|
| Precedente :: Successivo |
| Autore |
Messaggio |
ballack01
Eroe
Registrato: 21/05/08 00:19
Messaggi: 60
Residenza: capriolo(bs)
|
 Inviato: 26 Giu 2008 11:56 Oggetto: AIUTO!!!dumpreep-k |
 |
|
| salve...mi scuso se continuo a farvi domande e disturbare ma sembra che ogni tipo di virus o malware si sia messo in testa di entrare nel mio pc...stavolta succede che verso le 17.30-18.00 il pc si riavvia automaticamente e quando si riaccende il resident di spybot mi trova una modifica al registro chiamata qualcosa come dumpreep-k....cosa posso fare??? |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 26 Giu 2008 12:25 Oggetto: |
|
|
Vediamo qualche log:
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Fai una scansione con Norman Malware Cleaner.
- Riavvia il computer in modalità normale
- Segui le istruzioni di questo topic per eseguire combofix.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio
|
|
| Top |
|
|
ballack01
Eroe
Registrato: 21/05/08 00:19
Messaggi: 60
Residenza: capriolo(bs)
|
| Inviato: 26 Giu 2008 16:36 Oggetto: |
|
|
inizialmente quando cercavo di avviare combofix mi si riavviava il pc da solo; poi ho rinominato combofix e sono riuscito a fare la scansione con questo programma...
posto i link:
Norman Malware Cleaner
NFix_2008-06-26_13-01-53.log
Combofix:
ComboFix 08-06-20.4 - Massimo 2008-06-26 14.22.54.6 - FAT32x86
Eseguito da: C:\Documents and Settings\Massimo\Documenti\CFR.exe
* Creato nuovo punto di ripristino
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-05-26 al 2008-06-26 )))))))))))))))))))))))))))))))))))
.
2008-06-26 14:00 . 2008-06-26 14:00 <DIR> d-------- C:\ComboFix
2008-06-26 10:27 . 2008-06-26 10:27 <DIR> d-------- C:\Programmi\MetMedic
2008-06-26 10:22 . 2008-06-26 10:22 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-06-25 16:39 . 2008-06-25 16:39 <DIR> d--hs---- C:\FOUND.000
2008-06-20 01:46 . 2008-06-20 01:46 28,898 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.bmp
2008-06-20 01:46 . 2008-06-20 01:46 28,898 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Dalet codec R1.bmp
2008-06-20 01:46 . 2008-06-20 01:46 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.bmp
2008-06-20 01:46 . 2008-06-20 01:46 2,991 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.dat
2008-06-20 01:46 . 2008-06-20 01:46 2,147 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
2008-06-20 01:46 . 2008-06-20 01:46 562 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Dalet codec R1.dat
2008-06-20 01:45 . 2008-06-20 01:45 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Real Audio Codec.bmp
2008-06-20 01:45 . 2008-06-20 01:45 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.bmp
2008-06-20 01:45 . 2008-06-20 01:45 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Musepack Codec.bmp
2008-06-20 01:45 . 2008-06-20 01:45 3,448 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
2008-06-20 01:45 . 2008-06-20 01:45 2,084 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
2008-06-20 01:45 . 2008-06-20 01:45 1,924 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Real Audio Codec.dat
2008-06-20 01:44 . 2008-06-20 01:43 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.bmp
2008-06-20 01:44 . 2008-06-20 01:44 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.bmp
2008-06-20 01:44 . 2008-06-20 01:44 2,282 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
2008-06-20 01:44 . 2008-06-20 01:44 2,065 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2008-06-20 01:43 . 2008-06-20 01:43 28,898 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP AIFF codec r3.bmp
2008-06-20 01:43 . 2008-06-20 01:43 735 --a------ C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP AIFF codec r3.dat
2008-06-20 01:42 . 2008-06-20 01:42 <DIR> d-------- C:\Programmi\Illustrate
2008-06-20 01:42 . 2008-06-20 01:46 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-06-20 01:42 . 2008-06-20 01:42 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-06-20 01:42 . 2008-06-20 01:42 20,894 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-06-10 19:59 . 2008-06-10 19:59 <DIR> d-------- C:\Programmi\CCleaner
2008-06-06 17:56 . 2008-06-06 17:56 <DIR> d-------- C:\Programmi\uTorrent
2008-06-06 17:56 . 2008-06-06 17:56 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\uTorrent
2008-06-06 17:52 . 2008-06-06 17:52 <DIR> d-------- C:\Programmi\DNA
2008-06-03 00:27 . 2005-11-25 22:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-05-26 11:25 . 2008-06-01 18:33 820 --a------ C:\WINDOWS\CDPLAYER.UNI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 15:46 152,810 ----a-w C:\Documents and Settings\Massimo\Dati applicazioni\mdbu.bin
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 15:44 57,632 ----a-w C:\StiImg.dat
2008-05-24 12:20 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-24 12:20 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-23 16:35 --------- d-----w C:\Programmi\VAIOXP
2008-05-21 16:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-05-21 16:45 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-05-21 16:45 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\SUPERAntiSpyware.com
2008-05-20 13:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2008-05-08 13:11 --------- d-----w C:\Programmi\Easy CD-DA Extractor 10
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 14:15 --------- d-----w C:\Programmi\Windows Sidebar
2008-05-01 00:54 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\DataCast
2008-05-01 00:49 --------- d-----w C:\Programmi\Lame MP3 Codec
2008-05-01 00:48 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-05-01 00:48 --------- d-----w C:\Programmi\XviD
2008-05-01 00:48 --------- d-----w C:\Programmi\MarkAny
2008-05-01 00:47 --------- d-----w C:\Programmi\Samsung
2008-04-25 12:56 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-25 12:56 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-18 14:07 24,192 ----a-w C:\Documents and Settings\Massimo\usbsermptxp.sys
2008-04-18 14:07 22,768 ----a-w C:\Documents and Settings\Massimo\usbsermpt.sys
2007-04-23 10:45 92,064 ----a-w C:\Documents and Settings\Massimo\mqdmmdm.sys
2007-04-23 10:45 9,232 ----a-w C:\Documents and Settings\Massimo\mqdmmdfl.sys
2007-04-23 10:45 79,328 ----a-w C:\Documents and Settings\Massimo\mqdmserd.sys
2007-04-23 10:45 66,656 ----a-w C:\Documents and Settings\Massimo\mqdmbus.sys
2007-04-23 10:45 6,208 ----a-w C:\Documents and Settings\Massimo\mqdmcmnt.sys
2007-04-23 10:45 5,936 ----a-w C:\Documents and Settings\Massimo\mqdmwhnt.sys
2007-04-23 10:45 4,048 ----a-w C:\Documents and Settings\Massimo\mqdmcr.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-23_ 9.28.34.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-26 08:22:58 7,680 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-06-26 08:22:54 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-06-26 08:22:58 33,792 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-06-26 08:23:00 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-06-26 08:22:58 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-06-26 08:22:58 4,608 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-06-26 08:22:58 26,112 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-06-26 08:22:54 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-06-26 08:22:54 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-06-26 08:22:54 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-06-26 08:22:54 6,144 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-06-26 08:22:54 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-06-26 08:22:54 32,768 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-06-26 08:22:54 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-06-26 08:22:58 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-06-26 08:23:00 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-06-26 08:22:58 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-06-26 08:23:02 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-06-26 08:22:58 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-06-26 08:22:58 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-06-26 08:22:58 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-06-26 08:22:58 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-06-26 08:22:58 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-06-26 08:22:58 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-06-26 08:22:58 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-06-26 08:22:58 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-06-26 08:22:58 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-06-26 08:23:00 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-06-26 08:23:00 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-06-26 08:23:00 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-06-26 08:23:00 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-06-26 08:23:00 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-06-26 08:23:00 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-06-26 08:23:00 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-06-26 08:23:00 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-06-26 08:23:00 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-06-26 08:23:00 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-06-26 08:22:58 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-06-26 08:23:58 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_31b11e4b\CustomMarshalers.dll
+ 2008-06-26 08:24:02 3,289,088 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_594fecda\mscorlib.dll
+ 2008-06-26 08:24:12 1,462,272 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f0051099\System.Design.dll
+ 2008-06-26 08:24:16 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6c8405b4\System.Drawing.Design.dll
+ 2008-06-26 08:24:18 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cfd9e3b8\System.Drawing.dll
+ 2008-06-26 08:24:24 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_fc02de99\System.Windows.Forms.dll
+ 2008-06-26 08:24:28 2,076,672 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_1db75e03\System.Xml.dll
+ 2008-06-26 08:24:16 1,929,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b321f2cd\System.dll
- 2008-05-23 07:18:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 12:15:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 17:59:10 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 12:58:24 124,928 ------w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 12:58:26 347,136 ------w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 12:58:26 214,528 ------w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 12:58:26 133,120 ------w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 12:58:26 63,488 ------w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:57:16 70,656 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 12:58:26 153,088 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 12:58:26 230,400 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:26 161,792 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-04-03 14:29:14 383,488 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 12:58:26 384,512 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 12:58:28 6,066,176 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 12:58:28 44,544 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 12:58:28 267,776 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:52 13,824 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:57:30 625,664 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 12:58:30 27,648 ------w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 12:58:30 459,264 ------w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 12:58:30 52,224 ------w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 16:28:32 3,591,680 ------w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 12:58:32 478,208 ------w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 12:58:32 193,024 ------w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 12:58:32 671,232 ------w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 12:58:32 102,912 ------w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 12:58:32 44,544 ------w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:48:14 215,776 ------w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 ------w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 12:58:32 105,984 ------w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 12:58:32 1,159,680 ------w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 12:58:34 233,472 ------w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 12:58:34 826,368 ------w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-05-14 17:59:12 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0410-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-06-10 09:07:32 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0410-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2003-02-20 17:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-14 07:42:38 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-07-19 09:52:48 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-06-27 10:45:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2003-02-20 17:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2003-02-20 16:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2003-02-21 00:59:44 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 01:55:06 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 01:02:16 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-21 03:04:20 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 05:24:08 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 03:00:36 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-20 17:19:42 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-20 17:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 17:19:22 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 17:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 17:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 17:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 09:11:50 219,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 05:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 05:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-20 17:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 08:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-21 08:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-21 05:24:34 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 05:24:36 33,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 02:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 08:21:40 524,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-20 17:16:32 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-20 17:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 05:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 05:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 05:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 05:24:40 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-20 17:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 05:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-20 17:22:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 05:24:44 26,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 05:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 05:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-21 05:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 05:24:54 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 05:25:02 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 05:24:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 05:25:06 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 05:25:02 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 05:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 05:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 05:25:06 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2003-02-20 17:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-20 17:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-20 17:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 17:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 17:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-21 05:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-20 16:43:52 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 17:06:34 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 17:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 17:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 17:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-20 17:09:24 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-20 17:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 17:18:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 16:43:36 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 17:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 17:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 05:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 05:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 05:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-20 17:09:34 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 17:09:34 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 17:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 05:26:38 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 05:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-21 05:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-21 05:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 05:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 05:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 05:26:48 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 05:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 05:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-20 17:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 05:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 05:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 05:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 05:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 05:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-21 05:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 05:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 05:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 05:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 05:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 05:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 05:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 08:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 03:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-20 18:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-01 12:58:24 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:30 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2005-10-28 16:44:12 308,224 ----a-w C:\WINDOWS\system32\avisynth.dll
+ 2004-02-22 08:11:10 719,872 ----a-w C:\WINDOWS\system32\devil.dll
- 2008-03-01 12:58:24 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:30 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 12:58:26 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:30 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 12:58:26 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:30 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 12:58:26 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:30 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 12:58:26 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:30 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-03-01 12:58:26 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:30 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 12:58:26 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:30 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-04-03 14:29:14 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:30 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 12:58:26 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:30 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 12:58:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 12:58:28 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:30 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 12:58:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:30 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-03-01 12:58:30 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 12:58:30 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 12:58:30 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 12:58:32 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:32 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 12:58:32 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:32 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 12:58:32 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:32 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 12:58:32 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:32 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 12:58:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-03-01 12:58:32 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:32 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 12:58:32 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:32 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 12:58:34 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:32 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 12:58:34 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:32 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-17 17:23:30 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
- 2008-03-01 12:58:26 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:30 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 12:58:26 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:30 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 12:58:26 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:30 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2005-08-15 15:54:58 1,536 ----a-w C:\WINDOWS\system32\hidec.exe
- 2008-03-01 12:58:26 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:30 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:57:16 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:42:22 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 12:58:26 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:30 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 12:58:26 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:30 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:26 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:52 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-04-03 14:29:14 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:30 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 12:58:26 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:30 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 12:58:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 12:58:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:30 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 12:58:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:52 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 12:58:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2003-02-20 17:06:24 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2003-02-20 16:43:38 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2003-02-20 17:09:14 106,496 ----a-w C:\WINDOWS\system32\mscories.dll
- 2004-08-19 21:39:16 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 12:58:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 12:58:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 16:28:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 12:58:32 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:32 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 12:58:32 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:32 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 12:58:32 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:32 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2003-02-20 16:43:36 4,096 ----a-w C:\WINDOWS\system32\mui\0409\mscoreer.dll
+ 2003-02-20 17:16:34 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
- 2008-03-01 12:58:32 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:32 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-05-17 18:48:34 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-26 08:24:32 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-17 18:48:34 47,592 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-06-26 08:24:32 68,496 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-05-17 18:48:34 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-26 08:24:32 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-17 18:48:34 345,010 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-06-26 08:24:32 483,984 ----a-w C:\WINDOWS\system32\perfh010.dat
- 2008-03-01 12:58:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-10-08 19:51:14 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:30 18,808 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 12:58:32 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:32 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 12:58:32 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:32 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2003-02-20 17:06:20 282,624 ----a-w C:\WINDOWS\system32\URTTemp\fusion.dll
+ 2003-02-20 17:06:24 155,648 ----a-w C:\WINDOWS\system32\URTTemp\mscoree.dll
+ 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\system32\URTTemp\mscorsn.dll
+ 2003-02-20 17:08:32 2,482,176 ----a-w C:\WINDOWS\system32\URTTemp\mscorwks.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\system32\URTTemp\msvcr71.dll
+ 2003-02-21 03:16:08 49,152 ----a-w C:\WINDOWS\system32\URTTemp\regtlib.exe
- 2008-03-01 12:58:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:32 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 12:58:34 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:32 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23:39 15360]
"Packard Bell Data Secure"="C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe" [ ]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 21:29 68856]
"LClock"="C:\Programmi\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Programmi\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Programmi\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Programmi\ViOrb\ViOrb.exe" [ ]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-13 11:49 1506544]
"Sidebar"="C:\Programmi\Windows Sidebar\sidebar.exe" [2007-01-30 07:21 1230848]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-10-02 20:05 36864 C:\WINDOWS\system32\VTTimer.exe]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 57344 C:\WINDOWS\SOUNDMAN.EXE]
"Disk Monitor"="C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57 466944]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"CloneCDElbyCDFL"="C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09 45056]
"CloneCDTray"="C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 09:12 57344]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-03-13 00:06 921600]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"MsgCenterExe"="C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" [2008-04-25 14:55 69632]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-25 14:55 185896]
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 23:39 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2006-02-14 20:47:36 212992]
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-10-24 17:06:37 49254]
Windows Desktop Search.lnk - C:\Programmi\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 257752]
BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-26 12:03:53 1183744]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtUnkkh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" -hide
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\uTorrent\\utorrent.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"C:\Programmi\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"C:\Programmi\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
C:\WINDOWS\system32\hidec /W "C:\Programmi\VAIOXP\Tools\regtlib.exe" "C:\Programmi\Windows Sidebar\sidebar.exe"
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-26 12:19:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-06-26 12:00:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-21 14:35:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-06-26 12:02:24 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1794B3EC-3A3E-45FB-90E8-F3BE0E92163A}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-01-02 18:03:38 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 14:25:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-06-26 14.26.30
ComboFix-quarantined-files.txt 2008-06-26 12:26:28
ComboFix5.txt 2008-05-23 07:29:00
ComboFix4.txt 2008-05-23 09:09:46
ComboFix3.txt 2008-06-10 09:20:38
ComboFix2.txt 2008-06-11 10:39:16
22 Directory 2,918,088,704 byte disponibili
25 Directory 2,970,550,272 byte disponibili
526 --- E O F --- 2008-06-26 08:21:26
ho fatto anche hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.20.08, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Massimo\Documenti\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Programmi\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Programmi\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Programmi\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?ca17ac8f33bd418b822794213e219fe8
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?ca17ac8f33bd418b822794213e219fe8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {13EC2BEE-5CAE-48CD-9F55-2074CCAEDF1C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maxi13mb.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maxi13mb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtUnkkh - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10461 bytes |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 26 Giu 2008 18:08 Oggetto: |
|
|
Segui le istruzioni di questo topic per usare MBAM.
Carica il log che verrà creato su WikiSend e posta il Forum Link che ti viene assegnato.
Dopo, fai questa scansione con SystemScan, carica il log su WikiSend e posta il Forum Link che ti viene assegnato. |
|
| Top |
|
|
ballack01
Eroe
Registrato: 21/05/08 00:19
Messaggi: 60
Residenza: capriolo(bs)
|
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 27 Giu 2008 17:07 Oggetto: |
|
|
MBAM ha eliminato qualcosina...
- Avvia nuovamente SystemScan
- metti il segno di spunta a I have read and agree. Please let me free to proceed e clicca su Proceed
- clicca su Removal Script
- Nel riquadro inserisci il seguente script:
| Codice: | Files to delete:
C:\DOCUME~1\Massimo\IMPOST~1\Temp\gtermddo.sys
C:\WINDOWS\system32\Uharc.exe
Registry keys to delete:
HKLM\system\currentcontrolset\services\gtermddo
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\awtUnkkh |
e clicca Proceed with removal
******
Se dovessi ricevere l'errore Please copy and paste a valid script file, una volta incollato lo script in SystemScan (o Avenger), selezioni la prima riga, la cancelli e la ri-digiti. Fatto questo, dovrebbe tornare a funzionare.
******
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il contenuto del file C:\Avenger.txt con un log aggiornato di hijackthis. |
|
| Top |
|
|
ballack01
Eroe
Registrato: 21/05/08 00:19
Messaggi: 60
Residenza: capriolo(bs)
|
| Inviato: 27 Giu 2008 18:00 Oggetto: |
|
|
| non riesco a far partire systemscan, posso usare avenger? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 28 Giu 2008 09:27 Oggetto: |
|
|
Non parte più?
Che errore ti segnala?
Si, puoi usare anche Avenger... ma è importante capire perché SystemScan non voglia più partire. |
|
| Top |
|
|
ballack01
Eroe
Registrato: 21/05/08 00:19
Messaggi: 60
Residenza: capriolo(bs)
|
| Inviato: 30 Giu 2008 11:06 Oggetto: |
 |
|
| mi esce l'errore "Please copy and paste a valid script file"...seleziono la prima riga, la cancello e la ridigito ma mi esce sempre quell'errore |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
