_mscorlib.dll
+ 2007-04-13 18:57 . 2007-04-13 18:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 18:57 . 2007-04-13 18:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 18:50 . 2007-04-13 18:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-09-03 10:12 . 2006-08-21 14:04 1077321 c:\windows\Help\SBSI\Training\orun32.exe
+ 2006-10-16 12:30 . 2009-02-09 11:41 2189824 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2006-10-16 12:30 . 2009-02-09 11:41 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2006-10-16 12:30 . 2009-02-09 11:41 2066688 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2006-10-16 12:30 . 2009-02-09 11:41 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-13 05:08 . 2009-10-13 05:08 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_8c4dc60e\System.dll
+ 2009-10-13 05:08 . 2009-10-13 05:08 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_216120ee\System.Xml.dll
+ 2009-10-13 05:08 . 2009-10-13 05:08 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f01bcc28\System.Windows.Forms.dll
+ 2009-10-13 05:08 . 2009-10-13 05:08 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c3dd08aa\System.Design.dll
+ 2009-10-13 05:08 . 2009-10-13 05:08 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8439219a\mscorlib.dll
+ 2009-10-13 05:07 . 2009-10-13 05:07 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-13 05:07 . 2009-10-13 05:07 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-13 05:07 . 2009-10-13 05:07 15256576 c:\windows\Installer\176e7f3.msp
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"SMSERIAL"="c:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 573440]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 774233]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"Ulead AutoDetector v2"="c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-08 149280]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpyHunter Security Suite"="c:\programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-09-30 866200]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-12 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3483:TCP"= 3483:TCP:reqsqv

S2 swcwagcm;Windows Boot;c:\windows\system32\svchost.exe -k netsvcs [03/09/2004 11.36.50 14336]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
swcwagcm
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-14 c:\windows\Tasks\Garanzia estesa.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 11:55]

2009-10-13 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2006-10-16 08:14]

2009-10-14 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 13:26]

2009-09-21 c:\windows\Tasks\Promemoria registrazione 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-03 12:00]

2009-09-28 c:\windows\Tasks\Promemoria registrazione 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-03 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page =
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: {8A145BC3-B1D7-4F36-BB21-3596C876CD71} = 212.216.112.112,212.216.172.62,208.67.222.222,208.67.220.220
TCP: {DBC8035D-B19B-42C9-A569-9A516EB5C506} = 151.99.125.1,151.99.0.100
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\paolo dondoli\Dati applicazioni\Mozilla\Firefox\Profiles\7pky5e5c.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 18:17
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00\00
[%\00«Ô’|\00\00\00\00À\01\15\00\00\00\00\00Ø\"5\03\00\00.\03\01\00\00\00pè\13\00À\01"

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\programmi\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(828)
c:\programmi\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\msi.dll
.
Ora fine scansione: 2009-10-14 18.18.31
ComboFix-quarantined-files.txt 2009-10-14 16:18
ComboFix2.txt 2009-10-12 21:53

Pre-Run: 116.464.644.096 byte disponibili
Post-Run: 116.440.842.240 byte disponibili

465 --- E O F --- 2009-10-13 16:47
Quando non sai cosa stai facendo, fallo con la massima attenzione.
Avatar utente
Fez
Aficionado
Aficionado
 
Messaggi: 43
Iscritto il: lun ago 27, 2007 8:29 pm
Località: Dintorni di Firenze


Re: AIUTO - INFEZIONE!! Parte 1

Messaggioda ste_95 » mer ott 14, 2009 5:50 pm

Avira rileva ancora qualcosa?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: AIUTO - INFEZIONE!! Parte 1

Messaggioda Fez » mer ott 14, 2009 6:26 pm

No, non rileva niente, ho appena eseguito una scansione. ALcuni avvisi (8 invece dei soliti 2), nessuna infezione. Sottolineo che le infezioni le ha trovate il rescue cd di avira. Ho fatto una scansione con 3 periferiche connesse, un hard disk esterno, una SD e un registratore digitale (contenente una SD). In questi ultimi due mi ha rilevato, all'inserimento il "famoso" conficker e quindi quarantinato. Come ho scritto nel primo post Avira (installato in modalità provvisoria) mi aveva rilevato varie infezioni (da Conficker a Vundo ad altri) che sono attualmente in quarantena e che volevo sottoporre in altro post.
Quando non sai cosa stai facendo, fallo con la massima attenzione.
Avatar utente
Fez
Aficionado
Aficionado
 
Messaggi: 43
Iscritto il: lun ago 27, 2007 8:29 pm
Località: Dintorni di Firenze

Re: AIUTO - INFEZIONE!! Parte 1

Messaggioda ste_95 » mer ott 14, 2009 6:38 pm

Allora qui siamo a posto. [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: AIUTO - INFEZIONE!! Parte 1

Messaggioda Fez » mer ott 14, 2009 11:53 pm

WOW!! Grazie mille. Adesso posto la seconda parte delle mie infezioni in un topic a parte.
Quando non sai cosa stai facendo, fallo con la massima attenzione.
Avatar utente
Fez
Aficionado
Aficionado
 
Messaggi: 43
Iscritto il: lun ago 27, 2007 8:29 pm
Località: Dintorni di Firenze


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising