Ciao a tutti,

Mi rivolgo a Voi perchèho visto altri hread con un problema simile / se non identico al mio).

credo che il problema si un MBRrootkit . Seguento un altro thread simile mi sono scaricato GMer e Mbr e gli ho lanciati :

Quando ho lanciato in modalità provvisoria il comando :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8636ebd0
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x86310330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

ho ricevuto questo log.

Poi ho eseguito anche Norman il quali mi dice che non ha trovato nulla

Dopodichè ho rilanciato mbr.exe senza -f e dove mi dice di eseguire Fixmbr :

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8636ebd0
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x86310330
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
Use "Recovery Console" command "fixmbr" to clear infection !

Ora vorrei il vostro aiuto per capire cosa posso fare :

tra l'altro io ho nella macchina 2 HDD , il primo HDD con vista e due partizioni C-D e il secondo con XP anche lui con 2 partizioni E-F. Il sistema XP SP3 sta in E:\

se devo fare il fixmbr l'ho devo fare nel disco E: ? è corretto ? . Ve lo chiedo perchè non ho chiaro qualcosa, ciè mi sembra di avere letto che di MBR c'è nè uno solo all'inizio del primo disco.

E' necessario che reinstalli anche il driver realtek incriminato.

Aiutatemi , per favore sono bloccato !!

Se il S.O si trova in E:\

Fai così:

Scarica MBR:EXE direttamente nella Directory E: (Devi scaricarlo obligatoriamente in E: )

http://www2.gmer.net/mbr/mbr.exe

Riavvia il Pc in modalità provvisoria F8

Clicca Start

Clicca Esegui...
Digita E:\mbr.exe -f (fai il copia-incolla, in quanto c'è uno spazio da rispettare dopo .exe) e clicca su OK
La scansione dura pochi secondi.
Riavvia il pc

Posta qui il contenuto del log E:\mbr.log
*********************************************************************************
Poi:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

L'MBR è stato riparato.

Fai la scansione con Combofix.

Perbacco, sei talmente pieno, che ho difficoltà da dove cominciare....
Persino tracce di Beagle, ci sono.
Elimina i Crack che hai scaricato dai P2P. ( Responsabili del Beagle)
Svuota il cestino.
Cominciamo con Beagle:

Scarica Findykill:
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
installa FindyKill .
chiudi tutte le eventuali applicazioni aperte (antivirus, firewall e programmi "residenti")
disconnettiti da Internet
sconnetti, fisicamente, il modem dal computer.
avvia il tool e digita F per impostare la lingua;
clicca su 2 - Suppression des fichiers infectieux (Eliminazione dei file infetti)
al termine dell'operazione verrà rilasciato un log: salvalo sul Desktop, e postalo qui.
P.S:
Potranno esserci dei riavvii, non preoccuparti, è il programma che stà lavorando.

Scusa , ho già lanciato FindyKill , poi ho riletto la riga dei crackda l p2p. Ma dove sono questi crack ? IO scarico di solito musica e miè capitato qualche cosa di cui non ricordo neanche di preciso.

Ho l'abitudie di usare prodotti opensource. però può essere che mio fratello ... boh ! , adesso indago.
Comunque dove sarebbero , posso vederli in qualche riga del log ?

Grazie simo95 per la info, ma senti .. Ho provato a rivedere il log di combofix e vorrei chiederti :

1. Tutta quella lista è relativa a cose che non dovrebbero esserci ???
2. .. O ci sono anche solo degli avvertimenti ??
3. per esempio non so come leggere le righe relative a questi programmi
FreeOTFEHashMD
e:\programmi\File comuni\ASNA Shared
e:\windows\system32\avgrsstx.dll
e:\programmi\Microsoft ActiveSync

che per me sono assolutamente tranquilli .. sono il database che utilizza per lavoro , la gestione di cryptazione dei dati ( opensource) .. ancora l'active sync ..etcc boh!!! , non so leggerlo , ma non vorrei che mispazzasse via cose importanti come il DB

Puoi darmi qualche chiarimento , Intanto findyKill è al 40% perchè si sta facendo anche le partizioni vista sul primo disco. E' giusto così ??


EDIT :
Hei , ma con che criterio considera i file , perchè sta scansionando il file openclipart-0.19.zip di 480MB ed è più di 30 minuti. Possibile! sicuri che non si pianti.
Se poi legge le virtualmachine di linux etcc di alemo 10GB l'una che fa ?

EDIT2 :ore 21.45
Ormai sono 3 0re ed è sempre al 40%. La scansione è molto lenta. deve essere cosi ? o c'è dell'altro ?

EDIT3: ore 22.14
Sul desktop si è chiusa la finestra dove era in esecuzione il pgm ma non è comparso nessun log. Sul desktop non c'è nulla nessuna icona , status bar , nulla.
Così era comparso dopo un primo riavvio . Ora è li , che faccio . devo spegnere di brutto il pc ???

EDIT4: ore 22.30
Sono ricomparse le icone nel desktop e la taskbar. Ho trovato una cartella FyK con dentro un po di cose. Ditemi cosa vi devomandare.
grazie .. a domani

Ciao,

Come ti ho detto finalmente è ripartito tutto.
L'utente help assistant l'avevo già disabilitato. non avevo ancora rimosso perchè aspettavo istruzioni.

Per la parte explorer io uso totalcommander dove ho impostato la visualizzazione di tutti i file. va bene lo stesso ?.

mentre ti scrivo ho ancora lanciato windowsupdate per aggiornare tutte le patch mancanti.

Dimmi : della cartella FyK ci faccio qualcosa, devo inviarti qualcosa ?

devi inviare il log di findykill

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.
N.B:
Se il pc non si riavvia, riavvialo tu.
*********************************************************************************
Poi:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

Ecco i risultati :

ComboFix
ComboFix 10-03-09.08 - Joss 11/03/2010 16.24.21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3070.2440 [GMT 1:00]
Eseguito da: e:\antivirus\ComboFix.exe
Opzioni usate :: e:\antivirus\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-02-11 al 2010-03-11 )))))))))))))))))))))))))))))))))))
.

2010-03-11 08:17 . 2010-03-11 08:17 -------- d-----w- e:\windows\system32\KB905474
2010-03-11 08:17 . 2009-03-10 21:26 1437568 ----a-w- e:\windows\system32\KB905474\wganotifypackageinner.exe
2010-03-11 08:17 . 2009-03-10 21:18 454016 ----a-w- e:\windows\system32\KB905474\wgasetup.exe
2010-03-11 08:16 . 2010-02-12 10:03 293376 ------w- e:\windows\system32\browserchoice.exe
2010-03-11 08:15 . 2009-12-04 18:22 455424 -c----w- e:\windows\system32\dllcache\mrxsmb.sys
2010-03-11 08:11 . 2009-12-09 10:07 2192896 -c----w- e:\windows\system32\dllcache\ntoskrnl.exe
2010-03-11 08:11 . 2009-12-09 10:07 2148864 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-11 08:11 . 2009-12-09 10:07 2027520 -c----w- e:\windows\system32\dllcache\ntkrpamp.exe
2010-03-10 17:18 . 2010-03-11 11:07 -------- d-----w- E:\FyK
2010-03-10 12:30 . 2010-03-09 21:02 77312 ----a-w- E:\mbr.exe
2010-03-10 12:24 . 2010-03-10 12:24 -------- d-----w- e:\documents and settings\Administrator\DoctorWeb
2010-03-09 22:19 . 2010-03-09 22:19 53136 ----a-w- e:\windows\system32\PxSecure.dll
2010-03-09 22:19 . 2010-03-09 22:19 47664 ----a-w- e:\windows\system32\drivers\pxrts.sys
2010-03-09 22:19 . 2010-03-09 22:19 30280 ----a-w- e:\windows\system32\drivers\pxscan.sys
2010-03-09 22:19 . 2010-03-09 22:19 24496 ----a-w- e:\windows\system32\drivers\pxkbf.sys
2010-03-09 22:19 . 2010-03-09 22:19 -------- d-----w- e:\programmi\Prevx
2010-03-09 22:02 . 2010-03-10 23:14 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-03-09 21:53 . 2010-03-11 15:24 -------- d-----w- E:\AntiVirus
2010-02-27 07:37 . 2010-02-25 07:43 5115824 ----a-w- E:\mbam-setup.exe
2010-02-25 14:48 . 2010-02-25 14:48 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-02-25 14:45 . 2010-02-26 17:41 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-02-25 12:05 . 2010-03-11 08:47 -------- d-----w- e:\documents and settings\HelpAssistant
2010-02-25 11:29 . 2010-03-11 08:02 3777280 ----a-w- e:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-02-25 11:29 . 2010-03-11 08:02 1260800 ----a-w- e:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-02-25 11:27 . 2010-02-25 11:27 -------- d-----w- E:\$AVG
2010-02-25 11:27 . 2010-02-25 11:27 360584 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2010-02-25 11:27 . 2010-02-25 11:27 12464 ----a-w- e:\windows\system32\avgrsstx.dll
2010-02-25 11:27 . 2010-02-25 11:27 333192 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2010-02-25 11:27 . 2010-02-25 11:27 28424 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2010-02-25 11:27 . 2010-03-11 08:04 -------- d-----w- e:\windows\system32\drivers\Avg
2010-02-25 11:26 . 2010-03-11 08:02 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-25 11:26 . 2010-02-25 11:26 -------- d-----w- e:\programmi\AVG
2010-02-25 11:18 . 2010-03-10 09:52 -------- d-----w- E:\temp
2010-02-25 10:22 . 2010-02-25 10:22 -------- d-----w- e:\documents and settings\Joss.JOSS_XPHP\Dati applicazioni\Malwarebytes
2010-02-25 08:28 . 2010-01-07 15:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 08:28 . 2010-02-27 07:37 -------- d-----w- e:\programmi\Malwarebytes' Anti-Malware
2010-02-25 08:28 . 2010-01-07 15:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-02-25 08:12 . 2010-02-25 08:12 -------- d-----w- e:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-24 18:46 . 2009-10-05 23:00 588288 ----a-w- e:\windows\system32\Notepad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 08:19 . 2010-03-11 08:19 -------- d-----w- e:\programmi\MSXML 4.0
2010-03-09 22:20 . 2003-04-08 12:00 80428 ----a-w- e:\windows\system32\perfc010.dat
2010-03-09 22:20 . 2003-04-08 12:00 480668 ----a-w- e:\windows\system32\perfh010.dat
2010-02-04 23:16 . 2009-06-04 14:37 -------- d-----w- e:\programmi\Microsoft ActiveSync
2010-01-26 18:07 . 2008-09-29 12:03 -------- d-----w- e:\programmi\File comuni\ASNA Shared
2010-01-20 15:54 . 2009-01-16 10:58 -------- d-----w- e:\documents and settings\Joss.JOSS_XPHP\Dati applicazioni\U3
2010-01-20 08:28 . 2010-01-20 08:28 -------- d-----w- e:\documents and settings\Joss.JOSS_XPHP\Dati applicazioni\UltraVNC
2010-01-11 13:56 . 2010-01-08 17:06 162816 ----a-w- e:\windows\system32\fmod.dll
2010-01-07 19:52 . 2008-10-29 15:50 63584 ----a-w- e:\documents and settings\Joss.JOSS_XPHP\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-07 19:47 . 2010-01-07 19:47 125936 ----a-w- e:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-01-05 09:53 . 2008-04-13 17:13 832512 ----a-w- e:\windows\system32\wininet.dll
2010-01-05 09:53 . 2008-04-13 17:13 78336 ----a-w- e:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2008-04-13 17:13 17408 ----a-w- e:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-13 10:15 353792 ----a-w- e:\windows\system32\drivers\srv.sys
2009-12-17 14:02 . 2009-12-17 14:02 133648 ----a-w- e:\windows\system32\VBoxNetFltNotify.dll
2009-12-17 14:02 . 2009-12-17 14:02 110096 ----a-w- e:\windows\system32\drivers\VBoxNetFlt.sys
2009-12-17 14:02 . 2009-04-13 18:31 99152 ----a-w- e:\windows\system32\drivers\VBoxNetAdp.sys
2009-12-17 14:02 . 2008-10-17 11:48 41616 ----a-w- e:\windows\system32\drivers\VBoxUSBMon.sys
2009-12-17 14:02 . 2008-10-17 11:48 123280 ----a-w- e:\windows\system32\drivers\VBoxDrv.sys
2009-12-17 07:40 . 2008-09-14 13:05 346112 ----a-w- e:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-13 17:13 33280 ----a-w- e:\windows\system32\csrsrv.dll
2008-10-28 15:31 . 2008-10-28 15:31 3162 ----a-w- e:\programmi\iohv.txt
.

------- Sigcheck -------

[-] 2008-09-14 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . e:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-03-10_12.59.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 15:45 . 2008-09-30 15:45 91656 e:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2010-03-11 15:28 . 2010-03-11 15:28 16384 e:\windows\temp\Perflib_Perfdata_288.dat
+ 2008-04-13 17:13 . 2009-06-25 08:25 54272 e:\windows\system32\wdigest.dll
+ 2008-04-13 17:14 . 2010-01-23 08:11 46080 e:\windows\system32\tzchange.exe
+ 2008-04-13 17:14 . 2009-06-15 10:43 82432 e:\windows\system32\tlntsess.exe
+ 2008-04-13 17:14 . 2009-06-15 10:43 78336 e:\windows\system32\telnet.exe
- 2008-09-14 14:02 . 2007-11-30 11:18 26488 e:\windows\system32\spupdsvc.exe
+ 2008-09-14 14:02 . 2007-07-27 09:41 26488 e:\windows\system32\spupdsvc.exe
+ 2008-09-14 14:02 . 2008-07-08 13:06 18808 e:\windows\system32\spmsg.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 56832 e:\windows\system32\secur32.dll
+ 2003-04-08 12:00 . 2009-02-06 10:39 35328 e:\windows\system32\sc.exe
+ 2008-04-13 17:13 . 2009-10-12 13:38 79872 e:\windows\system32\raschap.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 79872 e:\windows\system32\raschap.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 44544 e:\windows\system32\pngfilt.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 44544 e:\windows\system32\pngfilt.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 91648 e:\windows\system32\mtxoci.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 91648 e:\windows\system32\mtxoci.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 66560 e:\windows\system32\mtxclu.dll
+ 2008-04-13 17:13 . 2008-06-12 14:21 66560 e:\windows\system32\mtxclu.dll
+ 2008-04-13 19:13 . 2009-11-27 17:12 17920 e:\windows\system32\msyuv.dll
+ 2003-04-08 12:00 . 2009-11-27 16:07 28672 e:\windows\system32\msvidc32.dll
+ 2008-04-13 17:13 . 2009-11-27 16:07 11264 e:\windows\system32\msrle32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 11264 e:\windows\system32\msrle32.dll
+ 2007-08-13 16:54 . 2010-01-05 09:53 52224 e:\windows\system32\msfeedsbs.dll
- 2007-08-13 16:54 . 2008-06-23 16:15 52224 e:\windows\system32\msfeedsbs.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 58880 e:\windows\system32\msdtclog.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 58880 e:\windows\system32\msdtclog.dll
+ 2008-04-13 17:13 . 2009-09-04 21:03 58880 e:\windows\system32\msasn1.dll
+ 2008-04-13 17:14 . 2008-06-10 04:52 96768 e:\windows\system32\logagent.exe
- 2008-04-13 17:14 . 2005-01-27 23:21 96768 e:\windows\system32\logagent.exe
+ 2008-04-13 17:13 . 2010-01-05 09:53 27648 e:\windows\system32\jsproxy.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 27648 e:\windows\system32\jsproxy.dll
+ 2008-04-13 19:13 . 2009-11-27 16:07 48128 e:\windows\system32\iyuv_32.dll
+ 2007-08-13 16:39 . 2009-12-31 15:34 13824 e:\windows\system32\ieudinit.exe
+ 2008-04-13 17:13 . 2010-01-05 09:53 44544 e:\windows\system32\iernonce.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 44544 e:\windows\system32\iernonce.dll
+ 2008-04-13 17:14 . 2009-12-31 15:34 70656 e:\windows\system32\ie4uinit.exe
- 2008-04-13 17:14 . 2008-06-23 09:22 70656 e:\windows\system32\ie4uinit.exe
+ 2007-08-13 16:36 . 2010-01-05 09:53 63488 e:\windows\system32\icardie.dll
- 2007-08-13 16:36 . 2008-06-23 16:15 63488 e:\windows\system32\icardie.dll
+ 2008-04-13 17:13 . 2009-10-15 16:29 81920 e:\windows\system32\fontsub.dll
+ 2008-04-13 09:31 . 2009-06-24 11:18 92928 e:\windows\system32\drivers\ksecdd.sys
+ 2008-04-13 17:13 . 2009-06-25 08:25 54272 e:\windows\system32\dllcache\wdigest.dll
+ 2008-04-13 17:14 . 2009-06-15 10:43 82432 e:\windows\system32\dllcache\tlntsess.exe
+ 2008-04-13 17:14 . 2009-06-15 10:43 78336 e:\windows\system32\dllcache\telnet.exe
+ 2008-04-13 17:13 . 2009-06-25 08:25 56832 e:\windows\system32\dllcache\secur32.dll
+ 2003-04-08 12:00 . 2009-02-06 10:39 35328 e:\windows\system32\dllcache\sc.exe
+ 2008-04-13 17:13 . 2009-10-12 13:38 79872 e:\windows\system32\dllcache\raschap.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 79872 e:\windows\system32\dllcache\raschap.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 44544 e:\windows\system32\dllcache\pngfilt.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 44544 e:\windows\system32\dllcache\pngfilt.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 91648 e:\windows\system32\dllcache\mtxoci.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 91648 e:\windows\system32\dllcache\mtxoci.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 66560 e:\windows\system32\dllcache\mtxclu.dll
+ 2008-04-13 17:13 . 2008-06-12 14:21 66560 e:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:12 . 2009-11-27 17:12 17920 e:\windows\system32\dllcache\msyuv.dll
+ 2003-04-08 12:00 . 2009-11-27 16:07 28672 e:\windows\system32\dllcache\msvidc32.dll
+ 2008-04-13 17:13 . 2009-11-27 16:07 11264 e:\windows\system32\dllcache\msrle32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 11264 e:\windows\system32\dllcache\msrle32.dll
- 2008-09-15 20:40 . 2008-06-23 16:15 52224 e:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-09-15 20:40 . 2010-01-05 09:53 52224 e:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 58880 e:\windows\system32\dllcache\msdtclog.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 58880 e:\windows\system32\dllcache\msdtclog.dll
+ 2008-04-13 17:13 . 2009-09-04 21:03 58880 e:\windows\system32\dllcache\msasn1.dll
- 2008-04-13 17:14 . 2005-01-27 23:21 96768 e:\windows\system32\dllcache\logagent.exe
+ 2008-04-13 17:14 . 2008-06-10 04:52 96768 e:\windows\system32\dllcache\logagent.exe
+ 2008-04-13 09:31 . 2009-06-24 11:18 92928 e:\windows\system32\dllcache\ksecdd.sys
- 2008-04-13 17:13 . 2008-06-23 16:15 27648 e:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 27648 e:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 e:\windows\system32\dllcache\iyuv_32.dll
+ 2008-09-15 20:40 . 2009-12-31 15:34 13824 e:\windows\system32\dllcache\ieudinit.exe
- 2008-09-15 20:40 . 2008-06-23 09:20 13824 e:\windows\system32\dllcache\ieudinit.exe
- 2008-04-13 17:13 . 2008-06-23 16:15 44544 e:\windows\system32\dllcache\iernonce.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 44544 e:\windows\system32\dllcache\iernonce.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 78336 e:\windows\system32\dllcache\ieencode.dll
- 2008-04-13 17:14 . 2008-06-23 09:22 70656 e:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-13 17:14 . 2009-12-31 15:34 70656 e:\windows\system32\dllcache\ie4uinit.exe
+ 2008-09-15 20:40 . 2010-01-05 09:53 63488 e:\windows\system32\dllcache\icardie.dll
- 2008-09-15 20:40 . 2008-06-23 16:15 63488 e:\windows\system32\dllcache\icardie.dll
+ 2008-04-13 17:13 . 2009-10-15 16:29 81920 e:\windows\system32\dllcache\fontsub.dll
+ 2008-04-13 17:13 . 2009-12-14 07:08 33280 e:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 17408 e:\windows\system32\dllcache\corpol.dll
+ 2008-04-13 17:13 . 2009-11-27 16:07 85504 e:\windows\system32\dllcache\avifil32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 85504 e:\windows\system32\dllcache\avifil32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 58880 e:\windows\system32\dllcache\atl.dll
+ 2008-04-13 17:13 . 2009-07-17 19:01 58880 e:\windows\system32\dllcache\atl.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 85504 e:\windows\system32\avifil32.dll
+ 2008-04-13 17:13 . 2009-11-27 16:07 85504 e:\windows\system32\avifil32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 58880 e:\windows\system32\atl.dll
+ 2008-04-13 17:13 . 2009-07-17 19:01 58880 e:\windows\system32\atl.dll
+ 2010-03-11 08:20 . 2010-03-11 08:20 32768 e:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-03-11 08:19 . 2010-03-11 08:19 32768 e:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 44544 e:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 52224 e:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 27648 e:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-03-11 08:20 . 2007-08-13 17:39 13312 e:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 44544 e:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-03-11 08:20 . 2008-04-13 17:13 81920 e:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-03-11 08:20 . 2008-06-23 09:22 70656 e:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 63488 e:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-03-11 08:20 . 2008-04-13 17:13 35328 e:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-11-27 17:12 . 2009-11-27 17:12 17920 e:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 e:\windows\Driver Cache\i386\iyuv_32.dll
+ 2008-05-05 06:25 . 2008-05-05 06:25 3072 e:\windows\system32\xpsp4res.dll
+ 2001-08-30 23:08 . 2009-11-27 16:07 8704 e:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 e:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 e:\windows\Driver Cache\i386\tsbyuv.dll
+ 2008-04-13 17:13 . 2009-07-13 09:08 286720 e:\windows\system32\wmpdxm.dll
+ 2008-04-13 17:13 . 2009-06-10 06:14 132096 e:\windows\system32\wkssvc.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 132096 e:\windows\system32\wkssvc.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 354304 e:\windows\system32\winhttp.dll
+ 2008-04-13 17:13 . 2008-12-16 12:30 354304 e:\windows\system32\winhttp.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 233472 e:\windows\system32\webcheck.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 233472 e:\windows\system32\webcheck.dll
+ 2008-09-14 13:04 . 2009-02-06 10:10 227840 e:\windows\system32\wbem\wmiprvse.exe
+ 2008-09-14 13:04 . 2009-02-09 10:51 453120 e:\windows\system32\wbem\wmiprvsd.dll
+ 2008-09-14 13:04 . 2009-02-09 10:51 473600 e:\windows\system32\wbem\fastprox.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 105984 e:\windows\system32\url.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 105984 e:\windows\system32\url.dll
+ 2008-04-13 17:13 . 2009-10-15 16:29 119808 e:\windows\system32\t2embed.dll
+ 2008-04-13 17:13 . 2009-08-26 08:00 247326 e:\windows\system32\strmdll.dll
+ 2008-04-13 17:13 . 2009-12-08 09:23 474624 e:\windows\system32\shlwapi.dll
+ 2008-04-13 17:14 . 2009-02-09 11:22 111104 e:\windows\system32\services.exe
+ 2008-04-13 17:13 . 2009-06-25 08:25 147456 e:\windows\system32\schannel.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 401408 e:\windows\system32\rpcss.dll
+ 2008-04-13 17:13 . 2009-04-15 14:52 585216 e:\windows\system32\rpcrt4.dll
+ 2008-04-13 17:13 . 2009-10-12 13:38 150016 e:\windows\system32\rastls.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 286208 e:\windows\system32\pdh.dll
+ 2008-04-13 17:13 . 2009-03-06 14:19 286208 e:\windows\system32\pdh.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 102912 e:\windows\system32\occache.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 102912 e:\windows\system32\occache.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 271360 e:\windows\system32\oakley.dll
+ 2008-04-13 17:13 . 2009-10-13 10:33 271360 e:\windows\system32\oakley.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 736256 e:\windows\system32\ntdll.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 337408 e:\windows\system32\netapi32.dll
+ 2008-04-13 17:13 . 2008-10-15 16:36 337408 e:\windows\system32\netapi32.dll
+ 2008-04-13 17:13 . 2009-08-05 08:59 205312 e:\windows\system32\mswebdvd.dll
+ 2008-04-13 17:13 . 2009-09-11 14:17 136192 e:\windows\system32\msv1_0.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 671232 e:\windows\system32\mstime.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 671232 e:\windows\system32\mstime.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 193024 e:\windows\system32\msrating.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 193024 e:\windows\system32\msrating.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 477696 e:\windows\system32\mshtmled.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 477696 e:\windows\system32\mshtmled.dll
+ 2007-08-13 16:54 . 2010-01-05 09:53 459264 e:\windows\system32\msfeeds.dll
- 2007-08-13 16:54 . 2008-06-23 16:15 459264 e:\windows\system32\msfeeds.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 161792 e:\windows\system32\msdtcuiu.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 161792 e:\windows\system32\msdtcuiu.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 956928 e:\windows\system32\msdtctm.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 956928 e:\windows\system32\msdtctm.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 428032 e:\windows\system32\msdtcprx.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 735744 e:\windows\system32\lsasrv.dll
+ 2008-04-13 17:13 . 2009-05-07 15:32 347648 e:\windows\system32\localspl.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 301568 e:\windows\system32\kerberos.dll
+ 2008-04-13 17:13 . 2009-08-13 15:15 512000 e:\windows\system32\jscript.dll
- 2008-04-13 17:13 . 2008-05-09 10:53 512000 e:\windows\system32\jscript.dll
+ 2007-08-13 16:34 . 2010-01-05 09:53 268288 e:\windows\system32\iertutil.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 192512 e:\windows\system32\iepeers.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 385024 e:\windows\system32\iedkcs32.dll
+ 2007-07-11 10:27 . 2010-01-05 09:53 380928 e:\windows\system32\ieapfltr.dll
+ 2003-04-08 12:00 . 2009-12-18 13:04 161792 e:\windows\system32\ieakui.dll
- 2003-04-08 12:00 . 2008-06-21 05:23 161792 e:\windows\system32\ieakui.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 230400 e:\windows\system32\ieaksie.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 230400 e:\windows\system32\ieaksie.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 153088 e:\windows\system32\ieakeng.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 153088 e:\windows\system32\ieakeng.dll
+ 2008-04-13 17:13 . 2008-10-23 12:36 286720 e:\windows\system32\gdi32.dll
+ 2008-09-14 14:24 . 2010-03-11 08:35 254752 e:\windows\system32\FNTCACHE.DAT
- 2008-09-14 14:24 . 2010-01-08 08:40 254752 e:\windows\system32\FNTCACHE.DAT
+ 2008-04-13 17:13 . 2010-01-05 09:53 133120 e:\windows\system32\extmgr.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 133120 e:\windows\system32\extmgr.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 214528 e:\windows\system32\dxtrans.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 214528 e:\windows\system32\dxtrans.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 347136 e:\windows\system32\dxtmsft.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 347136 e:\windows\system32\dxtmsft.dll
+ 2008-04-13 10:17 . 2009-12-04 18:22 455424 e:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-13 10:19 . 2008-08-14 10:04 138496 e:\windows\system32\drivers\afd.sys
- 2008-04-13 10:19 . 2008-06-20 11:40 138496 e:\windows\system32\drivers\afd.sys
+ 2008-09-14 13:05 . 2008-04-21 21:14 219136 e:\windows\system32\dllcache\wordpad.exe
+ 2008-04-13 17:13 . 2009-07-13 09:08 286720 e:\windows\system32\dllcache\wmpdxm.dll
+ 2008-09-14 13:04 . 2009-02-06 10:10 227840 e:\windows\system32\dllcache\wmiprvse.exe
+ 2008-09-14 13:04 . 2009-02-09 10:51 453120 e:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-04-13 17:13 . 2009-06-10 06:14 132096 e:\windows\system32\dllcache\wkssvc.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 132096 e:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 832512 e:\windows\system32\dllcache\wininet.dll
+ 2008-04-13 17:13 . 2008-12-16 12:30 354304 e:\windows\system32\dllcache\winhttp.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 354304 e:\windows\system32\dllcache\winhttp.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 233472 e:\windows\system32\dllcache\webcheck.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 233472 e:\windows\system32\dllcache\webcheck.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 105984 e:\windows\system32\dllcache\url.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 105984 e:\windows\system32\dllcache\url.dll
+ 2008-09-14 13:06 . 2009-06-21 21:47 153088 e:\windows\system32\dllcache\triedit.dll
- 2008-09-14 13:06 . 2008-04-13 17:13 153088 e:\windows\system32\dllcache\triedit.dll
+ 2008-04-13 17:13 . 2009-10-15 16:29 119808 e:\windows\system32\dllcache\t2embed.dll
+ 2008-04-13 17:13 . 2009-08-26 08:00 247326 e:\windows\system32\dllcache\strmdll.dll
+ 2008-04-13 10:15 . 2009-12-31 16:50 353792 e:\windows\system32\dllcache\srv.sys
+ 2008-04-13 17:13 . 2009-12-08 09:23 474624 e:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-13 17:14 . 2009-02-09 11:22 111104 e:\windows\system32\dllcache\services.exe
+ 2008-04-13 17:13 . 2009-06-25 08:25 147456 e:\windows\system32\dllcache\schannel.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 401408 e:\windows\system32\dllcache\rpcss.dll
+ 2008-04-13 17:13 . 2009-04-15 14:52 585216 e:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-13 17:13 . 2009-10-12 13:38 150016 e:\windows\system32\dllcache\rastls.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 286208 e:\windows\system32\dllcache\pdh.dll
+ 2008-04-13 17:13 . 2009-03-06 14:19 286208 e:\windows\system32\dllcache\pdh.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 102912 e:\windows\system32\dllcache\occache.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 102912 e:\windows\system32\dllcache\occache.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 271360 e:\windows\system32\dllcache\oakley.dll
+ 2008-04-13 17:13 . 2009-10-13 10:33 271360 e:\windows\system32\dllcache\oakley.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 736256 e:\windows\system32\dllcache\ntdll.dll
+ 2008-04-13 17:13 . 2008-10-15 16:36 337408 e:\windows\system32\dllcache\netapi32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 337408 e:\windows\system32\dllcache\netapi32.dll
+ 2008-04-13 17:13 . 2009-08-05 08:59 205312 e:\windows\system32\dllcache\mswebdvd.dll
+ 2008-04-13 17:13 . 2009-09-11 14:17 136192 e:\windows\system32\dllcache\msv1_0.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 671232 e:\windows\system32\dllcache\mstime.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 671232 e:\windows\system32\dllcache\mstime.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 193024 e:\windows\system32\dllcache\msrating.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 193024 e:\windows\system32\dllcache\msrating.dll
- 2008-09-14 13:05 . 2008-04-13 17:14 346112 e:\windows\system32\dllcache\mspaint.exe
+ 2008-09-14 13:05 . 2009-12-17 07:40 346112 e:\windows\system32\dllcache\mspaint.exe
- 2008-04-13 17:13 . 2008-06-23 16:15 477696 e:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 477696 e:\windows\system32\dllcache\mshtmled.dll
+ 2008-09-15 20:40 . 2010-01-05 09:53 459264 e:\windows\system32\dllcache\msfeeds.dll
- 2008-09-15 20:40 . 2008-06-23 16:15 459264 e:\windows\system32\dllcache\msfeeds.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 161792 e:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 161792 e:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 956928 e:\windows\system32\dllcache\msdtctm.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 956928 e:\windows\system32\dllcache\msdtctm.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 428032 e:\windows\system32\dllcache\msdtcprx.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 735744 e:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-13 17:13 . 2009-05-07 15:32 347648 e:\windows\system32\dllcache\localspl.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 301568 e:\windows\system32\dllcache\kerberos.dll
+ 2008-04-13 17:13 . 2009-08-13 15:15 512000 e:\windows\system32\dllcache\jscript.dll
- 2008-04-13 17:13 . 2008-05-09 10:53 512000 e:\windows\system32\dllcache\jscript.dll
+ 2008-09-14 13:06 . 2009-12-18 13:05 634648 e:\windows\system32\dllcache\iexplore.exe
+ 2008-09-15 20:40 . 2010-01-05 09:53 268288 e:\windows\system32\dllcache\iertutil.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 192512 e:\windows\system32\dllcache\iepeers.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 385024 e:\windows\system32\dllcache\iedkcs32.dll
+ 2008-09-15 20:40 . 2010-01-05 09:53 380928 e:\windows\system32\dllcache\ieapfltr.dll
+ 2003-04-08 12:00 . 2009-12-18 13:04 161792 e:\windows\system32\dllcache\ieakui.dll
- 2003-04-08 12:00 . 2008-06-21 05:23 161792 e:\windows\system32\dllcache\ieakui.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 230400 e:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 230400 e:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 153088 e:\windows\system32\dllcache\ieakeng.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 153088 e:\windows\system32\dllcache\ieakeng.dll
+ 2008-04-13 17:13 . 2008-10-23 12:36 286720 e:\windows\system32\dllcache\gdi32.dll
+ 2008-09-14 13:04 . 2009-02-09 10:51 473600 e:\windows\system32\dllcache\fastprox.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 133120 e:\windows\system32\dllcache\extmgr.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 133120 e:\windows\system32\dllcache\extmgr.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 214528 e:\windows\system32\dllcache\dxtrans.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 214528 e:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 347136 e:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 347136 e:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-13 10:19 . 2008-06-20 11:40 138496 e:\windows\system32\dllcache\afd.sys
+ 2008-04-13 10:19 . 2008-08-14 10:04 138496 e:\windows\system32\dllcache\afd.sys
- 2008-04-13 17:13 . 2008-06-23 16:15 124928 e:\windows\system32\dllcache\advpack.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 124928 e:\windows\system32\dllcache\advpack.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 683520 e:\windows\system32\dllcache\advapi32.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 683520 e:\windows\system32\dllcache\advapi32.dll
+ 2008-04-13 17:13 . 2009-11-21 15:54 471552 e:\windows\system32\dllcache\aclayers.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 124928 e:\windows\system32\advpack.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 124928 e:\windows\system32\advpack.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 683520 e:\windows\system32\advapi32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 683520 e:\windows\system32\advapi32.dll
+ 2010-03-11 08:20 . 2010-03-11 08:20 429568 e:\windows\Installer\1269de.msi
+ 2010-03-11 08:19 . 2010-03-11 08:19 432640 e:\windows\Installer\1269d3.msi
+ 2009-03-20 10:48 . 2009-03-20 10:48 183808 e:\windows\Installer\1269c9.msp
+ 2010-03-11 08:20 . 2008-06-23 16:15 826368 e:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 233472 e:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 105984 e:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-03-11 08:20 . 2009-05-26 11:41 402296 e:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-03-11 08:20 . 2009-05-26 11:41 233848 e:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 102912 e:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 671232 e:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 193024 e:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 477696 e:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 459264 e:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-03-11 08:20 . 2008-06-23 09:22 625664 e:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 267776 e:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-03-11 08:20 . 2007-08-13 16:54 191488 e:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 384512 e:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 383488 e:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-03-11 08:20 . 2008-06-21 05:23 161792 e:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 230400 e:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 153088 e:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 133120 e:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 214528 e:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 347136 e:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 124928 e:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2010-03-11 08:15 . 2009-12-04 18:22 455424 e:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-04-13 17:13 . 2009-11-21 15:54 471552 e:\windows\AppPatch\aclayers.dll
+ 2010-03-11 08:14 . 2009-08-13 13:55 1748992 e:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-20 23:03 . 2009-07-20 23:03 1348432 e:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-30 15:42 . 2008-09-30 15:42 1286152 e:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-04-13 17:14 . 2008-06-10 06:07 2376760 e:\windows\system32\WMVCore.dll
+ 2008-04-13 17:13 . 2009-07-13 09:08 5537792 e:\windows\system32\wmp.dll
- 2008-04-13 17:13 . 2007-04-30 06:20 5537792 e:\windows\system32\wmp.dll
+ 2008-04-13 17:13 . 2008-06-10 05:28 1028096 e:\windows\system32\WMNetmgr.dll
+ 2008-04-13 16:50 . 2009-08-14 15:12 1850624 e:\windows\system32\win32k.sys
+ 2008-04-13 17:13 . 2010-01-05 09:53 1168384 e:\windows\system32\urlmon.dll
+ 2008-04-13 17:13 . 2008-06-17 19:01 8490496 e:\windows\system32\shell32.dll
+ 2008-04-13 17:13 . 2009-07-17 16:15 1439232 e:\windows\system32\query.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 1439232 e:\windows\system32\query.dll
+ 2008-04-13 17:13 . 2009-11-27 17:12 1296896 e:\windows\system32\quartz.dll
- 2008-04-13 16:54 . 2008-04-13 16:54 2148864 e:\windows\system32\ntoskrnl.exe
+ 2008-04-13 16:54 . 2009-12-09 10:07 2148864 e:\windows\system32\ntoskrnl.exe
- 2008-04-13 18:55 . 2008-04-13 17:25 2027520 e:\windows\system32\ntkrnlpa.exe
+ 2008-04-13 18:55 . 2009-12-09 10:07 2027520 e:\windows\system32\ntkrnlpa.exe
+ 2008-04-13 17:13 . 2009-07-31 09:02 1372672 e:\windows\system32\msxml6.dll
+ 2009-07-20 23:05 . 2009-07-20 23:05 1348432 e:\windows\system32\msxml4.dll
+ 2008-04-13 17:13 . 2009-07-31 04:32 1172480 e:\windows\system32\msxml3.dll
+ 2008-09-14 13:05 . 2009-06-10 08:19 2066432 e:\windows\system32\mstscax.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 3599360 e:\windows\system32\mshtml.dll
+ 2008-04-13 17:13 . 2009-03-21 14:06 1033728 e:\windows\system32\kernel32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 1033728 e:\windows\system32\kernel32.dll
+ 2007-08-13 16:54 . 2010-01-05 09:53 6067200 e:\windows\system32\ieframe.dll
+ 2007-02-12 14:10 . 2009-06-29 08:33 2452872 e:\windows\system32\ieapfltr.dat
+ 2008-04-13 17:14 . 2008-06-10 06:07 2376760 e:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-13 17:13 . 2009-07-13 09:08 5537792 e:\windows\system32\dllcache\wmp.dll
- 2008-04-13 17:13 . 2007-04-30 06:20 5537792 e:\windows\system32\dllcache\wmp.dll
+ 2008-04-13 17:13 . 2008-06-10 05:28 1028096 e:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-04-13 16:50 . 2009-08-14 15:12 1850624 e:\windows\system32\dllcache\win32k.sys
+ 2008-04-13 17:13 . 2010-01-05 09:53 1168384 e:\windows\system32\dllcache\urlmon.dll
+ 2008-04-13 17:13 . 2008-06-17 19:01 8490496 e:\windows\system32\dllcache\shell32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 1439232 e:\windows\system32\dllcache\query.dll
+ 2008-04-13 17:13 . 2009-07-17 16:15 1439232 e:\windows\system32\dllcache\query.dll
+ 2008-04-13 17:13 . 2009-11-27 17:12 1296896 e:\windows\system32\dllcache\quartz.dll
+ 2009-02-10 18:02 . 2009-12-09 10:07 2069760 e:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-04-13 17:13 . 2009-07-31 09:02 1372672 e:\windows\system32\dllcache\msxml6.dll
+ 2008-04-13 17:13 . 2009-07-31 04:32 1172480 e:\windows\system32\dllcache\msxml3.dll
+ 2009-06-10 08:19 . 2009-06-10 08:19 2066432 e:\windows\system32\dllcache\mstscax.dll
+ 2008-09-14 13:06 . 2009-07-10 13:26 1315328 e:\windows\system32\dllcache\msoe.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 3599360 e:\windows\system32\dllcache\mshtml.dll
+ 2008-09-14 13:07 . 2009-10-23 15:28 3558912 e:\windows\system32\dllcache\moviemk.exe
- 2008-09-14 13:07 . 2008-04-13 17:14 3558912 e:\windows\system32\dllcache\moviemk.exe
- 2008-04-13 17:13 . 2008-04-13 17:13 1033728 e:\windows\system32\dllcache\kernel32.dll
+ 2008-04-13 17:13 . 2009-03-21 14:06 1033728 e:\windows\system32\dllcache\kernel32.dll
+ 2008-09-15 20:40 . 2010-01-05 09:53 6067200 e:\windows\system32\dllcache\ieframe.dll
+ 2008-09-15 20:40 . 2009-06-29 08:33 2452872 e:\windows\system32\dllcache\ieapfltr.dat
+ 2010-03-11 08:20 . 2008-06-23 16:15 1159680 e:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-03-11 08:20 . 2008-06-24 08:15 3592192 e:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 6066176 e:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2010-03-11 08:20 . 2007-04-17 09:32 2455488 e:\windows\ie7updates\KB978207-IE7\ieapfltr.dat
+ 2010-03-11 08:11 . 2009-12-09 10:07 2192896 e:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-03-11 08:11 . 2009-12-09 10:07 2027520 e:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 18:02 . 2009-12-09 10:07 2069760 e:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-03-11 08:11 . 2009-12-09 10:07 2148864 e:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-09-15 20:39 . 2010-03-01 20:30 31648712 e:\windows\system32\MRT.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-14 8527872]
"nwiz"="nwiz.exe" [2008-09-14 1626112]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-14 81920]
"SMSERIAL"="e:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 634880]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-09 16854528]
"SynTPStart"="e:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QlbCtrl"="e:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UnlockerAssistant"="e:\programmi\Unlocker\UnlockerAssistant.exe" [2008-10-28 15872]
"WHITNEY_S2P"="e:\programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2005-02-15 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

e:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - e:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Microsoft Office.lnk - e:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-25 11:27 12464 ----a-w- e:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\WINDOWS\\system32\\LMabcoms.exe"=
"f:\\Programmi\\12-Voip\\{app}\\12Voip.exe"=
"f:\\Programmi\\eMule0.49b\\emule.exe"=
"e:\\WINDOWS\\system32\\mmc.exe"=
"f:\\Programmi\\uTorrent\\uTorrent.exe"=
"e:\programmi\Microsoft ActiveSync\rapimgr.exe"= e:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\programmi\Microsoft ActiveSync\wcescomm.exe"= e:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\programmi\Microsoft ActiveSync\WCESMgr.exe"= e:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\Programmi\\totalcmd750\\TOTALCMD.EXE"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Progetti_PDA\\PDALab\\_TCPFileTransfer\\FileTransfer\\Server\\bin\\Debug\\FileServer.exe"=
"f:\\Progetti_PDA\\PDALab\\_TCPFileTransfer\\FileTransfer\\Server\\bin\\Release\\FileServer.exe"=
"e:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"e:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"e:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2059:TCP"= 2059:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"7710:TCP"= 7710:TCP:Services

R0 pxscan;pxscan;e:\windows\system32\drivers\pxscan.sys [09/03/2010 23.19.46 30280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [25/02/2010 12.27.19 333192]
R1 AvgTdiX;AVG Free Network Redirector;e:\windows\system32\drivers\avgtdix.sys [25/02/2010 12.27.22 360584]
R1 VBoxDrv;VirtualBox Service;e:\windows\system32\drivers\VBoxDrv.sys [17/10/2008 12.48.36 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;e:\windows\system32\drivers\VBoxUSBMon.sys [17/10/2008 12.48.39 41616]
R2 Acceler8DB Server;Acceler8DB Server;e:\programmi\ASNA\ADB Engine 4.7\adbntsvc.exe [29/09/2008 13.04.37 501408]
R2 avg9emc;AVG Free E-mail Scanner;e:\programmi\AVG\AVG9\avgemc.exe [25/02/2010 12.27.01 906520]
R2 avg9wd;AVG Free WatchDog;e:\programmi\AVG\AVG9\avgwdsvc.exe [25/02/2010 12.26.58 285392]
R2 pxrts;pxrts;e:\windows\system32\drivers\pxrts.sys [09/03/2010 23.19.46 47664]
R3 pxkbf;pxkbf;e:\windows\system32\drivers\pxkbf.sys [09/03/2010 23.19.46 24496]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;e:\windows\system32\drivers\VBoxNetAdp.sys [13/04/2009 19.31.00 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;e:\windows\system32\drivers\VBoxNetFlt.sys [17/12/2009 15.02.34 110096]
S3 FreeOTFE;FreeOTFE;f:\programmi\FreeOTFE\x86\FreeOTFE.sys [17/12/2009 14.01.38 31856]
S3 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;f:\programmi\FreeOTFE\x86\FreeOTFECypherAES_ltc.sys [17/12/2009 14.01.38 47216]
S3 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;f:\programmi\FreeOTFE\x86\FreeOTFECypherBlowfish.sys [17/12/2009 14.01.38 25200]
S3 FreeOTFECypherCAST5;FreeOTFECypherCAST5;f:\programmi\FreeOTFE\x86\FreeOTFECypherCAST5.sys [17/12/2009 14.01.38 31088]
S3 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;f:\programmi\FreeOTFE\x86\FreeOTFECypherCAST6_Gladman.sys [17/12/2009 14.01.38 29808]
S3 FreeOTFECypherDES;FreeOTFECypherDES;f:\programmi\FreeOTFE\x86\FreeOTFECypherDES.sys [17/12/2009 14.01.38 56816]
S3 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;f:\programmi\FreeOTFE\x86\FreeOTFECypherMARS_Gladman.sys [17/12/2009 14.01.38 26480]
S3 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;f:\programmi\FreeOTFE\x86\FreeOTFECypherRC6_ltc.sys [17/12/2009 14.01.38 26096]
S3 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;f:\programmi\FreeOTFE\x86\FreeOTFECypherSerpent_Gladman.sys [17/12/2009 14.01.38 29168]
S3 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;f:\programmi\FreeOTFE\x86\FreeOTFECypherTwofish_ltc.sys [17/12/2009 14.01.38 31856]
S3 FreeOTFEHashMD;FreeOTFEHashMD;f:\programmi\FreeOTFE\x86\FreeOTFEHashMD.sys [17/12/2009 14.01.38 16880]
S3 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;f:\programmi\FreeOTFE\x86\FreeOTFEHashRIPEMD.sys [17/12/2009 14.01.38 32624]
S3 FreeOTFEHashSHA;FreeOTFEHashSHA;f:\programmi\FreeOTFE\x86\FreeOTFEHashSHA.sys [17/12/2009 14.01.38 26224]
S3 FreeOTFEHashTiger;FreeOTFEHashTiger;f:\programmi\FreeOTFE\x86\FreeOTFEHashTiger.sys [17/12/2009 14.01.38 22128]
S3 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;f:\programmi\FreeOTFE\x86\FreeOTFEHashWhirlpool.sys [17/12/2009 14.01.38 30704]
S3 kqemu;KQEMU virtualisation module for QEMU;e:\windows\system32\drivers\kqemu.sys [15/09/2008 19.30.35 123939]
S3 qcusbser;ACER USB Device for Legacy Serial Communication;e:\windows\system32\drivers\qcusbser.sys [08/01/2010 19.06.10 112672]
S3 VBoxUSB;VirtualBox USB;e:\windows\system32\drivers\VBoxUSB.sys [11/11/2009 21.14.56 32016]
S4 CSIScanner;CSIScanner;e:\programmi\Prevx\prevx.exe [09/03/2010 23.19.45 6259392]
S4 NDISKIO;NDISKIO;\??\e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\ndiskio.sys --> e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\ndiskio.sys [?]
S4 UnhookMBRS;UnhookMBRS;\??\e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\unhookmbrs.sys --> e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\unhookmbrs.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-11 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2010-03-11 21:18]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
TCP: {46B013CF-128D-45CA-A2D6-0B8E71F4A2D5} = 8.8.8.8,8.8.4.4
TCP: {8C779A80-D815-4F88-BC54-834B33B63913} = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-TDM-GCC - e:\mingw430\tdm-mingw-1.902.0-webdl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-11 16:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\ASNA\Shared\Security Provider*Wrong guess again!]
"<No Name>"="{2450E0A7-8BD3-4937-B823-E80C371897F8}"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(804)
e:\windows\system32\WININET.dll
e:\windows\system32\btmmhook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
e:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
e:\programmi\AVG\AVG9\avgchsvx.exe
e:\programmi\AVG\AVG9\avgrsx.exe
e:\programmi\AVG\AVG9\avgcsrvx.exe
e:\programmi\Java\jre6\bin\jqs.exe
e:\programmi\CDBurnerXP\NMSAccessU.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wdfmgr.exe
e:\programmi\AVG\AVG9\avgnsx.exe
e:\programmi\AVG\AVG9\avgcsrvx.exe
e:\windows\system32\wscntfy.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\windows\system32\RUNDLL32.EXE
e:\windows\RTHDCPL.EXE
e:\programmi\Microsoft ActiveSync\wcescomm.exe
e:\programmi\Synaptics\SynTP\SynTPEnh.exe
e:\progra~1\MICROS~4\rapimgr.exe
e:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-11 16:30:48 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-11 15:30
ComboFix2.txt 2010-03-10 13:01

Pre-Run: 17.799.393.280 byte disponibili
Post-Run: 17.783.799.808 byte disponibili

- - End Of File - - 07D8909F8DAA0BB378875235EE0AA52D


e Antimalware :

Malwarebytes' Anti-Malware 1.44
Database version: 3852
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/03/2010 17.45.00
mbam-log-2010-03-11 (17-43-52).txt

Scan type: Full Scan (E:\|F:\|)
Objects scanned: 299126
Time elapsed: 1 hour(s), 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\PenDrive\winPenPack\Bin\VideoLAN\plugins\libaout_directx_plugin.dll (Trojan.Downloader) -> No action taken.
F:\Programmi\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
F:\System Volume Information\_restore{28EBA877-B360-4FDD-92A7-441BE8730816}\RP1\A0001147.dll (Malware.Packer.Gen) -> No action taken.
F:\System Volume Information\_restore{28EBA877-B360-4FDD-92A7-441BE8730816}\RP1\A0001287.dll (Malware.Packer.Gen) -> No action taken.
F:\valide-0.4\share\gtksourceview-2.0\styles\$PLUGINSDIR\NSISdl.dll (Adware.AdRotator) -> No action taken.