Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

hijack aiutoooooo Opzioni
cronopios
Inviato: Tuesday, November 09, 2010 2:55:41 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
salve a tutti, sono nuovo del forum e, come immaginate, ho un problema di virus...ce l'ho da diverso tempo...la cosa mi ha fatto (nell'ordine)

1 - acquistare l'ultima versione di AVG (2011)...avevo la versione free....
2 - scaricare e utilizzare Malwarebytes e scansionare spesso e volentieri
3 - oggi, scaricare hijackthis e fare analizzare il computer

mi hanno consigliato di scrivere a voi, e così gia vi ringrazio per l'attenzione.

specifico che uno dei problemi che avevo recentemente, durante questo delirio, era che una cartella dentro toolbar di avg, chiamata firefox, si riempie ogni tot giorni di file tipo IEToolbar.dll_129336910187343750_f.dmp....ho provato in tutti i modi a disistallare le odiose toolbar ma non capisco come fare...

cmq fatto il filelog di hijackthis non posso far altro che postarlo e rimettermi alla vostra gentilezza, perche davvero non ci capisco nulla...

ecco il filelog




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.41.05, on 09/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\AVG\AVG10\avgfws.exe
C:\Programmi\AVG\AVG10\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVG\AVG10\avgtray.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programmi\AVG\AVG10\avgam.exe
C:\Programmi\AVG\AVG10\avgnsx.exe
C:\Programmi\AVG\AVG10\avgemcx.exe
C:\Programmi\AVG\AVG10\avgchsvx.exe
C:\Programmi\AVG\AVG10\avgcsrvx.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Documenti\Download\HiJackThis.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com?o=15003&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 122.224.6.164 cao.iwillhavebigdick.com
O1 - Hosts: 173.192.153.178 www.888.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG10\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programmi\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Programmi\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6871 bytes



....

giacomo


Sponsor
Inviato: Tuesday, November 09, 2010 2:55:41 PM

 
maopapof
Inviato: Tuesday, November 09, 2010 2:58:06 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
PER PRIMA COSA TI SALUTO.... MA


prima di fare qualcosa , perchè non chierdere in base al problema ? :O)

cronopios
Inviato: Tuesday, November 09, 2010 3:09:57 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
perche non so quale possa essere il problema,,,,nn sono grande esperto di queste cose qui....al limite posso dichiare i sintomi...

tempo fa mi si piazzò una specie di malware che era un finto antivirus, non ricordo come si chiamasse....con grande fatica l'ho debellato...o almeno cosi sembrava perche da allora, un mesetto fa circa, i problemi non sono mai finiti, oltre a quelli della toolbar ogni tanto avg rilevava qualche virus, tra file del mio computer risultavano infetti, cancellati...in piu recentemente, ongi tanto, non con regolarità succedono due cose strane

1 - l'audio sparisce, prima da internet e poi da altri programmi (sono un musicista e uso una scheda audio)
2, la vbarra delle applicazioni da che era visualizzata in un modo (bluastro, stile xp) cambiava visualizzazione in stile vecchio windows...

spero di essere stato di maggior aiuto.

sto delirando.

grazie intanto del repentino interessamento.

giacomo
maopapof
Inviato: Tuesday, November 09, 2010 3:29:02 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
si può sapere cosa hai acquistato e dove ? grazie :O)

cronopios
Inviato: Tuesday, November 09, 2010 3:35:51 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
avg 2011 presso il loro sito, la versione da 30 euro circa...
maopapof
Inviato: Tuesday, November 09, 2010 3:45:24 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185


IDENTIFICA IL LORO SITO !


avg free differenzia da quello a pagamento solo perche ... in poche parole non ha la difesa della posta

tu hai aperto la posta e questo ti ha infettato perchè tu hai dao l' OK

quindi per adesso fai una scansione on line ... vedi i tragitti ...controlli e cancelli

http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym
DOPO POSTA IL LOG DI HIJACKTHIS .... grazie





quando il,problema è risolto fai una bella foto del disco e vedrai che non spendi più sol ----- dini ;O))))




cronopios
Inviato: Tuesday, November 09, 2010 3:48:56 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
avg mi segnala questo Win32/Patched
il file infettato, me los crive e rileva piu volte nella finestra di avviso c:\WINDOWS\system32\winlogon.exe E c:\WINDOWS\explorer.exe
tali file, mi viene detto, sono inseriti nella "White List (file di sstema/importante che non deve essere rimosso)
l'avviso che compare di avg indica solo qeusti due file, ma decine di volte
non so neanche se sia un avviso veritiero o sia il delirio del virus

questo invece è l'ultimo file log fatto con avg appunto:

Scansione della riga di comando di AVG 2011 Anti-Virus
Copyright (c) 1992 - 2010 AVG Technologies
Versione programma 10.0.1153, engine 10.0.424
Database dei virus: versione 424/3246 2010-11-09

C:\WINDOWS\system32\winlogon.exe Virus rilevato Win32/Patched
C:\WINDOWS\system32\winlogon.exe (844) Virus rilevato Win32/Patched
C:\WINDOWS\explorer.exe Virus rilevato Win32/Patched
C:\WINDOWS\explorer.exe (244) Virus rilevato Win32/Patched
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat File bloccato. Non verificato.
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\LocalService\NTUSER.DAT File bloccato. Non verificato.
C:\Documents and Settings\LocalService\ntuser.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\NTUSER.DAT File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\h97039o6.default\parent.lock File bloccato. Non verificato.
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat File bloccato. Non verificato.
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\User\NTUSER.DAT File bloccato. Non verificato.
C:\Documents and Settings\User\ntuser.dat.LOG File bloccato. Non verificato.
C:\pagefile.sys File bloccato. Non verificato.
C:\Documents and Settings\User\Impostazioni locali\Temp\Rar$EX00.922\setup.exe:\unwise0015.bin:\unwise000f.bin Run-time compresso fsg
C:\Documents and Settings\User\Impostazioni locali\Temp\Rar$EX00.922\setup.exe:\unwise0015.bin Run-time compresso fsg
C:\Documents and Settings\User\Impostazioni locali\Temp\Rar$EX00.922\setup.exe Run-time compresso fsg
C:\System Volume Information\ File bloccato. Non verificato.
C:\WINDOWS\explorer.exe Virus rilevato Win32/Patched
C:\WINDOWS\system32\config\default File bloccato. Non verificato.
C:\WINDOWS\system32\config\default.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\SAM File bloccato. Non verificato.
C:\WINDOWS\system32\config\SAM.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\SECURITY File bloccato. Non verificato.
C:\WINDOWS\system32\config\SECURITY.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\software File bloccato. Non verificato.
C:\WINDOWS\system32\config\software.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\system File bloccato. Non verificato.
C:\WINDOWS\system32\config\system.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\drivers\intelppm.sys Virus identificato Win32/Patched.DX
C:\WINDOWS\system32\winlogon.exe Virus rilevato Win32/Patched
D:\System Volume Information\ File bloccato. Non verificato.
F:\System Volume Information\ File bloccato. Non verificato.
G:\System Volume Information\ File bloccato. Non verificato.


Oggetti sottoposti a scansione : 582764
Infezioni trovate : 7
PUP trovati : 0
Infezioni corrette : 0
PUP corretti : 0
Avvisi : 0



cerco di essere piu chiaro e completo che posso.
grazie mille
giacomo
cronopios
Inviato: Tuesday, November 09, 2010 3:52:47 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
ok...stavos crivendo mentre mi rispondevi....devo usare quindi quel sito per fare lo scan online e mi dirà lui cosa devo coancellare...non so cosa sia una foto del disco....ora provo a fare questo scan.....
cronopios
Inviato: Tuesday, November 09, 2010 4:59:06 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
fatto scan e il risultato è questo:



C:\WINDOWS\explorer.exe è infettato con Trojan.Bamital!inf
C:\WINDOWS\system32\winlogon.exe è infettato con Trojan.Bamital!inf
C:\Documents and Settings\All Users\Documenti\Server\hlp.dat è infettato con Trojan.Bamital


non capisco come rimuovere tutto ciò....mi avevi detto di rimuovere e poi rifareil lofile con hijack...ma non os come rimuoverlo....
r16
Inviato: Tuesday, November 09, 2010 7:23:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
cronopios
Inviato: Tuesday, November 09, 2010 7:45:54 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
lo uso da quando sono cominciati i meii problemi, ogni tanto trova qualcosa....ma non riesce a risolvere la questione....il problema al moemnto è questo maledetto Trojan.Bamital!inf

non riesc o a capire cosa fare....se leggi i miei post precedenti ho anche postato dei logfile...


aiuto

disperation!
r16
Inviato: Tuesday, November 09, 2010 9:35:26 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
lo uso da quando sono cominciati i meii problemi, ogni tanto trova qualcosa

Dov'è , o dove sono i log?Think (i log di Malwarebytes)
Commenta:
non riesc o a capire cosa fare....

Mi sembra di avertelo spiegato cosa fare.Whistle
Commenta:
se leggi i miei post precedenti ho anche postato dei logfile...

Non mi interessano , e non mi aiutano i log che hai postato.Eh?
Ho chiesto un'altra cosa.
Commenta:
aiuto

E come si fà ad aiutarti, se non esegui le indicazioni che ti ho dato.Whistle
maopapof
Inviato: Tuesday, November 09, 2010 10:10:00 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
segui quello che ti dice ..... R16 ...... , che colgo l'occasione per salutare :O)
http://www.symantec.com/security_response/writeup.jsp?docid=2010-070108-5941-99&tabid=3
http://forum.zeusnews.com/viewtopic.php?t=48715

sei in buone mani ...ciao :O) ................... e poi usa un buon firewall !



cronopios
Inviato: Wednesday, November 10, 2010 2:40:23 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
ok...questo è l'ultimo log di malware e dopo ne posto uno piu vecchio:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 5087

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/11/2010 13.42.54
mbam-log-2010-11-10 (13-42-54).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 193891
Tempo trascorso: 54 minuti, 28 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)



Questo invece è uno di qualche giorno fa:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4597

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/09/2010 3.20.53
mbam-log-2010-09-12 (03-20-53).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 135125
Tempo trascorso: 5 minuti, 0 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 1
Chiavi di registro infette: 4
Valori di registro infetti: 10
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 28

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
C:\Programmi\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programmi\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ovanocip (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ovanocip (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\601708243 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\0796842817 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sppobv (Trojan.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\59t4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Programmi\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\lbgcasuxn\kfxcfruuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\Inx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\601708243.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\0796842817.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mskpwvmx.dll (Trojan.Onlinegames) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\1biq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\84geujqu.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\A9.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\AA.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\AD.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\In0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\In1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\In2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\In3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\Inw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\jt0ooffy.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\kb1k08i5.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\lbewomivt.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\lnudls.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\stp4d2cb.exe (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\stp79c79.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\sxcfgslr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\thuurs.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\ybsidifk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Igygaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Impostazioni locali\Temp\xosmawrnec.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


il penultimo...

(il problema cmq permane)

giacomo
r16
Inviato: Wednesday, November 10, 2010 6:10:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Segui attentamente queste indicazioni:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
cronopios
Inviato: Thursday, November 11, 2010 1:35:12 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
ok...ho seguito le istruzioni ma non sono riuscito a capire come disabilitare del tutto AVG, ho cmq disabilitato il firewall, questo è il log...

ComboFix 10-11-10.03 - User 11/11/2010 13.15.58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1036 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documenti\Server\admin.txt
c:\documents and settings\All Users\Documenti\Server\server.dat
c:\documents and settings\User\.COMMgr
c:\documents and settings\User\Dati applicazioni\Dealio
c:\documents and settings\User\Dati applicazioni\Dealio\res\widgets.xml
c:\documents and settings\User\Dati applicazioni\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\User\Dati applicazioni\Ecyfse
c:\documents and settings\User\Dati applicazioni\Ecyfse\odhyo.etx
c:\documents and settings\User\Dati applicazioni\Ecyfse\odhyo.tmp
c:\programmi\Dealio Toolbar
c:\programmi\Dealio Toolbar\FF\chrome.manifest
c:\programmi\Dealio Toolbar\FF\chrome\content\chevron.js
c:\programmi\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\login.js
c:\programmi\Dealio Toolbar\FF\chrome\content\login.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\parser.js
c:\programmi\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\programmi\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\programmi\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\programmi\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\target.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\programmi\Dealio Toolbar\FF\components\config.ini
c:\programmi\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\programmi\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\programmi\Dealio Toolbar\FF\install.rdf
c:\programmi\Dealio Toolbar\IE\4.0.2\config.ini
c:\programmi\Dealio Toolbar\Res\amazon.gif
c:\programmi\Dealio Toolbar\Res\apple.gif
c:\programmi\Dealio Toolbar\Res\barnes.gif
c:\programmi\Dealio Toolbar\Res\bestbuy.gif
c:\programmi\Dealio Toolbar\Res\dealio_logo.gif
c:\programmi\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\programmi\Dealio Toolbar\Res\ebay.gif
c:\programmi\Dealio Toolbar\Res\icon_settings.gif
c:\programmi\Dealio Toolbar\Res\macys.gif
c:\programmi\Dealio Toolbar\Res\newegg.gif
c:\programmi\Dealio Toolbar\Res\overstock.gif
c:\programmi\Dealio Toolbar\Res\search-button-hover.gif
c:\programmi\Dealio Toolbar\Res\search-button.gif
c:\programmi\Dealio Toolbar\Res\search-chevron-hover.gif
c:\programmi\Dealio Toolbar\Res\search-chevron.gif
c:\programmi\Dealio Toolbar\Res\search_amazon.gif
c:\programmi\Dealio Toolbar\Res\search_dealio.gif
c:\programmi\Dealio Toolbar\Res\search_ebay.gif
c:\programmi\Dealio Toolbar\Res\search_yahoo.gif
c:\programmi\Dealio Toolbar\Res\target.gif
c:\programmi\Dealio Toolbar\Res\walmart.gif
c:\programmi\Dealio Toolbar\Res\widgets.xml
c:\programmi\Search Settings
c:\programmi\Search Settings\FF\chrome.manifest
c:\programmi\Search Settings\FF\chrome\content\plugin.js
c:\programmi\Search Settings\FF\chrome\content\plugin.xul
c:\programmi\Search Settings\FF\chrome\content\protection.js
c:\programmi\Search Settings\FF\chrome\content\utils.js
c:\programmi\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\programmi\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\programmi\Search Settings\FF\components\IFBHOSearch.xpt
c:\programmi\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\programmi\Search Settings\FF\components\IFHelperPreferences.xpt
c:\programmi\Search Settings\FF\components\SearchSettingsFF.dll
c:\programmi\Search Settings\FF\install.rdf
c:\programmi\Search Settings\SearchSettings .exe
c:\programmi\Search Settings\SearchSettingsRes409.dll

La copia infetta di c:\windows\system32\drivers\intelppm.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack :p
c:\windows\explorer.exe . . . è infetto!!

c:\windows\system32\winlogon.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2010-10-11 al 2010-11-11 )))))))))))))))))))))))))))))))))))
.

2010-11-09 16:05 . 2010-11-09 16:15 -------- d-----w- c:\programmi\NoAdware5.0
2010-11-07 12:08 . 2005-02-01 03:34 700416 ----a-w- c:\windows\system32\SYNSOACC.dll
2010-11-07 12:08 . 2004-05-10 23:58 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2010-11-07 12:08 . 2002-11-25 16:36 45056 ----a-w- c:\windows\system32\Synsopos.exe
2010-11-07 12:08 . 2001-04-09 13:03 17784 ----a-w- c:\windows\system32\drivers\NSynas32.sys
2010-10-28 10:55 . 2001-08-30 21:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-28 10:55 . 2008-04-13 17:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-10-28 10:55 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-10-28 10:55 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-15 16:14 . 2010-10-15 16:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 17:14 . 2010-09-20 17:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-20 17:14 . 2010-03-28 12:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 01:49 . 2010-09-07 01:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 01:48 . 2010-09-07 01:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 01:48 . 2010-09-07 01:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 01:48 . 2010-09-07 01:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-19 19:42 . 2010-08-19 19:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 19:42 . 2010-08-19 19:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 19:42 . 2010-08-19 19:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
.
Code:
<pre>
c:\programmi\AVG\AVG10\avgtray .exe
c:\programmi\AVG\AVG9\avgtray .exe
c:\programmi\File comuni\Real\Update_OB\realsched .exe
c:\programmi\iTunes\iTunesHelper .exe
c:\programmi\Java\jre6\bin\jusched .exe
c:\programmi\QuickTime\QTTask .exe
</pre>


------- Sigcheck -------

[-] 2008-04-14 . FE02577489C0B6BC8AFDD73D56FD02B0 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 228A0B8B96C4D8D84A1EEFC234DC873B . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 10:31 2475336 ----a-w- c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"AVG_TRAY"="c:\programmi\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 14:33 141600 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-04-03 19:55 839680 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-03-16 06:06 868352 ----a-r- c:\programmi\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\DC++\\DCPlusPlus.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15.27.24 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 2.48.50 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 2.48.54 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 2.49.00 298448]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [07/01/2010 23.51.02 380928]
R2 avgfws;AVG Firewall;c:\programmi\AVG\AVG10\avgfws.exe [10/09/2010 0.45.18 3210176]
R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11/10/2010 11.58.12 6104656]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG10\avgwdsvc.exe [10/09/2010 0.45.22 265400]
R2 RVIEGVST;VSC VST Engine;c:\programmi\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [10/12/2009 16.40.20 188276]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3.33.54 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20.42.36 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20.42.38 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20.42.34 26192]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [26/11/2009 15.57.10 33792]
R3 rrau0001;rrau0001;c:\windows\system32\drivers\rrau0001.sys [21/11/2009 13.29.58 24576]
R3 rrwd0001;rrwd0001;c:\windows\system32\drivers\rrwd0001.sys [21/11/2009 13.29.58 71936]
S0 ahnvy;ahnvy;c:\windows\system32\drivers\cnrjftib.sys --> c:\windows\system32\drivers\cnrjftib.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\User\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\User\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\User\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\User\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\AVG\AVG10\Toolbar\ToolbarBroker.exe [31/10/2010 13.42.12 517448]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3.33.54 30432]
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-1078145449-1417001333-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-11-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-1078145449-1417001333-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-11-11 c:\windows\Tasks\User_Feed_Synchronization-{45729BBB-6311-490F-AB93-55674B49A2AB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://it.ask.com?o=15003&l=dis
uInternet Settings,ProxyOverride = *.local
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programmi\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\h97039o6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forum.aiutamici.com/yaf_postsm367441_hijack-aiutoooooo.aspx#367441|http://co106w.col106.mail.live.com/default.aspx?wa=wsignin1.0
FF - component: c:\programmi\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: c:\programmi\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\User\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\h97039o6.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\programmi\TVUPlayer\npTVUAx.dll
FF - plugin: c:\programmi\Veetle\Player\npvlc.dll
FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-EDIROL FA-101 Driver Setup - c:\programmi\EDIROL\FA-101\uninst.exe Software\EDIROL\FA-101\Setup



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 13:22
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6V200E0 rev.VA111630 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-1b

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
c:\docume~1\User\IMPOST~1\Temp\catchme.sys
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89A21AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000074[0x89A3B9E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-10[0x89A22D98]
kernel: MBR read successfully
_asm { ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; }
user != kernel MBR !!!
sectors 398297086 (+255): user != kernel

**************************************************************************
.
Ora fine scansione: 2010-11-11 13:24:26
ComboFix-quarantined-files.txt 2010-11-11 12:24

Pre-Run: 37.144.473.600 byte disponibili
Post-Run: 37.709.230.080 byte disponibili

- - End Of File - - 802A291E8700E2AAC84AB4A3B3F179E0



spero di non aver fatto altre sciocchezze ;-))

r16
Inviato: Thursday, November 11, 2010 8:28:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Inutile nasconderti, che il pc è messo molto male.
Ci sono file di sistema danneggiati, ci sono rootkit, troyan, e un dialer, e serie possibilità che l'MBR sia infetto.

Segui attentamente queste prime indicazioni:
Scarica questo Winlogon.exe sul DESKTOP.
http://wikisend.com/download/432038/winlogon.exe
Seguiranno istruzioni .


Poi:
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt
Code:
KillAll::

File::
c:\windows\system32\drivers\cnrjftib.sys

Renv::
c:\programmi\AVG\AVG10\avgtray .exe
c:\programmi\AVG\AVG9\avgtray .exe
c:\programmi\File comuni\Real\Update_OB\realsched .exe
c:\programmi\iTunes\iTunesHelper .exe
c:\programmi\Java\jre6\bin\jusched .exe
c:\programmi\QuickTime\QTTask .exe

Driver::
ahnvy
rrau0001
rrwd0001
SASDIFSV
SASKUTIL

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

Possiedi il CD d'installazione di Windows?
cronopios
Inviato: Friday, November 12, 2010 2:47:59 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
eccolo qui...non ho il disco di xp....per fare questa nuova scansione con combofix mi ha chiersto di disistallare avg 11, l'ho fatto e ora l'ho rimesso ....

ComboFix 10-11-10.03 - User 12/11/2010 14.23.39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1185 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\drivers\cnrjftib.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Autorun.inf

c:\windows\explorer.exe . . . è infetto!!

c:\windows\system32\winlogon.exe . . . è infetto!!

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SASDIFSV
-------\Legacy_SASKUTIL
-------\Service_ahnvy
-------\Service_rrau0001
-------\Service_rrwd0001
-------\Service_SASDIFSV
-------\Service_SASKUTIL


((((((((((((((((((((((((( Files Creati Da 2010-10-12 al 2010-11-12 )))))))))))))))))))))))))))))))))))
.

2010-11-12 01:26 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-09 16:05 . 2010-11-09 16:15 -------- d-----w- c:\programmi\NoAdware5.0
2010-11-07 12:08 . 2005-02-01 03:34 700416 ----a-w- c:\windows\system32\SYNSOACC.dll
2010-11-07 12:08 . 2004-05-10 23:58 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2010-11-07 12:08 . 2002-11-25 16:36 45056 ----a-w- c:\windows\system32\Synsopos.exe
2010-11-07 12:08 . 2001-04-09 13:03 17784 ----a-w- c:\windows\system32\drivers\NSynas32.sys
2010-10-28 10:55 . 2001-08-30 21:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-28 10:55 . 2008-04-13 17:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-10-28 10:55 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-10-28 10:55 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-15 16:14 . 2010-10-15 16:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 17:14 . 2010-09-20 17:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-20 17:14 . 2010-03-28 12:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-18 11:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2008-04-14 . FE02577489C0B6BC8AFDD73D56FD02B0 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 228A0B8B96C4D8D84A1EEFC234DC873B . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-11_12.22.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-12 13:29 . 2010-11-12 13:29 16384 c:\windows\temp\Perflib_Perfdata_4e4.dat
+ 2008-04-14 12:00 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 12:00 . 2010-10-31 13:50 84156 c:\windows\system32\perfc010.dat
+ 2008-04-14 12:00 . 2010-11-12 13:25 84156 c:\windows\system32\perfc010.dat
+ 2008-04-14 12:00 . 2010-11-12 13:25 71196 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-10-31 13:50 71196 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-09-10 05:49 66560 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 03:31 . 2010-06-24 12:22 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 03:31 . 2010-09-10 05:49 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 25600 c:\windows\system32\jsproxy.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 25600 c:\windows\system32\jsproxy.dll
+ 2009-11-19 15:17 . 2010-09-10 05:49 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-11-19 15:17 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 12:00 . 2010-08-27 05:58 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2008-04-14 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2008-04-14 12:00 . 2010-09-10 05:49 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-11-19 15:17 . 2010-06-24 12:22 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-11-19 15:17 . 2010-09-10 05:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-09-22 08:43 . 2010-09-22 08:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-03-23 03:31 . 2010-03-23 03:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-04-01 09:42 . 2010-04-01 09:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 14:55 . 2010-09-23 14:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-03-31 12:51 . 2010-03-31 12:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 12:51 . 2010-03-31 12:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-03-31 12:51 . 2010-03-31 12:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 02:17 . 2010-09-23 02:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 13:32 . 2010-03-31 13:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 13:32 . 2010-03-31 13:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-09-23 02:17 . 2010-09-23 02:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-06-05 01:01 . 2010-09-08 00:28 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-05 01:01 . 2010-11-12 01:22 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-11-12 01:23 . 2009-03-08 03:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-11-12 01:23 . 2009-03-08 03:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ad348a4a\System.Drawing.Design.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_27115b52\CustomMarshalers.dll
+ 2010-11-12 01:27 . 2010-11-12 01:27 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-10 17:15 . 2010-06-10 17:15 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-11 01:07 . 2010-08-11 01:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-14 12:00 . 2010-06-18 17:45 293888 c:\windows\system32\winsrv.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 293888 c:\windows\system32\winsrv.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 406016 c:\windows\system32\usp10.dll
+ 2008-04-14 12:00 . 2010-04-16 15:37 406016 c:\windows\system32\usp10.dll
- 2008-04-14 12:00 . 2010-10-31 13:50 489410 c:\windows\system32\perfh010.dat
+ 2008-04-14 12:00 . 2010-11-12 13:25 489410 c:\windows\system32\perfh010.dat
+ 2008-04-14 12:00 . 2010-11-12 13:25 441260 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-10-31 13:50 441260 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 611840 c:\windows\system32\mstime.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 03:32 . 2010-09-10 05:49 602112 c:\windows\system32\msfeeds.dll
+ 2006-10-18 20:47 . 2010-03-30 11:24 317440 c:\windows\system32\mp4sdecd.dll
- 2006-10-18 20:47 . 2006-10-18 20:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2009-11-19 11:55 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
- 2009-11-19 12:36 . 2010-08-29 16:44 138848 c:\windows\system32\FNTCACHE.DAT
+ 2009-11-19 12:36 . 2010-11-12 11:57 138848 c:\windows\system32\FNTCACHE.DAT
+ 2009-11-19 11:53 . 2010-07-16 12:02 221696 c:\windows\system32\dllcache\wordpad.exe
+ 2008-04-14 12:00 . 2010-06-18 17:45 293888 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 293888 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 12:00 . 2010-04-16 15:37 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 12:00 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
- 2008-04-14 12:00 . 2009-10-15 16:29 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 12:00 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2008-04-14 12:00 . 2010-08-16 08:44 590848 c:\windows\system32\dllcache\rpcrt4.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-11-19 15:17 . 2010-09-10 05:49 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-03-30 11:24 . 2010-03-30 11:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2008-04-14 12:00 . 2010-09-18 11:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-14 12:00 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2008-04-14 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2008-04-14 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2009-11-19 11:55 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-11-19 15:17 . 2010-09-10 05:49 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-11-19 15:17 . 2010-06-24 12:22 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 11:44 . 2010-09-10 05:49 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 11:44 . 2010-06-24 12:22 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2008-04-14 12:00 . 2010-06-24 12:22 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-14 12:00 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2010-09-22 08:43 . 2010-09-22 08:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-23 03:31 . 2010-03-23 03:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-31 12:51 . 2010-03-31 12:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 12:49 . 2010-03-31 12:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 01:25 . 2010-09-23 01:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-03-31 13:32 . 2010-03-31 13:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 02:17 . 2010-09-23 02:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 20:02 . 2010-09-23 20:02 798208 c:\windows\Installer\2c1f870.msp
+ 2010-11-12 01:23 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-11-12 01:23 . 2010-07-05 13:20 402296 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-11-12 01:23 . 2009-05-26 09:01 233848 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-11-12 01:23 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-11-12 01:23 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-11-12 01:19 . 2010-11-12 01:19 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d2cecec5\System.Drawing.dll
+ 2010-11-12 01:20 . 2010-11-12 01:20 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_55df8b8a\System.Drawing.Design.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8ee2b2e8\CustomMarshalers.dll
+ 2010-11-12 01:27 . 2010-11-12 01:27 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A8.tmp\System.Web.Entity.Design.dll
+ 2010-11-12 01:27 . 2010-11-12 01:27 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-11-12 01:27 . 2010-11-12 01:27 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-11-12 01:27 . 2010-11-12 01:27 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-11-12 01:27 . 2010-11-12 01:27 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-11-12 01:26 . 2010-11-12 01:26 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-11-12 01:26 . 2010-11-12 01:26 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-11-12 01:25 . 2010-11-12 01:25 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-11 16:40 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 1210880 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2010-07-16 12:05 1287680 c:\windows\system32\ole32.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 5957120 c:\windows\system32\mshtml.dll
- 2009-03-08 03:32 . 2010-06-24 12:22 1986560 c:\windows\system32\iertutil.dll
+ 2009-03-08 03:32 . 2010-09-10 05:49 1986560 c:\windows\system32\iertutil.dll
+ 2008-04-14 12:00 . 2010-09-01 07:54 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2010-09-10 05:49 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2010-07-16 12:05 1287680 c:\windows\system32\dllcache\ole32.dll
+ 2008-04-14 12:00 . 2010-09-10 05:49 5957120 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-19 15:17 . 2010-09-10 05:49 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2009-11-19 15:17 . 2010-06-24 12:22 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2010-09-22 08:44 . 2010-09-22 08:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-03-23 03:32 . 2010-03-23 03:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-23 14:55 . 2010-09-23 14:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 09:42 . 2010-04-01 09:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 14:55 . 2010-09-23 14:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-04-01 09:42 . 2010-04-01 09:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-03-31 12:50 . 2010-03-31 12:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 01:26 . 2010-09-23 01:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 01:25 . 2010-09-23 01:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 14:55 . 2010-09-23 14:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-04-01 09:42 . 2010-04-01 09:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 06:39 . 2010-09-23 06:39 4265472 c:\windows\Installer\2c1f859.msp
+ 2010-11-12 01:23 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-11-12 01:23 . 2010-06-24 12:22 1986560 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e3b01f8b\System.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_bf47a722\System.dll
+ 2010-11-12 01:20 . 2010-11-12 01:20 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f9d5312d\System.Xml.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_29e73de0\System.Xml.dll
+ 2010-11-12 01:20 . 2010-11-12 01:20 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_d5f18600\System.Windows.Forms.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_2f89704c\System.Windows.Forms.dll
+ 2010-11-12 01:20 . 2010-11-12 01:20 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cae48a62\System.Drawing.dll
+ 2010-11-12 01:20 . 2010-11-12 01:20 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_697c6f0f\System.Design.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2bb95594\System.Design.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_884d38bc\mscorlib.dll
+ 2010-11-12 01:20 . 2010-11-12 01:20 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2d47a25c\mscorlib.dll
+ 2010-11-12 01:27 . 2010-11-12 01:27 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-11-12 01:26 . 2010-11-12 01:26 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-11-12 01:25 . 2010-11-12 01:25 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-11-12 01:26 . 2010-11-12 01:26 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-11-12 01:26 . 2010-11-12 01:26 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-11-12 01:23 . 2010-11-12 01:23 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-11-19 12:57 . 2009-11-19 12:57 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-12 01:21 . 2010-11-12 01:21 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-08-11 01:07 . 2010-08-11 01:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-10 17:15 . 2010-06-10 17:15 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-11-12 01:19 . 2010-11-12 01:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-10 17:15 . 2010-06-10 17:15 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-14 12:00 . 2010-08-25 22:36 10841088 c:\windows\system32\wmp.dll
- 2008-04-14 12:00 . 2009-07-13 22:43 10841088 c:\windows\system32\wmp.dll
+ 2009-11-19 15:16 . 2010-11-02 15:47 35758536 c:\windows\system32\MRT.exe
+ 2009-03-08 03:39 . 2010-09-10 05:49 11080192 c:\windows\system32\ieframe.dll
+ 2008-04-14 12:00 . 2010-08-25 22:36 10841088 c:\windows\system32\dllcache\wmp.dll
- 2008-04-14 12:00 . 2009-07-13 22:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-11-19 15:17 . 2010-09-10 05:49 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-09-24 13:08 . 2010-09-24 13:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-11-12 01:22 . 2010-11-12 01:22 20303872 c:\windows\Installer\2c1f867.msp
+ 2010-09-24 06:08 . 2010-09-24 06:08 17518080 c:\windows\Installer\2c1f84d.msp
+ 2010-11-12 01:23 . 2010-06-24 15:52 11077120 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2010-11-12 01:27 . 2010-11-12 01:27 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-11-12 01:26 . 2010-11-12 01:26 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\52ca772b93f517fc8fe53d0a240642b3\System.ServiceModel.ni.dll
+ 2010-11-12 01:22 . 2010-11-12 01:22 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-04-03 19:55 839680 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-03-16 06:06 868352 ----a-r- c:\programmi\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\DC++\\DCPlusPlus.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [07/01/2010 23.51.02 380928]
R2 RVIEGVST;VSC VST Engine;c:\programmi\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [10/12/2009 16.40.20 188276]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [26/11/2009 15.57.10 33792]
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-1078145449-1417001333-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-11-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-1078145449-1417001333-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{45729BBB-6311-490F-AB93-55674B49A2AB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://it.ask.com?o=15003&l=dis
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\h97039o6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forum.aiutamici.com/yaf_postsm367441_hijack-aiutoooooo.aspx#367441|http://co106w.col106.mail.live.com/default.aspx?wa=wsignin1.0
FF - component: c:\programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\User\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\h97039o6.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\programmi\TVUPlayer\npTVUAx.dll
FF - plugin: c:\programmi\Veetle\Player\npvlc.dll
FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 14:29
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6V200E0 rev.VA111630 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-1b

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89A18AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006f[0x89A1D9E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-10[0x89A1CD98]
kernel: MBR read successfully
_asm { ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; }
user != kernel MBR !!!
sectors 398297086 (+255): user != kernel

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-11-12 14:31:43 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-11-12 13:31
ComboFix2.txt 2010-11-11 12:24

Pre-Run: 37.484.404.736 byte disponibili
Post-Run: 37.412.741.120 byte disponibili

- - End Of File - - DFFC4D7436476E02194826F62DEE9438


cronopios
Inviato: Friday, November 12, 2010 3:56:53 PM
Rank: Member

Iscritto dal : 11/9/2010
Posts: 11
in piu ...novità....nn esce piu alcun suono da mio computer.
winamp afferma:

dispositivo non trovato. selezionare un naltro dispositivo nella configurazione. codice errore: 88780078

in pratica non mi legge piu la scheda audio esterna firewire
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.