Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Pc lento e SmartShopper-shdocvw.dll Opzioni
skyb
Inviato: Sunday, March 01, 2009 12:56:17 PM
Rank: AiutAmico

Iscritto dal : 3/4/2003
Posts: 37
Ciao a tutti,dal risultato di hijackthis, ci sono queste due voci: O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\System32\shdocvw.dll --che non riesco ad eliminare in nessun modo. Quando posto il log su internet per il controllo, accanto a quelle voci ci sono due punti interrogativi.Quel file su sistem32 a cosa serve?Non so se bisognerebbe eliminarlo manualmente, ma non vorrei compromettere la funzionalità del pc. Poi le mie pagine internet si aprono lentamente. Ho fatto scansioni (anche in modalità provvisoria)sia con spybot che con adaware, ma non mi risulta niente, solo che il pc è lentissimo pur ripulendolo sempre con ccleaner e trash.it. Posto qui il mio log, se gentilmente qualcuno può aiutarmi. Grazie mille.

Logfile of HijackThis v1.99.1
Scan saved at 12.35.46, on 01/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\utente\Documenti\tool-rimozione trojan-25-8-06\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Programmi\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Programmi\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096407976549
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

Sponsor
Inviato: Sunday, March 01, 2009 12:56:17 PM

 
antonpaco
Inviato: Sunday, March 01, 2009 12:59:04 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
fai una scansione con malwarebytes, lo scarichi da www.malwarebytes.org
r16
Inviato: Sunday, March 01, 2009 1:55:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Quelle dll (shdocvw.dll ) lasciale dove si trovano.
Sono librerie dinamiche che fanno parte del S.O.
E sono legittime.
Fai la scasione consigliata da antonpaco, e posta il log.
Aggiorna HJT, hai una versione piuttosto vecchiotta.
http://www.aiutamici.com/software?ID=11175
skyb
Inviato: Sunday, March 01, 2009 3:45:08 PM
Rank: AiutAmico

Iscritto dal : 3/4/2003
Posts: 37

Ciao antopaco e R16 vi ringrazio molto, sto facendo una scansione con malwarebytes e già vedo 1 elemento infetto,ci vuole un po' di tempo, comunque mi sono scaricata anche la nuova versione di HJT e l'antivirus Clamwin..vediamo che succede, spero di risolvere e vi farò sapere appena potrò. Grazie infinite dei consigli, a presto.;o)
r16
Inviato: Sunday, March 01, 2009 3:55:45 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
skyb ha scritto:

comunque mi sono scaricata anche la nuova versione di HJT e l'antivirus Clamwin..vediamo che succede, spero di risolvere e vi farò sapere appena potrò. Grazie infinite dei consigli, a presto.;o)

Attenzione però skyb , non devi disistallare Avira, in quanto Clamwin non dispone della protezione "in tempo reale".
I due software, dovrebbero (uso il condizionale) andare d'accordo.
skyb
Inviato: Sunday, March 01, 2009 4:18:19 PM
Rank: AiutAmico

Iscritto dal : 3/4/2003
Posts: 37
no non lo disinstallo avira, grazie ;o) speriamo che non vadano in confitto...con la scansione di malwarebytes i file infetti sono già arrivati a 2. Comunque grazie di avermi dato queste dritte, qui mi sono sempre trovata benissimo, aiutamici mi ha insegnato tanto anzi tutto,..però ancora debbo imparare eh!sono autodidatta ;o)
skyb
Inviato: Monday, March 02, 2009 11:47:31 AM
Rank: AiutAmico

Iscritto dal : 3/4/2003
Posts: 37
Ciao, ecco il risultato della scansione, quando apro internet comunque ci vuole sempre parecchio tempo.

Malwarebytes' Anti-Malware 1.34
Versione del database: 1813
Windows 5.1.2600 Service Pack 2

01/03/2009 17.02.40
mbam-log-2009-03-01 (17-02-32).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 354186
Tempo trascorso: 3 hour(s), 1 minute(s), 49 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{A9778A7F-6719-4BF4-A886-7A34AB25BF1E}\RP129\A0055755.dll (Adware.Shoper) -> No action taken.
C:\Setup.exe (Trojan.Agent) -> No action taken.

r16
Inviato: Monday, March 02, 2009 12:46:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao skyb .
Elimina quello che ha trovato Malwarebytes.
Disattiva il ripristino configurazione di sistema.
Riavvia il pc.
Fai una scansione con Combofix:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)
skyb
Inviato: Monday, March 02, 2009 4:49:21 PM
Rank: AiutAmico

Iscritto dal : 3/4/2003
Posts: 37
Ciao, ho scaricato combofix e fatto la scansione, come mi avevi detto, ho disattivato il ripristino configurazione, poi prima di connettermi a internet sono andata a riattivarlo, ma si era già attivato da solo come è possibile? mah! Comunque ti copio il log (è piuttosto lungo) e ti ringrazio ;o)

ComboFix 09-03-01.01 - utente 2009-03-02 15.41.03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.447.114 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\buZZP3lic.dll
c:\windows\patch.exe
c:\windows\system32\CMMGR32.EXE

.
((((((((((((((((((((((((( Files Creati Da 2009-02-02 al 2009-03-02 )))))))))))))))))))))))))))))))))))
.

2009-03-01 17:11 . 2009-03-01 17:11 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\.clamwin
2009-03-01 17:10 . 2009-03-01 17:10 <DIR> d-------- c:\programmi\ClamWin
2009-03-01 17:10 . 2009-03-01 17:10 <DIR> d-------- c:\documents and settings\All Users\.clamwin
2009-03-01 15:32 . 2009-03-01 15:33 <DIR> d-------- C:\Antivirus-Clamwin
2009-03-01 15:17 . 2009-03-01 15:17 <DIR> d-------- c:\programmi\Trend Micro
2009-03-01 13:53 . 2009-03-01 13:53 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Malwarebytes
2009-03-01 13:53 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 13:53 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 13:52 . 2009-03-01 13:53 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-03-01 13:52 . 2009-03-01 13:52 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-02-26 09:24 . 2009-01-09 20:18 1,089,891 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-13 18:50 . 2009-02-13 18:50 <DIR> d-------- c:\windows\SQLTools9_KB960089_ENU
2009-02-13 18:44 . 2009-02-13 18:44 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-13 18:41 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-13 18:40 . 2009-02-13 18:40 <DIR> d-------- c:\windows\system32\it-IT
2009-02-13 18:20 . 2009-02-13 18:40 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-13 18:19 . 2009-02-13 18:19 <DIR> d-------- c:\programmi\Reference Assemblies
2009-02-13 18:19 . 2009-02-13 18:19 <DIR> d-------- c:\programmi\MSBuild
2009-02-13 18:18 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-13 18:18 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-13 18:18 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-13 18:17 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-13 18:17 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-13 18:17 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-13 18:17 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-10 23:21 . 2009-02-10 23:21 <DIR> d-------- c:\programmi\Cornera
2009-02-10 22:01 . 2009-02-10 22:01 <DIR> d-------- c:\programmi\Auslogics
2009-02-10 22:01 . 2009-02-10 22:01 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Auslogics
2009-02-02 00:58 . 2009-02-02 00:58 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\iSpring Solutions
2009-02-02 00:56 . 2009-02-02 00:56 <DIR> d-------- c:\programmi\File comuni\iSpring Solutions
2009-02-02 00:54 . 2009-02-02 00:54 <DIR> d-------- c:\programmi\iSpring

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 17:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-28 15:28 --------- d-----w c:\programmi\Trash it!
2009-02-28 09:44 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-02-27 11:17 --------- d-----w c:\documents and settings\utente\Dati applicazioni\GlarySoft
2009-02-27 09:06 110,992 ----a-w c:\windows\system32\drivers\cmdGuard.sys
2009-02-20 11:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\comodo
2009-02-20 11:48 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-15 18:10 --------- d-----w c:\programmi\SUPERAntiSpyware
2009-02-13 17:51 --------- d-----w c:\programmi\Microsoft SQL Server
2009-02-10 12:22 --------- d-----w c:\programmi\IncrediMail
2009-02-03 12:48 --------- d-----w c:\programmi\Active GIF Creator 2.20
2009-01-30 08:39 --------- dc-h--w c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-30 08:39 --------- d-----w c:\programmi\Lavasoft
2009-01-30 08:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-01-30 08:09 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-01-29 13:31 --------- d-----w c:\programmi\vanBasco's Karaoke Player
2009-01-21 15:10 --------- d-----w c:\programmi\AdSpyTerminator
2009-01-19 07:02 --------- d-----w c:\programmi\IrfanView
2009-01-18 22:33 --------- d-----w c:\documents and settings\utente\Dati applicazioni\XnView
2009-01-13 22:38 --------- d-----w c:\programmi\PandoBar
2009-01-13 22:30 --------- d-----w c:\programmi\Pando Networks
2009-01-09 23:40 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-09 22:16 --------- d-----w c:\programmi\SpywareBlaster
2009-01-09 16:59 --------- d-----w c:\programmi\Panda Security
2008-05-25 17:28 88 --sh--r c:\windows\system32\69097C0595.sys
2008-10-03 22:57 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2001-08-31 11:00 12800 e65c61da8f552c16be0c62320f256882 c:\windows\$NtServicePackUninstall$\svchost.exe
2004-08-19 23:39 14336 73955b04f209d8a1c633867841267a96 c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 03:14 14336 bb8363abec09aa2f9b363484e282117c c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\svchost.exe
2004-08-19 23:39 14336 73955b04f209d8a1c633867841267a96 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\svchost.exe
2008-04-14 03:14 14336 bb8363abec09aa2f9b363484e282117c c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\svchost.exe
2004-08-19 23:39 14336 73955b04f209d8a1c633867841267a96 c:\windows\system32\svchost.exe

2006-05-19 13:14 70656 aa75e107f996953b6db2401c0623ad6e c:\windows\$NtServicePackUninstall$\ws2_32.dll
2001-08-31 11:00 75264 a5154f8aa329bb35e0886bd5ddc410da c:\windows\$NtUninstallKB914388_0$\ws2_32.dll
2004-08-19 23:39 82944 12ead983c875ed9bcc8b90e3f77f2e4a c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 03:13 82432 d34f635ff28f2aabedc95bfeb891864c c:\windows\SoftwareDistribution\Download\b3cfb97e10db67e93369e800e0eaecd8\ws2_32.dll
2008-04-14 03:13 82432 d34f635ff28f2aabedc95bfeb891864c c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\ws2_32.dll
2004-08-19 23:39 82944 12ead983c875ed9bcc8b90e3f77f2e4a c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\ws2_32.dll
2008-04-14 03:13 82432 d34f635ff28f2aabedc95bfeb891864c c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\ws2_32.dll
2004-08-19 23:39 82944 12ead983c875ed9bcc8b90e3f77f2e4a c:\windows\system32\ws2_32.dll
2004-08-19 23:39 82944 12ead983c875ed9bcc8b90e3f77f2e4a c:\windows\system32\dllcache\ws2_32.dll

2006-06-23 12:25 667136 e189791bf401b57e3b4f6da28082ec82 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 09:36 667136 e7e30349db0e0e2203df5a4dd651db85 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 16:34 667136 2cde29a401b990086fc91969d3c6b66a c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-01-04 15:00 667648 b05b2f108d1443944234af75ef70ece0 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-02-19 16:22 668160 d27c33040d66640d5269fa94a61cbd3a c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 13:46 668160 0d15c2342bece77b21b71d229464abf2 c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 15:39 668160 7ee33e13ec9b5edc0d0cf8865c529243 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 13:56 668160 2385e8caf1ed885caf1f480e3ab0eb05 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 07:11 668672 fded5964ccfcfa72f70ccfcc8c29bbbb c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 01:45 668672 20bfcc8fb33f90d14eaf57e58101918f c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 10:31 668672 3cbcb268e9dcf7ac46b66559b3d7af97 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 07:56 669184 7b396e0ff5f8b3f92ac93f2ae10a022b c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 07:43 668672 2ce6e1ef74fa3f3d48dfd5278cddb9b6 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 07:24 669184 a1cb36f94f11db02626c207469fc1571 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 17:12 669696 8f7a6b013fafbe0d61db6b589cc70db7 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 16:09 668672 47b9fa081a4cf13ca8ac8e1a7889e11e c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 15:55 669184 4010cedc2cbb7f1d48b77feb18eb38e2 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-08-20 06:32 670208 611d4088dba8f9c2db347ce179fe37bf c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
2008-08-20 06:08 668672 dc9d7b7008145044050f54f0c48b3035 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
2008-08-20 06:06 669184 c591b4d1e8a6bf8a376dcac74581ad3d c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
2008-10-16 11:22 670208 83bb1a4e231572574f0ef097c3b83bba c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
2008-10-16 02:00 668672 98cb139f777b4a3101db3642bfffeb23 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
2008-10-16 02:03 669696 bf40401a6e416e9e1cb9ddaec7c319d4 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
2006-04-28 14:09 579584 edd1fc30b491a819c29cfb6456fbc8c5 c:\windows\$NtServicePackUninstall$\wininet.dll
2002-09-09 12:51 601600 dbae94eebe605ef96bdf0e73c260680e c:\windows\$NtUninstallKB834707-IE6SP1-20040929.091901$\wininet.dll
2004-08-23 19:35 592384 ba5624476e86236ab8dff41762280d9e c:\windows\$NtUninstallKB867282-IE6SP1-20050127.163319$\wininet.dll
2005-02-18 16:36 595456 afda30227f941121e26218a8f4ac2916 c:\windows\$NtUninstallKB883939-IE6SP1-20050428.125228$\wininet.dll
2004-12-07 19:18 593408 d4dbd31aac7e2993541bc7747cb11050 c:\windows\$NtUninstallKB890923-IE6SP1-20050225.103456$\wininet.dll
2005-04-27 15:43 579072 4de7b7fcc3648d70df70fbbd76e072cc c:\windows\$NtUninstallKB896688-IE6SP1-20051004.130236$\wininet.dll
2005-06-17 23:26 579072 d30e1dac53d5ba62fd6eed32cb5e0849 c:\windows\$NtUninstallKB905915-IE6SP1-20051122.175908$\wininet.dll
2005-10-21 16:50 579584 185c383d71939f0df822083ebe4b0b22 c:\windows\$NtUninstallKB912812-IE6SP1-20060322.182418$\wininet.dll
2006-02-24 14:22 579584 3ace8f564af050f52998106a75dd4e5d c:\windows\$NtUninstallKB916281-IE6SP1-20060526.162249$\wininet.dll
2004-08-19 23:39 658944 27966534a0820cd3bd988bd1517c8ff2 c:\windows\$NtUninstallKB918899$\wininet.dll
2006-06-23 12:10 661504 ec8d1299c1fe0094afb125a9d89fe635 c:\windows\$NtUninstallKB922760$\wininet.dll
2006-09-14 09:38 661504 d1eca43c392b30527b16971b385c665f c:\windows\$NtUninstallKB925454$\wininet.dll
2006-10-23 16:18 661504 db61007ade457193785e3d886381a994 c:\windows\$NtUninstallKB928090$\wininet.dll
2007-01-04 14:41 661504 b70113f6df442618c4876fbe1c50e4c0 c:\windows\$NtUninstallKB931768$\wininet.dll
2007-02-19 16:03 661504 880c92fab7059f452a990e6afc19cc19 c:\windows\$NtUninstallKB933566$\wininet.dll
2007-04-18 13:32 661504 ed579cfba3c767028d300fe5de95458b c:\windows\$NtUninstallKB937143$\wininet.dll
2007-06-26 15:09 661504 794d068d643151e88ca28e780519cd70 c:\windows\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:12 661504 c82a1185becd4b075e86e3c3b22e762c c:\windows\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:12 662016 cc4b88c2a9b3b458281c099cbc186dba c:\windows\$NtUninstallKB944533$\wininet.dll
2007-12-07 02:06 662016 a00ea19301855e5b844efba84b21860b c:\windows\$NtUninstallKB947864$\wininet.dll
2008-02-16 10:01 662016 0b53b6830e676391968768a29acdf91f c:\windows\$NtUninstallKB950759$\wininet.dll
2008-04-21 08:01 662016 91f5a5b21e0b8c079ed64d2ca69a46e4 c:\windows\$NtUninstallKB953838$\wininet.dll
2008-06-23 16:38 662016 1b07524e3da78ebc8fdf9c6f24f59e6a c:\windows\$NtUninstallKB956390$\wininet.dll
2008-08-20 06:35 662016 6dd8fb1de81a6bcf61ee213b033f1861 c:\windows\$NtUninstallKB958215$\wininet.dll
2004-08-19 23:39 658944 27966534a0820cd3bd988bd1517c8ff2 c:\windows\ServicePackFiles\i386\wininet.dll
2005-10-21 16:50 579584 185c383d71939f0df822083ebe4b0b22 c:\windows\SoftwareDistribution\Download\09c374e160ce3bef313198be08789e74\rtmgdr\wininet.dll
2005-10-22 00:38 590848 bd18fe9f2f0c8137a3658d79c55e1eb3 c:\windows\SoftwareDistribution\Download\09c374e160ce3bef313198be08789e74\RTMQFE\wininet.dll
2008-04-14 03:13 668672 663e74d98d2e67c1343d367388edd711 c:\windows\SoftwareDistribution\Download\b3cfb97e10db67e93369e800e0eaecd8\wininet.dll
2008-04-14 03:13 668672 663e74d98d2e67c1343d367388edd711 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\wininet.dll
2006-10-23 16:18 661504 db61007ade457193785e3d886381a994 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\wininet.dll
2008-04-14 03:13 668672 663e74d98d2e67c1343d367388edd711 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\wininet.dll
2008-10-16 11:37 662016 e746691a67c9349ffff1bef192fee628 c:\windows\system32\wininet.dll
2008-10-16 11:37 662016 e746691a67c9349ffff1bef192fee628 c:\windows\system32\dllcache\wininet.dll

2005-05-25 20:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
2005-05-25 20:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-04-20 12:38 340480 b8158e2a6112c0a5ca67bc158fc70218 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
2002-08-29 00:58 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys
2005-05-25 20:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys
2005-05-25 20:41 339968 228b0385bbfca24332fa22db45a8b684 c:\windows\$NtUninstallKB913446_0$\tcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-01-13 02:13 340480 8c101c9c566e2384af28ef7c1de4a36e c:\windows\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys

2004-06-17 18:41 485888 e5d3fd82e4263deabc8d10a6c1109b77 c:\windows\$NtServicePackUninstall$\winlogon.exe
2002-09-09 12:51 519168 850d073f0dd849dce1aaafc8bbd5ef1e c:\windows\$NtUninstallKB840987$\winlogon.exe
2004-08-19 23:39 504832 4166454e2bcfcc20d1b8a5ac9feab243 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 03:14 510464 9259170d29b5a256735fcb8b80280857 c:\windows\SoftwareDistribution\Download\b3cfb97e10db67e93369e800e0eaecd8\winlogon.exe
2008-04-14 03:14 510464 9259170d29b5a256735fcb8b80280857 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\winlogon.exe
2004-08-19 23:39 504832 4166454e2bcfcc20d1b8a5ac9feab243 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\winlogon.exe
2008-04-14 03:14 510464 9259170d29b5a256735fcb8b80280857 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\winlogon.exe
2004-08-19 23:39 504832 4166454e2bcfcc20d1b8a5ac9feab243 c:\windows\system32\winlogon.exe

2002-08-29 01:09 167552 3b350e5a2a5e951453f3993275a4523a c:\windows\$NtServicePackUninstall$\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\ip6fw.sys
2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\ip6fw.sys
2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2005-03-02 19:06 2060544 8f485cf9683f1220ba27d10281052fce c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
2005-03-02 19:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 19:44 2063104 0943f29440085d86a1b9b9c2356b45b4 c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 17:06 2063104 f89d8e24fbe047506d60b850d00bdee3 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-08-14 14:37 2066688 b3d66020c1667d33c3429869b191bb13 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 18:25 2069760 c812d8551fd3b6acdbf7eb6b18b1b992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2005-03-02 19:16 1959424 1f88b507c68a0960ce354e07758dbc30 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2002-09-09 13:05 1951488 bef043d997d522c12ad79e7bf7b60d6b c:\windows\$NtUninstallKB840987$\ntkrnlpa.exe
2004-06-17 18:42 1958272 7db86dd9e59f915ea8905e23ff753594 c:\windows\$NtUninstallKB885835_0$\ntkrnlpa.exe
2004-08-19 23:34 2060544 4dc3a3626b02c39aa69aae6f64bfbc2d c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
2004-10-28 02:26 1959424 1f8b8c388fc0b31787253ae91fba921e c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe
2005-03-02 19:06 2060544 8f485cf9683f1220ba27d10281052fce c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 19:22 2061312 7373bd87175412862cf9e534c6aa5ec9 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 17:02 2061312 49baea1d9379df8cd897aff9f49bc9de c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 14:42 2061440 4220d4263c7d56a5c2ef425c36eeb8a7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2004-08-19 23:34 2060544 4dc3a3626b02c39aa69aae6f64bfbc2d c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 02:54 2069632 5e95f445b70adcf8876d1203852262a1 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\ntkrnlpa.exe
2005-03-02 19:06 2060544 8f485cf9683f1220ba27d10281052fce c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\ntkrnlpa.exe
2008-04-14 02:54 2069632 5e95f445b70adcf8876d1203852262a1 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\ntkrnlpa.exe
2008-08-14 14:42 2061440 4220d4263c7d56a5c2ef425c36eeb8a7 c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:42 2061440 4220d4263c7d56a5c2ef425c36eeb8a7 c:\windows\system32\dllcache\ntkrnlpa.exe

2005-03-02 19:07 2183040 84e6643db22c06128576afbf89dfee70 c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
2005-03-02 19:12 2183296 c120a33c71e706545cf26d6276bc0344 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 19:44 2185728 ecb771f4cc4b5cd2b19b294fbd56f75d c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 17:06 2185856 763ea08993b467a3af048ef185b1f805 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 14:37 2189696 943548e50ab0443f1b1ec5f2c2867fcd c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 18:25 2192896 0ee73494680235d59f4e57301d7ad580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2005-03-02 19:16 2044416 91f3c6a4a0f52ad621f45498e633f8fa c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2002-09-09 12:34 2045824 5c9903714483776b7764f2622961fa27 c:\windows\$NtUninstallKB840987$\ntoskrnl.exe
2004-06-17 18:43 2055168 8f4a4fe4b1b43ecca20f4b319d5e40bd c:\windows\$NtUninstallKB885835_0$\ntoskrnl.exe
2004-08-19 23:34 2184704 4591cf1f202181113de2996e79a2905a c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
2004-10-28 02:26 2092032 6cfb1404b7506c51dd8dc71a36482220 c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe
2005-03-02 19:07 2183040 84e6643db22c06128576afbf89dfee70 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 19:22 2184064 b33a2a0e76d3a2faa044b197e345458c c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 17:02 2184064 5ec517cc0865808df80d2184b0131d27 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 14:42 2184064 da01088ad01bf30a0aebb62f99e04bc7 c:\windows\Driver Cache\i386\ntoskrnl.exe
2004-08-19 23:34 2184704 4591cf1f202181113de2996e79a2905a c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 02:55 2192768 7d804c28404e94f57967de3394201d55 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\ntoskrnl.exe
2005-03-02 19:07 2183040 84e6643db22c06128576afbf89dfee70 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\ntoskrnl.exe
2008-04-14 02:55 2192768 7d804c28404e94f57967de3394201d55 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\ntoskrnl.exe
2008-08-14 14:42 2184064 da01088ad01bf30a0aebb62f99e04bc7 c:\windows\system32\ntoskrnl.exe
2008-08-14 14:42 2184064 da01088ad01bf30a0aebb62f99e04bc7 c:\windows\system32\dllcache\ntoskrnl.exe

2001-08-31 11:00 101888 47d6b593dbc04c586afe1078118dcfc0 c:\windows\$NtServicePackUninstall$\services.exe
2004-08-19 23:39 108544 e77f6fa2a15390f1727f4c1c55b69da6 c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 03:14 109056 dac0440c89b1ea4e35684896d5bf856e c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\services.exe
2004-08-19 23:39 108544 e77f6fa2a15390f1727f4c1c55b69da6 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\services.exe
2008-04-14 03:14 109056 dac0440c89b1ea4e35684896d5bf856e c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\services.exe
2004-08-19 23:39 108544 e77f6fa2a15390f1727f4c1c55b69da6 c:\windows\system32\services.exe

2002-09-09 12:51 11776 8ce9cc46e4dfb438069707d5d453e3ac c:\windows\$NtServicePackUninstall$\lsass.exe
2004-08-19 23:39 13312 0815e8da286775fa432c7c9ee5e10ba1 c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 03:14 13312 0fba335727905de8e4cb5a2cf438abf5 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\lsass.exe
2004-08-19 23:39 13312 0815e8da286775fa432c7c9ee5e10ba1 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\lsass.exe
2008-04-14 03:14 13312 0fba335727905de8e4cb5a2cf438abf5 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\lsass.exe
2004-08-19 23:39 13312 0815e8da286775fa432c7c9ee5e10ba1 c:\windows\system32\lsass.exe

2002-09-09 12:51 13312 177476265ad4fbfd151a27f74b8da42f c:\windows\$NtServicePackUninstall$\ctfmon.exe
2004-08-19 23:39 15360 5b33b4265966ee063c7fbea28958d9c2 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:14 15360 f53cddef33a4c41336a782be3d170158 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\ctfmon.exe
2004-08-19 23:39 15360 5b33b4265966ee063c7fbea28958d9c2 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\ctfmon.exe
2008-04-14 03:14 15360 f53cddef33a4c41336a782be3d170158 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\ctfmon.exe
2004-08-19 23:39 15360 5b33b4265966ee063c7fbea28958d9c2 c:\windows\system32\ctfmon.exe

2002-09-09 12:51 22528 e8895b37c08de48e2a7a11ca3340fffd c:\windows\$NtServicePackUninstall$\userinit.exe
2004-08-19 23:39 25088 c1e7fe19f98a877bf8f941bf48148695 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:14 26624 df69726907357c3add243f48902b0331 c:\windows\SoftwareDistribution\Download\b3cfb97e10db67e93369e800e0eaecd8\userinit.exe
2008-04-14 03:14 26624 df69726907357c3add243f48902b0331 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\userinit.exe
2004-08-19 23:39 25088 c1e7fe19f98a877bf8f941bf48148695 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\userinit.exe
2008-04-14 03:14 26624 df69726907357c3add243f48902b0331 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\userinit.exe
2004-08-19 23:39 25088 c1e7fe19f98a877bf8f941bf48148695 c:\windows\system32\userinit.exe

2002-09-09 12:51 201728 0d3fa596f66cde79fe285ee238c3a283 c:\windows\$NtServicePackUninstall$\termsrv.dll
2004-08-19 23:39 296960 c06cd1890279603e15020757e02de56b c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 03:13 296960 fe5a5329ccfc33d645c33077ff04f052 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\termsrv.dll
2004-08-19 23:39 296960 c06cd1890279603e15020757e02de56b c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\termsrv.dll
2008-04-14 03:13 296960 fe5a5329ccfc33d645c33077ff04f052 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\termsrv.dll
2004-08-19 23:39 296960 c06cd1890279603e15020757e02de56b c:\windows\system32\termsrv.dll

2001-08-31 11:00 14848 ca5689b6492dc1f0a072747a3b7871a9 c:\windows\$NtServicePackUninstall$\powrprof.dll
2004-08-19 23:39 17408 41ff9d663219a1dd0397fe2c5b09436c c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-14 03:13 17408 2f331374433e3fe176bee155d9be83e1 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\powrprof.dll
2004-08-19 23:39 17408 41ff9d663219a1dd0397fe2c5b09436c c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\powrprof.dll
2008-04-14 03:13 17408 2f331374433e3fe176bee155d9be83e1 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\powrprof.dll
2004-08-19 23:39 17408 41ff9d663219a1dd0397fe2c5b09436c c:\windows\system32\powrprof.dll

2002-09-09 12:50 103936 0e0fe61baced87d81f95fb594cb49ffd c:\windows\$NtServicePackUninstall$\imm32.dll
2004-08-19 23:39 110080 ca38a6091ecac2668ec99afd4b6c0615 c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-14 03:13 110080 3f970150c170a38fce423994341205b4 c:\windows\SoftwareDistribution\Download\c6715eddbc5dc2500a185d991ef57d3c\imm32.dll
2004-08-19 23:39 110080 ca38a6091ecac2668ec99afd4b6c0615 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\backup\imm32.dll
2008-04-14 03:13 110080 3f970150c170a38fce423994341205b4 c:\windows\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\imm32.dll
2004-08-19 23:39 110080 ca38a6091ecac2668ec99afd4b6c0615 c:\windows\system32\imm32.dll
2004-08-19 23:39 110080 ca38a6091ecac2668ec99afd4b6c0615 c:\windows\system32\dllcache\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "c:\programmi\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2009-01-13 61440]

[HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "c:\programmi\PandoBar\bar\1.bin\PANDOBAR.DLL" [2009-01-13 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2008-11-09 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-09-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-10 14:09 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VQJC"= PD016dec.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-02-09 12:51 509784 c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2002-08-14 16:29 290816 c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a--c--- 2003-07-17 12:50 184412 c:\programmi\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display Settings]
--a--c--- 2002-08-15 05:26 45056 c:\programmi\HPQ\Notebook Utilities\hptasks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\programmi\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2009-01-13 16:27 3699016 c:\programmi\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a--c--- 2004-03-10 15:26 406016 c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QT4HPOT]
--a------ 2003-10-03 20:10 106496 c:\programmi\HPQ\One-Touch\ONETOUCH.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\programmi\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-02-15 19:10 1830128 c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2003-05-23 00:06 610304 c:\programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2003-05-22 23:10 110592 c:\programmi\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trash it Scheduler]
--a------ 2004-07-14 19:19 151552 c:\programmi\Trash it!\Trash It Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--------- 2004-11-26 11:43 90112 c:\programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
--a------ 2003-05-21 14:35 4608 c:\windows\system32\carpserv.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Pando Networks\\Pando\\pando.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11092:TCP"= 11092:TCP:*:Disabled:BitComet 11092 TCP
"11092:UDP"= 11092:UDP:*:Disabled:BitComet 11092 UDP
"57153:TCP"= 57153:TCP:Pando P2P TCP Listening Port
"57153:UDP"= 57153:UDP:Pando P2P UDP Listening Port

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2008-01-31 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-01-31 24336]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2007-01-09 55024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2004-09-28 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-09-28 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-07-17 28280]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\System32\DRIVERS\COMFiltr.sys --> c:\windows\System32\DRIVERS\COMFiltr.sys [?]
S3 OFNNOCDD;OFNNOCDD;\??\c:\docume~1\utente\IMPOST~1\Temp\OFNNOCDD.SYS --> c:\docume~1\utente\IMPOST~1\Temp\OFNNOCDD.SYS [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\System32\PavSRK.sys --> c:\windows\System32\PavSRK.sys [?]
S3 PD016BLK;Creative PC-CAM 300 (Still Image);c:\windows\system32\drivers\PD016blk.sys [2006-08-27 28665]
S3 PD016VID;Creative PC-CAM 300 (Video);c:\windows\system32\drivers\PD016vid.sys [2006-08-27 433152]
S3 RKREVEAL150;RKREVEAL150;\??\c:\windows\system32\Drivers\RKREVEAL150.SYS --> c:\windows\system32\Drivers\RKREVEAL150.SYS [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2005-12-25 40060]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\Usbvsp.sys --> c:\windows\system32\drivers\Usbvsp.sys [?]
S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{743087d0-3a02-11dc-ae99-000f2028bb6c}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{743087d1-3a02-11dc-ae99-000f2028bb6c}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af0bb1d0-3f44-11dc-aead-000f2028bb6c}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-09 12:51]

2007-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2009-03-02 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-09-17 15:35]

2009-03-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDetect.exe []
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Babylon Client - c:\programmi\Babylon\Babylon.exe
MSConfigStartUp-DataLayer - c:\programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
MSConfigStartUp-googletalk - c:\programmi\Google\Google Talk\googletalk.exe
MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
MSConfigStartUp-Nokia Tray Application - c:\programmi\File comuni\Nokia\NCLTools\NclTray.exe
MSConfigStartUp-Picasa Media Detector - c:\programmi\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-QuickTime Task - c:\programmi\QuickTime\qttask.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Add animation to IncrediMail Style Box
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\tg3mae3c.default\
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPPandBr.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npPandoWebInst.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 15:47:21
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,2f,ae,9b,9c,47,
aa,77,d5,e2,63,26,f1,3f,c8,ff,68,8b,d2,9e,1c,68,d2,71,2e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,e3,4f,49,bd,55,
fd,bd,99,6a,9c,d6,61,af,45,84,18,4b,7c,db,e1,5b,74,65,e1,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,04,b3,d9,21,ae,
18,c9,42,ff,7c,85,e0,43,d4,0e,fe,21,91,48,f0,b0,35,af,a0,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,0e,2a,f4,63,5f,
b2,63,c0,86,8c,21,01,be,91,eb,e7,70,51,24,7f,5e,f1,e7,c9,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c1,d8,50,9e,9e,
56,c3,75,f5,1d,4d,73,a8,13,5c,05,06,40,0d,23,b2,3e,bc,80,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,4a,81,52,5d,95,
ad,2a,d4,df,20,58,62,78,6b,cf,c8,36,5d,8c,e1,72,f1,fa,e9,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,8c,90,31,99,f0,
4a,e8,3b,fb,a7,78,e6,12,2f,9a,ea,fc,74,90,72,00,6d,f8,32,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,7d,04,28,c8,d8,
d8,66,3c,01,3a,48,fc,e8,04,4a,f1,48,57,f6,e1,33,4b,88,05,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,07,4e,88,1e,94,
2d,4c,1c,f6,0f,4e,58,98,5b,89,c9,97,99,a5,e2,f5,51,2a,e6,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,c8,dc,30,01,31,
a5,ac,d0,3d,ce,ea,26,2d,45,aa,78,d2,64,57,af,06,1e,f2,ea,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,43,f0,d3,31,98,
82,9e,c0,2a,b7,cc,b5,b9,7f,41,e7,ff,9b,5e,cd,fa,ff,c8,3a,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,5b,4f,a6,3c,98,
b3,9e,65,6c,43,2d,1e,aa,22,2f,9c,5d,53,03,a4,d3,2d,ea,69,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\SYSTEM32\guard32.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2009-03-02 15.59.17
ComboFix-quarantined-files.txt 2009-03-02 14:59:13

Pre-Run: 12.636.512.256 byte disponibili
Post-Run: 12,621,422,592 byte disponibili

525 --- E O F --- 2009-02-26 08:34:57


r16
Inviato: Monday, March 02, 2009 5:09:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao skyb .
Quando hai disattivato il ripristino, hai subito dopo, Riavviato il pc?
Hai eliminato quello che Malwarebytes ha trovato?
Combofix ha levato un paio di eseguibili infetti.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Vediamo se il pc và meglio.
P.S: Per cortesia, mi sai dire a cosa ti serve questo programma: PandoBar (sharing?)
Poi hai molti programmi di difesa, che sono quasi dei doppioni.
Hai SpyBot, e Superantispyware, uno dei due lo puoi eliminare.
Malwarebytes e Ad-Aware, a mio avviso puoi eliminare Ad-Aware, in quanto ritengo più valido Malwarebytes.
skyb
Inviato: Monday, March 02, 2009 5:41:41 PM
Rank: AiutAmico

Iscritto dal : 3/4/2003
Posts: 37
Ciao, si dopo aver disattivato il ripristino, ho riavviato il pc, i file infetti che ha trovato Malwarebytes, sono in quarantena, forse dovrei eliminarli dalla quarantena? CCleaner lo uso sempre ma mai per pulire il registro, perchè una volta ho usato regseeker, e il pc mi è andato in tilt, quindi ho sempre avuto paura di farlo, ma se me lo dici tu ci provo, sperando che non succeda niente :( adesso vedo di fare quello che mi hai detto, poi ci risentiamo. Il programma Pando lo uso per trasferire grossi file, tipo foto, disegni di paint shop che pesano parecchio, ecc, ma solo pando, pandobar non so cosa sia, forse è come una toolbar? Grazie comunque ci risentiamo presto e speriamo di risolvere ;o)
r16
Inviato: Monday, March 02, 2009 6:19:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Fai con CCleaner anche la pulizia del registro.
Ti chiederà se vuoi fare un Buckup prima dell'eliminazione. Clicca si, e lo salvi in "Documenti" o dove vuoi.
In caso di problemi (ma non credo) li ripristini.(con un doppio click sopra)
CCleaner è molto meno pericoloso di regseeker.
skyb
Inviato: Monday, March 02, 2009 8:10:10 PM
Rank: AiutAmico

Iscritto dal : 3/4/2003
Posts: 37
Ciao r16, ho fatto tutto quello che mi hai detto, ho anche pulito il registro con Ccleaner ;o))) tutto ok. Mi sembra che il pc vada molto meglio. Non so come ringraziarti ti sono grata. Siete eccezionali, uno staff speciale! Se riesco ad usare il pc è solo merito vostro! Pensa che grazie ad Aiutamici sono riuscita a sconfiggere pure linkoptimizer e qualche anno fa, anche a farmi un sito...e senza conoscere l'html. Mi piacerebbe inserire il vostro banner nel sito...fino ad ora non avevo mai avuto il coraggio di chiedervelo. Caso mai metto il link sul forum nel reparto giusto, così gli date un'occhiata. Scusa se sono andata fuori tema, ma sono contenta. Grazie, buona serata. ;o) P.S. hai ragione Ad aware lo tolgo ;o)
r16
Inviato: Monday, March 02, 2009 8:39:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao skyb .
Lieto di esserti stato utile.
Sei riuscita pure a farti un sito, praticamente partendo da zero.
Complimenti, io non saprei nemmeno da dove partire.....Whistle
Ciao!
skyb
Inviato: Monday, March 02, 2009 9:40:09 PM
Rank: AiutAmico

Iscritto dal : 3/4/2003
Posts: 37
Dai non ci credo sei bravissimo! ;o) ) un'ultima cosa, a volte, quando una pagina rallenta a caricarsi, poi si blocca, e ci clicco per chiuderla, mi dice "termine programma", l'applicazione non risponde termina adesso o annulla....ma da cosa dipende dalla Ram del mio pc? Grazie ciao..P.S. Il link sul forum l'ho messo ;o)
r16
Inviato: Monday, March 02, 2009 10:32:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao skyb .
Possono essere molteplici le cause del perchè alle volte una pagina "fatica" a caricarsi.
Magari sono aperte altre pagine in contemporanea, oppure la pagina stessa è composta da molte immagini, oppure anche per la connessione in quel momento scadente.
Anche per la Ram se è troppo piena, e il pc è magari un pò datato. Ma anche per altre ragioni.
Mi hai incuriosito, e ho dato un'occhiatina ai due siti che hai postato.
Mi sono piaciuti i Nativi Americani, le foto parlano di storia.
Ti rinnovo i miei complimenti sinceri.Applause

skyb
Inviato: Monday, March 02, 2009 11:21:09 PM
Rank: AiutAmico

Iscritto dal : 3/4/2003
Posts: 37
Comunque mi sembra che avendo fatto le procedure che mi hai consigliato ora il pc sia più sveglio..gli è tornata la memoria ;o) Grazie per i complimenti, I Nativi Americani sono una mia passione da quando ero piccola ;o) Ciao r16 e grazie ancora.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.