reindirizzamenti strani

[birbante]

Salve a tutti ragazzi,
credo di avere un troian strano dentro il mio pc. 1 click su 3 che faccio sul browser di internet explorer (mentre navigo tranquillamente, ad esempio faccio click su un video di youtube). mi reindirizza a questo url:

Codice: Seleziona tutto

http://www.google-analytics.com/pp.php?to=con&from=a1&type=it.king.com:&ref=http%3A%2F%2Fit.king.com%2Fgiochi%2Fgiochi-azione%2Fcarnival-shootout%2F%3Faction%3Dresult%26slotId%3D38107165

Questo link proviene da un click da me fatto su

Codice: Seleziona tutto

http://www.king.com

Ma perchè lo fa?
Fatemi sapere e fatemi sapere se volete maggiori info a riguardo per rendere l'aiuto il migliore possibile.
Grazie a tutti
Fabrizio

[hydra]

Intanto benvenuto.
Solo 2 cose:

• Se hai problemi riguardanti virus o roba simile, c'è una sezione apposita, stavolta sposto io ma impara a segliere adeguatamente dove porre le tue domande
• Se il tuo problema riguarda un'infezione da virus, non inserire i link in chiaro, usa il tag code che neutralizza i link (in questo modo per aprire il link una persona deve necessariamente copiare il link e incollarlo sul browser, che è ben diverso da farci un semplice click sopra).

[birbante]

ho cancellato tuti ivirus ma quest'errore è rimasto. Qualcuno mi sa dire perchè?

[FDAC]

- Scarica ed installa Hijackthis dal link sottostante:
http://www.hijackthis.de/downloads/HJTInstall.exe
- lancia Hijackthis
- clicca su Do a system scan and save a logfile
- al termine della scansione verrà rilasciato un file di testo: salvalo sul Desktop perché lo dovrai inviare qui

[birbante]

ok Francesco, adesso lo copio incollo qui:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.02.50, on 22/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\ClamAV for Windows\2.0.16\agent.exe
C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\a-squared Anti-Malware\a2guard.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\ClamAV for Windows\2.0.16\iptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Widestream6\spointer\widestream6_air.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.king.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Interest recogniser for Widestream6 (powered by Spointer) - {2BEFBCCE-46A6-4950-BCB5-7062EAC6C9C9} - C:\Programmi\Widestream6\spointer\extensions\widestream6_air_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Super-Search - search like an expert - {B88F0A3B-663C-4342-A7CE-2D6F81032897} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [librtexec] javaw -jar "C:\Programmi\Java\jre6\lib\librtexec.jar"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Immunet Protect] "C:\Programmi\ClamAV for Windows\2.0.16\iptray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Programmi\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe -t
O4 - HKCU\..\Run: [Software Informer] "C:\Programmi\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Fabrizio\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E68CAE33-AB0B-4770-827F-E445D277C10D}: NameServer = 93.188.163.182,93.188.166.182
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.182,93.188.166.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.182,93.188.166.182
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ClamAV for Windows (ImmunetProtect) - Immunet Corporation - C:\Programmi\ClamAV for Windows\2.0.16\agent.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe

--
End of file - 8517 bytes

[FDAC]

Rilancia Hijackthis:
- Do a System Scan Only
- spunta la casellina fianco di ogni singola voce che ti indicherò sotto
- una volta spuntate le voci:
- chiudi tutte le applicazioni aperte
- chiudi tutte le pagine del browser aperte
- in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.king.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Interest recogniser for Widestream6 (powered by Spointer) - {2BEFBCCE-46A6-4950-BCB5-7062EAC6C9C9} - C:\Programmi\Widestream6\spointer\extensions\widestream6_air_ie.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Super-Search - search like an expert - {B88F0A3B-663C-4342-A7CE-2D6F81032897} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [librtexec] javaw -jar "C:\Programmi\Java\jre6\lib\librtexec.jar"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Immunet Protect] "C:\Programmi\ClamAV for Windows\2.0.16\iptray.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Programmi\PartyItalia\PartyPokerIt\RunApp.exe (file missing)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Programmi\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe -t
O4 - HKCU\..\Run: [Software Informer] "C:\Programmi\Software Informer\softinfo.exe" -autorun

Vai in Installazione Applicazioni, nel Pannello di Controllo, e Disinstalla:
- UpdateMyDrivers
- Software Informer
- PartyPoker
- Google Update
- QuickTime
- ClamAV for Windows
- e Tutte le Toolbar che vedi

POI elimina queste cartelle:
C:\Programmi\PartyItalia
C:\Programmi\Java

[birbante]

Ciao Francesco,

ho fissato tutte le voci che mi hai chiesto,

mentre ad installazione e applicazioni c'era solo quick time e ClamAV. La cartella Java in programmi l'ho cancellata ma quella partytalia non c'era.

Sicuro che devo cancellare ClamAV mi potresti dire il perchè?

Grazie,

Fabrizio

[birbante]

Comunque il problema dei reindirizzamenti strani dal sito it.king.com e anche da altri C'E' ANCORA!

Cosa facciamo adesso?

Grazie,

Fabrizio

[birbante]

Ciao Francesco,

Mi si apre anche una finestra di internet explorer con questo URL: http://www.epoclick.com/?ad=1287847199



Tale finestra viene così chiamata anche da internet explorer (nella parte superiore azzurra che serve anche per trascinare la finestra): http://pagead2.googlesyndication.com/pp ... ef=http%3A%



Faccio notare che il segno & scritto nel link sopra non è il simbolo che effettivamente appare sull'URL, ma a posto del simbolo & c'è un 3 girato dall'altra parte e attaccato a una t minuscola, che può assomigliare ad una &.

Io non sapevo come farlo visto che sulla mia tastiera non c'è tale simbolo e quindi ho messo degli &.

[birbante]

confermo che il simbolo che avevo messo è quello giusto, cioè &.
Scusate,
Fabrizio

[FDAC]

Ciao, Clamwin è inutile.

Fai cosi:

Combofix:
http://www.bleepingcomputer.com/combofi ... e-combofix

e poi posta il log

[birbante]

non riesco ad installare combofix. Mi da questo errore: si è verificato un errore in PEV.cfxxe.
L'applicazione verrà chiusa

Francesco adesso come si fa??

Grazie per le risposte.

[birbante]

Ciao francesco,
combofix rileva avira antivirus e mi dice di disinstallarlo. l'ho disistallato ma lo rileva ancora e quindi combofix non me lo fa installare.
Potresti aiutarmi tramite desktop remoto?
Grazie,
Fabrizio

[birbante]

ok, dopo vari sbattimenti sono riuscito ad installare combofix e di seguito invio il logfile:

ComboFix 10-10-22.05 - Fabrizio 23/10/2010 20.45.12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.3002 [GMT 2:00]
Eseguito da: c:\documents and settings\Fabrizio\Desktop\ComboFix1ei.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {009B2D84-0018-0000-3C00-00000CEE1300}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0065-0072-7300-690040061500}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fabrizio\Dati applicazioni\Vaicwe
c:\documents and settings\Fabrizio\Dati applicazioni\Vaicwe\oxadw.exe
c:\documents and settings\Fabrizio\Logo.png
c:\programmi\GooglePlusVideos

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Creati Da 2010-09-23 al 2010-10-23 )))))))))))))))))))))))))))))))))))
.

2010-10-22 21:02 . 2010-10-22 21:02 -------- d-----w- c:\programmi\Trend Micro
2010-10-22 12:41 . 2010-10-23 17:52 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-10-22 12:41 . 2010-10-22 12:42 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\Immunet
2010-10-22 12:40 . 2010-10-23 17:52 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-22 12:40 . 2010-10-23 17:52 -------- d-----w- c:\programmi\ClamAV for Windows
2010-10-18 20:28 . 2010-10-18 20:40 472808 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-18 19:19 . 2010-10-21 22:14 -------- d-----w- c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\king.com
2010-10-18 19:14 . 2010-10-18 19:19 -------- d-----w- c:\windows\system32\Adobe
2010-10-18 14:57 . 2010-10-18 14:57 32608 ----a-w- c:\windows\king-uninstall.exe
2010-10-15 22:19 . 2010-10-23 15:55 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\Toyv
2010-10-14 10:43 . 2006-11-03 08:59 48128 ----a-w- c:\windows\system32\Remove.exe
2010-10-14 10:43 . 2010-10-14 10:43 -------- d-----w- c:\windows\PixArt
2010-10-14 10:43 . 2010-10-14 10:43 -------- d-----w- c:\programmi\File comuni\PAC207
2010-10-14 10:43 . 2010-10-14 10:43 -------- d-----w- c:\programmi\Common Files
2010-10-14 10:09 . 2010-10-14 10:09 -------- d-----w- c:\windows\Downloaded Installations
2010-10-09 21:59 . 2010-10-09 21:59 286720 ------w- c:\windows\Setup1.exe
2010-10-09 21:59 . 2010-10-09 21:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-10-08 19:35 . 2010-10-08 19:35 -------- d-----w- c:\programmi\Advanced Port Scanner
2010-10-08 19:33 . 2010-10-08 19:33 -------- d-----w- c:\programmi\TEK911
2010-10-08 19:33 . 2002-12-20 12:02 1077336 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-10-08 18:06 . 2010-10-09 11:23 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\Software Informer
2010-10-08 14:15 . 1997-07-19 14:00 129808 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-10-08 14:15 . 1997-07-19 14:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX
2010-10-08 14:13 . 1997-01-15 22:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2010-10-08 14:13 . 1997-01-15 22:00 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2010-10-08 13:30 . 2010-10-08 13:30 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\N-Stalker
2010-10-08 13:30 . 2010-10-08 13:30 -------- d-----w- c:\programmi\N-Stalker
2010-10-08 13:06 . 2010-10-08 13:06 181 ----a-w- c:\windows\winnit.reg
2010-10-07 22:58 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-07 22:58 . 2008-12-16 10:44 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-10-07 22:37 . 2010-10-07 22:37 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\widestream
2010-10-07 22:37 . 2010-10-23 14:59 -------- d-----w- c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\widestream6 Air
2010-10-07 22:37 . 2010-10-07 22:37 -------- d-----w- c:\programmi\Widestream6
2010-10-04 14:36 . 2010-10-04 14:36 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-18 20:40 . 2010-04-21 12:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2010-02-23 462848]
"a-squared"="c:\programmi\a-squared Anti-Malware\a2guard.exe" [2010-03-15 3347848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Microsoft Games\\Age of Empires II The Conquerors Expansion Trial\\age2_x1t.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto\\WINO\\Grand Theft Auto.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Programmi\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 a2injectiondriver;a2injectiondriver;c:\programmi\a-squared Anti-Malware\a2dix86.sys [15/03/2010 20.01.25 36312]
R1 a2util;a-squared Malware-IDS utility driver;c:\programmi\a-squared Anti-Malware\a2util32.sys [15/03/2010 20.01.05 9328]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\programmi\a-squared Anti-Malware\a2service.exe [15/03/2010 19.56.32 1916104]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe [13/03/2010 12.17.56 583640]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [23/02/2010 19.10.22 135664]
S3 a2acc;a2acc;c:\programmi\a-squared Anti-Malware\a2accx86.sys [15/03/2010 20.01.35 67784]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [23/02/2010 17.46.23 60288]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [23/02/2010 17.46.23 646400]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [23/02/2010 17.46.24 108771]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [25/10/2007 18.31.08 616064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/03/2010 14.06.54 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvcs_Untrusted_BZ REG_MULTI_SZ winmgmt_Untrusted_BZ BITS_Untrusted_BZ netman_Untrusted_BZ
bdx REG_MULTI_SZ scan sysagent
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-23 17:10]

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-23 17:10]

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1659004503-839522115-1003Core.job
- c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-23 17:10]

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1659004503-839522115-1003UA.job
- c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-23 17:10]

2010-03-17 c:\windows\Tasks\Install_NSS.job
- c:\programmi\DivX\Symantec\scstubinstaller.exe [2009-11-14 00:49]

2010-10-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1659004503-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1659004503-839522115-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1659004503-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1659004503-839522115-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-23 c:\windows\Tasks\User_Feed_Synchronization-{96CBF773-68A9-483B-93E3-E822A52908E5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\documents and settings\Fabrizio\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Fabrizio\Dati applicazioni\Mozilla\Firefox\Profiles\s09x1jif.default\
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-{FC96066E-08B0-4EAA-F5E7-A6CFD934D35F} - c:\documents and settings\Fabrizio\Dati applicazioni\Vaicwe\oxadw.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 20:52
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,54,bd,fc,74,2d,dd,47,ab,e3,e8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,54,bd,fc,74,2d,dd,47,ab,e3,e8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1172)
c:\windows\system32\WININET.dll
c:\programmi\a-squared Anti-Malware\a2hooks32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\MPR.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Ora fine scansione: 2010-10-23 20:55:06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-23 18:55

Pre-Run: 295.701.655.552 byte disponibili
Post-Run: 296.198.709.248 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4D239215F5B4461C6D6D258AF9CA064D

[FDAC]

Digita:
Start\esegui nello spazio bianco: notepad.exe e clicca Ok
Ti appare sul desktop un documento vuoto di Blocco Note.
Copia le righe qui sotto, senza saltarne nessuna:

File::
c:\windows\system32\Remove.exe
c:\windows\Setup1.exe
c:\windows\system32\WdfCoInstaller01007.dll
c:\windows\system32\deployJava1.dll



E le incolli all'interno del foglio bianco.
Spostati ora sul Documento di Testo.
Clicca in alto su File.
Nel menù che vedi scegli Salva con nome.
Controlla che in alto dove c'è scritto Salva in: sia selezionato Desktop.
In Nome file se trovi selezionato .txt lo cancelli, e scrivi CFScript.txt
E clicca Salva.
Adesso, sul Desktop, trovi il file di testo.
Con il tasto sinistro del mouse, lo trascini sopra l'icona di Combofix, lo rilasci, e parte la scansione.
Non toccare più niente, fino a chè non è finita.
Se il pc, non si riavvia da solo riavvialo tu.
Posta il log.

[birbante]

Ecco a te il LOG, Francesco:

ComboFix 10-10-23.02 - Fabrizio 24/10/2010 17.58.02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2746 [GMT 2:00]
Eseguito da: c:\documents and settings\Fabrizio\Desktop\ComboFix1ei.exe
Opzioni usate :: c:\documents and settings\Fabrizio\Desktop\CFScript.txt
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {009B2D84-0018-0000-3C00-00000CEE1300}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0065-0072-7300-690040061500}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AVG Internet Security 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Creati Da 2010-09-24 al 2010-10-24 )))))))))))))))))))))))))))))))))))
.

2010-10-24 15:39 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-24 15:39 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-24 15:39 . 2010-10-24 15:39 -------- d-----w- c:\windows\LastGood
2010-10-24 11:24 . 2010-10-24 11:24 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-10-23 20:08 . 2010-10-23 20:08 -------- d-----w- C:\$AVG
2010-10-23 19:54 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-23 19:54 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-23 19:54 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-23 19:38 . 2010-10-23 19:38 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\AVG10
2010-10-23 19:22 . 2010-10-23 19:22 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\Common Files
2010-10-23 19:20 . 2010-10-24 15:42 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-23 19:20 . 2010-10-23 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG10
2010-10-23 19:19 . 2010-10-23 19:19 -------- d-----w- c:\programmi\AVG
2010-10-23 19:10 . 2010-10-23 19:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2010-10-23 18:39 . 2010-10-23 18:55 -------- d-----w- C:\ComboFix1ei
2010-10-22 21:02 . 2010-10-22 21:02 -------- d-----w- c:\programmi\Trend Micro
2010-10-22 12:41 . 2010-10-23 17:52 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-10-22 12:41 . 2010-10-22 12:42 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\Immunet
2010-10-22 12:40 . 2010-10-23 17:52 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-22 12:40 . 2010-10-23 17:52 -------- d-----w- c:\programmi\ClamAV for Windows
2010-10-18 20:28 . 2010-10-18 20:40 472808 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-18 19:19 . 2010-10-23 20:13 -------- d-----w- c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\king.com
2010-10-18 19:14 . 2010-10-18 19:19 -------- d-----w- c:\windows\system32\Adobe
2010-10-18 14:57 . 2010-10-18 14:57 32608 ----a-w- c:\windows\king-uninstall.exe
2010-10-15 22:19 . 2010-10-23 15:55 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\Toyv
2010-10-14 10:43 . 2006-11-03 08:59 48128 ----a-w- c:\windows\system32\Remove.exe
2010-10-14 10:43 . 2010-10-14 10:43 -------- d-----w- c:\windows\PixArt
2010-10-14 10:43 . 2010-10-14 10:43 -------- d-----w- c:\programmi\File comuni\PAC207
2010-10-14 10:43 . 2010-10-14 10:43 -------- d-----w- c:\programmi\Common Files
2010-10-14 10:09 . 2010-10-14 10:09 -------- d-----w- c:\windows\Downloaded Installations
2010-10-09 21:59 . 2010-10-09 21:59 286720 ------w- c:\windows\Setup1.exe
2010-10-09 21:59 . 2010-10-09 21:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-10-08 19:35 . 2010-10-08 19:35 -------- d-----w- c:\programmi\Advanced Port Scanner
2010-10-08 19:33 . 2002-12-20 12:02 1077336 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-10-08 18:06 . 2010-10-09 11:23 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\Software Informer
2010-10-08 14:15 . 1997-07-19 14:00 129808 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-10-08 14:15 . 1997-07-19 14:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX
2010-10-08 14:13 . 1997-01-15 22:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2010-10-08 14:13 . 1997-01-15 22:00 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2010-10-08 13:30 . 2010-10-08 13:30 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\N-Stalker
2010-10-08 13:30 . 2010-10-08 13:30 -------- d-----w- c:\programmi\N-Stalker
2010-10-08 13:06 . 2010-10-08 13:06 181 ----a-w- c:\windows\winnit.reg
2010-10-07 22:58 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-07 22:58 . 2008-12-16 10:44 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-10-07 22:37 . 2010-10-07 22:37 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\widestream
2010-10-07 22:37 . 2010-10-24 15:57 -------- d-----w- c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\widestream6 Air
2010-10-07 22:37 . 2010-10-07 22:37 -------- d-----w- c:\programmi\Widestream6
2010-10-04 14:36 . 2010-10-04 14:36 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-18 20:40 . 2010-04-21 12:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-10 05:49 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-07 01:49 . 2010-09-07 01:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 01:48 . 2010-09-07 01:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 01:48 . 2010-09-07 01:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 01:48 . 2010-09-07 01:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-01 11:51 . 2006-03-02 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2006-03-02 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2006-03-02 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-03-02 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2006-03-02 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-19 19:42 . 2010-08-19 19:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 19:42 . 2010-08-19 19:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 19:42 . 2010-08-19 19:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-10-23_18.52.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 02:14 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 02:14 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2006-03-02 12:00 . 2010-10-23 21:01 79292 c:\windows\system32\perfc010.dat
- 2006-03-02 12:00 . 2010-08-13 16:09 79292 c:\windows\system32\perfc010.dat
- 2006-03-02 12:00 . 2010-08-13 16:09 67312 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-10-23 21:01 67312 c:\windows\system32\perfc009.dat
- 2006-03-02 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2006-03-02 12:00 . 2010-09-10 05:49 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 03:31 . 2010-09-10 05:49 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 03:31 . 2010-06-24 12:22 55296 c:\windows\system32\msfeedsbs.dll
- 2006-03-02 12:00 . 2010-06-24 12:22 25600 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2010-09-10 05:49 25600 c:\windows\system32\jsproxy.dll
+ 2010-07-12 02:33 . 2010-07-12 02:33 30432 c:\windows\system32\drivers\avgfwdx.sys
- 2010-02-24 10:34 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-02-24 10:34 . 2010-09-10 05:49 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-27 05:58 . 2010-08-27 05:58 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2009-03-08 03:31 . 2010-09-10 05:49 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-08 03:31 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-02-24 10:34 . 2010-06-24 12:22 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-02-24 10:34 . 2010-09-10 05:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 03:34 . 2010-09-10 05:49 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 03:33 . 2010-09-10 05:49 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 03:33 . 2010-06-24 12:22 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-07-12 02:33 . 2010-07-12 02:33 51040 c:\windows\system32\avgfwdx.dll
- 2010-03-23 03:31 . 2010-03-23 03:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 07:43 . 2010-09-22 07:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-10-24 11:24 . 2010-10-24 11:24 38400 c:\windows\Installer\a214a1.msi
+ 2010-10-24 11:24 . 2010-10-24 11:24 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-10-23 21:01 . 2009-03-08 03:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-10-23 21:01 . 2009-03-08 03:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-23 21:00 . 2010-10-23 21:00 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-13 16:09 . 2010-08-13 16:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-08-13 16:09 . 2010-08-13 16:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-13 16:08 . 2010-08-13 16:08 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-03-02 12:00 . 2010-06-18 17:45 293888 c:\windows\system32\winsrv.dll
- 2006-03-02 12:00 . 2008-04-14 02:13 293888 c:\windows\system32\winsrv.dll
- 2006-03-02 12:00 . 2008-04-14 02:13 406016 c:\windows\system32\usp10.dll
+ 2006-03-02 12:00 . 2010-04-16 15:37 406016 c:\windows\system32\usp10.dll
+ 2006-03-02 12:00 . 2010-10-23 21:01 478808 c:\windows\system32\perfh010.dat
- 2006-03-02 12:00 . 2010-08-13 16:09 478808 c:\windows\system32\perfh010.dat
+ 2006-03-02 12:00 . 2010-10-23 21:01 432356 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-08-13 16:09 432356 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2010-09-10 05:49 206848 c:\windows\system32\occache.dll
- 2006-03-02 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2010-09-10 05:49 611840 c:\windows\system32\mstime.dll
- 2006-03-02 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 03:32 . 2010-09-10 05:49 602112 c:\windows\system32\msfeeds.dll
- 2006-03-02 12:00 . 2008-04-14 02:13 384512 c:\windows\system32\mp4sdmod.dll
+ 2006-03-02 12:00 . 2010-04-05 09:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2010-02-23 15:39 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2006-03-02 12:00 . 2010-09-10 05:49 184320 c:\windows\system32\iepeers.dll
- 2006-03-02 12:00 . 2010-06-24 12:22 184320 c:\windows\system32\iepeers.dll
- 2006-03-02 12:00 . 2010-06-24 12:22 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-02 12:00 . 2010-09-10 05:49 387584 c:\windows\system32\iedkcs32.dll
- 2006-03-02 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
+ 2006-03-02 12:00 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
- 2010-02-23 16:27 . 2010-08-13 17:15 122136 c:\windows\system32\FNTCACHE.DAT
+ 2010-02-23 16:27 . 2010-10-24 08:27 122136 c:\windows\system32\FNTCACHE.DAT
+ 2010-02-23 16:33 . 2010-07-16 12:02 221696 c:\windows\system32\dllcache\wordpad.exe
+ 2010-06-18 17:45 . 2010-06-18 17:45 293888 c:\windows\system32\dllcache\winsrv.dll
+ 2009-12-22 05:08 . 2010-09-10 05:49 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-12-22 05:08 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 15:37 . 2010-04-16 15:37 406016 c:\windows\system32\dllcache\usp10.dll
+ 2010-02-23 16:59 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
- 2010-02-23 16:59 . 2009-10-15 16:29 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2010-02-23 17:32 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2009-04-15 14:52 . 2010-08-16 08:44 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 03:34 . 2010-09-10 05:49 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 03:34 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 03:32 . 2010-09-10 05:49 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 03:32 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-02-24 10:34 . 2010-09-10 05:49 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-03-02 12:00 . 2010-04-05 09:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
- 2006-03-02 12:00 . 2008-04-14 02:13 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2010-09-18 10:23 . 2010-09-18 10:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2006-03-02 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2010-02-23 16:35 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-02-24 10:34 . 2010-06-24 12:22 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-02-24 10:34 . 2010-09-10 05:49 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 03:31 . 2010-06-24 12:22 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 03:31 . 2010-09-10 05:49 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-10 17:56 . 2010-06-24 12:22 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-10 17:56 . 2010-09-10 05:49 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 13:09 . 2010-06-24 12:22 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 13:09 . 2010-09-10 05:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 03:32 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 03:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-03-02 12:00 . 2008-04-14 02:13 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2010-09-22 07:43 . 2010-09-22 07:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-23 03:31 . 2010-03-23 03:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-23 19:02 . 2010-09-23 19:02 798208 c:\windows\Installer\496e75.msp
+ 2010-10-23 21:01 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-10-23 21:01 . 2010-07-05 13:20 402296 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-10-23 21:01 . 2009-05-26 09:01 233848 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-10-23 21:01 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-10-23 21:01 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-10-24 12:14 . 2010-10-24 12:14 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-10-24 12:13 . 2010-10-24 12:13 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-08-13 16:09 . 2010-08-13 16:09 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-08-13 16:09 . 2010-08-13 16:09 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-13 16:09 . 2010-08-13 16:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-13 16:09 . 2010-08-13 16:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-23 21:00 . 2010-10-23 21:00 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-08-13 16:09 . 2010-08-13 16:09 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-23 19:54 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2006-03-02 12:00 . 2010-08-26 15:16 4886528 c:\windows\system32\wmp.dll
+ 2006-03-02 12:00 . 2010-09-10 05:49 1210880 c:\windows\system32\urlmon.dll
+ 2006-03-02 12:00 . 2010-07-16 12:05 1287680 c:\windows\system32\ole32.dll
+ 2006-03-02 12:00 . 2010-09-10 05:49 5957120 c:\windows\system32\mshtml.dll
+ 2009-03-08 03:32 . 2010-09-10 05:49 1986560 c:\windows\system32\iertutil.dll
- 2009-03-08 03:32 . 2010-06-24 12:22 1986560 c:\windows\system32\iertutil.dll
+ 2006-03-02 12:00 . 2010-08-26 15:16 4886528 c:\windows\system32\dllcache\wmp.dll
+ 2009-08-14 15:12 . 2010-09-01 07:54 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2009-12-22 05:08 . 2010-09-10 05:49 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1287680 c:\windows\system32\dllcache\ole32.dll
+ 2009-12-22 05:08 . 2010-09-10 05:49 5957120 c:\windows\system32\dllcache\mshtml.dll
+ 2010-02-24 10:34 . 2010-09-10 05:49 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2010-02-24 10:34 . 2010-06-24 12:22 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2010-03-23 03:32 . 2010-03-23 03:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 07:44 . 2010-09-22 07:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-23 05:39 . 2010-09-23 05:39 4265472 c:\windows\Installer\496e6e.msp
+ 2010-10-23 19:21 . 2010-10-23 19:21 3014656 c:\windows\Installer\1904ef.msi
+ 2010-10-23 19:19 . 2010-10-23 19:19 1542656 c:\windows\Installer\1904eb.msi
+ 2010-10-23 21:01 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-10-23 21:01 . 2010-06-24 12:22 1986560 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2010-10-24 12:15 . 2010-10-24 12:15 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-24 12:15 . 2010-10-24 12:15 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-10-24 12:13 . 2010-10-24 12:13 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-13 16:09 . 2010-08-13 16:09 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-23 21:00 . 2010-10-23 21:00 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-23 21:02 . 2010-10-23 21:02 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-02-26 09:43 . 2010-02-26 09:43 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-23 21:00 . 2010-10-23 21:00 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-23 21:00 . 2010-10-23 21:00 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-13 16:09 . 2010-08-13 16:09 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-23 21:01 . 2010-10-23 21:01 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-08-13 16:08 . 2010-08-13 16:08 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-02-24 10:32 . 2010-10-07 08:46 35385288 c:\windows\system32\MRT.exe
+ 2009-03-08 03:39 . 2010-09-10 05:49 11080192 c:\windows\system32\ieframe.dll
+ 2010-02-24 10:34 . 2010-09-10 05:49 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-10-24 11:24 . 2010-10-24 11:24 20303872 c:\windows\Installer\a214a7.msp
+ 2010-10-23 21:01 . 2010-06-24 15:52 11077120 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-24 12:14 . 2010-10-24 12:14 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-10-23 21:02 . 2010-10-23 21:02 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2010-02-23 462848]
"a-squared"="c:\programmi\a-squared Anti-Malware\a2guard.exe" [2010-03-15 3347848]
"AVG_TRAY"="c:\programmi\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Microsoft Games\\Age of Empires II The Conquerors Expansion Trial\\age2_x1t.exe"=
"c:\\Programmi\\Rockstar Games\\Grand Theft Auto\\WINO\\Grand Theft Auto.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Programmi\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgemcx.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16.27.24 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 3.48.50 26064]
R1 a2injectiondriver;a2injectiondriver;c:\programmi\a-squared Anti-Malware\a2dix86.sys [15/03/2010 20.01.25 36312]
R1 a2util;a-squared Malware-IDS utility driver;c:\programmi\a-squared Anti-Malware\a2util32.sys [15/03/2010 20.01.05 9328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 3.48.54 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 3.49.00 298448]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\programmi\a-squared Anti-Malware\a2service.exe [15/03/2010 19.56.32 1916104]
R2 avgfws;AVG Firewall;c:\programmi\AVG\AVG10\avgfws.exe [10/09/2010 1.45.18 3210176]
R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [03/09/2010 10.35.50 6104144]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG10\avgwdsvc.exe [10/09/2010 1.45.22 265400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe [13/03/2010 12.17.56 583640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 4.33.54 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21.42.36 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21.42.38 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21.42.34 26192]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [23/02/2010 19.10.22 135664]
S3 a2acc;a2acc;c:\programmi\a-squared Anti-Malware\a2accx86.sys [15/03/2010 20.01.35 67784]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 4.33.54 30432]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [23/02/2010 17.46.23 60288]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [23/02/2010 17.46.23 646400]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [23/02/2010 17.46.24 108771]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [25/10/2007 18.31.08 616064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/03/2010 14.06.54 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvcs_Untrusted_BZ REG_MULTI_SZ winmgmt_Untrusted_BZ BITS_Untrusted_BZ netman_Untrusted_BZ
bdx REG_MULTI_SZ scan sysagent
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-23 17:10]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-23 17:10]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1659004503-839522115-1003Core.job
- c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-23 17:10]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1659004503-839522115-1003UA.job
- c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-23 17:10]

2010-10-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1659004503-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1659004503-839522115-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1659004503-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1659004503-839522115-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{96CBF773-68A9-483B-93E3-E822A52908E5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\documents and settings\Fabrizio\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Fabrizio\Dati applicazioni\Mozilla\Firefox\Profiles\s09x1jif.default\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 18:01
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,54,bd,fc,74,2d,dd,47,ab,e3,e8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,54,bd,fc,74,2d,dd,47,ab,e3,e8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(940)
c:\windows\system32\WININET.dll
c:\programmi\a-squared Anti-Malware\a2hooks32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2010-10-24 18:03:21
ComboFix-quarantined-files.txt 2010-10-24 16:03
ComboFix2.txt 2010-10-23 18:55

Pre-Run: 294.760.181.760 byte disponibili
Post-Run: 294.754.119.680 byte disponibili

- - End Of File - - 7EFD7F50B29757B466457EAA1A79D717

[FDAC]

Disinstalla Tassativamente:

AVG Internet Security 2011
a-squared Anti-Malware
AVG Firewall


- Scarica Avenger dal link sottostante,
http://swandog46.geekstogo.com/avenger.zip
- Scompattalo in una sua cartella non temporanea e non sul Desktop

- Avvia Avenger
- Clicca Ok
- Inserisci queste righe (fai copia-incolla) nel riquadro bianco:

Files to delete:
c:\windows\system32\Remove.exe
c:\windows\Setup1.exe
c:\windows\system32\WdfCoInstaller01007.dll
c:\windows\system32\deployJava1.dll

- Togli la spunta da Scan for Rootkit
- Clicca su Execute e aspetta un po'.
- Il PC dovrebbe riavviarsi; se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger.

[birbante]

ok, premetto che AVG Firewall non l'ho trovato in installazione applicazioni
ecco a te il log di avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\windows\system32\Remove.exe" deleted successfully.
File "c:\windows\Setup1.exe" deleted successfully.
File "c:\windows\system32\WdfCoInstaller01007.dll" deleted successfully.
File "c:\windows\system32\deployJava1.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[FDAC]

Come va il PC?
Posta un log aggiornato di Hijackthis.

[birbante]

Ciao Francesco,
adesso sono senza antivirus e antispyware. Mi consiglieresti qualcosa per difendermi da tali minacce?

Ecco a te il nuovo log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.59.42, on 25/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Fabrizio\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe

--
End of file - 3744 bytes