Condividi:        

Trojan che rallentano il PC

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Trojan che rallentano il PC

Postdi S4R4K » 17/04/08 01:58

Salve a tutti,
ho trovato dei trojan all'avvio di Avast ma non riesco a toglierli.
La connessione Internet è diventata lentissima ed ho rallentamenti anche con molti programmi, per favore aiutatemi.
Posto qui il logfile di HijackThis, grazie:

Logfile of HijackThis v1.99.1
Scan saved at 2.51.09, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Creative\SBAudigy\AudioHQ\AHQTbU.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\FinePixViewer\QuickDCF2.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
D:\DATI\Utility\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rocorosso.splinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmi\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [AudioHQU] C:\Programmi\Creative\SBAudigy\AudioHQ\AHQTbU.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [98e3264a] rundll32.exe "C:\WINDOWS\system32\cirtalpi.dll",b
O4 - HKLM\..\Run: [BM9bd015d6] Rundll32.exe "C:\WINDOWS\system32\hrdporbf.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [AliceMessenger] C:\Programmi\Alice Messenger\alicemessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Programmi\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti link selezionati in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti selezione a PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con NetXfer - C:\Programmi\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - C:\Programmi\Xi\NetXfer\NXAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Sponsor
 

Re: Trojan che rallentano il PC

Postdi S4R4K » 17/04/08 02:47

Ho accertato ora che la funzione "sfoglia" su internet non è più attivabile, non mi è possibile uploadare ed alcuni siti non me li apre per niente.
Aiuto
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: Trojan che rallentano il PC

Postdi Luke57 » 17/04/08 10:05

Ciao, scarica anche combofix sul desktop
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet
disattiva l'antivirus


Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione che è piuttosto lenta, se spariscono le icone dal desktop è normale))
Segui le istruzioni e alla fine verrà generato un log (C:\combofix.txt).

Riavvia il pc, copia e incolla il contenuto del report in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Trojan che rallentano il PC

Postdi S4R4K » 17/04/08 12:13

Non riesco a fare né upload e né download. Dal link non posso scaricare Combo, inoltre non mi fa fare ricerca da Google.
Non so cosa fare.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: Trojan che rallentano il PC

Postdi S4R4K » 17/04/08 12:48

Trovato ComboFix finalmente.
Ecco il report:

ComboFix 08-04-16.5 - Sarak 2008-04-17 13.22.11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1017 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Sarak\Desktop\ComboFix.exe.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\MyWay
C:\Programmi\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
C:\Programmi\MyWay\myBar\1.bin\PARTNER.BMP
C:\Programmi\MyWay\myBar\1.bin\PARTNER.DAT
C:\Programmi\MyWay\myBar\1.bin\PARTNER2.DAT
C:\Programmi\MyWay\myBar\1.bin\PARTNER3.DAT
C:\Programmi\MyWay\myBar\1.bin\PARTNER4.DAT
C:\Programmi\MyWay\myBar\1.bin\PARTNER5.DAT
C:\Programmi\MyWay\myBar\1.bin\PARTNER6.DAT
C:\Programmi\MyWay\myBar\Cache\003AED05
C:\Programmi\MyWay\myBar\Cache\003BD7C3
C:\Programmi\MyWay\myBar\Cache\files.ini
C:\Programmi\MyWay\myBar\History\search
C:\Programmi\MyWay\myBar\Thumbs.db
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AdLRYcdd.ini
C:\WINDOWS\system32\AdLRYcdd.ini2
C:\WINDOWS\system32\cirtalpi.dll
C:\WINDOWS\system32\ddcYRLdA.dll
C:\WINDOWS\system32\drivers\grande48.sys
C:\WINDOWS\system32\hrdporbf.dll
C:\WINDOWS\system32\hublqnyr.dll
C:\WINDOWS\system32\iplatric.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-03-17 al 2008-04-17 )))))))))))))))))))))))))))))))))))
.

2008-04-16 21:34 . 2008-04-17 13:15 101,197 --a------ C:\WINDOWS\BM9bd015d6.xml
2008-04-16 20:11 . 2007-09-10 20:58 115,200 --a------ C:\WINDOWS\2.exe
2008-04-16 18:21 . 2008-04-16 18:21 147,456 --a------ C:\flciijjq.exe
2008-04-16 18:21 . 2008-04-16 18:21 61,440 --a------ C:\jfcjr.exe
2008-04-16 18:21 . 2008-04-16 18:21 58,880 --a------ C:\mxuxc.exe
2008-04-16 18:21 . 2008-04-16 18:21 55,218 --a------ C:\WINDOWS\qaszpurn.sys
2008-04-16 18:21 . 2008-04-16 18:21 10,752 --a------ C:\rfiufujt.exe
2008-04-16 18:21 . 2008-04-16 18:21 10,752 --a------ C:\kbvxxo.exe
2008-04-16 18:21 . 2008-04-16 18:21 5,120 --a------ C:\WINDOWS\wininst.dll
2008-04-16 18:21 . 2008-04-16 18:21 4,096 --a------ C:\jgkpt.exe
2008-04-02 16:04 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-02 16:04 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 21:15 . 2008-03-30 21:20 2,359,350 --a------ C:\WINDOWS\ACD Wallpaper.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 11:31 2,050,080 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-17 11:28 27,140 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-17 11:17 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-16 19:59 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\uTorrent
2008-04-16 18:24 --------- d-----w C:\Programmi\File comuni\ACD Systems
2008-04-16 18:23 --------- d-----w C:\Programmi\ACD Systems
2008-04-16 18:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-04-16 17:13 --------- d-----w C:\Programmi\Bit Che
2008-04-16 13:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-04-14 12:06 --------- d-----w C:\Programmi\FinePixViewer
2008-04-01 12:56 --------- d-----w C:\Programmi\Soulseek
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-18 12:57 351,232 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-12 01:21 1,306,112 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-02-26 10:27 11,502,933 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-24 16:29 --------- d-----w C:\Programmi\Google
2008-02-19 13:10 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-19 13:03 --------- d-----w C:\Programmi\Airis
2008-02-18 15:29 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\gtk-2.0
2008-02-17 17:35 2,322,432 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-02-17 14:57 --------- d-----w C:\Programmi\Picasa2
2008-02-13 12:59 36,864 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-02-13 02:55 129,536 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-02-12 02:47 140,800 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-02-09 13:57 804,352 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-01-17 21:17 344,576 ----a-w C:\WINDOWS\Internet Logs\xDB140.tmp
2008-01-17 16:24 511,624 ----a-w C:\Documents and Settings\Sarak\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-01-12 12:16 367,104 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-01-07 10:00 131,584 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-01-04 14:29 967,168 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-12-19 13:22 550,912 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-12-10 11:51 280,064 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-12-04 11:02 1,426,944 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-11-26 18:27 2,009,600 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-11-26 03:35 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-26 23:09 766,976 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-09-03 21:29 3,065,856 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-05-27 01:02 2,636,288 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-05-27 01:02 1,573,888 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-05-17 11:43 2,990 ----a-w C:\Programmi\irunin.ini
2007-05-17 11:42 7,623 ----a-w C:\Programmi\irunin.lng
2007-05-17 11:42 22,012 ----a-w C:\Programmi\irunin.dat
2007-05-16 14:02 2,772,992 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-05-16 14:02 1,564,160 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-05-08 01:16 60,416 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-05-07 23:59 2,826,752 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-05-07 23:58 1,553,920 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-04-29 17:07 985,088 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-04-29 17:07 1,537,536 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-04-27 12:53 156,672 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-04-27 12:53 1,530,368 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-04-25 15:26 2,917,888 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-04-02 14:20 3,455,488 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-01-18 13:18 761 ----a-w C:\Programmi\sites.xml
2006-06-29 18:40 528,384 ----a-w C:\Programmi\FTPWanderer.exe
2006-04-24 10:59 1,130,496 ----a-w C:\Programmi\DVDDecrypter.exe
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-01-01 02:39 3,637,248 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2002-01-01 02:39 1,291,264 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2000-02-08 16:16 49,826 ----a-w C:\Programmi\GenesisConfig.dat
2000-01-28 12:40 476,160 ----a-w C:\Programmi\genV2PRO.8bf
1999-12-15 15:25 2,166,381 ----a-w C:\Programmi\genv2pro.chm
.
Codice: Seleziona tutto
<pre>
----a-w         3,256,320 2007-12-27 12:38:15  C:\Programmi\Alice Messenger\alicemessenger .exe
----a-w           122,880 2008-01-04 21:18:27  C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask .exe
----a-w           163,840 2008-01-04 21:18:26  C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray .exe
----a-w           180,269 2008-01-04 21:18:17  C:\Programmi\File comuni\Real\Update_OB\realsched .exe
</pre>



((((((((((((((((((((((((((((( snapshot@2008-01-09_16.57.16.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-17 21:01:16 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2001-08-31 12:00:00 188,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2001-08-30 21:08:28 290,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2001-08-31 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\wdmaud.drv
+ 2001-08-31 12:00:00 132,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
+ 2008-04-17 11:29:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2008-04-16 18:24:11 81,920 ----a-r C:\WINDOWS\Installer\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}\ACDSeeDesktopShortcu_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-04-16 18:24:11 81,920 ----a-r C:\WINDOWS\Installer\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}\ACDSeePMShortcut_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-04-16 18:24:11 566,608 ----a-r C:\WINDOWS\Installer\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}\ACDSeeShowroomShor_89621A33AFFC45029C8C9D5A4EA9D15A.exe
+ 2008-04-16 18:24:11 81,920 ----a-r C:\WINDOWS\Installer\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}\ARPPRODUCTICON.exe
+ 2008-04-16 18:24:11 45,056 ----a-r C:\WINDOWS\Installer\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
+ 2006-08-25 19:01:42 2,560 ----a-r C:\WINDOWS\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2005-04-26 14:59:13 2,560 ----a-r C:\WINDOWS\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-01-28 11:42:47 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
+ 2008-01-28 11:42:47 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2008-01-28 11:42:48 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2007-11-19 12:18:55 2,678 ----a-w C:\WINDOWS\java\Packages\Data\3Z7NPN35.DAT
+ 2007-11-19 12:18:56 2,678 ----a-w C:\WINDOWS\java\Packages\Data\7FDRZN9J.DAT
+ 2007-11-19 12:18:55 2,678 ----a-w C:\WINDOWS\java\Packages\Data\B1NT33BJ.DAT
+ 2007-11-19 12:18:59 2,678 ----a-w C:\WINDOWS\java\Packages\Data\EA2UKPZP.DAT
+ 2007-11-16 13:14:29 2,232 ----a-w C:\WINDOWS\java\Packages\Data\FB37FP71.DAT
+ 2007-11-19 12:18:54 2,678 ----a-w C:\WINDOWS\java\Packages\Data\N9J1J9JB.DAT
+ 2006-06-27 13:26:07 3,005 ----a-w C:\WINDOWS\mozver.dat
- 2000-08-31 07:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2005-10-01 13:59:06 2,426 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2003-06-09 00:43:26 315,392 ----a-w C:\WINDOWS\setupmp3\remove.exe
+ 2003-06-02 20:27:12 19,080 ------w C:\WINDOWS\setupmp3\SMMD.SYS
+ 2000-09-14 12:23:34 20,576 ------w C:\WINDOWS\setupmp3\SpMmd2k.sys
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-08-31 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-31 12:00:00 73,664 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2001-08-31 12:00:00 25,296 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2001-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-08-31 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-31 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-31 12:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2001-08-31 12:00:00 4,080 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2001-08-31 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2001-08-31 12:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-19 13:39:50 146,944 ----a-w C:\WINDOWS\system\winspool.drv
+ 2005-04-30 16:02:26 86,016 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
+ 2001-08-31 12:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
+ 2006-08-11 13:43:04 2,091 ----a-w C:\WINDOWS\system32\Data\CTS20X.DAT
+ 2004-08-19 13:52:50 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2001-08-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-08-31 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-31 12:00:00 73,664 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-08-31 12:00:00 25,296 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-08-31 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-08-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-08-31 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2001-08-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-08-31 12:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
+ 2001-08-31 12:00:00 4,080 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
+ 2001-08-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-19 13:39:50 23,552 -c----w C:\WINDOWS\system32\dllcache\wdmaud.drv
+ 2001-08-31 12:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
+ 2001-08-31 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-19 13:39:50 146,944 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
+ 2001-08-31 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-31 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
- 2007-12-04 14:56:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2006-05-19 21:16:24 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2006-05-19 21:16:24 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2005-05-10 23:33:12 32,256 ------w C:\WINDOWS\system32\drivers\cdrbsdrv.sys
+ 2004-08-03 21:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2007-07-19 14:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-07-19 13:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2006-12-22 11:30:42 1,683,232 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
+ 2007-10-19 12:16:30 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
- 2006-12-22 11:32:24 1,963,680 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
+ 2007-10-11 17:59:02 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
- 2006-12-22 11:32:48 25,632 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
+ 2007-10-11 17:59:24 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
+ 2001-08-17 21:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
+ 2001-08-31 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2000-09-14 12:23:34 20,576 ------w C:\WINDOWS\system32\drivers\spmmd2k.sys
+ 2001-11-25 11:11:54 81,924 ------w C:\WINDOWS\system32\drivers\VC4CB104.SYS
+ 2006-12-14 20:37:12 490,016 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_2CD5F480A3A41315A39AE3CB22ED3AE25283E3F4\LV561AV.sys
+ 2006-12-14 20:38:32 264,992 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_2CD5F480A3A41315A39AE3CB22ED3AE25283E3F4\lvcodec2.dll
+ 2006-12-14 20:38:42 133,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_2CD5F480A3A41315A39AE3CB22ED3AE25283E3F4\lvcoinst.dll
+ 2006-12-14 20:41:34 215,840 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_2CD5F480A3A41315A39AE3CB22ED3AE25283E3F4\LVUI2.dll
+ 2006-12-14 20:41:44 527,136 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_2CD5F480A3A41315A39AE3CB22ED3AE25283E3F4\LVUI2RC.dll
+ 2006-12-14 20:41:56 41,248 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_2CD5F480A3A41315A39AE3CB22ED3AE25283E3F4\LVUSBSta.sys
+ 2006-12-14 20:42:30 166,688 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_2CD5F480A3A41315A39AE3CB22ED3AE25283E3F4\lvWIAext.dll
+ 2003-02-21 03:42:22 348,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_2CD5F480A3A41315A39AE3CB22ED3AE25283E3F4\msvcr71.dll
+ 2006-12-14 20:34:10 435,736 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_2CD5F480A3A41315A39AE3CB22ED3AE25283E3F4\WUApp32.exe
+ 2007-10-12 01:56:20 490,776 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LV561AV.sys
+ 2007-10-12 01:57:28 416,280 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\lvcodec2.dll
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\lvcoinst.dll
+ 2007-10-12 02:00:20 490,008 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LVUI2.dll
+ 2007-10-12 02:00:32 465,432 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LVUI2RC.dll
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LVUSBSta.sys
+ 2007-10-12 02:01:28 236,056 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\lvWIAext.dll
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\WUApp32.exe
+ 2007-10-12 01:55:58 13,848 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\lv302af.sys
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\lvcoinst.dll
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\LVUSBSta.sys
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\WUApp32.exe
+ 2007-10-12 01:55:58 1,279,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LV302V32.SYS
+ 2007-10-12 01:57:28 416,280 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\lvcodec2.dll
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\lvcoinst.dll
+ 2007-10-12 02:00:20 490,008 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LVUI2.dll
+ 2007-10-12 02:00:32 465,432 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LVUI2RC.dll
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LVUSBSta.sys
+ 2007-10-12 02:01:28 236,056 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\lvWIAext.dll
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\WUApp32.exe
+ 2006-12-14 20:36:26 14,240 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIs_372A6B209FEC98CE570B85E96D169BDC9837401F\lv302af.sys
+ 2006-12-14 20:38:42 133,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIs_372A6B209FEC98CE570B85E96D169BDC9837401F\lvcoinst.dll
+ 2006-12-14 20:41:56 41,248 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIs_372A6B209FEC98CE570B85E96D169BDC9837401F\LVUSBSta.sys
+ 2006-12-14 20:34:10 435,736 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIs_372A6B209FEC98CE570B85E96D169BDC9837401F\WUApp32.exe
+ 2006-12-14 20:36:38 936,864 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIv_DF430569D065889B226C36FAC303BA2660175D34\LV302V32.SYS
+ 2006-12-14 20:38:32 264,992 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIv_DF430569D065889B226C36FAC303BA2660175D34\lvcodec2.dll
+ 2006-12-14 20:38:42 133,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIv_DF430569D065889B226C36FAC303BA2660175D34\lvcoinst.dll
+ 2006-12-14 20:41:34 215,840 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIv_DF430569D065889B226C36FAC303BA2660175D34\LVUI2.dll
+ 2006-12-14 20:41:44 527,136 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIv_DF430569D065889B226C36FAC303BA2660175D34\LVUI2RC.dll
+ 2006-12-14 20:41:56 41,248 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIv_DF430569D065889B226C36FAC303BA2660175D34\LVUSBSta.sys
+ 2006-12-14 20:42:30 166,688 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIv_DF430569D065889B226C36FAC303BA2660175D34\lvWIAext.dll
+ 2003-02-21 03:42:22 348,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIv_DF430569D065889B226C36FAC303BA2660175D34\msvcr71.dll
+ 2006-12-14 20:34:10 435,736 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPIv_DF430569D065889B226C36FAC303BA2660175D34\WUApp32.exe
+ 2006-12-14 20:41:00 66,720 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3c_C46573D3270324DDC52922E686363125CEB64458\lvselsus.sys
+ 2006-12-14 20:42:18 22,432 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3c_C46573D3270324DDC52922E686363125CEB64458\lvuvcflt.sys
+ 2006-12-14 20:38:42 133,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3s_8A46B6B113B8ABFED392A97F77B47F573F9A32E3\lvcoinst.dll
+ 2006-12-14 20:40:14 1,513,120 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3s_8A46B6B113B8ABFED392A97F77B47F573F9A32E3\lvpopflt.sys
+ 2006-12-14 20:41:00 66,720 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3s_8A46B6B113B8ABFED392A97F77B47F573F9A32E3\lvselsus.sys
+ 2006-12-14 20:41:56 41,248 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3s_8A46B6B113B8ABFED392A97F77B47F573F9A32E3\LVUSBSta.sys
+ 2006-12-14 20:34:10 435,736 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3s_8A46B6B113B8ABFED392A97F77B47F573F9A32E3\WUApp32.exe
+ 2006-12-14 20:38:32 264,992 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3v_771E68467935283141B09566E9A063B4610D80C6\lvcodec2.dll
+ 2006-12-14 20:38:42 133,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3v_771E68467935283141B09566E9A063B4610D80C6\lvcoinst.dll
+ 2006-12-14 20:41:34 215,840 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3v_771E68467935283141B09566E9A063B4610D80C6\LVUI2.dll
+ 2006-12-14 20:41:44 527,136 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3v_771E68467935283141B09566E9A063B4610D80C6\LVUI2RC.dll
+ 2006-12-14 20:41:56 41,248 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3v_771E68467935283141B09566E9A063B4610D80C6\LVUSBSta.sys
+ 2006-12-14 20:42:08 1,090,720 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3v_771E68467935283141B09566E9A063B4610D80C6\lvuvc.sys
+ 2006-12-14 20:42:30 166,688 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3v_771E68467935283141B09566E9A063B4610D80C6\lvWIAext.dll
+ 2003-02-21 03:42:22 348,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3v_771E68467935283141B09566E9A063B4610D80C6\msvcr71.dll
+ 2006-12-14 20:34:10 435,736 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO3v_771E68467935283141B09566E9A063B4610D80C6\WUApp32.exe
+ 2007-10-12 02:01:06 23,832 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5c_F4502E86C545666FAEEA2E5BC0ECF142B1B952DA\lvuvcflt.sys
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvcoinst.dll
+ 2007-10-12 01:59:12 1,920,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvpopflt.sys
+ 2007-10-12 02:00:08 2,091,800 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvrs.sys
+ 2007-10-12 02:00:20 66,456 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvselsus.sys
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\LVUSBSta.sys
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\WUApp32.exe
+ 2007-10-12 01:57:28 416,280 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvcodec2.dll
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvcoinst.dll
+ 2007-10-12 02:00:20 490,008 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\LVUI2.dll
+ 2007-10-12 02:00:32 465,432 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\LVUI2RC.dll
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\LVUSBSta.sys
+ 2007-10-12 02:00:54 3,647,384 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvuvc.sys
+ 2007-10-12 02:01:28 236,056 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvWIAext.dll
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\WUApp32.exe
+ 2002-02-13 10:00:12 45,056 ----a-w C:\WINDOWS\system32\FCLKBTN.DLL
+ 2004-07-24 20:28:04 155,648 ----a-w C:\WINDOWS\system32\FFRAFLIB.DLL
+ 2006-07-12 13:39:00 208,896 ----a-w C:\WINDOWS\system32\FFRafShellEx.dll
+ 2003-09-03 15:45:42 274,432 ----a-w C:\WINDOWS\system32\FFTIFF16.dll
+ 2002-02-27 11:27:28 65,536 ----a-w C:\WINDOWS\system32\FINFCHECK.dll
+ 2002-06-25 09:06:18 45,056 ----a-w C:\WINDOWS\system32\FINFCOPY.dll
+ 2002-02-05 16:33:04 69,632 ----a-w C:\WINDOWS\system32\FREGSHEX.DLL
+ 2005-04-30 16:09:28 57,344 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
+ 2001-08-31 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2001-08-31 12:00:00 222,731 ----a-w C:\WINDOWS\system32\lanman.drv
+ 1997-04-07 16:23:32 45,936 ----a-r C:\WINDOWS\system32\LTVDD70W.DRV
+ 2001-08-31 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2001-08-31 12:00:00 73,664 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 1998-08-17 09:21:54 11,776 ----a-w C:\WINDOWS\system32\mciqtz.drv
+ 2001-08-31 12:00:00 25,296 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2001-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2001-08-31 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2001-08-31 12:00:00 20,992 ----a-w C:\WINDOWS\system32\msacm32.drv
+ 2004-08-19 13:39:50 192,512 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-19 13:39:50 299,008 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2002-01-05 01:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2001-08-31 12:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
- 2007-10-29 13:55:00 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 12:07:59 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-29 13:55:01 63,180 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-03-30 12:07:59 63,180 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2007-10-29 13:55:00 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 12:07:59 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-29 13:55:01 425,432 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-03-30 12:07:59 425,432 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2001-08-30 22:07:58 5,632 ----a-w C:\WINDOWS\system32\ptpusb.dll
+ 2004-08-19 14:39:24 159,232 ----a-w C:\WINDOWS\system32\ptpusd.dll
+ 2004-08-19 13:39:50 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\wdmaud.drv
+ 2001-08-31 12:00:00 22,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\wdmaud.drv
+ 2004-08-19 13:39:50 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\wdmaud.drv
+ 2004-08-19 13:39:50 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\wdmaud.drv
+ 2005-05-01 13:41:00 49,152 ----a-w C:\WINDOWS\system32\setupsvc.dll
+ 2001-08-31 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2001-08-31 12:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2001-08-31 12:00:00 4,080 ----a-w C:\WINDOWS\system32\timer.drv
+ 2001-08-31 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
- 2007-11-14 15:04:52 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2008-03-13 21:10:52 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
- 2007-11-14 15:05:16 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-03-13 21:11:18 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
- 2007-11-14 15:04:52 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2008-03-13 21:10:52 161,256 ----a-w C:\WINDOWS\system32\vsinit.dll
- 2007-11-14 15:04:52 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2008-03-13 21:10:52 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
- 2007-11-14 15:04:52 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2008-03-13 21:10:54 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
- 2007-11-14 15:04:52 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2008-03-13 21:10:54 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
- 2007-11-14 15:04:54 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2008-03-13 21:10:54 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
- 2007-11-14 15:04:54 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-03-13 21:10:56 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
- 2007-11-14 15:04:54 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2008-03-13 21:10:56 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2001-05-04 08:15:14 503,808 ----a-w C:\WINDOWS\system32\vx1000sp.drv
+ 2001-05-04 08:15:14 491,008 ----a-w C:\WINDOWS\system32\vx3000s.drv
+ 2005-04-26 15:27:52 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
+ 2004-08-19 13:39:50 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2001-08-31 12:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
+ 2001-08-31 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-19 13:39:50 146,944 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2001-08-31 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2001-08-31 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
- 2007-11-14 15:04:56 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2008-03-13 21:10:56 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
- 2007-11-14 15:04:56 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-03-13 21:10:56 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
- 2007-12-15 12:02:39 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
+ 2008-04-07 07:53:15 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
- 2007-11-14 15:04:44 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2008-03-13 21:10:44 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
- 2007-05-30 23:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2007-05-30 22:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
- 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2006-06-30 12:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 22:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
- 2007-05-30 23:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 22:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
- 2007-05-30 23:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 22:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
- 2007-05-30 23:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 22:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
- 2007-05-30 23:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-05-30 22:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
- 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2006-09-19 21:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
- 2007-09-11 20:09:16 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2007-12-03 12:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
- 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2006-12-19 16:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
- 2007-05-30 23:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 22:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
- 2007-05-30 23:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 22:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
- 2007-05-30 23:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 22:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
- 2007-05-30 23:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-05-30 22:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
- 2007-09-11 20:09:16 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2007-12-03 12:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
- 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2006-12-19 16:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
- 2007-11-14 15:04:44 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2008-03-13 21:10:44 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
- 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2004-01-30 10:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
- 2007-11-14 15:04:46 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2008-03-13 21:10:46 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
- 2007-11-14 15:04:46 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2008-03-13 21:10:46 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
- 2007-11-14 15:04:46 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2008-03-13 21:10:46 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
- 2007-11-14 15:05:18 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-03-13 21:11:20 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
- 2007-11-14 15:05:18 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-03-13 21:11:20 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
- 2007-11-14 15:05:18 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-03-13 21:11:20 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
- 2007-11-14 15:05:18 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-03-13 21:11:22 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
- 2007-11-14 15:05:20 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-03-13 21:11:22 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
- 2007-11-14 15:06:34 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-03-13 21:12:38 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
- 2007-11-14 15:06:36 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-03-13 21:12:38 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
- 2007-10-18 19:18:38 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 01:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
- 2007-10-18 19:18:38 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2008-02-27 01:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
- 2007-11-14 15:04:48 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2008-03-13 21:10:50 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
- 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2007-10-18 19:18:40 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2008-02-27 01:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
- 2007-10-18 19:18:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2008-02-27 01:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
- 2007-11-14 15:04:50 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2008-03-13 21:10:50 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
- 2007-11-14 15:06:36 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-03-13 21:12:38 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
- 2007-11-14 15:06:36 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2008-03-13 21:12:40 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
- 2006-09-04 19:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2006-09-04 18:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
- 2007-10-11 15:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-10-11 14:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
- 2007-11-14 15:05:06 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2008-03-13 21:11:08 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
- 2007-01-11 16:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-01-11 15:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
- 2007-11-14 15:04:52 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2008-03-13 21:10:52 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
- 2007-11-14 15:04:52 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2008-03-13 21:10:52 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
- 2007-11-14 15:05:06 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-03-13 21:11:08 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- 2007-11-14 15:04:52 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2008-03-13 21:10:54 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
- 2007-11-14 15:04:54 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2008-03-13 21:10:54 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
- 2007-11-14 15:04:54 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2008-03-13 21:10:54 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
- 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
- 2007-11-14 15:04:56 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2008-03-13 21:10:56 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
- 2007-11-14 15:04:56 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2008-03-13 21:10:58 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
- 2007-11-14 15:04:58 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2008-03-13 21:10:58 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
- 2007-11-14 15:04:58 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2008-03-13 21:10:58 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-06 20:49 262144 --a------ C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL" [2008-04-06 20:49 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL [2008-04-06 20:49 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [ ]
"TaskTray"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe" [ ]
"TaskBar"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe" [ ]
"AliceMessenger"="C:\Programmi\Alice Messenger\alicemessenger.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-09 15:11 90112]
"Jet Detection"="C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2008-01-09 15:11 28672]
"CTStartup"="C:\Programmi\Creative\Splash Screen\CTEaxSpl.exe" [2008-01-09 15:11 28672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [ ]
"AudioHQU"="C:\Programmi\Creative\SBAudigy\AudioHQ\AHQTbU.exe" [2002-01-18 01:13 176128]
"REGSHAVE"="C:\Programmi\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 17:14:13 110592]
ExifLauncher2.lnk - C:\Programmi\FinePixViewer\QuickDCF2.exe [2008-01-17 15:04:12 303104]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-02-24 18:29:43 125624]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIBSKB]
jkkIBSKB.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkpb32]
winkpb32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\uTorrent\\utorrent.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 09:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 16:47]
S1 Remm_hi;Remm_hi;C:\WINDOWS\system32\drivers\ovcrdpdr.sys []
S3 Adsrvfm;Adsrvfm;C:\WINDOWS\system32\iexpress.exe [2004-08-19 15:39]
S3 scrambler;scrambler;C:\WINDOWS\system32\drivers\scrambler.sys [2005-02-14 12:17]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-12 19:00:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 13:31:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run???????h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&????9~??9~????????\???\???????????U?9~??9~\???\?????????_??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-04-17 13:41:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 11:40:45

19 Directory 4,813,611,008 byte disponibili
21 Directory 6,453,657,600 byte disponibili
.
2007-11-27 01:14:13 --- E O F ---
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: Trojan che rallentano il PC

Postdi Luke57 » 17/04/08 14:17

Ciao, apri un file di testo (start>esegui>notepad.exe>OK) copia
questo codice:
Codice: Seleziona tutto
file::
C:\WINDOWS\BM9bd015d6.xml
C:\WINDOWS\2.exe
C:\flciijjq.exe
C:\jfcjr.exe
C:\mxuxc.exe
C:\WINDOWS\qaszpurn.sys
C:\rfiufujt.exe
C:\kbvxxo.exe
C:\jgkpt.exe

registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIBSKB]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkpb32]


incollalo nel file di testo, salva il file chiamandolo obbligatoriamente CFcript.txt , trascinalo con la punta del mouse sull'icona di combofix che farà una nuova scansione più eventuale riavvio del computer.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Trojan che rallentano il PC

Postdi S4R4K » 17/04/08 15:22

Ho eseguito la nuova scansione e riavviato. Nel frattempo era sparito Adobe flash player che ho dovuto reinstallare e l'antivirus Avast non mi appare più sulla barra, nonostante l'abbia impostato per esserci. Ora la navigazione va decisamente meglio.
Ecco il log:


ComboFix 08-04-16.5 - Sarak 2008-04-17 15.23.37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1046 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Sarak\Desktop\ComboFix.exe.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-03-17 al 2008-04-17 )))))))))))))))))))))))))))))))))))
.

2008-04-17 14:53 . 2008-04-17 14:54 <DIR> d-------- C:\Programmi\Flickr Uploadr
2008-04-16 21:34 . 2008-04-17 13:15 101,197 --a------ C:\WINDOWS\BM9bd015d6.xml
2008-04-16 20:11 . 2007-09-10 20:58 115,200 --a------ C:\WINDOWS\2.exe
2008-04-16 18:21 . 2008-04-16 18:21 147,456 --a------ C:\flciijjq.exe
2008-04-16 18:21 . 2008-04-16 18:21 61,440 --a------ C:\jfcjr.exe
2008-04-16 18:21 . 2008-04-16 18:21 58,880 --a------ C:\mxuxc.exe
2008-04-16 18:21 . 2008-04-16 18:21 55,218 --a------ C:\WINDOWS\qaszpurn.sys
2008-04-16 18:21 . 2008-04-16 18:21 10,752 --a------ C:\rfiufujt.exe
2008-04-16 18:21 . 2008-04-16 18:21 10,752 --a------ C:\kbvxxo.exe
2008-04-16 18:21 . 2008-04-16 18:21 5,120 --a------ C:\WINDOWS\wininst.dll
2008-04-16 18:21 . 2008-04-16 18:21 4,096 --a------ C:\jgkpt.exe
2008-04-02 16:04 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-02 16:04 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 21:15 . 2008-03-30 21:20 2,359,350 --a------ C:\WINDOWS\ACD Wallpaper.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 13:26 2,138,144 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-17 12:28 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-17 11:28 27,140 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 19:59 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\uTorrent
2008-04-16 18:24 --------- d-----w C:\Programmi\File comuni\ACD Systems
2008-04-16 18:23 --------- d-----w C:\Programmi\ACD Systems
2008-04-16 18:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-04-16 17:13 --------- d-----w C:\Programmi\Bit Che
2008-04-16 13:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-04-14 12:06 --------- d-----w C:\Programmi\FinePixViewer
2008-04-01 12:56 --------- d-----w C:\Programmi\Soulseek
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-18 12:57 351,232 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-12 01:21 1,306,112 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-02-26 10:27 11,502,933 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-24 16:29 --------- d-----w C:\Programmi\Google
2008-02-19 13:10 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-19 13:03 --------- d-----w C:\Programmi\Airis
2008-02-18 15:29 --------- d-----w C:\Documents and Settings\Sarak\Dati applicazioni\gtk-2.0
2008-02-17 17:35 2,322,432 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-02-17 14:57 --------- d-----w C:\Programmi\Picasa2
2008-02-13 12:59 36,864 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-02-13 02:55 129,536 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-02-12 02:47 140,800 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-02-09 13:57 804,352 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-01-17 21:17 344,576 ----a-w C:\WINDOWS\Internet Logs\xDB140.tmp
2008-01-17 16:24 511,624 ----a-w C:\Documents and Settings\Sarak\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-01-12 12:16 367,104 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-01-07 10:00 131,584 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-01-04 14:29 967,168 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-12-19 13:22 550,912 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-12-10 11:51 280,064 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-12-04 11:02 1,426,944 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-11-26 18:27 2,009,600 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-11-26 03:35 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-26 23:09 766,976 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-09-03 21:29 3,065,856 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-05-27 01:02 2,636,288 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-05-27 01:02 1,573,888 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-05-17 11:43 2,990 ----a-w C:\Programmi\irunin.ini
2007-05-17 11:42 7,623 ----a-w C:\Programmi\irunin.lng
2007-05-17 11:42 22,012 ----a-w C:\Programmi\irunin.dat
2007-05-16 14:02 2,772,992 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-05-16 14:02 1,564,160 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-05-08 01:16 60,416 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-05-07 23:59 2,826,752 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-05-07 23:58 1,553,920 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-04-29 17:07 985,088 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-04-29 17:07 1,537,536 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-04-27 12:53 156,672 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-04-27 12:53 1,530,368 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-04-25 15:26 2,917,888 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-04-02 14:20 3,455,488 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-01-18 13:18 761 ----a-w C:\Programmi\sites.xml
2006-06-29 18:40 528,384 ----a-w C:\Programmi\FTPWanderer.exe
2006-04-24 10:59 1,130,496 ----a-w C:\Programmi\DVDDecrypter.exe
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-01-01 02:39 3,637,248 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2002-01-01 02:39 1,291,264 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2000-02-08 16:16 49,826 ----a-w C:\Programmi\GenesisConfig.dat
2000-01-28 12:40 476,160 ----a-w C:\Programmi\genV2PRO.8bf
1999-12-15 15:25 2,166,381 ----a-w C:\Programmi\genv2pro.chm
.
Codice: Seleziona tutto
<pre>
----a-w         3,256,320 2007-12-27 12:38:15  C:\Programmi\Alice Messenger\alicemessenger .exe
----a-w           122,880 2008-01-04 21:18:27  C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask .exe
----a-w           163,840 2008-01-04 21:18:26  C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray .exe
----a-w           180,269 2008-01-04 21:18:17  C:\Programmi\File comuni\Real\Update_OB\realsched .exe
</pre>



((((((((((((((((((((((((((((( snapshot_2008-04-17_13.39.57.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-17 11:29:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_504.dat
+ 2005-09-22 21:49:12 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2005-09-22 23:16:02 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2005-09-22 23:16:06 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-22 23:16:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-09-22 23:16:10 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-22 22:58:06 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2005-09-22 22:58:06 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2005-09-22 22:58:06 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2005-09-22 22:58:06 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2005-09-22 22:58:06 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2005-09-22 22:58:06 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2005-09-22 23:35:10 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-06 20:49 262144 --a------ C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL" [2008-04-06 20:49 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL [2008-04-06 20:49 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [ ]
"TaskTray"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe" [ ]
"TaskBar"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe" [ ]
"AliceMessenger"="C:\Programmi\Alice Messenger\alicemessenger.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-09 15:11 90112]
"Jet Detection"="C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2008-01-09 15:11 28672]
"CTStartup"="C:\Programmi\Creative\Splash Screen\CTEaxSpl.exe" [2008-01-09 15:11 28672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [ ]
"AudioHQU"="C:\Programmi\Creative\SBAudigy\AudioHQ\AHQTbU.exe" [2002-01-18 01:13 176128]
"REGSHAVE"="C:\Programmi\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 17:14:13 110592]
ExifLauncher2.lnk - C:\Programmi\FinePixViewer\QuickDCF2.exe [2008-01-17 15:04:12 303104]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-02-24 18:29:43 125624]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIBSKB]
jkkIBSKB.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkpb32]
winkpb32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\uTorrent\\utorrent.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 09:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 16:47]
S1 Remm_hi;Remm_hi;C:\WINDOWS\system32\drivers\ovcrdpdr.sys []
S3 Adsrvfm;Adsrvfm;C:\WINDOWS\system32\iexpress.exe [2004-08-19 15:39]
S3 scrambler;scrambler;C:\WINDOWS\system32\drivers\scrambler.sys [2005-02-14 12:17]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-12 19:00:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 15:27:36
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run???????h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&????9~??9~????????\???\???????????U?9~??9~\???\?????????_??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@

Scansione files nascosti ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Ora fine scansione: 2008-04-17 15.31.43
ComboFix-quarantined-files.txt 2008-04-17 13:30:31
ComboFix2.txt 2008-04-17 11:41:05

18 Directory 6,341,648,384 byte disponibili
21 Directory 6,308,429,824 byte disponibili
.
2007-11-27 01:14:13 --- E O F ---
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: Trojan che rallentano il PC

Postdi S4R4K » 17/04/08 15:26

C'è anche un'altra cosa sparita: non mi apre le finestre "windows alert".
???
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: Trojan che rallentano il PC

Postdi Luke57 » 17/04/08 16:01

Ciao, le cose sono più complicate del previsto, fai uno scan on line con kaspersky, trovi qui le istruzioni dettagliate:
http://forum.wininizio.it/index.php?showtopic=36981&hl
Posta poi il relativo report (non sarà una cosa breve, ci vogliono molte ore)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Trojan che rallentano il PC

Postdi S4R4K » 17/04/08 19:23

Scansione online con Kaspersky fatta.
Ecco il report:


KASPERSKY ONLINE SCANNER REPORT
Thursday, April 17, 2008 8:22:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/04/2008
Kaspersky Anti-Virus database records: 712233
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Folders
C:\
Scan Statistics
Total number of scanned objects 83542
Number of viruses found 14
Number of infected objects 36
Number of suspicious objects 0
Duration of the scan process 02:26:07

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sarak\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sarak\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\backword\quotes Object is locked skipped
C:\Documents and Settings\Sarak\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\backword\words Object is locked skipped
C:\Documents and Settings\Sarak\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\cert8.db Object is locked skipped
C:\Documents and Settings\Sarak\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Sarak\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\history.dat Object is locked skipped
C:\Documents and Settings\Sarak\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\key3.db Object is locked skipped
C:\Documents and Settings\Sarak\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\parent.lock Object is locked skipped
C:\Documents and Settings\Sarak\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Sarak\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Sarak\Desktop\ACDSee.Pro.2.v2.0.219.Incl.Keymaker-CORE\keygen.exe Infected: Trojan.Win32.Chifrax.a skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Activity.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Activity.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Activity.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Asset.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Asset.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Asset.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetExif.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetExif.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetExif.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetIPTC.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetIPTC.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetIPTC.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetMedia.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetMedia.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetMedia.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetType.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\AssetType.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\BackupRoot.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\BackupRoot.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\BackupRoot.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\BackupUnit.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\BackupUnit.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\BackupUnit.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Category.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Category.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\CategoryRoot.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\CategoryRoot.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Config.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Config.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\DateInfo.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\DateInfo.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\ExifGPS.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\ExifGPS.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\ExifGPS.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\ExifImage.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\ExifImage.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\ExifImage.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FieldSetDefn.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FieldSetDefn.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FieldSetField.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FieldSetField.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FieldSetTable.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FieldSetTable.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FileType.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FileType.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Folder.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Folder.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FolderRoot.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FolderRoot.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FTSWordTable.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\FTSWordTable.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinActivityAsset.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinActivityAsset.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinActivityAsset.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinAssetFTSWordTable.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinAssetFTSWordTable.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinAssetTypeFileType.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinAssetTypeFileType.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinBackupAsset.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinBackupAsset.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinBackupAsset.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinCategoryAsset.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinCategoryAsset.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinFieldDefn.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinFieldDefn.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinFieldSetFileType.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinFieldSetFileType.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinSyncDeviceAsset.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinSyncDeviceAsset.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\JoinSyncDeviceAsset.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\LookupList.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\LookupList.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\LookupListItem.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\LookupListItem.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\LookupValueItem.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\LookupValueItem.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerCanon.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerCanon.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerCanon.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerCasio.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerCasio.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerCasio.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerEpson.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerEpson.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerEpson.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerFuji.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerFuji.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerFuji.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerMinolta.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerMinolta.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerMinolta.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerNikon.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerNikon.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerNikon.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerOlympus.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerOlympus.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerOlympus.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerPentax.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerPentax.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\MakerPentax.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\SyncDevice.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\SyncDevice.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\SyncDevice.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Thumb1.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Thumb1.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Thumb1.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Thumb2.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Thumb2.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\Thumb2.fpt Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\ThumbDefn.cdx Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\ACD Systems\Catalogs\20Pro\Default\ThumbDefn.dbf Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\7x3ims5a.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Temp\BCGB.tmp Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Temp\~DF5F64.tmp Object is locked skipped
C:\Documents and Settings\Sarak\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sarak\ntuser.dat Object is locked skipped
C:\Documents and Settings\Sarak\ntuser.dat.LOG Object is locked skipped
C:\jfcjr.exe Infected: Trojan.Win32.Inject.axq skipped
C:\jgkpt.exe Infected: Trojan-Downloader.Win32.Agent.mws skipped
C:\mxuxc.exe Infected: Trojan-Clicker.Win32.Costrat.fo skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped
C:\Programmi\DAP\DAPIEBar.dll Infected: not-a-virus:AdWare.Win32.Dap.e skipped
C:\Programmi\DAP\History\Guest\_lasthist.dat Object is locked skipped
C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe/WISE0009.BIN Infected: not-a-virus:AdTool.Win32.MyWebSearch.bk skipped
C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe WiseSFX: infected - 1 skipped
C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe WiseSFXDropper: infected - 1 skipped
C:\Programmi\Radnberg\cfgathlp.exe Infected: Trojan.Win32.Crypt.t skipped
C:\Programmi\Radnberg\ovchkdsk.exe Infected: Trojan.Win32.Crypt.t skipped
C:\Programmi\Radnberg\WinGenerics.dll Infected: Trojan.Win32.Crypt.t skipped
C:\QooBox\Quarantine\C\Programmi\Creative\SBAudigy\Program\ADGJDet.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Programmi\Creative\Splash Screen\CTEaxSpl.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Programmi\Logitech\QuickCam10\QuickCam10.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccaxu.dll.vir Infected: Trojan-Downloader.Win32.Small.hlr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX29.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX2A.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX2B.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX2C.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX2D.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\UpdReg.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\catchme2008-01-09_165238.92.zip/yaywwur.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\QooBox\Quarantine\catchme2008-01-09_165238.92.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-04-17_13.27.17,98.zip/grande48.sys Infected: Rootkit.Win32.Agent.aih skipped
C:\QooBox\Quarantine\catchme2008-04-17_13.27.17,98.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{5AB32475-452C-4263-A849-2E17E5BBA9DD}\RP354\A0098689.exe Infected: Trojan-Downloader.Win32.Small.iwh skipped
C:\System Volume Information\_restore{5AB32475-452C-4263-A849-2E17E5BBA9DD}\RP358\change.log Object is locked skipped
C:\VundoFix Backups\fgbwfpdn.dll.bad Infected: Packed.Win32.Monder.gen skipped
C:\VundoFix Backups\muheghxd.dll.bad Infected: Packed.Win32.Monder.gen skipped
C:\VundoFix Backups\receemha.dll.bad Infected: Packed.Win32.Monder.gen skipped
C:\VundoFix Backups\ssqpo.exe.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\vwdfesev.dll.bad Infected: Packed.Win32.Monder.gen skipped
C:\VundoFix Backups\yuilysfp.dll.bad Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SARAK-0SLIO0HW.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\qaszpurn.sys Infected: Trojan-Clicker.Win32.Costrat.fo skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8B88C9C8-80EE-4F35-9605-37BBD8703862}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\pidmgr32.exe Infected: Packed.Win32.NSAnti.r skipped
C:\WINDOWS\system32\telit500.exe Infected: Trojan.Win32.Crypt.t skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_504.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT02acc.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02ad9.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-00531102}.CDF Object is locked skipped
Scan process completed.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: Trojan che rallentano il PC

Postdi Luke57 » 18/04/08 08:01

Ciao, scaricA The Avenger
http://swandog46.geekstogo.com/avenger.zip

decomprmi il file, avvia avenger.exe, lascia spuntata solo l'opzione "scan for rootkit" e deseleziona l'altra, nel box bianco incolla lo script seguente:

files to delete:
C:\jfcjr.exe
C:\jgkpt.exepped
C:\mxuxc.exe
C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe
C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe
C:\Programmi\Radnberg\cfgathlp.exe
C:\Programmi\Radnberg\ovchkdsk.exe
C:\Programmi\Radnberg\WinGenerics.dll
C:\WINDOWS\qaszpurn.sys
C:\WINDOWS\system32\pidmgr32.exe
C:\WINDOWS\system32\telit500.exe

folders to delete:
C:\QooBox\Quarantine
C:\VundoFix Backups
C:\WINDOWS\Temp
C:\Documents and Settings\Sarak\Impostazioni locali\Temp


premi il tasto Execute, il compute si riavvierà, se non lo facesse riavialo tu.
Copia e incolla il file di log che trovi in C:\avenger.txt.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Trojan che rallentano il PC

Postdi S4R4K » 18/04/08 11:55

Questa è il report di Avenger (l'antivirus Avast è ancora fuori uso):

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\jfcjr.exe" deleted successfully.

Error: file "C:\jgkpt.exepped" not found!
Deletion of file "C:\jgkpt.exepped" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\mxuxc.exe" deleted successfully.
File "C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe" deleted successfully.

Error: file "C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe" not found!
Deletion of file "C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Programmi\Radnberg\cfgathlp.exe" deleted successfully.
File "C:\Programmi\Radnberg\ovchkdsk.exe" deleted successfully.
File "C:\Programmi\Radnberg\WinGenerics.dll" deleted successfully.
File "C:\WINDOWS\qaszpurn.sys" deleted successfully.
File "C:\WINDOWS\system32\pidmgr32.exe" deleted successfully.
File "C:\WINDOWS\system32\telit500.exe" deleted successfully.
Folder "C:\QooBox\Quarantine" deleted successfully.
Folder "C:\VundoFix Backups" deleted successfully.
Folder "C:\WINDOWS\Temp" deleted successfully.
Folder "C:\Documents and Settings\Sarak\Impostazioni locali\Temp" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: Trojan che rallentano il PC

Postdi Luke57 » 18/04/08 12:01

Ciao, lo script è andato a buon fine, francamente non so perchè l'antivirus è fuori uso, prova a reistallarlo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Trojan che rallentano il PC

Postdi S4R4K » 18/04/08 12:17

Grazie mille... il pc sembra rispondere come prima.
Ora provvedo a reinstallare l'antivirus.
Di nuovo grazie.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07


Torna a Sicurezza e Privacy


Topic correlati a "Trojan che rallentano il PC":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27
Script che rallentano
Autore: mibe
Forum: Discussioni
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 49 ospiti