Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Virus/2 Opzioni
r16
Inviato: Thursday, November 26, 2009 11:53:29 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per trovarli, manualmente fai così:
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)

Poi segui il percorso.
Comunque il programma ti chiede un riavvio per eliminarli.
Altrimenti si prova con Avenger.
Domanda:
Nella cartella Microsoft si trovano esclusivamente quei file o ce ne sono degli altri?
r16
Inviato: Friday, November 27, 2009 12:06:54 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica Avenger, e scompattalo in una sua cartella non temporanea e non sul desktop:
http://swandog46.geekstogo.com/avenger.zip

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco:

Code:
Files to delete:
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\AddIns.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\Address Book.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\Clip Organizer.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\CLR Security Config.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\Credentials.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\CryptnetUrlCache.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\Crypto.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\Excel.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\HTML Help.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\IdentityCRL.exe
C:\Documents and Settings\Pier Luigi\Dati Applicazioni\Microsoft\InfoPath.exe


Togli la spunta da Scan for Rootkit
Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger
icollaboratore
Inviato: Friday, November 27, 2009 9:32:04 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
r 16, non mi si avvia la scansione! dice invalid script!
r16
Inviato: Friday, November 27, 2009 9:55:58 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
icollaboratore ha scritto:
r 16, non mi si avvia la scansione! dice invalid script!

Bisogna vedere se mi hai dato il percorso giusto...
Ma perchè non li elimini a mano?
icollaboratore
Inviato: Friday, November 27, 2009 9:57:04 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
non me lo consente, impossibile eliminare la cartella. i file sono pure nascosti
r16
Inviato: Friday, November 27, 2009 9:59:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ho modificato lo script.
Riprova.
icollaboratore
Inviato: Friday, November 27, 2009 10:02:28 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
niente da fare...
r16
Inviato: Friday, November 27, 2009 10:05:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Allora......ti avevo fatto una domanda nel post sopra:
Nella cartella Microsoft si trovano esclusivamente quei file o ce ne sono degli altri?
Poi, se la apri, trovi cartelle o file?
icollaboratore
Inviato: Sunday, November 29, 2009 1:06:17 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
ciao, nella cartella microsoft si annida il ROOTKIT, me lo hanno confermato vari antirootkit. su 12 file infetti sono riuscito a rinominarne ( con mcafee) 10 e a distruggerli (con pscanner++). ho rinominato la cartella microsoft.ren, ma niente da fare, non va via.
icollaboratore
Inviato: Sunday, November 29, 2009 1:15:58 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
ecco la scansione fatta con gmer

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-29 03:45:00
Windows 5.1.2600 Service Pack 3
Running: 0r5dli2w.exe; Driver: C:\DOCUME~1\PIERLU~1\IMPOST~1\Temp\kwlyypoc.sys


---- System - GMER 1.0.15 ----

SSDT F7D7F27E ZwCreateKey
SSDT F7D7F274 ZwCreateThread
SSDT F7D7F283 ZwDeleteKey
SSDT F7D7F28D ZwDeleteValueKey
SSDT F7D7F292 ZwLoadKey
SSDT F7D7F260 ZwOpenProcess
SSDT F7D7F265 ZwOpenThread
SSDT F7D7F29C ZwReplaceKey
SSDT F7D7F297 ZwRestoreKey
SSDT F7D7F288 ZwSetValueKey
SSDT F7D7F26F ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe[3068] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer 0 bytes
File C:\Documents and Settings\Pier Luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch 0 bytes
File C:\Documents and Settings\Pier Luigi\Dati applicazioni\Microsoft\Credentials 0 bytes
File C:\Documents and Settings\Pier Luigi\Dati applicazioni\Microsoft\Credentials\S-1-5-21-790525478-764733703-854245398-1004 0 bytes

---- EOF - GMER 1.0.15 ----
r16
Inviato: Sunday, November 29, 2009 2:43:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Quante cartelle microsoft, ci sono in "Dati applicazioni"?
icollaboratore
Inviato: Sunday, November 29, 2009 3:53:39 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
ora che ho rinominato microsoft come microsoft.ren ne è spuntata una nuova che, al contrario dell'altra si apre con agilità e non sembra presentare problemi.

questo file è infetto? HKLM COMRES.DLL=C:\WINDOWS\SYSTEM32\COMRES.DLL

me lo segnala unhackme (consigliato da università del Minnesota)

Prima di fare eliminazioni impropie chiedo a te. Quelli che ho eliminato prima erano segnalati da ben 4 antirootkit.
r16
Inviato: Sunday, November 29, 2009 4:12:24 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sembra legittimo:
http://www.processlibrary.com/it/directory/files/comres/
Ma adesso, come funziona il pc?
icollaboratore
Inviato: Sunday, November 29, 2009 4:16:34 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
Il pc mi rallenta e fa suoni "strani" solo se cerco di usare:
windows live msn
la suite office (a me serve word!)
mostra desktop
Ie (che non uso)
Per il resto fa gli aggiornamenti senza ALCUN problema
r16
Inviato: Sunday, November 29, 2009 4:26:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova a disistallare windows live msn, per il momento. (potrebbe essere danneggiato)
Disistalla IE.
Se puoi, disistalla anche la suite office .
Fai una pulizia con CCleaner.
Riavvia il pc.
Fai una scansione con Combofix:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
icollaboratore
Inviato: Sunday, November 29, 2009 10:44:30 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
ecco il log combo che mostra 4 file nascosti in quella famosa cartella. Sophos antirootkit ne ha trovati una cinquantina e, guarda caso, fanno riferimento a office, msn e Ie. Purtroppo non riesce, almeno in modalità normale, a eliminarli.


ComboFix 09-11-28.04 - Pier Luigi 29/11/2009 16.58.59.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.478.192 [GMT 1:00]
Eseguito da: c:\documents and settings\Pier Luigi\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pier Luigi\Dati applicazioni\EurekaLog
C:\InfoSat.txt
c:\windows\system32\E.tmp
c:\windows\system32\F.tmp

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Creati Da 2009-10-28 al 2009-11-29 )))))))))))))))))))))))))))))))))))
.

2009-11-29 13:31 . 2009-11-29 13:31 2 --shatr- c:\windows\winstart.bat
2009-11-29 13:31 . 2009-11-29 13:31 35040 ----a-w- c:\windows\system32\Partizan.exe
2009-11-29 13:31 . 2009-11-29 13:31 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-11-29 13:30 . 2009-11-17 15:19 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-11-29 13:30 . 2009-11-29 16:10 -------- d-----w- c:\programmi\UnHackMe
2009-11-29 03:09 . 2009-11-29 03:09 128352 ----a-w- c:\windows\system32\20c2F.dll
2009-11-29 03:09 . 2009-11-29 03:09 54624 ----a-w- c:\windows\system32\20c2F.sys
2009-11-29 03:03 . 2009-11-29 03:03 128352 ----a-w- c:\windows\system32\6422B.dll
2009-11-28 15:50 . 2009-11-28 15:50 54624 ----a-w- c:\windows\system32\9a42.sys
2009-11-28 13:20 . 2009-11-28 13:20 54624 ----a-w- c:\windows\system32\1ed4.sys
2009-11-28 12:39 . 2009-11-28 12:39 54624 ----a-w- c:\windows\system32\6c62.sys
2009-11-28 12:26 . 2009-11-28 12:26 54624 ----a-w- c:\windows\system32\ce72.sys
2009-11-28 12:11 . 2009-11-28 12:11 -------- d-----w- c:\documents and settings\Pier Luigi\log
2009-11-28 12:11 . 2009-11-28 12:11 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-28 11:31 . 2009-11-28 11:31 -------- d-----w- c:\programmi\Sophos
2009-11-27 21:09 . 2009-09-24 12:16 3779072 ----a-w- c:\documents and settings\Pier Luigi\PScanner.exe
2009-11-26 22:27 . 2009-11-26 22:27 -------- d-----w- c:\programmi\Unlocker
2009-11-21 12:33 . 2009-11-21 12:33 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-11-21 12:16 . 2009-07-28 15:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 12:16 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 12:16 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-21 12:16 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-21 12:16 . 2009-11-21 12:16 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-11-21 12:16 . 2009-11-21 12:16 -------- d-----w- c:\programmi\Avira
2009-11-20 23:41 . 2009-11-20 23:41 -------- d-----w- c:\programmi\CCleaner
2009-11-20 23:20 . 2009-11-20 23:20 -------- d-----w- c:\programmi\Trend Micro
2009-11-20 18:46 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-20 18:46 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-20 18:46 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-20 18:46 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-20 18:46 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-20 18:46 . 2009-11-20 18:46 -------- d-----w- c:\programmi\Trojan Remover
2009-11-20 18:46 . 2009-11-20 18:46 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2009-11-20 18:46 . 2009-11-20 18:46 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Simply Super Software
2009-11-19 21:55 . 2009-11-27 21:46 -------- dc----w- C:\PScanner Backup
2009-11-18 22:34 . 2009-11-22 16:19 31490080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-18 20:26 . 2009-11-18 20:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-18 20:26 . 2009-11-18 20:26 -------- dcsh--w- c:\documents and settings\Administrator.ZE4944EA\IETldCache
2009-11-18 02:01 . 2009-11-18 02:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-17 23:48 . 2009-11-17 23:48 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-15 23:03 . 2009-11-15 23:03 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-11-15 22:21 . 2009-11-15 22:21 -------- d-----w- c:\windows\ERUNT
2009-11-13 21:11 . 2009-11-13 21:11 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\IObit
2009-11-12 21:13 . 2009-11-21 17:25 -------- d-----w- c:\documents and settings\Pier Luigi\DoctorWeb
2009-11-10 23:28 . 2009-11-10 23:28 247280 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
2009-11-10 21:21 . 2009-11-13 21:58 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\QuickScan
2009-11-10 21:20 . 2009-10-29 14:39 679936 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-10 21:20 . 2009-10-29 14:39 614400 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-10 19:54 . 2009-11-21 07:40 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-10 19:54 . 2009-11-21 07:40 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-10 19:19 . 2009-11-10 19:19 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Malwarebytes
2009-11-10 19:19 . 2009-11-10 19:19 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-09 22:25 . 2009-11-09 22:25 -------- dc----w- c:\documents and settings\Administrator\Tracing
2009-11-01 20:27 . 2009-11-28 23:34 -------- d-----w- c:\programmi\Mozilla Firefox 3.6 Beta 1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 13:59 . 2008-03-03 14:28 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-29 03:41 . 2007-12-30 16:02 -------- d-s---w- c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN
2009-11-22 16:19 . 2009-11-18 22:34 371144 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-22 16:10 . 2009-11-22 16:10 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}
2009-11-21 07:37 . 2007-12-31 09:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-11-15 10:32 . 2007-12-31 11:15 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Skype
2009-11-15 10:09 . 2003-04-08 19:00 93834 ----a-w- c:\windows\system32\perfc010.dat
2009-11-15 10:09 . 2003-04-08 19:00 515758 ----a-w- c:\windows\system32\perfh010.dat
2009-11-13 21:57 . 2009-04-28 19:36 -------- d-----w- c:\programmi\Mozilla Firefox 3.5 (Release candidate)
2009-11-07 08:31 . 2007-12-31 16:19 -------- d-----w- c:\programmi\SpywareBlaster
2009-11-02 19:42 . 2009-09-30 21:09 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 23:26 . 2008-01-05 02:27 64944 -c--a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-28 10:05 . 2009-11-22 16:10 2844902 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\vnlt6512.exe
2009-10-28 09:39 . 2009-11-22 16:10 344064 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\AFF7236A\76AC2E42\Scan.dll
2009-10-27 17:58 . 2009-11-22 16:10 274432 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\26308C9E\76AC2E42\MONLITE.exe
2009-10-25 13:14 . 2007-12-31 12:56 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\skypePM
2009-10-22 17:17 . 2009-11-22 16:10 733184 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\A8179945\76AC2E42\viritexp.exe
2009-10-21 09:37 . 2009-11-22 16:10 69632 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2009-10-18 09:15 . 2009-11-22 16:10 118784 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\7F97E250\76AC2E42\viritupg.dll
2009-10-15 14:31 . 2009-11-22 16:10 44288 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\931FE753\76AC2E42\VIRAGTLT.sys
2009-10-15 14:31 . 2009-11-22 16:10 44288 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\85F7294B\76AC2E42\VIRAGTLT.sys
2009-10-15 14:31 . 2009-10-15 14:31 44288 --s---w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-10-14 22:15 . 2007-12-31 11:40 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-08 13:57 . 2007-10-09 12:03 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2003-04-08 19:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2003-04-08 19:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-11 14:17 . 2003-04-08 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-04-08 19:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2003-04-08 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2003-04-08 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2003-04-08 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2003-04-08 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2003-04-08 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ815485$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2003-04-08 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2003-04-08 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2003-04-08 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 1231D4353698E19495DC8A929B8B74EB . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 1A794D21BC51EEA1F908505E918FCC4E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-19 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CC41F9D29EDD55037A4C26E70C175528 . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . F683B6ED87C7DCE1FB51A7D113DE0346 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . 1A2A2A1AB10CF25ABF99CC79909C2DB5 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . A5BC1A3B9F42ED4AB65804CEC4A7F69C . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-19 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-19 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-19 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:40 . 659C04BB6086E480966FFD0D44F1CC4D . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:27 . 4CC4C2B7CCB5FCAEF5B73A26AB914B0D . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-19 14:39 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 6D9421A648F26B8640C63D0F8F2B7D48 . 1030144 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . EB1428078E1D10FDEC060857AA526A9F . 1028608 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-19 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 78BE48208966D99840C6F3DC76619C6E . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . B737A3DA2C0A605CE2C7E118C59F38C7 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-19 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2009-10-22 . 97DA2BA7C17D5D6404A92375CCD485C9 . 5939712 . . [8.00.6001.18852] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-10-22 . 83E7AF0C577D813124C4AE6D188C8D58 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . BB2407CD8BAF3C0B0DFCB293492D4233 . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . C1ABBFE345CC9557BAA8FBDC8B572D06 . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . A171E96E5830B6C269591415997C15C8 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2008-12-14 . CADF596CB8474DDFB28B57C3F7ADE8A9 . 5699584 . . [8.00.6001.22342] . . c:\windows\$hf_mig$\KB960714-IE8\SP3QFE\mshtml.dll
[-] 2008-06-24 . 080DEB244585EB5772F6E6DEA75B4380 . 3592192 . . [7.00.6000.16705] . . c:\windows\system32\mshtml.dll
[-] 2008-06-24 . 080DEB244585EB5772F6E6DEA75B4380 . 3592192 . . [7.00.6000.16705] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-10-31 . 27680AEB8ED2343C69D05F665C447DF7 . 3590656 . . [7.00.6000.16587] . . c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2GDR\mshtml.dll
[-] 2007-10-30 . 20CEFA564453AE90B668577DA3E012E4 . 3593216 . . [7.00.6000.20710] . . c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2QFE\mshtml.dll
[-] 2007-10-30 . 5F93CA3D8887F6F7BCD01BE44A05442D . 3086848 . . [6.00.2900.3243] . . c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-10-30 . 7596E918B731063DFE5619012CBD7D51 . 3079680 . . [6.00.2900.3243] . . c:\windows\$NtUninstallKB942615$\mshtml.dll
[-] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB942615_0$\mshtml.dll

[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 763EA08993B467A3AF048EF185B1F805 . 2185856 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5EC517CC0865808DF80D2184B0131D27 . 2184064 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 84E6643DB22C06128576AFBF89DFEE70 . 2183040 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2004-08-19 . 4591CF1F202181113DE2996E79A2905A . 2184704 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 9D6561AA09637E38E6449C711343CCAD . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 3A4C429F316C510C3E4C5F2FC7372C26 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-19 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-08-29 . CFA6FEE390549F82BC9A1FBF616CE8FE . 916480 . . [8.00.6001.18828] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-08-29 . 1680D62563A5081A85754528AAF77D1E . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . D58780F07D0F5C83B3DB634BBB273D39 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 4D9C680641CC367FEEFE308C6577E0CD . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2008-06-23 . 4B54220877703198E55F61CB7B87979E . 826368 . . [7.00.6000.16705] . . c:\windows\system32\wininet.dll
[-] 2008-06-23 . 4B54220877703198E55F61CB7B87979E . 826368 . . [7.00.6000.16705] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-10-11 . CC4B88C2A9B3B458281C099CBC186DBA . 662016 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-10-11 . FDED5964CCFCFA72F70CCFCC8C29BBBB . 668672 . . [6.00.2900.3231] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-10-10 . 419A6F3D56E469BCBE71128A78463DA4 . 824832 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2GDR\wininet.dll
[-] 2007-10-10 . 714D8A2B05B2AAF0C6A39241A1ED914F . 825344 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2QFE\wininet.dll
[-] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB942615_0$\wininet.dll

[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . FAD73705BED0910E910DE852B0F8AEBC . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 89F95338182388B65DC381AEAAB62079 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
[-] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2003-04-08 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2003-04-08 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2006-11-01 19:18 . BB6786F692227DD59F1C872CCA19282D . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2003-04-08 19:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-19 14:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-19 14:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . F89D8E24FBE047506D60B850D00BDEE3 . 2063104 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 49BAEA1D9379DF8CD897AFF9F49BC9DE . 2061312 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 8F485CF9683F1220BA27D10281052FCE . 2060544 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2004-08-19 . 4DC3A3626B02C39AA69AAE6F64BFBC2D . 2060544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-19 14:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 5BD44542E87E1343E8D69EB95DF7685D . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 66A6CC644A3453E2C912CF5DFFE9F2DC . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnHackMe Monitor"="c:\programmi\UnHackMe\hackmon.exe" [2009-11-17 237792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TapiSrv"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98b0686fb44c0"=2 (0x2)
"ERSvc"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"SwPrv"=3 (0x3)
"dmadmin"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Pier Luigi\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Pier Luigi\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [15/10/2009 15.31.26 44288]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\programmi\HWiNFO32\HWiNFO32.SYS [31/12/2007 12.33.38 8192]
S0 Lbd;Lbd; [x]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [29/11/2009 14.31.17 34760]
S3 030C;030C;\??\c:\windows\system32\030C.sys --> c:\windows\system32\030C.sys [?]
S3 1ed4;1ed4;c:\windows\system32\1ed4.sys [28/11/2009 14.20.41 54624]
S3 20c2F;20c2F;c:\windows\system32\20c2F.sys [29/11/2009 4.09.33 54624]
S3 5093;5093;\??\c:\windows\system32\5093.sys --> c:\windows\system32\5093.sys [?]
S3 6c62;6c62;c:\windows\system32\6c62.sys [28/11/2009 13.39.41 54624]
S3 7ac8;7ac8;\??\c:\windows\system32\7ac8.sys --> c:\windows\system32\7ac8.sys [?]
S3 8836;8836;\??\c:\windows\system32\8836.sys --> c:\windows\system32\8836.sys [?]
S3 88eB;88eB;\??\c:\windows\system32\88eB.sys --> c:\windows\system32\88eB.sys [?]
S3 96d2;96d2;\??\c:\windows\system32\96d2.sys --> c:\windows\system32\96d2.sys [?]
S3 9a42;9a42;c:\windows\system32\9a42.sys [28/11/2009 16.50.30 54624]
S3 ce72;ce72;c:\windows\system32\ce72.sys [28/11/2009 13.26.34 54624]
S3 d8a7;d8a7;\??\c:\windows\system32\d8a7.sys --> c:\windows\system32\d8a7.sys [?]
S3 f2b4;f2b4;\??\c:\windows\system32\f2b4.sys --> c:\windows\system32\f2b4.sys [?]
S3 f2eA;f2eA;\??\c:\windows\system32\f2eA.sys --> c:\windows\system32\f2eA.sys [?]
S3 GMNIPYMDY;GMNIPYMDY;c:\docume~1\PIERLU~1\IMPOST~1\Temp\GMNIPYMDY.exe --> c:\docume~1\PIERLU~1\IMPOST~1\Temp\GMNIPYMDY.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/08/2009 16.10.04 7680]
S3 utm1nzm4;AVZ Kernel Driver; [x]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [07/08/2009 16.11.23 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [07/08/2009 16.11.05 104960]
S4 gupdate1c98b0686fb44c0;Google Update Service (gupdate1c98b0686fb44c0); [x]
S4 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [21/10/2009 10.37.16 69632]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fastweb.it\wmail
FF - ProfilePath - c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-Broadcom 802.11b Network Adapter - c:\windows\system32\BCMWLU00.exe verbose
AddRemove-Sophos-AntiRootkit - c:\programmi\Sophos\Sophos Anti-Rootkit\helper.exe remove
AddRemove-VirIT eXplorer Lite - c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\vnlt6512.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\programmi\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 17:09
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Internet Explorer
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Internet Explorer\Quick Launch
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Credentials
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Credentials\S-1-5-21-790525478-764733703-854245398-1004

Scansione completata con successo
Files nascosti: 4

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-790525478-764733703-854245398-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1780)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\netdde.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\wscntfy.exe
c:\programmi\UnHackMe\gwebupdate.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-29 17:17 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-29 16:17

Pre-Run: 18.648.510.464 byte disponibili
Post-Run: 18.558.627.840 byte disponibili

- - End Of File - - 90CB7B1C1477EC220015B48791AAAC23
r16
Inviato: Sunday, November 29, 2009 11:11:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Mai visto un log di Combofix più incasinato di così.

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
Driver::
030C
1ed4
20c2F
5093
6c62
7ac8
8836
88eB
96d2
9a42
ce72
GMNIPYMDY

Folder::
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Riavvia il pc.
Posta il log aggiornato di combofix
icollaboratore
Inviato: Sunday, November 29, 2009 11:42:02 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
ComboFix 09-11-28.04 - Pier Luigi 29/11/2009 23.19.45.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.478.164 [GMT 1:00]
Eseguito da: c:\documents and settings\Pier Luigi\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Pier Luigi\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN . . . . Eliminazione Fallita

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_030C
-------\Legacy_1ED4
-------\Legacy_20C2F
-------\Legacy_5093
-------\Legacy_6C62
-------\Legacy_7AC8
-------\Legacy_8836
-------\Legacy_88EB
-------\Legacy_96D2
-------\Legacy_9A42
-------\Legacy_CE72
-------\Legacy_GMNIPYMDY
-------\Service_030C
-------\Service_1ed4
-------\Service_20c2F
-------\Service_5093
-------\Service_6c62
-------\Service_7ac8
-------\Service_8836
-------\Service_88eB
-------\Service_96d2
-------\Service_9a42
-------\Service_ce72
-------\Service_GMNIPYMDY


((((((((((((((((((((((((( Files Creati Da 2009-10-28 al 2009-11-29 )))))))))))))))))))))))))))))))))))
.

2009-11-29 17:12 . 2009-11-29 17:12 54624 ----a-w- c:\windows\system32\64f8.sys
2009-11-29 16:38 . 2009-11-29 16:38 54624 ----a-w- c:\windows\system32\5332.sys
2009-11-29 16:32 . 2009-11-29 16:32 54624 ----a-w- c:\windows\system32\6f36.sys
2009-11-29 13:31 . 2009-11-29 13:31 2 --shatr- c:\windows\winstart.bat
2009-11-29 13:31 . 2009-11-29 13:31 35040 ----a-w- c:\windows\system32\Partizan.exe
2009-11-29 13:31 . 2009-11-29 13:31 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-11-29 13:30 . 2009-11-17 15:19 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-11-29 13:30 . 2009-11-29 16:10 -------- d-----w- c:\programmi\UnHackMe
2009-11-29 03:09 . 2009-11-29 03:09 128352 ----a-w- c:\windows\system32\20c2F.dll
2009-11-29 03:09 . 2009-11-29 03:09 54624 ----a-w- c:\windows\system32\20c2F.sys
2009-11-29 03:03 . 2009-11-29 03:03 128352 ----a-w- c:\windows\system32\6422B.dll
2009-11-28 15:50 . 2009-11-28 15:50 54624 ----a-w- c:\windows\system32\9a42.sys
2009-11-28 13:20 . 2009-11-28 13:20 54624 ----a-w- c:\windows\system32\1ed4.sys
2009-11-28 12:39 . 2009-11-28 12:39 54624 ----a-w- c:\windows\system32\6c62.sys
2009-11-28 12:26 . 2009-11-28 12:26 54624 ----a-w- c:\windows\system32\ce72.sys
2009-11-28 12:11 . 2009-11-28 12:11 -------- d-----w- c:\documents and settings\Pier Luigi\log
2009-11-28 12:11 . 2009-11-28 12:11 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-28 11:31 . 2009-11-28 11:31 -------- d-----w- c:\programmi\Sophos
2009-11-27 21:09 . 2009-09-24 12:16 3779072 ----a-w- c:\documents and settings\Pier Luigi\PScanner.exe
2009-11-26 22:27 . 2009-11-26 22:27 -------- d-----w- c:\programmi\Unlocker
2009-11-21 12:33 . 2009-11-21 12:33 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-11-21 12:16 . 2009-07-28 15:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 12:16 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 12:16 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-21 12:16 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-21 12:16 . 2009-11-21 12:16 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-11-21 12:16 . 2009-11-21 12:16 -------- d-----w- c:\programmi\Avira
2009-11-20 23:41 . 2009-11-20 23:41 -------- d-----w- c:\programmi\CCleaner
2009-11-20 23:20 . 2009-11-20 23:20 -------- d-----w- c:\programmi\Trend Micro
2009-11-20 18:46 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-20 18:46 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-20 18:46 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-20 18:46 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-20 18:46 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-20 18:46 . 2009-11-20 18:46 -------- d-----w- c:\programmi\Trojan Remover
2009-11-20 18:46 . 2009-11-20 18:46 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2009-11-20 18:46 . 2009-11-20 18:46 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Simply Super Software
2009-11-19 21:55 . 2009-11-27 21:46 -------- dc----w- C:\PScanner Backup
2009-11-18 22:34 . 2009-11-22 16:19 31490080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-18 20:26 . 2009-11-18 20:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-18 20:26 . 2009-11-18 20:26 -------- dcsh--w- c:\documents and settings\Administrator.ZE4944EA\IETldCache
2009-11-18 02:01 . 2009-11-18 02:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-17 23:48 . 2009-11-17 23:48 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-15 23:03 . 2009-11-15 23:03 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-11-15 22:21 . 2009-11-15 22:21 -------- d-----w- c:\windows\ERUNT
2009-11-13 21:11 . 2009-11-13 21:11 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\IObit
2009-11-12 21:13 . 2009-11-21 17:25 -------- d-----w- c:\documents and settings\Pier Luigi\DoctorWeb
2009-11-10 23:28 . 2009-11-10 23:28 247280 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
2009-11-10 21:21 . 2009-11-13 21:58 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\QuickScan
2009-11-10 21:20 . 2009-10-29 14:39 679936 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-10 21:20 . 2009-10-29 14:39 614400 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-10 19:54 . 2009-11-21 07:40 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-10 19:54 . 2009-11-21 07:40 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-10 19:19 . 2009-11-10 19:19 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Malwarebytes
2009-11-10 19:19 . 2009-11-10 19:19 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-09 22:25 . 2009-11-09 22:25 -------- dc----w- c:\documents and settings\Administrator\Tracing
2009-11-01 20:27 . 2009-11-28 23:34 -------- d-----w- c:\programmi\Mozilla Firefox 3.6 Beta 1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 16:37 . 2007-12-30 16:02 -------- d-s---w- c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN
2009-11-29 13:59 . 2008-03-03 14:28 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-22 16:19 . 2009-11-18 22:34 371144 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-22 16:10 . 2009-11-22 16:10 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}
2009-11-21 07:37 . 2007-12-31 09:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-11-15 10:32 . 2007-12-31 11:15 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Skype
2009-11-15 10:09 . 2003-04-08 19:00 93834 ----a-w- c:\windows\system32\perfc010.dat
2009-11-15 10:09 . 2003-04-08 19:00 515758 ----a-w- c:\windows\system32\perfh010.dat
2009-11-13 21:57 . 2009-04-28 19:36 -------- d-----w- c:\programmi\Mozilla Firefox 3.5 (Release candidate)
2009-11-07 08:31 . 2007-12-31 16:19 -------- d-----w- c:\programmi\SpywareBlaster
2009-11-02 19:42 . 2009-09-30 21:09 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 23:26 . 2008-01-05 02:27 64944 -c--a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-28 10:05 . 2009-11-22 16:10 2844902 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\vnlt6512.exe
2009-10-28 09:39 . 2009-11-22 16:10 344064 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\AFF7236A\76AC2E42\Scan.dll
2009-10-27 17:58 . 2009-11-22 16:10 274432 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\26308C9E\76AC2E42\MONLITE.exe
2009-10-25 13:14 . 2007-12-31 12:56 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\skypePM
2009-10-22 17:17 . 2009-11-22 16:10 733184 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\A8179945\76AC2E42\viritexp.exe
2009-10-21 09:37 . 2009-11-22 16:10 69632 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2009-10-18 09:15 . 2009-11-22 16:10 118784 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\7F97E250\76AC2E42\viritupg.dll
2009-10-15 14:31 . 2009-11-22 16:10 44288 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\931FE753\76AC2E42\VIRAGTLT.sys
2009-10-15 14:31 . 2009-11-22 16:10 44288 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\85F7294B\76AC2E42\VIRAGTLT.sys
2009-10-15 14:31 . 2009-10-15 14:31 44288 --s---w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-10-14 22:15 . 2007-12-31 11:40 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-08 13:57 . 2007-10-09 12:03 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2003-04-08 19:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2003-04-08 19:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-11 14:17 . 2003-04-08 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-04-08 19:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2003-04-08 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2003-04-08 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2003-04-08 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2003-04-08 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2003-04-08 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ815485$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2003-04-08 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2003-04-08 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2003-04-08 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 1231D4353698E19495DC8A929B8B74EB . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 1A794D21BC51EEA1F908505E918FCC4E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-19 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CC41F9D29EDD55037A4C26E70C175528 . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . F683B6ED87C7DCE1FB51A7D113DE0346 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . 1A2A2A1AB10CF25ABF99CC79909C2DB5 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . A5BC1A3B9F42ED4AB65804CEC4A7F69C . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-19 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-19 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-19 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:40 . 659C04BB6086E480966FFD0D44F1CC4D . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:27 . 4CC4C2B7CCB5FCAEF5B73A26AB914B0D . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-19 14:39 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 6D9421A648F26B8640C63D0F8F2B7D48 . 1030144 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . EB1428078E1D10FDEC060857AA526A9F . 1028608 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-19 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 78BE48208966D99840C6F3DC76619C6E . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . B737A3DA2C0A605CE2C7E118C59F38C7 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-19 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2009-10-22 . 97DA2BA7C17D5D6404A92375CCD485C9 . 5939712 . . [8.00.6001.18852] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-10-22 . 83E7AF0C577D813124C4AE6D188C8D58 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . BB2407CD8BAF3C0B0DFCB293492D4233 . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . FBE19F692A6C20D34D3DDBC0A6B4A0DB . 3598336 . . [7.00.6000.16915] . . c:\windows\SoftwareDistribution\Download\520dcdfbfccdaf4bff8cf0f495d5dbb5\sp3gdr\mshtml.dll
[-] 2009-08-29 . 68B859DDC8FF192D9FFC02229B6BE355 . 3600384 . . [7.00.6000.21115] . . c:\windows\SoftwareDistribution\Download\520dcdfbfccdaf4bff8cf0f495d5dbb5\sp3qfe\mshtml.dll
[-] 2009-07-19 . C1ABBFE345CC9557BAA8FBDC8B572D06 . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . A171E96E5830B6C269591415997C15C8 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2008-12-14 . CADF596CB8474DDFB28B57C3F7ADE8A9 . 5699584 . . [8.00.6001.22342] . . c:\windows\$hf_mig$\KB960714-IE8\SP3QFE\mshtml.dll
[-] 2008-06-24 . 080DEB244585EB5772F6E6DEA75B4380 . 3592192 . . [7.00.6000.16705] . . c:\windows\system32\mshtml.dll
[-] 2008-06-24 . 080DEB244585EB5772F6E6DEA75B4380 . 3592192 . . [7.00.6000.16705] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-10-31 . 27680AEB8ED2343C69D05F665C447DF7 . 3590656 . . [7.00.6000.16587] . . c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2GDR\mshtml.dll
[-] 2007-10-30 . 20CEFA564453AE90B668577DA3E012E4 . 3593216 . . [7.00.6000.20710] . . c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2QFE\mshtml.dll
[-] 2007-10-30 . 5F93CA3D8887F6F7BCD01BE44A05442D . 3086848 . . [6.00.2900.3243] . . c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-10-30 . 7596E918B731063DFE5619012CBD7D51 . 3079680 . . [6.00.2900.3243] . . c:\windows\$NtUninstallKB942615$\mshtml.dll
[-] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB942615_0$\mshtml.dll

[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 763EA08993B467A3AF048EF185B1F805 . 2185856 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5EC517CC0865808DF80D2184B0131D27 . 2184064 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 84E6643DB22C06128576AFBF89DFEE70 . 2183040 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2004-08-19 . 4591CF1F202181113DE2996E79A2905A . 2184704 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 9D6561AA09637E38E6449C711343CCAD . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 3A4C429F316C510C3E4C5F2FC7372C26 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-19 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-08-29 . CFA6FEE390549F82BC9A1FBF616CE8FE . 916480 . . [8.00.6001.18828] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-08-29 . 1680D62563A5081A85754528AAF77D1E . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-08-29 . 4E3FF8C9D1ADDA0342306E731905FA06 . 832512 . . [7.00.6000.16915] . . c:\windows\SoftwareDistribution\Download\520dcdfbfccdaf4bff8cf0f495d5dbb5\sp3gdr\wininet.dll
[-] 2009-08-29 . EFC043E6C9D34BA3B22CE51347F08D32 . 840704 . . [7.00.6000.21115] . . c:\windows\SoftwareDistribution\Download\520dcdfbfccdaf4bff8cf0f495d5dbb5\sp3qfe\wininet.dll
[-] 2009-07-03 . D58780F07D0F5C83B3DB634BBB273D39 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 4D9C680641CC367FEEFE308C6577E0CD . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2008-06-23 . 4B54220877703198E55F61CB7B87979E . 826368 . . [7.00.6000.16705] . . c:\windows\system32\wininet.dll
[-] 2008-06-23 . 4B54220877703198E55F61CB7B87979E . 826368 . . [7.00.6000.16705] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-10-11 . CC4B88C2A9B3B458281C099CBC186DBA . 662016 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-10-11 . FDED5964CCFCFA72F70CCFCC8C29BBBB . 668672 . . [6.00.2900.3231] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-10-10 . 419A6F3D56E469BCBE71128A78463DA4 . 824832 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2GDR\wininet.dll
[-] 2007-10-10 . 714D8A2B05B2AAF0C6A39241A1ED914F . 825344 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2QFE\wininet.dll
[-] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB942615_0$\wininet.dll

[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . FAD73705BED0910E910DE852B0F8AEBC . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 89F95338182388B65DC381AEAAB62079 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
[-] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2003-04-08 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2003-04-08 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2006-11-01 19:18 . BB6786F692227DD59F1C872CCA19282D . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2003-04-08 19:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-19 14:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-19 14:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . F89D8E24FBE047506D60B850D00BDEE3 . 2063104 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 49BAEA1D9379DF8CD897AFF9F49BC9DE . 2061312 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 8F485CF9683F1220BA27D10281052FCE . 2060544 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2004-08-19 . 4DC3A3626B02C39AA69AAE6F64BFBC2D . 2060544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-19 14:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 5BD44542E87E1343E8D69EB95DF7685D . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 66A6CC644A3453E2C912CF5DFFE9F2DC . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-29_16.09.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-04-08 19:00 . 2009-08-13 15:15 512000 c:\windows\system32\jscript.dll
- 2003-04-08 19:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2008-05-09 10:53 . 2009-08-13 15:15 512000 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TapiSrv"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98b0686fb44c0"=2 (0x2)
"ERSvc"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"SwPrv"=3 (0x3)
"dmadmin"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Pier Luigi\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Pier Luigi\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [15/10/2009 15.31.26 44288]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\programmi\HWiNFO32\HWiNFO32.SYS [31/12/2007 12.33.38 8192]
S0 Lbd;Lbd; [x]
S3 5332;5332;c:\windows\system32\5332.sys [29/11/2009 17.38.14 54624]
S3 64f8;64f8;c:\windows\system32\64f8.sys [29/11/2009 18.12.52 54624]
S3 6f36;6f36;c:\windows\system32\6f36.sys [29/11/2009 17.32.03 54624]
S3 d8a7;d8a7;\??\c:\windows\system32\d8a7.sys --> c:\windows\system32\d8a7.sys [?]
S3 f2b4;f2b4;\??\c:\windows\system32\f2b4.sys --> c:\windows\system32\f2b4.sys [?]
S3 f2eA;f2eA;\??\c:\windows\system32\f2eA.sys --> c:\windows\system32\f2eA.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/08/2009 16.10.04 7680]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [29/11/2009 14.31.17 34760]
S3 SDTHelper;Helper driver for SDT-Tool;c:\documents and settings\Pier Luigi\Desktop\radix_installer\SDTHLPR.sys [21/05/2009 22.11.32 13385]
S3 utm1nzm4;AVZ Kernel Driver; [x]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [07/08/2009 16.11.23 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [07/08/2009 16.11.05 104960]
S4 gupdate1c98b0686fb44c0;Google Update Service (gupdate1c98b0686fb44c0); [x]
S4 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [21/10/2009 10.37.16 69632]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fastweb.it\wmail
FF - ProfilePath - c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 23:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Internet Explorer
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Internet Explorer\Quick Launch
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Credentials
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Credentials\S-1-5-21-790525478-764733703-854245398-1004

Scansione completata con successo
Files nascosti: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-790525478-764733703-854245398-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\netdde.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-29 23:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-29 22:38
ComboFix2.txt 2009-11-29 16:17

Pre-Run: 18.362.138.624 byte disponibili
Post-Run: 18.409.885.696 byte disponibili

- - End Of File - - B467DC51649E40475BF24E903A478A6B
r16
Inviato: Sunday, November 29, 2009 11:55:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Internet Explorer
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Internet Explorer\Quick Launch
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Credentials
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Credentials\S-1-5-21-790525478-764733703-854245398-1004

Driver::
Lbd
5332
64f8
6f36
d8a7
f2b4
f2eA
utm1nzm4
gupdate1c98b0686fb44c0

Folder::
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Internet Explorer
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Internet Explorer\Quick Launch
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Credentials
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN\Credentials\S-1-5-21-790525478-764733703-854245398-1004
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN

Dirlook::
c:\documents and settings\Pier Luigi\Dati applicazioni\Microsoft.REN



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
icollaboratore
Inviato: Wednesday, December 02, 2009 10:08:23 PM
Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50
Ciao,

con Combo non ho risolto. Ho usato Radix che ha neutralizzato la cartella infetta trasformandola in un file tmp (che non riesco a cancellare). I fastidi sono scomparsi ma il pc rileva ancora come attivo microsoft essentials. Inoltre ci sono alcuni file che radix mi segnala come sospetti (potrebbero comunque essere finti positivi). faccio una scansione con combo o ti posto i file sospetti?
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.