Si blocca il pc all'avvio senza motivo - Problemi Informatici - Aiutamici Forum

Aiutamici Forum

Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » Computer & Internet » Problemi Informatici » Si blocca il pc all'avvio senza motivo

Si blocca il pc all'avvio senza motivo

Opzioni

Topic Precedente · Topic Sucessivo

nacho

Inviato: Thursday, December 16, 2010 1:28:20 AM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

ciao a tutti!sono un nuovo utente e vorrei chiedervi un aiuto!da stamattina il mio pc ha istallato degli aggiornamenti di windows xp automaticamente,infatti a mio risveglio ho trovato la scritta il pc e stato riavviato X Importanti aggiornamenti, poi ho semplicemente spento il pc e quando l ho riacceso piu tardi ho notato subito che andava piu lento e richiedeva un altro aggiornamento manuale che ho fatto fare.poi ha richiesto il riavvio e da qui appena il pc si accende non faccio in tempo a fare nessuna operazione perche qualsiasi icona clicco mi si blocca tutto subito!ho riavviato piu volte ma il problema rimane!sapete dirmi come fare per nn farlo bloccare???vi ringrazio per l aiuto!

Sponsor

Inviato: Thursday, December 16, 2010 1:28:20 AM

himaco

Inviato: Thursday, December 16, 2010 2:04:55 PM

Rank: AiutAmico

Iscritto dal : 12/7/2010
Posts: 269

Scarica ed installa Hijackthis: http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi
Compatibilità: Windows 98, 2000, Me, XP, Vista, Seven a 32 e 64 bit

● lancia Hijackthis
● clicca sul pulsante Do a system scan and save a logfile
● al termine della scansione, che durerà una manciata di secondi, verrà rilasciato un file di testo: allegalo

nacho

Inviato: Thursday, December 16, 2010 2:49:22 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

ciao,intanto grazie per la risp,ma come faccio a scaricare quel file se mi si blocca tutto appena il pc si avvia?non faccio in tempo ad aprire niente che si blocca.....grazie!

himaco

Inviato: Thursday, December 16, 2010 3:04:54 PM

Rank: AiutAmico

Iscritto dal : 12/7/2010
Posts: 269

Avvia il sistema in modalità provvisoria, cliccando sui seguenti link.
● modalità provvisoria in Windows XP: http://support.microsoft.com/kb/316434/it#3
● modalità provvisoria in Windows Vista e Seven: http://windowshelp.microsoft.com/Windows/it-IT/help/323ef48f-7b93-4079-a48a-5c58eec904a11040.mspx

nacho

Inviato: Thursday, December 16, 2010 4:13:12 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

ok la modalita provvisoria l ho messa,ma per il link non mi fa andare internet come faccio???grazie

wolfestein

Inviato: Thursday, December 16, 2010 4:34:38 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 16,004

Disinstalla i nuovi aggiornamenti e vedi se il pc riprende a funzionare regolarmente,oppure fai un ripristino di sistema ad una data prima degli aggiornamenti.

nacho

Inviato: Thursday, December 16, 2010 4:41:15 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

ok sno riuscito a installare il programma che mi hai detto e una volta ke mi ha fatto il file testo allegato cosa devo fare? grazie

wolfestein

Inviato: Thursday, December 16, 2010 10:52:53 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 16,004

nacho ha scritto:

ok sno riuscito a installare il programma che mi hai detto e una volta ke mi ha fatto il file testo allegato cosa devo fare? grazie

Postalo qui sotto.

nacho

Inviato: Thursday, December 16, 2010 11:48:25 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.49.01, on 16/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\File comuni\Java\Java Update\jucheck.exe
C:\Programmi\VideoLAN\VLC\vlc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Programmi\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Programmi\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\gprs.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{77341479-D16A-4C39-AB1F-5FBBB33BD2C3}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A97E14FD-FFB4-48A0-AF11-1EAB05C56BA5}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 8259 bytes

himaco

Inviato: Friday, December 17, 2010 2:09:12 PM

Rank: AiutAmico

Iscritto dal : 12/7/2010
Posts: 269

Ti credo che si blocca il PC all'avvio, hai decine di programmi in esecuzione automatica Anxious

Anxious

Rilancia Hijackthis:
● Do a System Scan Only
● spunta la casellina fianco di ogni singola voce che ti indicherò sotto
● una volta spuntate le voci:
● chiudi tutte le applicazioni aperte
● chiudi tutte le pagine del browser aperte
● in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Programmi\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\gprs.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu

Disinstalla:
Crawler Toolbar
SearchSettings
SpywareTerminator

Start esegui e digita:
sc delete Application Updater service

Start esegui e digita:
sc delete gupdate service

Start esegui e digita:
sc delete JavaQuickStarterService service

Poi:

Scarica Avira AntiVir Personal - Free Antivirus:
http://www.free-av.com/it/download/index.html
● installalo, seguendo pedissequamente questa semplice videoguida: http://www.free-av.com/it/pages/20/installazione_di_avira_antivir_personal__free_antivirus.html
● esegui una Scansione Completa del sistema
● allega il Report che verrà rilasciato al termine della scansione

nacho

Inviato: Friday, December 17, 2010 7:00:34 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

ok il tempo di fare tutto e posto qui quello che esce!ti ingrazio per l'aiuto intanto;)!!!!!!!!

nacho

Inviato: Friday, December 17, 2010 8:29:37 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

ciao senti la prima parte l'ho fatta tutta ma ora che sto scaricando l'antivirus dal link che mi hai dato prima mi ha fatti iscrivere alla newsteller di dowload.html e poi quando ho cliccato scarica mi dice che la pagina non esiste piu o e stata rimossa,come faccio ora?

nacho

Inviato: Friday, December 17, 2010 9:00:18 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

risolt

Angel

!devo solo installarlo ora,appena fatta la scansione la mettero qui;)!

nacho

Inviato: Friday, December 17, 2010 10:29:06 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

prima del report volevo farvi qualche domanda,come mai spyware terminator me lo hai fatto disinstallare?e meglio avira?avira fa la scansione giornaliera?e poi ho notato che pero non mi dice se ci sono dei siti dannosi quando vado su google mentre terminator lo faceva,lo fa anche avira?
ecco il report della scansione completa di avira:
Avira AntiVir Personal
Data del file di report: venerdì 17 dicembre 2010 22:01

Ricerca di 2263154 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.
I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - FREE Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : Z-F9B3BEEC9C584

Informazioni sulla versione:
BUILD.DAT : 10.0.0.48 31820 Bytes 01/09/2010 15:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 01/09/2010 13:22:02
AVSCAN.DLL : 10.0.3.0 54120 Bytes 01/09/2010 13:50:16
LUKE.DLL : 10.0.2.3 104296 Bytes 01/09/2010 13:22:12
LUKERES.DLL : 10.0.0.0 13160 Bytes 16/02/2010 09:15:20
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 20:08:59
VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 20:08:59
VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 20:08:59
VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 20:08:59
VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 20:08:59
VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 20:09:00
VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 20:09:00
VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 20:09:00
VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 20:09:00
VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 20:09:00
VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 20:09:00
VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 20:09:00
VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 20:09:01
VBASE014.VDF : 7.11.0.53 2048 Bytes 16/12/2010 20:09:01
VBASE015.VDF : 7.11.0.54 2048 Bytes 16/12/2010 20:09:01
VBASE016.VDF : 7.11.0.55 2048 Bytes 16/12/2010 20:09:01
VBASE017.VDF : 7.11.0.56 2048 Bytes 16/12/2010 20:09:01
VBASE018.VDF : 7.11.0.57 2048 Bytes 16/12/2010 20:09:01
VBASE019.VDF : 7.11.0.58 2048 Bytes 16/12/2010 20:09:01
VBASE020.VDF : 7.11.0.59 2048 Bytes 16/12/2010 20:09:01
VBASE021.VDF : 7.11.0.60 2048 Bytes 16/12/2010 20:09:01
VBASE022.VDF : 7.11.0.61 2048 Bytes 16/12/2010 20:09:01
VBASE023.VDF : 7.11.0.62 2048 Bytes 16/12/2010 20:09:02
VBASE024.VDF : 7.11.0.63 2048 Bytes 16/12/2010 20:09:02
VBASE025.VDF : 7.11.0.64 2048 Bytes 16/12/2010 20:09:02
VBASE026.VDF : 7.11.0.65 2048 Bytes 16/12/2010 20:09:02
VBASE027.VDF : 7.11.0.66 2048 Bytes 16/12/2010 20:09:02
VBASE028.VDF : 7.11.0.67 2048 Bytes 16/12/2010 20:09:02
VBASE029.VDF : 7.11.0.68 2048 Bytes 16/12/2010 20:09:02
VBASE030.VDF : 7.11.0.69 2048 Bytes 16/12/2010 20:09:02
VBASE031.VDF : 7.11.0.83 62976 Bytes 17/12/2010 20:09:02
Motore : 8.2.4.126
AEVDF.DLL : 8.1.2.1 106868 Bytes 01/09/2010 13:21:59
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 17/12/2010 20:09:18
AESCN.DLL : 8.1.7.2 127349 Bytes 17/12/2010 20:09:16
AESBX.DLL : 8.1.3.2 254324 Bytes 17/12/2010 20:09:19
AERDL.DLL : 8.1.9.2 635252 Bytes 17/12/2010 20:09:16
AEPACK.DLL : 8.2.4.5 512375 Bytes 17/12/2010 20:09:14
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 17/12/2010 20:09:13
AEHEUR.DLL : 8.1.2.57 3142008 Bytes 17/12/2010 20:09:12
AEHELP.DLL : 8.1.16.0 246136 Bytes 17/12/2010 20:09:06
AEGEN.DLL : 8.1.5.0 397685 Bytes 17/12/2010 20:09:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 17/12/2010 20:09:04
AECORE.DLL : 8.1.19.0 196984 Bytes 17/12/2010 20:09:04
AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2010 13:21:51
AVWINLL.DLL : 10.0.0.0 19304 Bytes 01/09/2010 13:22:03
AVPREF.DLL : 10.0.0.0 44904 Bytes 01/09/2010 13:22:02
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:28:11
AVREG.DLL : 10.0.3.2 53096 Bytes 01/09/2010 13:22:02
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 01/09/2010 13:22:02
AVARKT.DLL : 10.0.0.14 227176 Bytes 01/09/2010 13:22:00
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 01/09/2010 13:22:01
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:28:20
AVSMTP.DLL : 10.0.0.17 63848 Bytes 01/09/2010 13:22:02
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:28:20
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 12/02/2010 13:11:56
RCTEXT.DLL : 10.0.58.0 98664 Bytes 01/09/2010 13:22:22

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:,
Scansione dei programmi attivi..............: Attivo
Processo esteso di scansione................: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio

Avvio della scansione: venerdì 17 dicembre 2010 22:01

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTA] L'inserimento della registrazione non è visibile.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'avscan.exe' - '67' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '63' modulo(i) scansionato(i)
Scansione processo 'iexplore.exe' - '103' modulo(i) scansionato(i)
Scansione processo 'iexplore.exe' - '65' modulo(i) scansionato(i)
Scansione processo 'dllhost.exe' - '45' modulo(i) scansionato(i)
Scansione processo 'vssvc.exe' - '48' modulo(i) scansionato(i)
Scansione processo 'msdtc.exe' - '40' modulo(i) scansionato(i)
Scansione processo 'dllhost.exe' - '59' modulo(i) scansionato(i)
Scansione processo 'wuauclt.exe' - '36' modulo(i) scansionato(i)
Scansione processo 'alg.exe' - '33' modulo(i) scansionato(i)
Scansione processo 'ccc.exe' - '161' modulo(i) scansionato(i)
Scansione processo 'ctfmon.exe' - '25' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '50' modulo(i) scansionato(i)
Scansione processo 'MOM.EXE' - '50' modulo(i) scansionato(i)
Scansione processo 'WZCSLDR2.exe' - '43' modulo(i) scansionato(i)
Scansione processo 'AirGCFG.exe' - '42' modulo(i) scansionato(i)
Scansione processo 'jusched.exe' - '21' modulo(i) scansionato(i)
Scansione processo 'avshadow.exe' - '26' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '41' modulo(i) scansionato(i)
Scansione processo 'StartSkysolSvc.exe' - '14' modulo(i) scansionato(i)
Scansione processo 'BTNtService.exe' - '21' modulo(i) scansionato(i)
Scansione processo 'avguard.exe' - '54' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '34' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '45' modulo(i) scansionato(i)
Scansione processo 'Explorer.EXE' - '101' modulo(i) scansionato(i)
Scansione processo 'GoogleUpdate.exe' - '35' modulo(i) scansionato(i)
Scansione processo 'spoolsv.exe' - '56' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '38' modulo(i) scansionato(i)
Scansione processo 'Ati2evxx.exe' - '36' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '32' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '168' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '38' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '53' modulo(i) scansionato(i)
Scansione processo 'Ati2evxx.exe' - '33' modulo(i) scansionato(i)
Scansione processo 'lsass.exe' - '58' modulo(i) scansionato(i)
Scansione processo 'services.exe' - '36' modulo(i) scansionato(i)
Scansione processo 'winlogon.exe' - '73' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '12' modulo(i) scansionato(i)
Scansione processo 'smss.exe' - '2' modulo(i) scansionato(i)

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 443 file ).

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'

Fine della scansione: venerdì 17 dicembre 2010 22:29
Tempo impiegato: 28:38 Minuto(i)

La scansione è stata completamente eseguita.

4687 Directory scansionate
252491 I file sono stati scansionati
0 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
0 Impossibile scansionare i file
252491 File non infetti
2331 Archivi scansionati
0 Avvisi
0 Note
263692 Oggetti scansionati durante la scansione dei rootkit
1 Sono stati rilevati oggetti nascosti

nacho

Inviato: Monday, December 20, 2010 5:52:16 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

non risponde piu nessuno?????

himaco

Inviato: Monday, December 20, 2010 8:12:50 PM

Rank: AiutAmico

Iscritto dal : 12/7/2010
Posts: 269

Ciao Nacho, ti avevo perso di vista.
Ti chiedo umilmente perdono Pray

Pray

Avira è un AntiVirus con la protezione in Real Time ( Tempo Reale), dunque, se visiti siti infetti, esso li segnala prontamente, impedendo, la maggior parte dei casi, di entrare negli stessi.

Dato che è stato trovato un oggetto nascosto, proseguiamo con Combofix.

Scarica Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Nota:
● il programma devi scaricarlo preferibilmente con Internet Explorer

Posiziona Combofix sul Desktop ed esegui queste operazioni preliminari:
● disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

E' assolutamente necessario, se attivo:
● disattivare l'Antivirus in uso, dall'icona presente sulla traybar (accanto all'orologio di Windows)
● disattivare il Firewall eventualmente installato, dall'icona presente sulla traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un account con privilegi di Amministratore e segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta la installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi la scansione e la fase di creazione del log

Note - durante la scansione:
● verranno creati alcuni file sul Desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer, qualora già non ci fosse

Quando Combofix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)
● ricollega, fisicamente, il modem/router al Computer
● connettiti a Internet
● vai in Disco Locale C:, cerca il log dal nome combofix.txt ed allegalo

nacho

Inviato: Monday, December 20, 2010 10:25:47 PM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

ciao non ti preoccupare;)!ecco ho fatto tutto ora allego i risultati:

ComboFix 10-12-20.01 - xxx 20/12/2010 22.04.57.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2815.2567 [GMT 1:00]
Eseguito da: c:\documents and settings\xxx\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2010-11-20 al 2010-12-20 )))))))))))))))))))))))))))))))))))
.

2010-12-17 20:20 . 2010-12-17 21:28 -------- d-----w- c:\windows\system32\NtmsData
2010-12-17 20:13 . 2010-12-17 20:13 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\Avira
2010-12-17 20:06 . 2010-09-01 13:22 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-17 20:06 . 2010-09-01 13:22 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-17 20:06 . 2010-06-17 14:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-17 20:06 . 2010-06-17 14:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-17 20:06 . 2010-12-17 20:06 -------- d-----w- c:\programmi\Avira
2010-12-17 20:06 . 2010-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-12-16 15:39 . 2010-12-16 15:39 388096 ----a-r- c:\documents and settings\xxx\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-16 15:39 . 2010-12-16 15:39 -------- d-----w- c:\programmi\Trend Micro
2010-12-16 14:02 . 2010-12-16 18:08 -------- d-----w- c:\documents and settings\Administrator
2010-12-15 17:41 . 2010-12-15 17:41 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-23 13:30 . 2010-11-23 13:30 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-11-23 13:25 . 2010-11-23 13:25 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Temp
2010-11-23 13:24 . 2010-12-18 02:02 -------- d-----w- c:\programmi\Google
2010-11-23 13:24 . 2010-12-15 17:40 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Google
2010-11-23 13:18 . 2010-11-23 13:18 -------- d-----w- c:\programmi\File comuni\Java
2010-11-23 13:17 . 2010-11-12 15:34 73728 ----a-w- c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-04-20 16:43 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-04-25 19:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:21 . 2008-04-14 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2008-04-14 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2008-04-14 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2008-04-14 10:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2008-04-14 10:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2010-08-23 . 5DC6E15B3989AF66D09F39786FD7154E . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 5DC6E15B3989AF66D09F39786FD7154E . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . B01635393A2B490FE49B7F97A9E41071 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 10:00 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2010-11-06 . A31163076E0D5AED751B3253FA62FC44 . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . A31163076E0D5AED751B3253FA62FC44 . 5960704 . . [8.00.6001.23091] . . c:\windows\SoftwareDistribution\Download\a92d264c73bc44731c328a93b5107edc\SP3QFE\mshtml.dll
[-] 2010-11-06 . 4F82A743CF2FBAFE4A085EB073AD9173 . 5959168 . . [8.00.6001.18999] . . c:\windows\SoftwareDistribution\Download\a92d264c73bc44731c328a93b5107edc\SP3GDR\mshtml.dll
[-] 2010-11-06 . 4F82A743CF2FBAFE4A085EB073AD9173 . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\mshtml.dll
[-] 2010-11-06 . 4F82A743CF2FBAFE4A085EB073AD9173 . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-09-10 . 5735C175E0EF67A372374AAAED099DA0 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . B33D831E06B389528B0A97466DA59449 . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . A042F8C1299295D09424E858DFBE4808 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 1332791F84379AA928AD7C9BC41C1FEF . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-02-25 . E4DCB453532D5E7F9E3061671C4EF9DF . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-02-25 . 75EC978702E3F76FD42F3BE0F2CB3F02 . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll

[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-04-14 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2010-11-06 . DC9B370A01F1BCD9DB40C5010335AF59 . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . DC9B370A01F1BCD9DB40C5010335AF59 . 919552 . . [8.00.6001.23084] . . c:\windows\SoftwareDistribution\Download\a92d264c73bc44731c328a93b5107edc\SP3QFE\wininet.dll
[-] 2010-11-06 . C1118FF7E47EDB4B07E7B4B2B69B6A89 . 916480 . . [8.00.6001.18992] . . c:\windows\SoftwareDistribution\Download\a92d264c73bc44731c328a93b5107edc\SP3GDR\wininet.dll
[-] 2010-11-06 . C1118FF7E47EDB4B07E7B4B2B69B6A89 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\wininet.dll
[-] 2010-11-06 . C1118FF7E47EDB4B07E7B4B2B69B6A89 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-09-10 . B0CB9761B8E29FA3B5A76308A1450539 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 939FD4412E1EE25C91BD95562CFF1912 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 3FD601CE35491BD7AFF335B3D1C75884 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 7274EB34AEBFDA1DC9B3032F5E62F8D0 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-02-25 . D6E45D204E4FB316D529D3837D3883A0 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-02-25 . 188C0BB5DD640C6F711FA0C4295CF0CE . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2010-07-16 . 73E284809F5B963374DB8FFAF39AD824 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 73E284809F5B963374DB8FFAF39AD824 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 705E8550BA69B3A8828E8836CF647AF4 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EC73FF04C4700137413C48DAE1F7756A . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll

[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-14 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 07:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2010-09-18 07:18 . A656C2591548FF037C61BADF969D88D0 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . B4E33B4CC916871D83C276CA29AFDD55 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . B4E33B4CC916871D83C276CA29AFDD55 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 10:00 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2009-01-30 18:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
[-] 2009-01-30 18:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2008-04-14 10:00 . C5B8FF892ECDBE965E1E3F47013E7917 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2005-01-28 06:53 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 06:53 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2010-04-28 . E24DAC79581355DC65A3637DD88EE635 . 2070656 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . CB7CEC44C39B622E1B23214B60C7789E . 2070528 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-04-28 . CB7CEC44C39B622E1B23214B60C7789E . 2070528 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-04-28 . CB7CEC44C39B622E1B23214B60C7789E . 2070528 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-17 . EAB8C02BE368E4E30F5DECBA0AECDA9B . 2067456 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\a478c999ffaa92413b40024df6f1aad9\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . 60C3FBEE51DFCE102C8ED9507BC7001B . 2062080 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\a478c999ffaa92413b40024df6f1aad9\SP2GDR\ntkrnlpa.exe
[-] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\a478c999ffaa92413b40024df6f1aad9\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\a478c999ffaa92413b40024df6f1aad9\SP3QFE\ntkrnlpa.exe
[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-14 10:00 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 10:00 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2008-04-14 10:00 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 10:00 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2010-04-28 . EFC64EB67A642F8B7190AC5BAB1B403C . 2193664 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-04-28 . EFC64EB67A642F8B7190AC5BAB1B403C . 2193664 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-28 . EFC64EB67A642F8B7190AC5BAB1B403C . 2193664 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-28 . 52219984EC19C4066F15EED46E3ACA55 . 2193792 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\a478c999ffaa92413b40024df6f1aad9\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . AC8D84A613D3FB2952B58D329AD4DC78 . 2185088 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\a478c999ffaa92413b40024df6f1aad9\SP2GDR\ntoskrnl.exe
[-] 2010-02-16 . BBBEA4BEF0F730C9DFB2F5F8F4BEE2C3 . 2190592 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\a478c999ffaa92413b40024df6f1aad9\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\a478c999ffaa92413b40024df6f1aad9\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
[-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

[-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
[-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 09:49 49152 ----a-w- c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-09-01 13:22 281768 ----a-w- c:\programmi\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless G DWA-110]
2008-06-23 12:19 1675264 ----a-w- c:\programmi\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"Start BT in service"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"LanmanServer"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"ANIWZCSdService"=2 (0x2)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\xxx\\Desktop\\utorrent-2.0.2.20165.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1866:TCP"= 1866:TCP:eMule_TCP
"1876:UDP"= 1876:UDP:eMule_UDP

R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [14/06/2010 4.22.53 47056]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [04/05/2010 17.18.25 618112]
S4 Start BT in service;Start BT in service;c:\programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27/12/2007 14.39.20 51816]
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-23 13:24]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-23 13:24]

2010-11-15 c:\windows\Tasks\videopadShakeIcon.job
- c:\programmi\NCH Software\VideoPad\videopad.exe [2010-11-12 19:43]

2010-12-14 c:\windows\Tasks\wavepadShakeIcon.job
- c:\programmi\NCH Swift Sound\WavePad\wavepad.exe [2010-04-26 09:12]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://search.myheritage.com
TCP: {77341479-D16A-4C39-AB1F-5FBBB33BD2C3} = 192.168.1.1
TCP: {A97E14FD-FFB4-48A0-AF11-1EAB05C56BA5} = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-avast5 - c:\programmi\Alwil Software\Avast5\avastUI.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 22:09
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1424)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-12-20 22:14:43
ComboFix-quarantined-files.txt 2010-12-20 21:14

Pre-Run: 17.061.662.720 byte disponibili
Post-Run: 17.208.254.464 byte disponibili

- - End Of File - - EE4054F9E878B46D6B679EEDD481C21B

Ora cosa devo fare:)????ti ringrazio!

himaco

Inviato: Tuesday, December 21, 2010 1:56:22 PM

Rank: AiutAmico

Iscritto dal : 12/7/2010
Posts: 269

Ciao.
Hai un fine di sistema infetto. Si deve procedere alla sostituzione del file:
Accedi al sistema in modalità provvisoria
Inserisci il CD di Windows XP nell'unità CD-ROM
clicca sul pulsante Start
clicca su Esegui, e digita:
expand X:\i386\regedit.exe_ c:\windows\regedit.exe

N.B.- LA X e' l'unita' cd dove inserirai il cd di windows....quindi se lo metti in D dovrai scrivere D al posto della X e cosi' via

conferma l'operazione

Riavvia il pc

All'accensione controlla se hai il file regedit.exe nella cartella C:/Windows

nacho

Inviato: Thursday, December 23, 2010 5:21:50 AM

Rank: AiutAmico

Iscritto dal : 12/16/2010
Posts: 111

a ok allora provo a fare come hai detto,senti himaco hai msn????mi manderesti la tua mail per pv?perche sotto le feste sono un po impegnato almeno li possiamo parlare piu velocemente:)!

Utenti presenti in questo topic

Aiutamici Forum » Computer & Internet » Problemi Informatici » Si blocca il pc all'avvio senza motivo

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded