Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

virus Trojan.Mebroot.B. Aiutoo !!!! Opzioni
jossgp
Inviato: Wednesday, March 10, 2010 12:40:12 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
Ciao a tutti,

Mi rivolgo a Voi perchèho visto altri hread con un problema simile / se non identico al mio).

credo che il problema si un MBRrootkit . Seguento un altro thread simile mi sono scaricato GMer e Mbr e gli ho lanciati :

Quando ho lanciato in modalità provvisoria il comando :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8636ebd0
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x86310330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

ho ricevuto questo log.

Poi ho eseguito anche Norman il quali mi dice che non ha trovato nulla

Dopodichè ho rilanciato mbr.exe senza -f e dove mi dice di eseguire Fixmbr :

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8636ebd0
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x86310330
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
Use "Recovery Console" command "fixmbr" to clear infection !

Ora vorrei il vostro aiuto per capire cosa posso fare :

tra l'altro io ho nella macchina 2 HDD , il primo HDD con vista e due partizioni C-D e il secondo con XP anche lui con 2 partizioni E-F. Il sistema XP SP3 sta in E:\

se devo fare il fixmbr l'ho devo fare nel disco E: ? è corretto ? . Ve lo chiedo perchè non ho chiaro qualcosa, ciè mi sembra di avere letto che di MBR c'è nè uno solo all'inizio del primo disco.

E' necessario che reinstalli anche il driver realtek incriminato.

Aiutatemi , per favore sono bloccato !!



Sponsor
Inviato: Wednesday, March 10, 2010 12:40:12 PM

 
r16
Inviato: Wednesday, March 10, 2010 1:16:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Se il S.O si trova in E:\

Fai così:

Scarica MBR:EXE direttamente nella Directory E: (Devi scaricarlo obligatoriamente in E: )

http://www2.gmer.net/mbr/mbr.exe

Riavvia il Pc in modalità provvisoria F8

Clicca Start

Clicca Esegui...
Digita E:\mbr.exe -f (fai il copia-incolla, in quanto c'è uno spazio da rispettare dopo .exe) e clicca su OK
La scansione dura pochi secondi.
Riavvia il pc

Posta qui il contenuto del log E:\mbr.log
*********************************************************************************
Poi:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
jossgp
Inviato: Wednesday, March 10, 2010 1:31:24 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
ciao, grazie per avere risposto

ecco il log del comando mbr.exe -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8636ebd0
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x86310330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfull

PS. mi manca ancora il log di combofix appena finisce te lo mando
r16
Inviato: Wednesday, March 10, 2010 1:32:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
L'MBR è stato riparato.
Commenta:
original MBR restored successfull

Fai la scansione con Combofix.
jossgp
Inviato: Wednesday, March 10, 2010 2:08:16 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
Okay , fatto .


ComboFix 10-03-09.08 - Joss 10/03/2010 13.51.18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3070.2411 [GMT 1:00]
Eseguito da: e:\antivirus\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
e:\$recycle.bin\S-1-5-21-736001248-402899374-3237261039-1000
e:\windows\system32\hdoxx
e:\windows\system32\ide.txt
e:\windows\system32\lrg.txt
e:\windows\system32\qks.txt
e:\windows\system32\xef.txt

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Creati Da 2010-02-10 al 2010-03-10 )))))))))))))))))))))))))))))))))))
.

2010-02-27 07:37 . 2010-02-25 07:43 5115824 ----a-w- E:\mbam-setup.exe
2010-02-25 12:05 . 2010-03-10 00:12 -------- d-----w- e:\documents and settings\HelpAssistant
2010-02-25 12:05 . 2010-03-09 22:43 -------- d--h--r- e:\documents and settings\HelpAssistant\Dati applicazioni
2010-02-25 12:05 . 2010-02-26 17:41 -------- d--h--w- e:\documents and settings\HelpAssistant\Modelli
2010-02-25 12:05 . 2010-02-26 17:41 -------- d--h--w- e:\documents and settings\HelpAssistant\Impostazioni locali
2010-02-25 12:05 . 2010-02-26 17:41 -------- d-----w- e:\documents and settings\HelpAssistant\Documenti
2010-02-25 12:05 . 2010-02-26 17:41 -------- d-----w- e:\documents and settings\HelpAssistant\Preferiti
2010-02-25 11:29 . 2010-02-25 11:27 3777280 ----a-w- e:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-02-25 11:29 . 2010-02-25 11:27 1260800 ----a-w- e:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-02-25 11:27 . 2010-02-25 11:27 -------- d-----w- E:\$AVG
2010-02-25 11:27 . 2010-02-25 11:27 360584 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2010-02-25 11:27 . 2010-02-25 11:27 12464 ----a-w- e:\windows\system32\avgrsstx.dll
2010-02-25 11:27 . 2010-02-25 11:27 333192 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2010-02-25 11:27 . 2010-02-25 11:27 28424 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2010-02-25 11:27 . 2010-03-09 21:54 -------- d-----w- e:\windows\system32\drivers\Avg
2010-02-25 11:26 . 2010-02-25 11:26 -------- d-----w- e:\programmi\AVG
2010-02-25 11:26 . 2010-02-25 11:26 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-25 11:18 . 2010-03-10 09:52 -------- d-----w- E:\temp
2010-02-25 10:22 . 2010-02-25 10:22 -------- d-----w- e:\documents and settings\Joss.JOSS_XPHP\Dati applicazioni\Malwarebytes
2010-02-25 08:28 . 2010-01-07 15:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 08:28 . 2010-02-27 07:37 -------- d-----w- e:\programmi\Malwarebytes' Anti-Malware
2010-02-25 08:28 . 2010-01-07 15:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-02-25 08:12 . 2010-02-25 08:12 -------- d-----w- e:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-24 18:46 . 2009-10-05 23:00 588288 ----a-w- e:\windows\system32\Notepad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 22:21 . 2010-03-09 22:02 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-03-09 22:20 . 2003-04-08 12:00 80428 ----a-w- e:\windows\system32\perfc010.dat
2010-03-09 22:20 . 2003-04-08 12:00 480668 ----a-w- e:\windows\system32\perfh010.dat
2010-03-09 22:19 . 2010-03-09 22:19 53136 ----a-w- e:\windows\system32\PxSecure.dll
2010-03-09 22:19 . 2010-03-09 22:19 47664 ----a-w- e:\windows\system32\drivers\pxrts.sys
2010-03-09 22:19 . 2010-03-09 22:19 30280 ----a-w- e:\windows\system32\drivers\pxscan.sys
2010-03-09 22:19 . 2010-03-09 22:19 24496 ----a-w- e:\windows\system32\drivers\pxkbf.sys
2010-03-09 22:19 . 2010-03-09 22:19 -------- d-----w- e:\programmi\Prevx
2010-03-09 21:02 . 2010-03-10 12:30 77312 ----a-w- E:\mbr.exe
2010-02-26 17:41 . 2010-02-25 14:45 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-02-25 14:48 . 2010-02-25 14:48 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-02-04 23:16 . 2009-06-04 14:37 -------- d-----w- e:\programmi\Microsoft ActiveSync
2010-01-26 18:07 . 2008-09-29 12:03 -------- d-----w- e:\programmi\File comuni\ASNA Shared
2010-01-20 15:54 . 2009-01-16 10:58 -------- d-----w- e:\documents and settings\Joss.JOSS_XPHP\Dati applicazioni\U3
2010-01-20 08:28 . 2010-01-20 08:28 -------- d-----w- e:\documents and settings\Joss.JOSS_XPHP\Dati applicazioni\UltraVNC
2010-01-11 13:56 . 2010-01-08 17:06 162816 ----a-w- e:\windows\system32\fmod.dll
2010-01-07 19:52 . 2008-10-29 15:50 63584 ----a-w- e:\documents and settings\Joss.JOSS_XPHP\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-07 19:47 . 2010-01-07 19:47 125936 ----a-w- e:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-17 14:02 . 2009-12-17 14:02 133648 ----a-w- e:\windows\system32\VBoxNetFltNotify.dll
2009-12-17 14:02 . 2009-12-17 14:02 110096 ----a-w- e:\windows\system32\drivers\VBoxNetFlt.sys
2009-12-17 14:02 . 2009-04-13 18:31 99152 ----a-w- e:\windows\system32\drivers\VBoxNetAdp.sys
2009-12-17 14:02 . 2008-10-17 11:48 41616 ----a-w- e:\windows\system32\drivers\VBoxUSBMon.sys
2009-12-17 14:02 . 2008-10-17 11:48 123280 ----a-w- e:\windows\system32\drivers\VBoxDrv.sys
2008-10-28 15:31 . 2008-10-28 15:31 3162 ----a-w- e:\programmi\iohv.txt
.

------- Sigcheck -------

[-] 2008-09-14 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . e:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-14 8527872]
"nwiz"="nwiz.exe" [2008-09-14 1626112]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-14 81920]
"SMSERIAL"="e:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 634880]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-09 16854528]
"SynTPStart"="e:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QlbCtrl"="e:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UnlockerAssistant"="e:\programmi\Unlocker\UnlockerAssistant.exe" [2008-10-28 15872]
"WHITNEY_S2P"="e:\programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2005-02-15 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

e:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - e:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Microsoft Office.lnk - e:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-25 11:27 12464 ----a-w- e:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\WINDOWS\\system32\\LMabcoms.exe"=
"f:\\PenDrive\\winPenPack\\Bin\\uTorrent\\utorrent.exe"=
"f:\\Programmi\\12-Voip\\{app}\\12Voip.exe"=
"f:\\Programmi\\eMule0.49b\\emule.exe"=
"e:\\WINDOWS\\system32\\mmc.exe"=
"f:\\Programmi\\uTorrent\\uTorrent.exe"=
"e:\programmi\Microsoft ActiveSync\rapimgr.exe"= e:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\programmi\Microsoft ActiveSync\wcescomm.exe"= e:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\programmi\Microsoft ActiveSync\WCESMgr.exe"= e:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\Programmi\\totalcmd750\\TOTALCMD.EXE"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Progetti_PDA\\PDALab\\_TCPFileTransfer\\FileTransfer\\Server\\bin\\Debug\\FileServer.exe"=
"f:\\Progetti_PDA\\PDALab\\_TCPFileTransfer\\FileTransfer\\Server\\bin\\Release\\FileServer.exe"=
"e:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"e:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"e:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2059:TCP"= 2059:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"7710:TCP"= 7710:TCP:Services

R0 pxscan;pxscan;e:\windows\system32\drivers\pxscan.sys [09/03/2010 23.19.46 30280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [25/02/2010 12.27.19 333192]
R1 AvgTdiX;AVG Free Network Redirector;e:\windows\system32\drivers\avgtdix.sys [25/02/2010 12.27.22 360584]
R1 VBoxDrv;VirtualBox Service;e:\windows\system32\drivers\VBoxDrv.sys [17/10/2008 12.48.36 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;e:\windows\system32\drivers\VBoxUSBMon.sys [17/10/2008 12.48.39 41616]
R2 Acceler8DB Server;Acceler8DB Server;e:\programmi\ASNA\ADB Engine 4.7\adbntsvc.exe [29/09/2008 13.04.37 501408]
R2 avg9emc;AVG Free E-mail Scanner;e:\programmi\AVG\AVG9\avgemc.exe [25/02/2010 12.27.01 906520]
R2 avg9wd;AVG Free WatchDog;e:\programmi\AVG\AVG9\avgwdsvc.exe [25/02/2010 12.26.58 285392]
R2 CSIScanner;CSIScanner;e:\programmi\Prevx\prevx.exe [09/03/2010 23.19.45 6259392]
R2 pxrts;pxrts;e:\windows\system32\drivers\pxrts.sys [09/03/2010 23.19.46 47664]
R3 pxkbf;pxkbf;e:\windows\system32\drivers\pxkbf.sys [09/03/2010 23.19.46 24496]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;e:\windows\system32\drivers\VBoxNetAdp.sys [13/04/2009 19.31.00 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;e:\windows\system32\drivers\VBoxNetFlt.sys [17/12/2009 15.02.34 110096]
S3 FreeOTFE;FreeOTFE;f:\programmi\FreeOTFE\x86\FreeOTFE.sys [17/12/2009 14.01.38 31856]
S3 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;f:\programmi\FreeOTFE\x86\FreeOTFECypherAES_ltc.sys [17/12/2009 14.01.38 47216]
S3 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;f:\programmi\FreeOTFE\x86\FreeOTFECypherBlowfish.sys [17/12/2009 14.01.38 25200]
S3 FreeOTFECypherCAST5;FreeOTFECypherCAST5;f:\programmi\FreeOTFE\x86\FreeOTFECypherCAST5.sys [17/12/2009 14.01.38 31088]
S3 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;f:\programmi\FreeOTFE\x86\FreeOTFECypherCAST6_Gladman.sys [17/12/2009 14.01.38 29808]
S3 FreeOTFECypherDES;FreeOTFECypherDES;f:\programmi\FreeOTFE\x86\FreeOTFECypherDES.sys [17/12/2009 14.01.38 56816]
S3 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;f:\programmi\FreeOTFE\x86\FreeOTFECypherMARS_Gladman.sys [17/12/2009 14.01.38 26480]
S3 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;f:\programmi\FreeOTFE\x86\FreeOTFECypherRC6_ltc.sys [17/12/2009 14.01.38 26096]
S3 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;f:\programmi\FreeOTFE\x86\FreeOTFECypherSerpent_Gladman.sys [17/12/2009 14.01.38 29168]
S3 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;f:\programmi\FreeOTFE\x86\FreeOTFECypherTwofish_ltc.sys [17/12/2009 14.01.38 31856]
S3 FreeOTFEHashMD;FreeOTFEHashMD;f:\programmi\FreeOTFE\x86\FreeOTFEHashMD.sys [17/12/2009 14.01.38 16880]
S3 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;f:\programmi\FreeOTFE\x86\FreeOTFEHashRIPEMD.sys [17/12/2009 14.01.38 32624]
S3 FreeOTFEHashSHA;FreeOTFEHashSHA;f:\programmi\FreeOTFE\x86\FreeOTFEHashSHA.sys [17/12/2009 14.01.38 26224]
S3 FreeOTFEHashTiger;FreeOTFEHashTiger;f:\programmi\FreeOTFE\x86\FreeOTFEHashTiger.sys [17/12/2009 14.01.38 22128]
S3 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;f:\programmi\FreeOTFE\x86\FreeOTFEHashWhirlpool.sys [17/12/2009 14.01.38 30704]
S3 kqemu;KQEMU virtualisation module for QEMU;e:\windows\system32\drivers\kqemu.sys [15/09/2008 19.30.35 123939]
S3 NDISKIO;NDISKIO;\??\e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\ndiskio.sys --> e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\ndiskio.sys [?]
S3 qcusbser;ACER USB Device for Legacy Serial Communication;e:\windows\system32\drivers\qcusbser.sys [08/01/2010 19.06.10 112672]
S3 UnhookMBRS;UnhookMBRS;\??\e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\unhookmbrs.sys --> e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\unhookmbrs.sys [?]
S3 VBoxUSB;VirtualBox USB;e:\windows\system32\drivers\VBoxUSB.sys [11/11/2009 21.14.56 32016]
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
TCP: {46B013CF-128D-45CA-A2D6-0B8E71F4A2D5} = 8.8.8.8,8.8.4.4
TCP: {8C779A80-D815-4F88-BC54-834B33B63913} = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr
AddRemove-Mozilla Firefox (2.0.0.20) - f:\progra~1\FIREFO~1\APP\firefox\uninstall\helper.exe
AddRemove-Notepad++ - c:\program files\Notepad++\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 13:59
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-842925246-1454471165-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3242E8EA-AD33-91D3-358A-CD8C9344EB0E}*]
"namodbdeclcfokmicjalpkenkcbh"=hex:6a,61,68,6e,6a,6b,67,65,6f,70,68,69,6e,64,
6f,6f,64,67,6c,64,00,21
"oagonnjiclbfaincoegepllnkjinne"=hex:6a,61,6b,6d,67,6b,62,6f,70,6a,66,6c,6d,68,
67,6d,6a,66,6a,6b,00,21

[HKEY_LOCAL_MACHINE\software\ASNA\Shared\Security Provider*Wrong guess again!]
"<No Name>"="{2450E0A7-8BD3-4937-B823-E80C371897F8}"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3832)
e:\windows\system32\btmmhook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
e:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
e:\programmi\AVG\AVG9\avgchsvx.exe
e:\programmi\AVG\AVG9\avgrsx.exe
e:\programmi\AVG\AVG9\avgcsrvx.exe
e:\programmi\Java\jre6\bin\jqs.exe
e:\programmi\CDBurnerXP\NMSAccessU.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wdfmgr.exe
e:\programmi\AVG\AVG9\avgnsx.exe
e:\programmi\AVG\AVG9\avgcsrvx.exe
e:\windows\system32\wscntfy.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\windows\system32\RUNDLL32.EXE
e:\windows\RTHDCPL.EXE
e:\programmi\Microsoft ActiveSync\wcescomm.exe
e:\programmi\Synaptics\SynTP\SynTPEnh.exe
e:\progra~1\MICROS~4\rapimgr.exe
e:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-10 14:01:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-10 13:01

Pre-Run: 18.752.069.632 byte disponibili
Post-Run: 18.730.434.560 byte disponibili

- - End Of File - - 221B8D6B22929E00E66F15C4CCF4DC87

C'è ancora qualche altra cosa che devo fare ?

La cartell HelpAssistant la devo cancellare come consigliano ?
Devo aggiornare i driver di rete Realtek RTL8168 ?

Intanto grazie di tutto e anche per la celerità.

r16
Inviato: Wednesday, March 10, 2010 2:41:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Perbacco, sei talmente pieno, che ho difficoltà da dove cominciare....
Persino tracce di Beagle, ci sono.
Elimina i Crack che hai scaricato dai P2P. ( Responsabili del Beagle)
Svuota il cestino.
Cominciamo con Beagle:

Scarica Findykill:
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
installa FindyKill .
chiudi tutte le eventuali applicazioni aperte (antivirus, firewall e programmi "residenti")
disconnettiti da Internet
sconnetti, fisicamente, il modem dal computer.
avvia il tool e digita F per impostare la lingua;
clicca su 2 - Suppression des fichiers infectieux (Eliminazione dei file infetti)
al termine dell'operazione verrà rilasciato un log: salvalo sul Desktop, e postalo qui.
P.S:
Potranno esserci dei riavvii, non preoccuparti, è il programma che stà lavorando.
jossgp
Inviato: Wednesday, March 10, 2010 6:14:45 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
scusa , sono rientrato ora dal dentista. ... (anche quello )

Grazie ora comnicio da dove mia hi detto.

A tra poco ..
jossgp
Inviato: Wednesday, March 10, 2010 6:27:37 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
Scusa , ho già lanciato FindyKill , poi ho riletto la riga dei crackda l p2p. Ma dove sono questi crack ? IO scarico di solito musica e miè capitato qualche cosa di cui non ricordo neanche di preciso.

Ho l'abitudie di usare prodotti opensource. però può essere che mio fratello ... boh ! , adesso indago.
Comunque dove sarebbero , posso vederli in qualche riga del log ?
simo95
Inviato: Wednesday, March 10, 2010 6:45:03 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
jossgp ha scritto:
Scusa , ho già lanciato FindyKill , poi ho riletto la riga dei crackda l p2p. Ma dove sono questi crack ? IO scarico di solito musica e miè capitato qualche cosa di cui non ricordo neanche di preciso.

Ho l'abitudie di usare prodotti opensource. però può essere che mio fratello ... boh ! , adesso indago.
Comunque dove sarebbero , posso vederli in qualche riga del log ?


Probabilmente, li scoverai osservando il log di FindyKill, se non ci pensa già lui a fare piazza pulita..
jossgp
Inviato: Wednesday, March 10, 2010 7:17:34 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
Grazie simo95 per la info, ma senti .. Ho provato a rivedere il log di combofix e vorrei chiederti :

1. Tutta quella lista è relativa a cose che non dovrebbero esserci ???
2. .. O ci sono anche solo degli avvertimenti ??
3. per esempio non so come leggere le righe relative a questi programmi
FreeOTFEHashMD
e:\programmi\File comuni\ASNA Shared
e:\windows\system32\avgrsstx.dll
e:\programmi\Microsoft ActiveSync

che per me sono assolutamente tranquilli .. sono il database che utilizza per lavoro , la gestione di cryptazione dei dati ( opensource) .. ancora l'active sync ..etcc boh!!! , non so leggerlo , ma non vorrei che mispazzasse via cose importanti come il DB

Puoi darmi qualche chiarimento , Intanto findyKill è al 40% perchè si sta facendo anche le partizioni vista sul primo disco. E' giusto così ??


EDIT :
Hei , ma con che criterio considera i file , perchè sta scansionando il file openclipart-0.19.zip di 480MB ed è più di 30 minuti. Possibile! sicuri che non si pianti.
Se poi legge le virtualmachine di linux etcc di alemo 10GB l'una che fa ?

EDIT2 :ore 21.45
Ormai sono 3 0re ed è sempre al 40%. La scansione è molto lenta. deve essere cosi ? o c'è dell'altro ?

EDIT3: ore 22.14
Sul desktop si è chiusa la finestra dove era in esecuzione il pgm ma non è comparso nessun log. Sul desktop non c'è nulla nessuna icona , status bar , nulla.
Così era comparso dopo un primo riavvio . Ora è li , che faccio . devo spegnere di brutto il pc ???

EDIT4: ore 22.30
Sono ricomparse le icone nel desktop e la taskbar. Ho trovato una cartella FyK con dentro un po di cose. Ditemi cosa vi devomandare.
grazie .. a domani


r16
Inviato: Wednesday, March 10, 2010 11:20:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
E' lento perchè deve scansionare una montagna di file.
Li sfoltiamo così:
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)
Conferma con Applica e poi OK.
Poi:
Dal Pannello di Controllo vai in Strumenti di Amministrazione ed apri Gestione Computer.
Espandi(clicca sul +) la visualizzazione di Utenti e gruppi locali.
Clicca una volta, sopra la cartellina Users,e sulla destra della pagina,trovi l'account HelpAssistant.
Clicca con il tasto destro del mouse, sull'account HelpAssistant.
clicca su: Proprietà.
Nella finestra di dialogo Proprietà metti la spunta, a l'opzione: Account disabilitato.
Poi, clicca nuovamente su: Proprietà, clicca sulla tabella in alto: "Membro di" e se nel box appare Amministratore, selezionalo, e premi il tasto "Rimuovi": in questo modo si esclude l'account HelpAssistant dal gruppo Amministratori.

A questo punto, si devono eliminare TUTTE le cartelle HelpAssistant in E:\ Documents and Settings\ HelpAssistant
Svuota il Cestino.
Riavvia il pc.

Rifai la scansione con FindKill.
jossgp
Inviato: Thursday, March 11, 2010 9:17:42 AM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
Ciao,

Come ti ho detto finalmente è ripartito tutto.
L'utente help assistant l'avevo già disabilitato. non avevo ancora rimosso perchè aspettavo istruzioni.

Per la parte explorer io uso totalcommander dove ho impostato la visualizzazione di tutti i file. va bene lo stesso ?.

mentre ti scrivo ho ancora lanciato windowsupdate per aggiornare tutte le patch mancanti.

Dimmi : della cartella FyK ci faccio qualcosa, devo inviarti qualcosa ?

jossgp
Inviato: Thursday, March 11, 2010 12:16:05 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
Okay , ho fatto tutto.

La macchina è ripartitia. passo successivo ?
paolopa
Inviato: Thursday, March 11, 2010 12:21:37 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
devi inviare il log di findykill
jossgp
Inviato: Thursday, March 11, 2010 12:25:39 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
Ecoo qui il log :

############################## | FindyKill V5.037 |

# User : Joss (Users) # JOSS_XPHP
# Update on 18/02/2010 by El Desaparecido
# Start at: 9.53.38 | 11/03/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Processore Intel Pentium III Xeon
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 9.0 [ (!) Disabled | Updated ]

# C:\ # Disco rigido locale # 221,02 Go (185,64 Go free) [Vista] # NTFS
# D:\ # Disco rigido locale # 11,86 Go (11,77 Go free) [Vista] # NTFS
# E:\ # Disco rigido locale # 29,29 Go (16,59 Go free) [XP] # NTFS
# F:\ # Disco rigido locale # 203,58 Go (100,91 Go free) [XP] # NTFS
# G:\ # Disco CD-ROM

############################## | Processus actifs |

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\logonui.exe
E:\Programmi\AVG\AVG9\avgchsvx.exe
E:\Programmi\AVG\AVG9\avgrsx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\AVG\AVG9\avgcsrvx.exe
E:\WINDOWS\system32\svchost.exe
E:\Programmi\ASNA\ADB Engine 4.7\adbntsvc.exe
E:\Programmi\AVG\AVG9\avgwdsvc.exe
E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
E:\Programmi\Java\jre6\bin\jqs.exe
E:\Programmi\CDBurnerXP\NMSAccessU.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Programmi\AVG\AVG9\avgnsx.exe
E:\Programmi\AVG\AVG9\avgemc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programmi\AVG\AVG9\avgcsrvx.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\system32\userinit.exe
E:\WINDOWS\system32\KB905474\wgasetup.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\KB905474\wgasetup.exe

################## | E: |

################## | E:\WINDOWS |

################## | E:\WINDOWS\Prefetch |

################## | E:\WINDOWS\system32 |

################## | E:\WINDOWS\system32\drivers |

################## | E:\Documents and Settings\Joss.JOSS_XPHP\Dati applicazioni |

################## | MD5 ... |

################## | CRC32 ... |

r16
Inviato: Thursday, March 11, 2010 1:26:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

RegNull::
[HKEY_USERS\S-1-5-21-842925246-1454471165-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3242E8EA-AD33-91D3-358A-CD8C9344EB0E}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\ASNA\Shared\Security Provider*Wrong guess again!]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.
N.B:
Se il pc non si riavvia, riavvialo tu.
*********************************************************************************
Poi:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
jossgp
Inviato: Thursday, March 11, 2010 4:20:56 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
scusa , ho nel frattempo sbrigato un po di telefonate.

Ora eseguo il tutto.

edit :
Scusa , ma ho buttato l'occhio su quella chiave di asna. Mi puoi spiegare che fa , perchè quello è DB che utilizzo tutti i giorni.

jossgp
Inviato: Thursday, March 11, 2010 5:48:18 PM
Rank: Member

Iscritto dal : 3/10/2010
Posts: 24
Ecco i risultati :

ComboFix
ComboFix 10-03-09.08 - Joss 11/03/2010 16.24.21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3070.2440 [GMT 1:00]
Eseguito da: e:\antivirus\ComboFix.exe
Opzioni usate :: e:\antivirus\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-02-11 al 2010-03-11 )))))))))))))))))))))))))))))))))))
.

2010-03-11 08:17 . 2010-03-11 08:17 -------- d-----w- e:\windows\system32\KB905474
2010-03-11 08:17 . 2009-03-10 21:26 1437568 ----a-w- e:\windows\system32\KB905474\wganotifypackageinner.exe
2010-03-11 08:17 . 2009-03-10 21:18 454016 ----a-w- e:\windows\system32\KB905474\wgasetup.exe
2010-03-11 08:16 . 2010-02-12 10:03 293376 ------w- e:\windows\system32\browserchoice.exe
2010-03-11 08:15 . 2009-12-04 18:22 455424 -c----w- e:\windows\system32\dllcache\mrxsmb.sys
2010-03-11 08:11 . 2009-12-09 10:07 2192896 -c----w- e:\windows\system32\dllcache\ntoskrnl.exe
2010-03-11 08:11 . 2009-12-09 10:07 2148864 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-11 08:11 . 2009-12-09 10:07 2027520 -c----w- e:\windows\system32\dllcache\ntkrpamp.exe
2010-03-10 17:18 . 2010-03-11 11:07 -------- d-----w- E:\FyK
2010-03-10 12:30 . 2010-03-09 21:02 77312 ----a-w- E:\mbr.exe
2010-03-10 12:24 . 2010-03-10 12:24 -------- d-----w- e:\documents and settings\Administrator\DoctorWeb
2010-03-09 22:19 . 2010-03-09 22:19 53136 ----a-w- e:\windows\system32\PxSecure.dll
2010-03-09 22:19 . 2010-03-09 22:19 47664 ----a-w- e:\windows\system32\drivers\pxrts.sys
2010-03-09 22:19 . 2010-03-09 22:19 30280 ----a-w- e:\windows\system32\drivers\pxscan.sys
2010-03-09 22:19 . 2010-03-09 22:19 24496 ----a-w- e:\windows\system32\drivers\pxkbf.sys
2010-03-09 22:19 . 2010-03-09 22:19 -------- d-----w- e:\programmi\Prevx
2010-03-09 22:02 . 2010-03-10 23:14 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-03-09 21:53 . 2010-03-11 15:24 -------- d-----w- E:\AntiVirus
2010-02-27 07:37 . 2010-02-25 07:43 5115824 ----a-w- E:\mbam-setup.exe
2010-02-25 14:48 . 2010-02-25 14:48 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-02-25 14:45 . 2010-02-26 17:41 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-02-25 12:05 . 2010-03-11 08:47 -------- d-----w- e:\documents and settings\HelpAssistant
2010-02-25 11:29 . 2010-03-11 08:02 3777280 ----a-w- e:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-02-25 11:29 . 2010-03-11 08:02 1260800 ----a-w- e:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-02-25 11:27 . 2010-02-25 11:27 -------- d-----w- E:\$AVG
2010-02-25 11:27 . 2010-02-25 11:27 360584 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2010-02-25 11:27 . 2010-02-25 11:27 12464 ----a-w- e:\windows\system32\avgrsstx.dll
2010-02-25 11:27 . 2010-02-25 11:27 333192 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2010-02-25 11:27 . 2010-02-25 11:27 28424 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2010-02-25 11:27 . 2010-03-11 08:04 -------- d-----w- e:\windows\system32\drivers\Avg
2010-02-25 11:26 . 2010-03-11 08:02 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-25 11:26 . 2010-02-25 11:26 -------- d-----w- e:\programmi\AVG
2010-02-25 11:18 . 2010-03-10 09:52 -------- d-----w- E:\temp
2010-02-25 10:22 . 2010-02-25 10:22 -------- d-----w- e:\documents and settings\Joss.JOSS_XPHP\Dati applicazioni\Malwarebytes
2010-02-25 08:28 . 2010-01-07 15:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 08:28 . 2010-02-27 07:37 -------- d-----w- e:\programmi\Malwarebytes' Anti-Malware
2010-02-25 08:28 . 2010-01-07 15:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-02-25 08:12 . 2010-02-25 08:12 -------- d-----w- e:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-24 18:46 . 2009-10-05 23:00 588288 ----a-w- e:\windows\system32\Notepad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 08:19 . 2010-03-11 08:19 -------- d-----w- e:\programmi\MSXML 4.0
2010-03-09 22:20 . 2003-04-08 12:00 80428 ----a-w- e:\windows\system32\perfc010.dat
2010-03-09 22:20 . 2003-04-08 12:00 480668 ----a-w- e:\windows\system32\perfh010.dat
2010-02-04 23:16 . 2009-06-04 14:37 -------- d-----w- e:\programmi\Microsoft ActiveSync
2010-01-26 18:07 . 2008-09-29 12:03 -------- d-----w- e:\programmi\File comuni\ASNA Shared
2010-01-20 15:54 . 2009-01-16 10:58 -------- d-----w- e:\documents and settings\Joss.JOSS_XPHP\Dati applicazioni\U3
2010-01-20 08:28 . 2010-01-20 08:28 -------- d-----w- e:\documents and settings\Joss.JOSS_XPHP\Dati applicazioni\UltraVNC
2010-01-11 13:56 . 2010-01-08 17:06 162816 ----a-w- e:\windows\system32\fmod.dll
2010-01-07 19:52 . 2008-10-29 15:50 63584 ----a-w- e:\documents and settings\Joss.JOSS_XPHP\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-07 19:47 . 2010-01-07 19:47 125936 ----a-w- e:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-01-05 09:53 . 2008-04-13 17:13 832512 ----a-w- e:\windows\system32\wininet.dll
2010-01-05 09:53 . 2008-04-13 17:13 78336 ----a-w- e:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2008-04-13 17:13 17408 ----a-w- e:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-13 10:15 353792 ----a-w- e:\windows\system32\drivers\srv.sys
2009-12-17 14:02 . 2009-12-17 14:02 133648 ----a-w- e:\windows\system32\VBoxNetFltNotify.dll
2009-12-17 14:02 . 2009-12-17 14:02 110096 ----a-w- e:\windows\system32\drivers\VBoxNetFlt.sys
2009-12-17 14:02 . 2009-04-13 18:31 99152 ----a-w- e:\windows\system32\drivers\VBoxNetAdp.sys
2009-12-17 14:02 . 2008-10-17 11:48 41616 ----a-w- e:\windows\system32\drivers\VBoxUSBMon.sys
2009-12-17 14:02 . 2008-10-17 11:48 123280 ----a-w- e:\windows\system32\drivers\VBoxDrv.sys
2009-12-17 07:40 . 2008-09-14 13:05 346112 ----a-w- e:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-13 17:13 33280 ----a-w- e:\windows\system32\csrsrv.dll
2008-10-28 15:31 . 2008-10-28 15:31 3162 ----a-w- e:\programmi\iohv.txt
.

------- Sigcheck -------

[-] 2008-09-14 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . e:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-03-10_12.59.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 15:45 . 2008-09-30 15:45 91656 e:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2010-03-11 15:28 . 2010-03-11 15:28 16384 e:\windows\temp\Perflib_Perfdata_288.dat
+ 2008-04-13 17:13 . 2009-06-25 08:25 54272 e:\windows\system32\wdigest.dll
+ 2008-04-13 17:14 . 2010-01-23 08:11 46080 e:\windows\system32\tzchange.exe
+ 2008-04-13 17:14 . 2009-06-15 10:43 82432 e:\windows\system32\tlntsess.exe
+ 2008-04-13 17:14 . 2009-06-15 10:43 78336 e:\windows\system32\telnet.exe
- 2008-09-14 14:02 . 2007-11-30 11:18 26488 e:\windows\system32\spupdsvc.exe
+ 2008-09-14 14:02 . 2007-07-27 09:41 26488 e:\windows\system32\spupdsvc.exe
+ 2008-09-14 14:02 . 2008-07-08 13:06 18808 e:\windows\system32\spmsg.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 56832 e:\windows\system32\secur32.dll
+ 2003-04-08 12:00 . 2009-02-06 10:39 35328 e:\windows\system32\sc.exe
+ 2008-04-13 17:13 . 2009-10-12 13:38 79872 e:\windows\system32\raschap.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 79872 e:\windows\system32\raschap.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 44544 e:\windows\system32\pngfilt.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 44544 e:\windows\system32\pngfilt.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 91648 e:\windows\system32\mtxoci.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 91648 e:\windows\system32\mtxoci.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 66560 e:\windows\system32\mtxclu.dll
+ 2008-04-13 17:13 . 2008-06-12 14:21 66560 e:\windows\system32\mtxclu.dll
+ 2008-04-13 19:13 . 2009-11-27 17:12 17920 e:\windows\system32\msyuv.dll
+ 2003-04-08 12:00 . 2009-11-27 16:07 28672 e:\windows\system32\msvidc32.dll
+ 2008-04-13 17:13 . 2009-11-27 16:07 11264 e:\windows\system32\msrle32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 11264 e:\windows\system32\msrle32.dll
+ 2007-08-13 16:54 . 2010-01-05 09:53 52224 e:\windows\system32\msfeedsbs.dll
- 2007-08-13 16:54 . 2008-06-23 16:15 52224 e:\windows\system32\msfeedsbs.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 58880 e:\windows\system32\msdtclog.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 58880 e:\windows\system32\msdtclog.dll
+ 2008-04-13 17:13 . 2009-09-04 21:03 58880 e:\windows\system32\msasn1.dll
+ 2008-04-13 17:14 . 2008-06-10 04:52 96768 e:\windows\system32\logagent.exe
- 2008-04-13 17:14 . 2005-01-27 23:21 96768 e:\windows\system32\logagent.exe
+ 2008-04-13 17:13 . 2010-01-05 09:53 27648 e:\windows\system32\jsproxy.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 27648 e:\windows\system32\jsproxy.dll
+ 2008-04-13 19:13 . 2009-11-27 16:07 48128 e:\windows\system32\iyuv_32.dll
+ 2007-08-13 16:39 . 2009-12-31 15:34 13824 e:\windows\system32\ieudinit.exe
+ 2008-04-13 17:13 . 2010-01-05 09:53 44544 e:\windows\system32\iernonce.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 44544 e:\windows\system32\iernonce.dll
+ 2008-04-13 17:14 . 2009-12-31 15:34 70656 e:\windows\system32\ie4uinit.exe
- 2008-04-13 17:14 . 2008-06-23 09:22 70656 e:\windows\system32\ie4uinit.exe
+ 2007-08-13 16:36 . 2010-01-05 09:53 63488 e:\windows\system32\icardie.dll
- 2007-08-13 16:36 . 2008-06-23 16:15 63488 e:\windows\system32\icardie.dll
+ 2008-04-13 17:13 . 2009-10-15 16:29 81920 e:\windows\system32\fontsub.dll
+ 2008-04-13 09:31 . 2009-06-24 11:18 92928 e:\windows\system32\drivers\ksecdd.sys
+ 2008-04-13 17:13 . 2009-06-25 08:25 54272 e:\windows\system32\dllcache\wdigest.dll
+ 2008-04-13 17:14 . 2009-06-15 10:43 82432 e:\windows\system32\dllcache\tlntsess.exe
+ 2008-04-13 17:14 . 2009-06-15 10:43 78336 e:\windows\system32\dllcache\telnet.exe
+ 2008-04-13 17:13 . 2009-06-25 08:25 56832 e:\windows\system32\dllcache\secur32.dll
+ 2003-04-08 12:00 . 2009-02-06 10:39 35328 e:\windows\system32\dllcache\sc.exe
+ 2008-04-13 17:13 . 2009-10-12 13:38 79872 e:\windows\system32\dllcache\raschap.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 79872 e:\windows\system32\dllcache\raschap.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 44544 e:\windows\system32\dllcache\pngfilt.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 44544 e:\windows\system32\dllcache\pngfilt.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 91648 e:\windows\system32\dllcache\mtxoci.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 91648 e:\windows\system32\dllcache\mtxoci.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 66560 e:\windows\system32\dllcache\mtxclu.dll
+ 2008-04-13 17:13 . 2008-06-12 14:21 66560 e:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:12 . 2009-11-27 17:12 17920 e:\windows\system32\dllcache\msyuv.dll
+ 2003-04-08 12:00 . 2009-11-27 16:07 28672 e:\windows\system32\dllcache\msvidc32.dll
+ 2008-04-13 17:13 . 2009-11-27 16:07 11264 e:\windows\system32\dllcache\msrle32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 11264 e:\windows\system32\dllcache\msrle32.dll
- 2008-09-15 20:40 . 2008-06-23 16:15 52224 e:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-09-15 20:40 . 2010-01-05 09:53 52224 e:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 58880 e:\windows\system32\dllcache\msdtclog.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 58880 e:\windows\system32\dllcache\msdtclog.dll
+ 2008-04-13 17:13 . 2009-09-04 21:03 58880 e:\windows\system32\dllcache\msasn1.dll
- 2008-04-13 17:14 . 2005-01-27 23:21 96768 e:\windows\system32\dllcache\logagent.exe
+ 2008-04-13 17:14 . 2008-06-10 04:52 96768 e:\windows\system32\dllcache\logagent.exe
+ 2008-04-13 09:31 . 2009-06-24 11:18 92928 e:\windows\system32\dllcache\ksecdd.sys
- 2008-04-13 17:13 . 2008-06-23 16:15 27648 e:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 27648 e:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 e:\windows\system32\dllcache\iyuv_32.dll
+ 2008-09-15 20:40 . 2009-12-31 15:34 13824 e:\windows\system32\dllcache\ieudinit.exe
- 2008-09-15 20:40 . 2008-06-23 09:20 13824 e:\windows\system32\dllcache\ieudinit.exe
- 2008-04-13 17:13 . 2008-06-23 16:15 44544 e:\windows\system32\dllcache\iernonce.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 44544 e:\windows\system32\dllcache\iernonce.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 78336 e:\windows\system32\dllcache\ieencode.dll
- 2008-04-13 17:14 . 2008-06-23 09:22 70656 e:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-13 17:14 . 2009-12-31 15:34 70656 e:\windows\system32\dllcache\ie4uinit.exe
+ 2008-09-15 20:40 . 2010-01-05 09:53 63488 e:\windows\system32\dllcache\icardie.dll
- 2008-09-15 20:40 . 2008-06-23 16:15 63488 e:\windows\system32\dllcache\icardie.dll
+ 2008-04-13 17:13 . 2009-10-15 16:29 81920 e:\windows\system32\dllcache\fontsub.dll
+ 2008-04-13 17:13 . 2009-12-14 07:08 33280 e:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 17408 e:\windows\system32\dllcache\corpol.dll
+ 2008-04-13 17:13 . 2009-11-27 16:07 85504 e:\windows\system32\dllcache\avifil32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 85504 e:\windows\system32\dllcache\avifil32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 58880 e:\windows\system32\dllcache\atl.dll
+ 2008-04-13 17:13 . 2009-07-17 19:01 58880 e:\windows\system32\dllcache\atl.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 85504 e:\windows\system32\avifil32.dll
+ 2008-04-13 17:13 . 2009-11-27 16:07 85504 e:\windows\system32\avifil32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 58880 e:\windows\system32\atl.dll
+ 2008-04-13 17:13 . 2009-07-17 19:01 58880 e:\windows\system32\atl.dll
+ 2010-03-11 08:20 . 2010-03-11 08:20 32768 e:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-03-11 08:19 . 2010-03-11 08:19 32768 e:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 44544 e:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 52224 e:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 27648 e:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-03-11 08:20 . 2007-08-13 17:39 13312 e:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 44544 e:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-03-11 08:20 . 2008-04-13 17:13 81920 e:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-03-11 08:20 . 2008-06-23 09:22 70656 e:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 63488 e:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-03-11 08:20 . 2008-04-13 17:13 35328 e:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-11-27 17:12 . 2009-11-27 17:12 17920 e:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 e:\windows\Driver Cache\i386\iyuv_32.dll
+ 2008-05-05 06:25 . 2008-05-05 06:25 3072 e:\windows\system32\xpsp4res.dll
+ 2001-08-30 23:08 . 2009-11-27 16:07 8704 e:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 e:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 e:\windows\Driver Cache\i386\tsbyuv.dll
+ 2008-04-13 17:13 . 2009-07-13 09:08 286720 e:\windows\system32\wmpdxm.dll
+ 2008-04-13 17:13 . 2009-06-10 06:14 132096 e:\windows\system32\wkssvc.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 132096 e:\windows\system32\wkssvc.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 354304 e:\windows\system32\winhttp.dll
+ 2008-04-13 17:13 . 2008-12-16 12:30 354304 e:\windows\system32\winhttp.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 233472 e:\windows\system32\webcheck.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 233472 e:\windows\system32\webcheck.dll
+ 2008-09-14 13:04 . 2009-02-06 10:10 227840 e:\windows\system32\wbem\wmiprvse.exe
+ 2008-09-14 13:04 . 2009-02-09 10:51 453120 e:\windows\system32\wbem\wmiprvsd.dll
+ 2008-09-14 13:04 . 2009-02-09 10:51 473600 e:\windows\system32\wbem\fastprox.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 105984 e:\windows\system32\url.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 105984 e:\windows\system32\url.dll
+ 2008-04-13 17:13 . 2009-10-15 16:29 119808 e:\windows\system32\t2embed.dll
+ 2008-04-13 17:13 . 2009-08-26 08:00 247326 e:\windows\system32\strmdll.dll
+ 2008-04-13 17:13 . 2009-12-08 09:23 474624 e:\windows\system32\shlwapi.dll
+ 2008-04-13 17:14 . 2009-02-09 11:22 111104 e:\windows\system32\services.exe
+ 2008-04-13 17:13 . 2009-06-25 08:25 147456 e:\windows\system32\schannel.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 401408 e:\windows\system32\rpcss.dll
+ 2008-04-13 17:13 . 2009-04-15 14:52 585216 e:\windows\system32\rpcrt4.dll
+ 2008-04-13 17:13 . 2009-10-12 13:38 150016 e:\windows\system32\rastls.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 286208 e:\windows\system32\pdh.dll
+ 2008-04-13 17:13 . 2009-03-06 14:19 286208 e:\windows\system32\pdh.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 102912 e:\windows\system32\occache.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 102912 e:\windows\system32\occache.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 271360 e:\windows\system32\oakley.dll
+ 2008-04-13 17:13 . 2009-10-13 10:33 271360 e:\windows\system32\oakley.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 736256 e:\windows\system32\ntdll.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 337408 e:\windows\system32\netapi32.dll
+ 2008-04-13 17:13 . 2008-10-15 16:36 337408 e:\windows\system32\netapi32.dll
+ 2008-04-13 17:13 . 2009-08-05 08:59 205312 e:\windows\system32\mswebdvd.dll
+ 2008-04-13 17:13 . 2009-09-11 14:17 136192 e:\windows\system32\msv1_0.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 671232 e:\windows\system32\mstime.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 671232 e:\windows\system32\mstime.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 193024 e:\windows\system32\msrating.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 193024 e:\windows\system32\msrating.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 477696 e:\windows\system32\mshtmled.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 477696 e:\windows\system32\mshtmled.dll
+ 2007-08-13 16:54 . 2010-01-05 09:53 459264 e:\windows\system32\msfeeds.dll
- 2007-08-13 16:54 . 2008-06-23 16:15 459264 e:\windows\system32\msfeeds.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 161792 e:\windows\system32\msdtcuiu.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 161792 e:\windows\system32\msdtcuiu.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 956928 e:\windows\system32\msdtctm.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 956928 e:\windows\system32\msdtctm.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 428032 e:\windows\system32\msdtcprx.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 735744 e:\windows\system32\lsasrv.dll
+ 2008-04-13 17:13 . 2009-05-07 15:32 347648 e:\windows\system32\localspl.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 301568 e:\windows\system32\kerberos.dll
+ 2008-04-13 17:13 . 2009-08-13 15:15 512000 e:\windows\system32\jscript.dll
- 2008-04-13 17:13 . 2008-05-09 10:53 512000 e:\windows\system32\jscript.dll
+ 2007-08-13 16:34 . 2010-01-05 09:53 268288 e:\windows\system32\iertutil.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 192512 e:\windows\system32\iepeers.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 385024 e:\windows\system32\iedkcs32.dll
+ 2007-07-11 10:27 . 2010-01-05 09:53 380928 e:\windows\system32\ieapfltr.dll
+ 2003-04-08 12:00 . 2009-12-18 13:04 161792 e:\windows\system32\ieakui.dll
- 2003-04-08 12:00 . 2008-06-21 05:23 161792 e:\windows\system32\ieakui.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 230400 e:\windows\system32\ieaksie.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 230400 e:\windows\system32\ieaksie.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 153088 e:\windows\system32\ieakeng.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 153088 e:\windows\system32\ieakeng.dll
+ 2008-04-13 17:13 . 2008-10-23 12:36 286720 e:\windows\system32\gdi32.dll
+ 2008-09-14 14:24 . 2010-03-11 08:35 254752 e:\windows\system32\FNTCACHE.DAT
- 2008-09-14 14:24 . 2010-01-08 08:40 254752 e:\windows\system32\FNTCACHE.DAT
+ 2008-04-13 17:13 . 2010-01-05 09:53 133120 e:\windows\system32\extmgr.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 133120 e:\windows\system32\extmgr.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 214528 e:\windows\system32\dxtrans.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 214528 e:\windows\system32\dxtrans.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 347136 e:\windows\system32\dxtmsft.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 347136 e:\windows\system32\dxtmsft.dll
+ 2008-04-13 10:17 . 2009-12-04 18:22 455424 e:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-13 10:19 . 2008-08-14 10:04 138496 e:\windows\system32\drivers\afd.sys
- 2008-04-13 10:19 . 2008-06-20 11:40 138496 e:\windows\system32\drivers\afd.sys
+ 2008-09-14 13:05 . 2008-04-21 21:14 219136 e:\windows\system32\dllcache\wordpad.exe
+ 2008-04-13 17:13 . 2009-07-13 09:08 286720 e:\windows\system32\dllcache\wmpdxm.dll
+ 2008-09-14 13:04 . 2009-02-06 10:10 227840 e:\windows\system32\dllcache\wmiprvse.exe
+ 2008-09-14 13:04 . 2009-02-09 10:51 453120 e:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-04-13 17:13 . 2009-06-10 06:14 132096 e:\windows\system32\dllcache\wkssvc.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 132096 e:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 832512 e:\windows\system32\dllcache\wininet.dll
+ 2008-04-13 17:13 . 2008-12-16 12:30 354304 e:\windows\system32\dllcache\winhttp.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 354304 e:\windows\system32\dllcache\winhttp.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 233472 e:\windows\system32\dllcache\webcheck.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 233472 e:\windows\system32\dllcache\webcheck.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 105984 e:\windows\system32\dllcache\url.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 105984 e:\windows\system32\dllcache\url.dll
+ 2008-09-14 13:06 . 2009-06-21 21:47 153088 e:\windows\system32\dllcache\triedit.dll
- 2008-09-14 13:06 . 2008-04-13 17:13 153088 e:\windows\system32\dllcache\triedit.dll
+ 2008-04-13 17:13 . 2009-10-15 16:29 119808 e:\windows\system32\dllcache\t2embed.dll
+ 2008-04-13 17:13 . 2009-08-26 08:00 247326 e:\windows\system32\dllcache\strmdll.dll
+ 2008-04-13 10:15 . 2009-12-31 16:50 353792 e:\windows\system32\dllcache\srv.sys
+ 2008-04-13 17:13 . 2009-12-08 09:23 474624 e:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-13 17:14 . 2009-02-09 11:22 111104 e:\windows\system32\dllcache\services.exe
+ 2008-04-13 17:13 . 2009-06-25 08:25 147456 e:\windows\system32\dllcache\schannel.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 401408 e:\windows\system32\dllcache\rpcss.dll
+ 2008-04-13 17:13 . 2009-04-15 14:52 585216 e:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-13 17:13 . 2009-10-12 13:38 150016 e:\windows\system32\dllcache\rastls.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 286208 e:\windows\system32\dllcache\pdh.dll
+ 2008-04-13 17:13 . 2009-03-06 14:19 286208 e:\windows\system32\dllcache\pdh.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 102912 e:\windows\system32\dllcache\occache.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 102912 e:\windows\system32\dllcache\occache.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 271360 e:\windows\system32\dllcache\oakley.dll
+ 2008-04-13 17:13 . 2009-10-13 10:33 271360 e:\windows\system32\dllcache\oakley.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 736256 e:\windows\system32\dllcache\ntdll.dll
+ 2008-04-13 17:13 . 2008-10-15 16:36 337408 e:\windows\system32\dllcache\netapi32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 337408 e:\windows\system32\dllcache\netapi32.dll
+ 2008-04-13 17:13 . 2009-08-05 08:59 205312 e:\windows\system32\dllcache\mswebdvd.dll
+ 2008-04-13 17:13 . 2009-09-11 14:17 136192 e:\windows\system32\dllcache\msv1_0.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 671232 e:\windows\system32\dllcache\mstime.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 671232 e:\windows\system32\dllcache\mstime.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 193024 e:\windows\system32\dllcache\msrating.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 193024 e:\windows\system32\dllcache\msrating.dll
- 2008-09-14 13:05 . 2008-04-13 17:14 346112 e:\windows\system32\dllcache\mspaint.exe
+ 2008-09-14 13:05 . 2009-12-17 07:40 346112 e:\windows\system32\dllcache\mspaint.exe
- 2008-04-13 17:13 . 2008-06-23 16:15 477696 e:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 477696 e:\windows\system32\dllcache\mshtmled.dll
+ 2008-09-15 20:40 . 2010-01-05 09:53 459264 e:\windows\system32\dllcache\msfeeds.dll
- 2008-09-15 20:40 . 2008-06-23 16:15 459264 e:\windows\system32\dllcache\msfeeds.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 161792 e:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 161792 e:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 956928 e:\windows\system32\dllcache\msdtctm.dll
- 2008-09-14 13:04 . 2008-04-13 17:13 956928 e:\windows\system32\dllcache\msdtctm.dll
+ 2008-09-14 13:04 . 2008-06-12 14:21 428032 e:\windows\system32\dllcache\msdtcprx.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 735744 e:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-13 17:13 . 2009-05-07 15:32 347648 e:\windows\system32\dllcache\localspl.dll
+ 2008-04-13 17:13 . 2009-06-25 08:25 301568 e:\windows\system32\dllcache\kerberos.dll
+ 2008-04-13 17:13 . 2009-08-13 15:15 512000 e:\windows\system32\dllcache\jscript.dll
- 2008-04-13 17:13 . 2008-05-09 10:53 512000 e:\windows\system32\dllcache\jscript.dll
+ 2008-09-14 13:06 . 2009-12-18 13:05 634648 e:\windows\system32\dllcache\iexplore.exe
+ 2008-09-15 20:40 . 2010-01-05 09:53 268288 e:\windows\system32\dllcache\iertutil.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 192512 e:\windows\system32\dllcache\iepeers.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 385024 e:\windows\system32\dllcache\iedkcs32.dll
+ 2008-09-15 20:40 . 2010-01-05 09:53 380928 e:\windows\system32\dllcache\ieapfltr.dll
+ 2003-04-08 12:00 . 2009-12-18 13:04 161792 e:\windows\system32\dllcache\ieakui.dll
- 2003-04-08 12:00 . 2008-06-21 05:23 161792 e:\windows\system32\dllcache\ieakui.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 230400 e:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 230400 e:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 153088 e:\windows\system32\dllcache\ieakeng.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 153088 e:\windows\system32\dllcache\ieakeng.dll
+ 2008-04-13 17:13 . 2008-10-23 12:36 286720 e:\windows\system32\dllcache\gdi32.dll
+ 2008-09-14 13:04 . 2009-02-09 10:51 473600 e:\windows\system32\dllcache\fastprox.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 133120 e:\windows\system32\dllcache\extmgr.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 133120 e:\windows\system32\dllcache\extmgr.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 214528 e:\windows\system32\dllcache\dxtrans.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 214528 e:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 347136 e:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 347136 e:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-13 10:19 . 2008-06-20 11:40 138496 e:\windows\system32\dllcache\afd.sys
+ 2008-04-13 10:19 . 2008-08-14 10:04 138496 e:\windows\system32\dllcache\afd.sys
- 2008-04-13 17:13 . 2008-06-23 16:15 124928 e:\windows\system32\dllcache\advpack.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 124928 e:\windows\system32\dllcache\advpack.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 683520 e:\windows\system32\dllcache\advapi32.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 683520 e:\windows\system32\dllcache\advapi32.dll
+ 2008-04-13 17:13 . 2009-11-21 15:54 471552 e:\windows\system32\dllcache\aclayers.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 124928 e:\windows\system32\advpack.dll
- 2008-04-13 17:13 . 2008-06-23 16:15 124928 e:\windows\system32\advpack.dll
+ 2008-04-13 17:13 . 2009-02-09 10:51 683520 e:\windows\system32\advapi32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 683520 e:\windows\system32\advapi32.dll
+ 2010-03-11 08:20 . 2010-03-11 08:20 429568 e:\windows\Installer\1269de.msi
+ 2010-03-11 08:19 . 2010-03-11 08:19 432640 e:\windows\Installer\1269d3.msi
+ 2009-03-20 10:48 . 2009-03-20 10:48 183808 e:\windows\Installer\1269c9.msp
+ 2010-03-11 08:20 . 2008-06-23 16:15 826368 e:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 233472 e:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 105984 e:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-03-11 08:20 . 2009-05-26 11:41 402296 e:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-03-11 08:20 . 2009-05-26 11:41 233848 e:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 102912 e:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 671232 e:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 193024 e:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 477696 e:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 459264 e:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-03-11 08:20 . 2008-06-23 09:22 625664 e:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-03-11 08:20 . 2008-06-23 16:15 267776 e:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-03-11 08:20 . 2007-08-13 16:54 191488 e:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 384512 e:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 383488 e:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-03-11 08:20 . 2008-06-21 05:23 161792 e:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 230400 e:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 153088 e:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 133120 e:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 214528 e:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 347136 e:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 124928 e:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2010-03-11 08:15 . 2009-12-04 18:22 455424 e:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-04-13 17:13 . 2009-11-21 15:54 471552 e:\windows\AppPatch\aclayers.dll
+ 2010-03-11 08:14 . 2009-08-13 13:55 1748992 e:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-20 23:03 . 2009-07-20 23:03 1348432 e:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-30 15:42 . 2008-09-30 15:42 1286152 e:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-04-13 17:14 . 2008-06-10 06:07 2376760 e:\windows\system32\WMVCore.dll
+ 2008-04-13 17:13 . 2009-07-13 09:08 5537792 e:\windows\system32\wmp.dll
- 2008-04-13 17:13 . 2007-04-30 06:20 5537792 e:\windows\system32\wmp.dll
+ 2008-04-13 17:13 . 2008-06-10 05:28 1028096 e:\windows\system32\WMNetmgr.dll
+ 2008-04-13 16:50 . 2009-08-14 15:12 1850624 e:\windows\system32\win32k.sys
+ 2008-04-13 17:13 . 2010-01-05 09:53 1168384 e:\windows\system32\urlmon.dll
+ 2008-04-13 17:13 . 2008-06-17 19:01 8490496 e:\windows\system32\shell32.dll
+ 2008-04-13 17:13 . 2009-07-17 16:15 1439232 e:\windows\system32\query.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 1439232 e:\windows\system32\query.dll
+ 2008-04-13 17:13 . 2009-11-27 17:12 1296896 e:\windows\system32\quartz.dll
- 2008-04-13 16:54 . 2008-04-13 16:54 2148864 e:\windows\system32\ntoskrnl.exe
+ 2008-04-13 16:54 . 2009-12-09 10:07 2148864 e:\windows\system32\ntoskrnl.exe
- 2008-04-13 18:55 . 2008-04-13 17:25 2027520 e:\windows\system32\ntkrnlpa.exe
+ 2008-04-13 18:55 . 2009-12-09 10:07 2027520 e:\windows\system32\ntkrnlpa.exe
+ 2008-04-13 17:13 . 2009-07-31 09:02 1372672 e:\windows\system32\msxml6.dll
+ 2009-07-20 23:05 . 2009-07-20 23:05 1348432 e:\windows\system32\msxml4.dll
+ 2008-04-13 17:13 . 2009-07-31 04:32 1172480 e:\windows\system32\msxml3.dll
+ 2008-09-14 13:05 . 2009-06-10 08:19 2066432 e:\windows\system32\mstscax.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 3599360 e:\windows\system32\mshtml.dll
+ 2008-04-13 17:13 . 2009-03-21 14:06 1033728 e:\windows\system32\kernel32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 1033728 e:\windows\system32\kernel32.dll
+ 2007-08-13 16:54 . 2010-01-05 09:53 6067200 e:\windows\system32\ieframe.dll
+ 2007-02-12 14:10 . 2009-06-29 08:33 2452872 e:\windows\system32\ieapfltr.dat
+ 2008-04-13 17:14 . 2008-06-10 06:07 2376760 e:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-13 17:13 . 2009-07-13 09:08 5537792 e:\windows\system32\dllcache\wmp.dll
- 2008-04-13 17:13 . 2007-04-30 06:20 5537792 e:\windows\system32\dllcache\wmp.dll
+ 2008-04-13 17:13 . 2008-06-10 05:28 1028096 e:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-04-13 16:50 . 2009-08-14 15:12 1850624 e:\windows\system32\dllcache\win32k.sys
+ 2008-04-13 17:13 . 2010-01-05 09:53 1168384 e:\windows\system32\dllcache\urlmon.dll
+ 2008-04-13 17:13 . 2008-06-17 19:01 8490496 e:\windows\system32\dllcache\shell32.dll
- 2008-04-13 17:13 . 2008-04-13 17:13 1439232 e:\windows\system32\dllcache\query.dll
+ 2008-04-13 17:13 . 2009-07-17 16:15 1439232 e:\windows\system32\dllcache\query.dll
+ 2008-04-13 17:13 . 2009-11-27 17:12 1296896 e:\windows\system32\dllcache\quartz.dll
+ 2009-02-10 18:02 . 2009-12-09 10:07 2069760 e:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-04-13 17:13 . 2009-07-31 09:02 1372672 e:\windows\system32\dllcache\msxml6.dll
+ 2008-04-13 17:13 . 2009-07-31 04:32 1172480 e:\windows\system32\dllcache\msxml3.dll
+ 2009-06-10 08:19 . 2009-06-10 08:19 2066432 e:\windows\system32\dllcache\mstscax.dll
+ 2008-09-14 13:06 . 2009-07-10 13:26 1315328 e:\windows\system32\dllcache\msoe.dll
+ 2008-04-13 17:13 . 2010-01-05 09:53 3599360 e:\windows\system32\dllcache\mshtml.dll
+ 2008-09-14 13:07 . 2009-10-23 15:28 3558912 e:\windows\system32\dllcache\moviemk.exe
- 2008-09-14 13:07 . 2008-04-13 17:14 3558912 e:\windows\system32\dllcache\moviemk.exe
- 2008-04-13 17:13 . 2008-04-13 17:13 1033728 e:\windows\system32\dllcache\kernel32.dll
+ 2008-04-13 17:13 . 2009-03-21 14:06 1033728 e:\windows\system32\dllcache\kernel32.dll
+ 2008-09-15 20:40 . 2010-01-05 09:53 6067200 e:\windows\system32\dllcache\ieframe.dll
+ 2008-09-15 20:40 . 2009-06-29 08:33 2452872 e:\windows\system32\dllcache\ieapfltr.dat
+ 2010-03-11 08:20 . 2008-06-23 16:15 1159680 e:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-03-11 08:20 . 2008-06-24 08:15 3592192 e:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-03-11 08:20 . 2008-06-23 16:15 6066176 e:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2010-03-11 08:20 . 2007-04-17 09:32 2455488 e:\windows\ie7updates\KB978207-IE7\ieapfltr.dat
+ 2010-03-11 08:11 . 2009-12-09 10:07 2192896 e:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-03-11 08:11 . 2009-12-09 10:07 2027520 e:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 18:02 . 2009-12-09 10:07 2069760 e:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-03-11 08:11 . 2009-12-09 10:07 2148864 e:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-09-15 20:39 . 2010-03-01 20:30 31648712 e:\windows\system32\MRT.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-14 8527872]
"nwiz"="nwiz.exe" [2008-09-14 1626112]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-14 81920]
"SMSERIAL"="e:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 634880]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-09 16854528]
"SynTPStart"="e:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QlbCtrl"="e:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UnlockerAssistant"="e:\programmi\Unlocker\UnlockerAssistant.exe" [2008-10-28 15872]
"WHITNEY_S2P"="e:\programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2005-02-15 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

e:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - e:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Microsoft Office.lnk - e:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-25 11:27 12464 ----a-w- e:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\WINDOWS\\system32\\LMabcoms.exe"=
"f:\\Programmi\\12-Voip\\{app}\\12Voip.exe"=
"f:\\Programmi\\eMule0.49b\\emule.exe"=
"e:\\WINDOWS\\system32\\mmc.exe"=
"f:\\Programmi\\uTorrent\\uTorrent.exe"=
"e:\programmi\Microsoft ActiveSync\rapimgr.exe"= e:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\programmi\Microsoft ActiveSync\wcescomm.exe"= e:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\programmi\Microsoft ActiveSync\WCESMgr.exe"= e:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\Programmi\\totalcmd750\\TOTALCMD.EXE"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Progetti_PDA\\PDALab\\_TCPFileTransfer\\FileTransfer\\Server\\bin\\Debug\\FileServer.exe"=
"f:\\Progetti_PDA\\PDALab\\_TCPFileTransfer\\FileTransfer\\Server\\bin\\Release\\FileServer.exe"=
"e:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"e:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"e:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2059:TCP"= 2059:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"7710:TCP"= 7710:TCP:Services

R0 pxscan;pxscan;e:\windows\system32\drivers\pxscan.sys [09/03/2010 23.19.46 30280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [25/02/2010 12.27.19 333192]
R1 AvgTdiX;AVG Free Network Redirector;e:\windows\system32\drivers\avgtdix.sys [25/02/2010 12.27.22 360584]
R1 VBoxDrv;VirtualBox Service;e:\windows\system32\drivers\VBoxDrv.sys [17/10/2008 12.48.36 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;e:\windows\system32\drivers\VBoxUSBMon.sys [17/10/2008 12.48.39 41616]
R2 Acceler8DB Server;Acceler8DB Server;e:\programmi\ASNA\ADB Engine 4.7\adbntsvc.exe [29/09/2008 13.04.37 501408]
R2 avg9emc;AVG Free E-mail Scanner;e:\programmi\AVG\AVG9\avgemc.exe [25/02/2010 12.27.01 906520]
R2 avg9wd;AVG Free WatchDog;e:\programmi\AVG\AVG9\avgwdsvc.exe [25/02/2010 12.26.58 285392]
R2 pxrts;pxrts;e:\windows\system32\drivers\pxrts.sys [09/03/2010 23.19.46 47664]
R3 pxkbf;pxkbf;e:\windows\system32\drivers\pxkbf.sys [09/03/2010 23.19.46 24496]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;e:\windows\system32\drivers\VBoxNetAdp.sys [13/04/2009 19.31.00 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;e:\windows\system32\drivers\VBoxNetFlt.sys [17/12/2009 15.02.34 110096]
S3 FreeOTFE;FreeOTFE;f:\programmi\FreeOTFE\x86\FreeOTFE.sys [17/12/2009 14.01.38 31856]
S3 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;f:\programmi\FreeOTFE\x86\FreeOTFECypherAES_ltc.sys [17/12/2009 14.01.38 47216]
S3 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;f:\programmi\FreeOTFE\x86\FreeOTFECypherBlowfish.sys [17/12/2009 14.01.38 25200]
S3 FreeOTFECypherCAST5;FreeOTFECypherCAST5;f:\programmi\FreeOTFE\x86\FreeOTFECypherCAST5.sys [17/12/2009 14.01.38 31088]
S3 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;f:\programmi\FreeOTFE\x86\FreeOTFECypherCAST6_Gladman.sys [17/12/2009 14.01.38 29808]
S3 FreeOTFECypherDES;FreeOTFECypherDES;f:\programmi\FreeOTFE\x86\FreeOTFECypherDES.sys [17/12/2009 14.01.38 56816]
S3 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;f:\programmi\FreeOTFE\x86\FreeOTFECypherMARS_Gladman.sys [17/12/2009 14.01.38 26480]
S3 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;f:\programmi\FreeOTFE\x86\FreeOTFECypherRC6_ltc.sys [17/12/2009 14.01.38 26096]
S3 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;f:\programmi\FreeOTFE\x86\FreeOTFECypherSerpent_Gladman.sys [17/12/2009 14.01.38 29168]
S3 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;f:\programmi\FreeOTFE\x86\FreeOTFECypherTwofish_ltc.sys [17/12/2009 14.01.38 31856]
S3 FreeOTFEHashMD;FreeOTFEHashMD;f:\programmi\FreeOTFE\x86\FreeOTFEHashMD.sys [17/12/2009 14.01.38 16880]
S3 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;f:\programmi\FreeOTFE\x86\FreeOTFEHashRIPEMD.sys [17/12/2009 14.01.38 32624]
S3 FreeOTFEHashSHA;FreeOTFEHashSHA;f:\programmi\FreeOTFE\x86\FreeOTFEHashSHA.sys [17/12/2009 14.01.38 26224]
S3 FreeOTFEHashTiger;FreeOTFEHashTiger;f:\programmi\FreeOTFE\x86\FreeOTFEHashTiger.sys [17/12/2009 14.01.38 22128]
S3 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;f:\programmi\FreeOTFE\x86\FreeOTFEHashWhirlpool.sys [17/12/2009 14.01.38 30704]
S3 kqemu;KQEMU virtualisation module for QEMU;e:\windows\system32\drivers\kqemu.sys [15/09/2008 19.30.35 123939]
S3 qcusbser;ACER USB Device for Legacy Serial Communication;e:\windows\system32\drivers\qcusbser.sys [08/01/2010 19.06.10 112672]
S3 VBoxUSB;VirtualBox USB;e:\windows\system32\drivers\VBoxUSB.sys [11/11/2009 21.14.56 32016]
S4 CSIScanner;CSIScanner;e:\programmi\Prevx\prevx.exe [09/03/2010 23.19.45 6259392]
S4 NDISKIO;NDISKIO;\??\e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\ndiskio.sys --> e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\ndiskio.sys [?]
S4 UnhookMBRS;UnhookMBRS;\??\e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\unhookmbrs.sys --> e:\docume~1\ADMINI~1\IMPOST~1\Temp\281e49d7.nmc\nse\bin\unhookmbrs.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-11 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2010-03-11 21:18]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
TCP: {46B013CF-128D-45CA-A2D6-0B8E71F4A2D5} = 8.8.8.8,8.8.4.4
TCP: {8C779A80-D815-4F88-BC54-834B33B63913} = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-TDM-GCC - e:\mingw430\tdm-mingw-1.902.0-webdl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-11 16:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\ASNA\Shared\Security Provider*Wrong guess again!]
"<No Name>"="{2450E0A7-8BD3-4937-B823-E80C371897F8}"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(804)
e:\windows\system32\WININET.dll
e:\windows\system32\btmmhook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
e:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
e:\programmi\AVG\AVG9\avgchsvx.exe
e:\programmi\AVG\AVG9\avgrsx.exe
e:\programmi\AVG\AVG9\avgcsrvx.exe
e:\programmi\Java\jre6\bin\jqs.exe
e:\programmi\CDBurnerXP\NMSAccessU.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wdfmgr.exe
e:\programmi\AVG\AVG9\avgnsx.exe
e:\programmi\AVG\AVG9\avgcsrvx.exe
e:\windows\system32\wscntfy.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\windows\system32\RUNDLL32.EXE
e:\windows\RTHDCPL.EXE
e:\programmi\Microsoft ActiveSync\wcescomm.exe
e:\programmi\Synaptics\SynTP\SynTPEnh.exe
e:\progra~1\MICROS~4\rapimgr.exe
e:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-11 16:30:48 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-11 15:30
ComboFix2.txt 2010-03-10 13:01

Pre-Run: 17.799.393.280 byte disponibili
Post-Run: 17.783.799.808 byte disponibili

- - End Of File - - 07D8909F8DAA0BB378875235EE0AA52D


e Antimalware :

Malwarebytes' Anti-Malware 1.44
Database version: 3852
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/03/2010 17.45.00
mbam-log-2010-03-11 (17-43-52).txt

Scan type: Full Scan (E:\|F:\|)
Objects scanned: 299126
Time elapsed: 1 hour(s), 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\PenDrive\winPenPack\Bin\VideoLAN\plugins\libaout_directx_plugin.dll (Trojan.Downloader) -> No action taken.
F:\Programmi\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
F:\System Volume Information\_restore{28EBA877-B360-4FDD-92A7-441BE8730816}\RP1\A0001147.dll (Malware.Packer.Gen) -> No action taken.
F:\System Volume Information\_restore{28EBA877-B360-4FDD-92A7-441BE8730816}\RP1\A0001287.dll (Malware.Packer.Gen) -> No action taken.
F:\valide-0.4\share\gtksourceview-2.0\styles\$PLUGINSDIR\NSISdl.dll (Adware.AdRotator) -> No action taken.


r16
Inviato: Thursday, March 11, 2010 6:00:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina quello che ha trovato Malwarebytes.
Come funziona il pc?
Riscontri qualche problema?
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.