Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Si aprono pagine web da sole che fare?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 03/11/08 21:53

ciao a tutti, ho un asus eee pc 904 con windows XP, mi si aprono improvvisamente pagine web pubblicitarie ( ebay,vodafone,siti per eliminare spyware ecc.), sono inesperta quindi vi prego di guidarmi passo a passo per sistemare questa situazione, intanto vi posto il log fatto con hijackthis sperando possa esservi utile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.35.05, on 03/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\drifucfw.exe
C:\Programmi\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IvanaGiordano\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [drifucfw] "c:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\drifucfw.exe" drifucfw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8DA6015-37A3-4E37-A5F6-D3A39FBA752B}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe

--
End of file - 7602 bytes

grazie anticipatamente per le risposte ;)
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Sponsor
 

Re: Si aprono pagine web da sole che fare?

Postdi Luke57 » 03/11/08 22:14

Ciao, scarica malwarebytes da qui:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto.

iao, scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
avvialo, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 04/11/08 00:04

come richiesto posto il log fatto con malwarebytes:

Malwarebytes' Anti-Malware 1.30
Versione del database: 1361
Windows 5.1.2600 Service Pack 3

04/11/2008 0.01.48
mbam-log-2008-11-04 (00-01-48).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 90311
Tempo trascorso: 24 minute(s), 55 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{F39B978F-5CB9-4CB2-83B2-ADB071372D03}\RP11\A0003131.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.

Che mi dite? c'era un elemento infetto e l'ho elimintao con lo stesso malware...
domani procedo alla seconda procedura suggeritami con combofix, siccome da quanto leggo impegherà molto tempo preferisco fare direttamente domani mattina il tutto.
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Re: Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 04/11/08 09:40

E come anticipato ieri ecco anche il log di combofix:

ComboFix 08-11-03.04 - IvanaGiordano 2008-11-04 9.32.36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.565 [GMT 1:00]
Eseguito da: c:\documents and settings\IvanaGiordano\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\IvanaGiordano\Impostazioni locali\Dati applicazioni\drifucfw.dat
c:\documents and settings\IvanaGiordano\Impostazioni locali\Dati applicazioni\drifucfw.exe
c:\documents and settings\IvanaGiordano\Impostazioni locali\Dati applicazioni\drifucfw_nav.dat
c:\documents and settings\IvanaGiordano\Impostazioni locali\Dati applicazioni\drifucfw_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-10-04 al 2008-11-04 )))))))))))))))))))))))))))))))))))
.

2009-07-23 14:30 . 2009-07-23 14:31 <DIR> d-------- c:\programmi\ESET
2009-07-23 14:30 . 2009-07-23 14:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-07-23 14:27 . 2006-08-01 08:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2009-07-23 14:27 . 2007-11-14 08:18 553 --a------ c:\windows\USetup.iss
2009-07-23 14:26 . 2009-07-23 14:26 <DIR> d-------- c:\programmi\Realtek
2009-07-23 14:26 . 2008-07-16 12:14 16,806,400 --a------ c:\windows\RTHDCPL.exe
2009-07-23 14:26 . 2008-06-19 09:27 9,715,200 --a------ c:\windows\RTLCPL.exe
2009-07-23 14:26 . 2008-07-16 11:52 4,747,776 --a------ c:\windows\system32\drivers\RtkHDAud.sys
2009-07-23 14:26 . 2008-06-19 09:42 2,808,832 --a------ c:\windows\alcwzrd.exe
2009-07-23 14:26 . 2007-06-28 09:44 2,165,760 --a------ c:\windows\MicCal.exe
2009-07-23 14:26 . 2007-11-20 11:15 1,826,816 --a------ c:\windows\SkyTel.exe
2009-07-23 14:26 . 2008-07-15 06:47 1,196,032 --a------ c:\windows\RtlUpd.exe
2009-07-23 14:26 . 2008-03-05 11:07 520,192 --a------ c:\windows\RtlExUpd.dll
2009-07-23 14:26 . 2008-06-19 09:24 278,528 --a------ c:\windows\system32\ALSndMgr.cpl
2009-07-23 14:26 . 2008-03-13 07:52 266,240 --a------ c:\windows\system32\RTSndMgr.cpl
2009-07-23 14:26 . 2008-06-18 11:01 77,824 --a------ c:\windows\SoundMan.exe
2009-07-23 14:26 . 2008-06-19 09:20 57,344 --a------ c:\windows\Alcmtr.exe
2009-07-23 14:23 . 2009-07-23 14:23 <DIR> d-------- c:\programmi\ECAP
2009-07-23 14:23 . 2009-07-23 14:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-07-23 14:23 . 2004-04-16 10:24 61,440 --a------ c:\windows\system32\ISUSPM.cpl
2008-11-03 23:35 . 2008-11-03 23:35 <DIR> d-------- c:\documents and settings\IvanaGiordano\Dati applicazioni\Malwarebytes
2008-11-03 23:34 . 2008-11-03 23:34 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-03 23:34 . 2008-11-03 23:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-03 23:34 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-03 23:34 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-02 23:43 . 2008-11-03 00:12 <DIR> d-------- c:\documents and settings\IvanaGiordano\Dati applicazioni\F-Secure
2008-11-02 23:20 . 2008-11-03 00:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2008-11-02 23:16 . 2008-11-02 23:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\fssg
2008-10-29 21:31 . 2008-10-29 21:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-29 21:31 . 2008-10-29 21:31 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-10-29 21:29 . 2008-06-09 13:12 1,421,384 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-10-29 21:29 . 2008-04-13 19:13 21,504 --a------ c:\windows\system32\drivers\hidserv.dll
2008-10-29 21:29 . 2008-06-09 13:12 18,504 --a------ c:\windows\system32\drivers\nuidfltr.sys
2008-10-29 21:28 . 2008-10-29 21:28 <DIR> d-------- c:\programmi\Microsoft IntelliPoint
2008-10-29 21:28 . 2008-06-10 13:04 31,048 --a------ c:\windows\system32\drivers\point32.sys
2008-10-28 23:43 . 2008-10-28 23:43 <DIR> d-------- c:\documents and settings\IvanaGiordano\Dati applicazioni\Template
2008-10-28 23:43 . 2008-10-28 23:43 146 --a------ c:\documents and settings\IvanaGiordano\Dati applicazioni\wklnhst.dat
2008-10-27 14:15 . 2008-10-27 14:17 <DIR> d-------- c:\programmi\VDOWNLOADER
2008-10-27 13:32 . 2008-10-27 13:36 <DIR> d-------- c:\programmi\Ultra Flash Video FLV Converter
2008-10-27 13:32 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll
2008-10-27 13:32 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll
2008-10-23 18:23 . 2008-04-13 18:13 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-23 18:23 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-23 18:23 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-23 18:23 . 2001-08-30 22:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-20 15:11 . 2008-10-20 15:11 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-10-19 16:42 . 2008-10-19 16:46 <DIR> d-------- c:\documents and settings\IvanaGiordano\.gimp-2.6
2008-10-19 16:42 . 2008-10-19 16:42 <DIR> d-------- c:\documents and settings\IvanaGiordano\.gegl-0.0
2008-10-19 12:28 . 2008-10-19 12:28 <DIR> d-------- c:\programmi\Messenger Plus! Live
2008-10-17 10:59 . 2008-10-17 10:59 <DIR> d-------- c:\documents and settings\IvanaGiordano\Dati applicazioni\Apple Computer
2008-10-17 10:59 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-10-17 10:59 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-17 10:58 . 2008-10-17 10:59 <DIR> d-------- c:\programmi\iTunes
2008-10-17 10:58 . 2008-10-17 10:58 <DIR> d-------- c:\programmi\iPod
2008-10-17 10:58 . 2008-10-17 10:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-17 10:57 . 2008-10-17 10:57 <DIR> d-------- c:\programmi\Bonjour
2008-10-17 10:56 . 2008-10-17 10:57 <DIR> d-------- c:\programmi\QuickTime
2008-10-17 10:56 . 2008-10-17 10:56 <DIR> d-------- c:\programmi\Apple Software Update
2008-10-17 10:56 . 2008-10-17 10:56 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-10-17 10:55 . 2008-10-17 10:55 <DIR> d-------- c:\programmi\File comuni\Apple
2008-10-17 10:55 . 2008-10-17 10:55 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple
2008-10-17 10:49 . 2008-10-17 10:49 <DIR> d-------- c:\programmi\uTorrent
2008-10-17 10:48 . 2008-11-02 18:08 <DIR> d-------- c:\documents and settings\IvanaGiordano\Dati applicazioni\uTorrent
2008-10-16 18:38 . 2008-10-16 18:38 268 --ah----- C:\sqmdata01.sqm
2008-10-16 18:38 . 2008-10-16 18:38 244 --ah----- C:\sqmnoopt01.sqm
2008-10-16 12:35 . 2008-10-16 12:35 268 --ah----- C:\sqmdata00.sqm
2008-10-16 12:35 . 2008-10-16 12:35 244 --ah----- C:\sqmnoopt00.sqm
2008-10-15 17:34 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 17:34 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:34 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:34 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-13 13:33 . 2008-10-13 13:33 <DIR> d-------- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 13:26 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-07-23 13:23 --------- d-----w c:\programmi\File comuni\InstallShield
2009-07-23 13:22 --------- d-----w c:\programmi\Eee Storage
2008-11-02 16:16 --------- d-----w c:\documents and settings\IvanaGiordano\Dati applicazioni\gtk-2.0
2008-10-19 16:10 --------- d-----w c:\programmi\GIMP-2.0
2008-10-02 10:19 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-02 09:05 --------- d-----w c:\programmi\Windows Live
2008-10-01 20:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-10-01 17:22 --------- d-----w c:\documents and settings\IvanaGiordano\Dati applicazioni\vlc
2008-10-01 17:19 --------- d-----w c:\programmi\VideoLAN
2008-10-01 17:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ECAP
2008-10-01 17:02 --------- d-----w c:\documents and settings\IvanaGiordano\Dati applicazioni\InterVideo
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:22 2,192,896 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:22 2,069,760 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-05-07 08:34 15,523,560 ----a-w c:\programmi\U1 Setup.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
SuperHybridEngine.lnk - c:\programmi\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-07-09 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 09:20 57344 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2008-06-19 09:42 2808832 c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2008-06-18 11:01 77824 c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\DRIVERS\ASUSACPI.sys [2007-07-26 11264]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a3c99cc-a299-11dd-aa33-00224309b3fe}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-03 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-drifucfw - c:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\drifucfw.exe


.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\IvanaGiordano\Dati applicazioni\Mozilla\Firefox\Profiles\g14in05u.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.it
FF -: plugin - c:\programmi\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 09:36:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-11-04 9.38.08
ComboFix-quarantined-files.txt 2008-11-04 08:38:02

Pre-Run: 48.260.542.464 byte disponibili
Post-Run: 48,528,785,408 byte disponibili

200 --- E O F --- 2008-11-03 23:40:50


Vi prego di indicarmi come procedere nel più semplice dei modi in quanto non sono granchè esperta di pc :/
ciao e grazie anticipatamente.
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Re: Si aprono pagine web da sole che fare?

Postdi MIKI68 » 04/11/08 16:17

Se non conosci la provenienza fixia:
C:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\drifucfw.exe
O4 - HKCU\..\Run: [drifucfw] "c:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\drifucfw.exe" drifucfw
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
---------------------------------------------------------------------------------------------------------------------------------------------
Fixia questi per velocizzare l'avvio:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 04/11/08 22:44

fatto e riposto di seguito il log fatto dopo con Hijackthis,ecco:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.44.07, on 04/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IvanaGiordano\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8DA6015-37A3-4E37-A5F6-D3A39FBA752B}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe

--
End of file - 6565 bytes
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Re: Si aprono pagine web da sole che fare?

Postdi MIKI68 » 05/11/08 16:47

OK,sei a posto, si aprono ancora le pagine internet?
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: Si aprono pagine web da sole che fare?

Postdi genni » 08/11/08 12:05

avevo lo stesso fastidiosissimo problema e in piu' mi si era rallentato il computer. Con malwarebytes l'ho risolto. Grazie
fai un passo fuori dal tuo recinto
genni
Utente Senior
 
Post: 206
Iscritto il: 15/10/03 20:26
Località: tivoli

Re: Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 22/12/08 22:48

Uffi non ci posso credere...sono tornate quelle odiose pagine web che si aprono da sole e mi rallentano il pc :o
Sto scansionando con Malwarebytes e procedo poi eventualmente con Combofix...che faccio poi posto il risultato? :(
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Re: Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 26/12/08 18:00

Con malwarebytes ho esito negativo di file infetti ma questa odiose pagine web si continuano ad aprire...adesso con maggiore frequenza....
vii posto il log di JijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.58.48, on 26/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\mwwwo.exe
C:\Programmi\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\IvanaGiordano\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mwwwo] "c:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\mwwwo.exe" mwwwo
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8DA6015-37A3-4E37-A5F6-D3A39FBA752B}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe

--
End of file - 7174 bytes
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Re: Si aprono pagine web da sole che fare?

Postdi Luke57 » 26/12/08 21:41

Ciao, apri hijackthis premi "config", "misc tools", "open process manager", se tra i processi trovi:
C:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\mwwwo.exe
evidenzialo e premi kill process.
Torna alla pagina principale del programma con bvack, premi "scan", cerca e spunta la voce seguente:
O4 - HKCU\..\Run: [mwwwo] "c:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\mwwwo.exe" mwwwo
premi fix checked.

Prova ad aprire risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti">OK.

cerca ed elimina, se presente, il file in neretto:
C:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\mwwwo.exe

Controlla poi se il problema si ripresenta.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 16/01/09 22:02

Ciao ho potuto leggere solo oggi il messaggio di risposta, ti ringrazio anticipatamente ma non trovi il file di cui parli ti riposto il log fatto:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.01.00, on 16/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
c:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\qgawi.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IvanaGiordano\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qgawi] "c:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\qgawi.exe" qgawi
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe

--
End of file - 7078 bytes

al suo posto sembra essere comparso questo:
O4 - HKCU\..\Run: [qgawi] "c:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\qgawi.exe" qgawi

Che faccio? Grazie
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Re: Si aprono pagine web da sole che fare?

Postdi Luke57 » 16/01/09 23:04

Ciao, utilizza nuovamente combofix: prima elimina la versione che hai sul computer e poi scaricalo di nuovo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 29/01/09 00:28

ok fatto. posto il log con combofix?
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Re: Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 29/01/09 00:31

ComboFix 09-01-21.04 - Ivana 2009-01-29 0.16.15.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1015.613 [GMT 1:00]
Eseguito da: c:\documents and settings\Ivana\Desktop\HiJackThis\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090128-0] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\IvanaGiordano\Impostazioni locali\Dati applicazioni\qekewey.dat
c:\documents and settings\IvanaGiordano\Impostazioni locali\Dati applicazioni\qekewey.exe
c:\documents and settings\IvanaGiordano\Impostazioni locali\Dati applicazioni\qekewey_nav.dat
c:\documents and settings\IvanaGiordano\Impostazioni locali\Dati applicazioni\qekewey_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-12-28 al 2009-01-28 )))))))))))))))))))))))))))))))))))
.
2009-07-23 14:30 . 2009-07-23 14:31 <DIR> d-------- c:\programmi\ESET
2009-07-23 14:27 . 2006-08-01 08:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2009-07-23 14:27 . 2007-11-14 08:18 553 --a------ c:\windows\USetup.iss
2009-07-23 14:26 . 2009-07-23 14:26 <DIR> d-------- c:\programmi\Realtek
2009-07-23 14:26 . 2008-07-16 12:14 16,806,400 --a------ c:\windows\RTHDCPL.exe
2009-07-23 14:26 . 2008-06-19 09:27 9,715,200 --a------ c:\windows\RTLCPL.exe
2009-07-23 14:26 . 2008-06-19 09:42 2,808,832 --a------ c:\windows\alcwzrd.exe
2009-07-23 14:26 . 2007-06-28 09:44 2,165,760 --a------ c:\windows\MicCal.exe
2009-07-23 14:26 . 2007-11-20 11:15 1,826,816 --a------ c:\windows\SkyTel.exe
2009-07-23 14:26 . 2008-07-15 06:47 1,196,032 --a------ c:\windows\RtlUpd.exe
2009-07-23 14:26 . 2008-03-05 11:07 520,192 --a------ c:\windows\RtlExUpd.dll
2009-07-23 14:26 . 2008-06-19 09:24 278,528 --a------ c:\windows\system32\ALSndMgr.cpl
2009-07-23 14:26 . 2008-03-13 07:52 266,240 --a------ c:\windows\system32\RTSndMgr.cpl
2009-07-23 14:26 . 2008-06-18 11:01 77,824 --a------ c:\windows\SoundMan.exe
2009-07-23 14:26 . 2008-06-19 09:20 57,344 --a------ c:\windows\Alcmtr.exe
2009-07-23 14:23 . 2009-07-23 14:23 <DIR> d-------- c:\programmi\ECAP
2009-07-23 14:23 . 2004-04-16 10:24 61,440 --a------ c:\windows\system32\ISUSPM.cpl
2009-01-24 22:38 . 2009-01-25 00:30 <DIR> d-------- c:\programmi\Cheat Engine
2009-01-22 19:49 . 2009-01-22 19:49 <DIR> d-------- c:\programmi\Free PDF to Word Doc Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 13:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ESET
2009-07-23 13:26 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-07-23 13:23 --------- d-----w c:\programmi\File comuni\InstallShield
2009-07-23 13:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-07-23 13:22 --------- d-----w c:\programmi\Eee Storage
2009-01-27 23:43 --------- d-----w c:\documents and settings\Ivana\Dati applicazioni\uTorrent
2009-01-24 18:18 1,480 ----a-w c:\documents and settings\Ivana\Dati applicazioni\wklnhst.dat
2009-01-24 18:18 --------- d-----w c:\programmi\eMule
2009-01-16 22:30 --------- d-----w c:\documents and settings\Ivana\Dati applicazioni\gtk-2.0
2008-12-26 15:30 --------- d-----w c:\programmi\VDOWNLOADER
2008-12-23 16:14 --------- d-----w c:\programmi\Alwil Software
2008-12-17 12:00 --------- d-----w c:\programmi\Spybot
2008-12-17 12:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-12 11:54 --------- d-----w c:\documents and settings\Ivana\Dati applicazioni\Template
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 15:25 --------- d-----w c:\programmi\Windows Media Connect 2
2008-12-03 11:26 --------- d-----w c:\documents and settings\Ivana\Dati applicazioni\Skype
2008-05-07 08:34 15,523,560 ----a-w c:\programmi\U1 Setup.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-04_ 9.37.03,48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-10 01:11:37 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:40 18,808 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:40 233,848 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:38 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:40 402,296 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-03 09:50:03 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 12:39:40 18,808 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 12:39:40 233,848 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 12:39:38 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 12:39:40 402,296 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-09-04 17:12:24 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:19:29 18,808 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:19:29 233,848 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:19:25 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 12:12:46 402,296 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:40 18,808 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:40 233,848 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:38 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:40 402,296 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:04 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:06:04 18,808 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:06:05 233,848 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:06:04 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:42:38 763,768 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:42:45 402,296 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:06:04 18,808 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:06:05 233,848 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:06:04 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:06:07 763,768 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:06:15 402,296 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-16 19:32:32 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 19:32:32 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 19:32:32 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 19:32:33 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 19:32:33 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 19:32:33 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 19:32:33 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 19:32:33 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 19:32:33 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 19:32:35 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 19:32:35 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 19:32:35 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 19:32:35 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 19:32:35 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 19:32:35 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 19:32:37 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 19:32:37 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 19:32:37 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 19:32:37 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 19:32:37 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 19:32:37 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 19:32:37 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 19:32:37 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 19:32:37 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 19:32:38 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:48:09 15,584 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:48:14 215,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:48:07 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:48:33 724,192 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:49:24 390,880 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2008-12-13 06:27:37 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
+ 2007-03-06 01:48:09 15,584 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:48:14 215,776 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:48:07 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
+ 2007-03-06 01:48:32 724,192 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
+ 2007-03-06 01:49:24 390,880 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
+ 2005-06-28 17:23:35 215,776 -c----w c:\windows\$NtUninstallKB923689$\spuninst\spuninst.exe
+ 2005-06-28 17:23:53 371,424 -c----w c:\windows\$NtUninstallKB923689$\spuninst\updspapi.dll
+ 2005-01-28 12:44:28 2,370,296 -c----w c:\windows\$NtUninstallKB923689$\wmvcore.dll
+ 2006-10-18 20:47:16 414,208 -c----w c:\windows\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 09:23:26 213,216 -c----w c:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 09:23:54 371,424 -c----w c:\windows\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2005-06-28 09:23:36 215,776 -c----w c:\windows\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 09:23:54 371,424 -c----w c:\windows\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-18 20:47:20 10,834,432 -c----w c:\windows\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 09:23:36 215,776 -c----w c:\windows\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 09:23:54 371,424 -c----w c:\windows\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-02 21:56:02 316,928 -c----w c:\windows\$NtUninstallKB939683$\unregmp2.exe
+ 2005-06-28 09:23:36 215,776 -c----w c:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2005-06-28 09:23:54 371,424 -c----w c:\windows\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2005-01-28 12:44:28 224,768 -c----w c:\windows\$NtUninstallKB941569$\wmasf.dll
+ 2006-10-18 19:03:58 100,864 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
+ 2007-07-27 06:35:58 233,848 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
+ 2007-07-27 08:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
+ 2006-10-18 20:47:20 937,984 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
+ 2006-10-18 20:47:22 2,450,944 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
+ 2007-07-27 07:35:58 233,848 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
+ 2007-07-27 09:41:48 382,840 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
+ 2006-10-18 20:47:20 295,936 -c----w c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll
+ 2008-04-14 12:00:00 1,306,624 -c----w c:\windows\$NtUninstallKB954459$\msxml6.dll
+ 2007-11-30 12:39:40 233,848 -c----w c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe
+ 2007-11-30 12:39:40 402,296 -c----w c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll
+ 2007-11-30 12:39:40 233,848 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
+ 2007-11-30 12:39:40 402,296 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
+ 2008-04-14 12:00:00 246,814 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
+ 2008-04-14 12:00:00 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:19:29 233,848 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 12:12:46 402,296 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2007-11-30 12:39:40 233,848 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
+ 2007-11-30 12:39:40 402,296 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
+ 2008-07-11 12:42:28 62,976 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
+ 2008-04-14 12:00:00 285,184 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
+ 2008-07-08 13:06:05 233,848 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2008-07-09 07:42:45 402,296 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
+ 2008-04-14 12:00:00 456,576 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:06:05 233,848 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:06:15 402,296 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2006-09-25 16:58:48 221,488 -c----w c:\windows\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 16:58:48 379,184 -c----w c:\windows\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2005-01-28 12:44:28 294,912 -c----w c:\windows\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-01-28 12:44:28 164,864 -c----w c:\windows\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-01-28 12:44:28 502,272 -c----w c:\windows\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2005-01-28 12:44:28 6,656 -c----w c:\windows\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-01-28 12:44:28 96,768 -c----w c:\windows\$NtUninstallWMFDist11$\logagent.exe
+ 2008-04-14 12:00:00 310,272 -c----w c:\windows\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2008-04-14 12:00:00 384,512 -c----w c:\windows\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2008-04-14 12:00:00 240,640 -c----w c:\windows\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2005-01-28 12:44:28 142,336 -c----w c:\windows\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-01-28 12:44:28 25,088 -c----w c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-01-28 12:44:28 173,568 -c----w c:\windows\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-01-28 12:44:28 364,784 -c----w c:\windows\$NtUninstallWMFDist11$\msscp.dll
+ 2005-01-28 12:44:28 315,904 -c----w c:\windows\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-01-28 12:44:28 221,184 -c----w c:\windows\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 17:11:54 213,216 -c----w c:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 17:11:54 371,424 -c----w c:\windows\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 10:46:52 13,312 -c----w c:\windows\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2005-01-28 12:44:28 47,104 -c----w c:\windows\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-01-28 12:44:28 15,872 -c----w c:\windows\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-01-28 12:44:28 38,912 -c----w c:\windows\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-01-28 12:44:28 396,528 -c----w c:\windows\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-01-28 12:44:28 716,288 -c----w c:\windows\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2007-10-20 05:01:32 227,328 -c----w c:\windows\$NtUninstallWMFDist11$\wmasf.dll
+ 2005-01-28 12:44:28 28,160 -c----w c:\windows\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-01-28 12:44:28 33,792 -c----w c:\windows\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-01-28 12:44:28 335,872 -c----w c:\windows\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-01-28 12:44:28 290,816 -c----w c:\windows\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-01-28 12:44:28 150,016 -c----w c:\windows\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-01-28 12:44:28 1,027,072 -c----w c:\windows\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-01-28 12:44:28 774,904 -c----w c:\windows\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-01-28 12:44:28 1,119,744 -c----w c:\windows\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-01-28 12:44:28 819,200 -c----w c:\windows\$NtUninstallWMFDist11$\wmsetsdk.exe
+ 2005-01-28 12:44:28 413,944 -c----w c:\windows\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-01-28 12:44:28 940,544 -c----w c:\windows\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-01-28 12:44:28 1,218,808 -c----w c:\windows\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-01-28 12:44:28 1,512,448 -c----w c:\windows\$NtUninstallWMFDist11$\wmvadve.dll
+ 2006-12-07 05:29:34 2,374,472 -c----w c:\windows\$NtUninstallWMFDist11$\wmvcore.dll
+ 2005-01-28 12:44:28 895,736 -c----w c:\windows\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-01-28 12:44:28 1,003,008 -c----w c:\windows\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-01-28 12:44:28 38,912 -c----w c:\windows\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2005-01-28 12:44:28 61,952 -c----w c:\windows\$NtUninstallWMFDist11$\wpdconns.dll
+ 2005-01-28 12:44:28 114,176 -c----w c:\windows\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2005-01-28 12:44:28 66,560 -c----w c:\windows\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2005-01-28 12:44:28 331,264 -c----w c:\windows\$NtUninstallWMFDist11$\wpdsp.dll
+ 2005-01-28 12:44:28 18,944 -c----w c:\windows\$NtUninstallWMFDist11$\wpdusb.sys
+ 2008-04-14 12:00:00 8,704 -c----w c:\windows\$NtUninstallwmp11$\asferror.dll
+ 2008-04-14 12:00:00 368,640 -c----w c:\windows\$NtUninstallwmp11$\mpvis.dll
+ 2008-04-14 12:00:00 778,240 -c----w c:\windows\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 17:11:54 213,216 -c----w c:\windows\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 17:11:56 390,880 -c----w c:\windows\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2008-04-14 12:00:00 208,896 -c----w c:\windows\$NtUninstallwmp11$\unregmp2.exe
+ 2008-04-14 12:00:00 186,880 -c----w c:\windows\$NtUninstallwmp11$\wmerror.dll
+ 2008-04-14 12:00:00 4,874,240 -c----w c:\windows\$NtUninstallwmp11$\wmp.dll
+ 2008-04-14 12:00:00 114,688 -c----w c:\windows\$NtUninstallwmp11$\wmpasf.dll
+ 2008-04-14 12:00:00 98,304 -c----w c:\windows\$NtUninstallwmp11$\wmpband.dll
+ 2008-04-14 12:00:00 233,472 -c----w c:\windows\$NtUninstallwmp11$\wmpdxm.dll
+ 2008-04-14 12:00:00 73,728 -c----w c:\windows\$NtUninstallwmp11$\wmplayer.exe
+ 2008-04-14 12:00:00 2,973,696 -c----w c:\windows\$NtUninstallwmp11$\wmploc.dll
+ 2008-04-14 12:00:00 102,400 -c----w c:\windows\$NtUninstallwmp11$\wmpshell.dll
+ 2006-09-16 00:05:22 221,488 -c----w c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 00:05:22 379,184 -c----w c:\windows\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 18:01:52 58,368 -c----w c:\windows\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-26 07:57:14 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:57:14 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:57:14 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:57:14 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:57:14 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:39:58 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:57:14 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:57:15 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:57:15 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:57:15 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 16:58:43 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:57:17 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:57:17 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:57:18 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:57:18 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:57:18 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:57:22 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:57:20 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:57:21 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:57:21 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:57:21 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:57:21 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:48:14 215,776 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:57:21 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:57:22 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:57:22 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:57:22 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 00:34:26 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:48:14 215,776 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-04-14 12:00:00 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2007-06-27 14:48:40 318,464 ----a-w c:\windows\inf\unregmp2.exe
- 2008-10-16 11:17:09 35,600 ----a-r c:\windows\Installer\{90120000-0020-0410-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-13 12:53:38 35,600 ----a-r c:\windows\Installer\{90120000-0020-0410-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-10-02 09:08:21 49,936 ----a-r c:\windows\Installer\{95120000-00AF-0410-0000-0000000FF1CE}\ppvwicon.exe
+ 2008-11-13 10:29:41 49,936 ----a-r c:\windows\Installer\{95120000-00AF-0410-0000-0000000FF1CE}\ppvwicon.exe
+ 2008-11-21 15:05:32 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1040-7B44-A81300000003}\SC_Reader.exe
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-08-26 07:57:14 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:04:22 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-04-14 12:00:00 8,704 ----a-w c:\windows\system32\asferror.dll
+ 2006-11-02 21:54:02 7,680 ----a-w c:\windows\system32\asferror.dll
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2006-10-18 20:47:08 276,992 ------w c:\windows\system32\audiodev.dll
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
- 2005-01-28 12:44:28 294,912 ----a-w c:\windows\system32\blackbox.dll
+ 2006-10-18 20:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
- 2008-07-18 20:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2005-01-28 12:44:28 164,864 ----a-w c:\windows\system32\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
- 2008-08-26 07:57:14 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:04:22 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-04-14 12:00:00 8,704 -c--a-w c:\windows\system32\dllcache\asferror.dll
+ 2006-11-02 21:54:02 7,680 -c--a-w c:\windows\system32\dllcache\asferror.dll
- 2005-01-28 12:44:28 294,912 -c--a-w c:\windows\system32\dllcache\blackbox.dll
+ 2006-10-18 20:47:10 542,720 -c--a-w c:\windows\system32\dllcache\blackbox.dll
- 2008-07-18 20:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2005-01-28 12:44:28 164,864 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
- 2005-01-28 12:44:28 502,272 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
- 2008-08-26 07:57:14 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:04:22 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:57:14 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:04:22 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:57:14 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:04:22 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-04-14 12:00:00 285,184 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 12:36:14 286,720 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:57:14 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:04:22 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:39:58 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:13:44 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:57:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:04:22 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:57:15 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:04:22 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:57:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:04:22 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:57:15 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:04:22 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 16:58:43 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:04:23 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:57:17 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:04:23 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:57:17 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:04:23 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:57:18 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:04:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2005-01-28 12:44:28 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-18 20:47:14 11,264 -c--a-w c:\windows\system32\dllcache\LAPRXY.dll
- 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-04-14 12:00:00 310,272 -c--a-w c:\windows\system32\dllcache\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP43DMOD.dll
- 2008-04-14 12:00:00 384,512 -c--a-w c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP4SDMOD.dll
- 2008-04-14 12:00:00 240,640 -c--a-w c:\windows\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MPG4DMOD.dll
- 2008-04-14 12:00:00 368,640 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2006-11-02 21:54:18 244,224 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2008-10-24 11:21:09 455,296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-08-26 07:57:18 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:04:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:57:18 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:04:23 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:57:22 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:36:24 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:57:20 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:04:24 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2005-01-28 12:44:28 142,336 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
- 2005-01-28 12:44:28 25,088 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
- 2008-08-26 07:57:21 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:04:24 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2005-01-28 12:44:28 364,784 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-12-04 15:21:50 414,720 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2008-08-26 07:57:21 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:04:24 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2005-01-28 12:44:28 315,904 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
- 2008-04-14 12:00:00 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 17:15:03 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 12:00:00 1,306,624 -c--a-w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:02 1,307,648 -c--a-w c:\windows\system32\dllcache\msxml6.dll
- 2008-08-26 07:57:21 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:04:24 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:57:21 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:04:25 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2005-01-28 12:44:28 221,184 -c--a-w c:\windows\system32\dllcache\qasf.dll
+ 2006-10-18 20:47:18 211,456 -c--a-w c:\windows\system32\dllcache\qasf.dll
- 2008-04-14 12:00:00 778,240 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-02 22:33:26 1,678,336 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
- 2008-09-08 10:41:42 333,824 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2008-04-14 12:00:00 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:46 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-04-14 12:00:00 208,896 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2007-06-27 14:48:40 318,464 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
- 2008-08-26 07:57:21 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:04:25 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:57:22 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:04:25 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:57:22 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:04:25 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:57:22 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:04:25 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2005-01-28 12:44:28 396,528 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 -c--a-w c:\windows\system32\dllcache\WMADMOD.dll
- 2005-01-28 12:44:28 716,288 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 -c--a-w c:\windows\system32\dllcache\WMADMOE.dll
- 2005-01-28 12:44:28 224,768 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-25 08:28:30 222,720 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2005-01-28 12:44:28 28,160 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
- 2008-04-14 12:00:00 186,880 -c--a-w c:\windows\system32\dllcache\wmerror.dll
+ 2006-11-02 21:56:10 251,904 -c--a-w c:\windows\system32\dllcache\wmerror.dll
- 2005-01-28 12:44:28 150,016 -c--a-w c:\windows\system32\dllcache\wmidx.dll
+ 2006-10-18 20:47:20 157,184 -c--a-w c:\windows\system32\dllcache\wmidx.dll
- 2005-01-28 12:44:28 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2008-04-14 12:00:00 4,874,240 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2007-06-11 22:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2008-04-14 12:00:00 114,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
- 2008-04-14 12:00:00 98,304 -c--a-w c:\windows\system32\dllcache\wmpband.dll
+ 2006-11-02 21:56:18 96,256 -c--a-w c:\windows\system32\dllcache\wmpband.dll
- 2008-04-14 12:00:00 233,472 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
- 2008-04-14 12:00:00 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2006-11-02 21:56:34 64,000 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
- 2008-04-14 12:00:00 2,973,696 -c--a-w c:\windows\system32\dllcache\wmploc.dll
+ 2006-11-02 22:36:12 8,284,672 -c--a-w c:\windows\system32\dllcache\wmploc.dll
- 2008-04-14 12:00:00 102,400 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2006-11-02 21:56:42 99,840 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
- 2005-01-28 12:44:28 774,904 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 -c--a-w c:\windows\system32\dllcache\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 -c--a-w c:\windows\system32\dllcache\WMSPDMOE.dll
- 2005-01-28 12:44:28 2,370,296 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2005-01-28 12:44:28 895,736 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
- 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-18 20:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-18 20:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-18 20:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-18 20:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-18 20:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2008-04-14 12:00:00 456,576 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2006-10-18 20:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2008-10-01 11:01:28 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
- 2005-01-28 12:44:28 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-10-18 19:00:00 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-09-28 17:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-28 18:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2006-10-18 19:00:46 249,856 ------w c:\windows\system32\drmupgds.exe
- 2005-01-28 12:44:28 502,272 ----a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
- 2008-08-26 07:57:14 347,136 ------w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:04:22 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:57:14 214,528 ------w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:04:22 214,528 ------w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:57:14 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:04:22 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-04-14 12:00:00 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:57:14 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:04:22 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:39:58 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:13:44 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:57:14 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:04:22 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:57:15 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:04:22 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-08-26 07:57:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:04:22 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:57:15 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:04:22 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-03 16:58:43 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:04:23 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:57:17 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:04:23 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-08-26 07:57:17 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:04:23 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:57:18 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:04:23 27,648 ------w c:\windows\system32\jsproxy.dll
- 2005-01-28 12:44:28 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2006-10-18 20:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2005-01-28 12:44:28 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2009-01-24 23:48:39 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-11-02 09:50:56 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-24 23:37:55 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2003-03-18 21:20:00 1,060,864 ----a-w c:\windows\system32\MFC71.dll
+ 2006-10-18 20:47:14 212,992 ------w c:\windows\system32\MFPLAT.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MP43DECD.dll
- 2008-04-14 12:00:00 310,272 ----a-w c:\windows\system32\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
+ 2006-10-18 20:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2008-04-14 12:00:00 384,512 ----a-w c:\windows\system32\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2008-04-14 12:00:00 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2006-10-02 14:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2008-08-26 07:57:18 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:04:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:57:18 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:04:23 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:57:22 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:36:24 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:57:20 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:04:24 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2005-01-28 12:44:28 142,336 ----a-w c:\windows\system32\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2005-01-28 12:44:28 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll
+ 2006-10-18 20:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 ----a-w c:\windows\system32\MsPMSP.dll
+ 2006-10-18 20:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2008-08-26 07:57:21 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-10-16 20:04:24 193,024 ------w c:\windows\system32\msrating.dll
- 2005-01-28 12:44:28 364,784 ----a-w c:\windows\system32\MSSCP.dll
+ 2006-12-04 15:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2008-08-26 07:57:21 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-10-16 20:04:24 671,232 ------w c:\windows\system32\mstime.dll
+ 2003-03-18 20:14:52 499,712 ----a-w c:\windows\system32\MSVCP71.dll
+ 2003-02-21 04:42:22 348,160 ----a-w c:\windows\system32\MSVCR71.dll
- 2005-01-28 12:44:28 315,904 ----a-w c:\windows\system32\MSWMDM.dll
+ 2006-10-18 20:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
- 2008-04-14 12:00:00 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:03 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2008-04-14 12:00:00 1,306,624 ----a-w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:02 1,307,648 ----a-w c:\windows\system32\msxml6.dll
- 2008-07-18 20:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 13:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
- 2008-07-18 20:07:32 210,976 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 13:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2008-08-26 07:57:21 102,912 ------w c:\windows\system32\occache.dll
+ 2008-10-16 20:04:24 102,912 ------w c:\windows\system32\occache.dll
- 2008-11-04 08:29:17 54,312 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-28 19:30:01 54,312 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-04 08:29:17 64,814 ----a-w c:\windows\system32\perfc010.dat
+ 2008-11-28 19:30:01 64,814 ----a-w c:\windows\system32\perfc010.dat
- 2008-11-04 08:29:17 383,300 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-28 19:30:01 383,300 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-04 08:29:17 428,658 ----a-w c:\windows\system32\perfh010.dat
+ 2008-11-28 19:30:01 428,658 ----a-w c:\windows\system32\perfh010.dat
- 2008-08-26 07:57:21 44,544 ------w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:04:25 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2006-10-18 20:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-18 20:47:18 101,888 ------w c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 20:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 20:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 20:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
- 2005-01-28 12:44:28 221,184 ----a-w c:\windows\system32\qasf.dll
+ 2006-10-18 20:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:19:29 18,808 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:40 18,808 ------w c:\windows\system32\spmsg.dll
+ 2007-03-26 08:17:44 2,862,592 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2006-11-30 09:14:06 671,816 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2007-02-22 17:35:00 314,880 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpfie5ha.dll
+ 2007-02-20 09:29:02 337,920 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpfig5ha.dll
+ 2006-12-06 14:31:56 113,152 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpfrs5ha.dll
+ 2007-03-28 12:00:02 1,584,640 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpz3a5ha.dll
+ 2007-03-28 10:53:28 977,920 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpz3c5ha.dll
+ 2007-03-28 12:01:08 1,739,264 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpz3r5ha.dll
+ 2007-03-28 12:01:28 233,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzc35ha.dll
+ 2007-03-28 11:59:04 446,976 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzev5ha.dll
+ 2007-03-28 11:59:20 299,520 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzpr5ha.dll
+ 2007-03-28 11:32:56 670,208 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzss5ha.dll
+ 2007-03-28 10:52:24 8,602,112 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzst5ha.dll
+ 2007-03-28 11:58:06 3,291,648 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzui5ha.dll
+ 2007-03-28 10:53:22 3,419,648 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzur5ha.dll
+ 2008-04-14 02:13:55 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2008-04-14 02:13:55 744,448 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2007-05-15 08:08:53 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
- 2008-04-14 12:00:00 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:46 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-11 12:42:28 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:57:21 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:04:25 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:57:22 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:04:25 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2005-01-28 12:44:28 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2006-10-18 20:58:00 8,704 ----a-w c:\windows\system32\uwdf.exe
- 2005-01-28 12:44:28 15,872 ----a-w c:\windows\system32\wdfapi.dll
+ 2006-10-18 20:47:18 4,096 ----a-w c:\windows\system32\wdfapi.dll
- 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wdfmgr.exe
+ 2006-10-18 20:58:00 8,704 ----a-w c:\windows\system32\wdfmgr.exe
- 2008-08-26 07:57:22 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:04:25 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:57:22 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:04:25 826,368 ----a-w c:\windows\system32\wininet.dll
- 2005-01-28 12:44:28 396,528 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 ----a-w c:\windows\system32\wmadmod.dll
- 2005-01-28 12:44:28 716,288 ----a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2005-01-28 12:44:28 224,768 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-25 08:28:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2005-01-28 12:44:28 28,160 ----a-w c:\windows\system32\WMDMLOG.dll
+ 2006-10-18 20:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 ----a-w c:\windows\system32\WMDMPS.dll
+ 2006-10-18 20:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
- 2005-01-28 12:44:28 335,872 ----a-w c:\windows\system32\WMDRMdev.dll
+ 2006-10-18 20:47:18 429,056 ----a-w c:\windows\system32\wmdrmdev.dll
- 2005-01-28 12:44:28 290,816 ----a-w c:\windows\system32\WMDRMNet.dll
+ 2006-10-18 20:47:20 348,672 ----a-w c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 20:47:20 535,040 ------w c:\windows\system32\wmdrmsdk.dll
- 2008-04-14 12:00:00 186,880 ----a-w c:\windows\system32\wmerror.dll
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Re: Si aprono pagine web da sole che fare?

Postdi PinkGlitter » 29/01/09 00:34

+ 2006-11-02 21:56:10 251,904 ----a-w c:\windows\system32\wmerror.dll
- 2005-01-28 12:44:28 150,016 ----a-w c:\windows\system32\wmidx.dll
+ 2006-10-18 20:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2005-01-28 12:44:28 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2008-04-14 12:00:00 4,874,240 ----a-w c:\windows\system32\wmp.dll
+ 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
- 2008-04-14 12:00:00 114,688 ----a-w c:\windows\system32\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
- 2008-04-14 12:00:00 233,472 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
+ 2008-06-24 17:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2006-10-18 20:47:20 1,661,440 ------w c:\windows\system32\wmpencen.dll
- 2008-04-14 12:00:00 2,973,696 ----a-w c:\windows\system32\wmploc.dll
+ 2006-11-02 22:36:12 8,284,672 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-18 20:47:20 613,376 ------w c:\windows\system32\wmpmde.dll
+ 2006-10-18 20:47:20 130,048 ------w c:\windows\system32\wmpps.dll
- 2008-04-14 12:00:00 102,400 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-11-02 21:56:42 99,840 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-10-18 20:47:20 204,288 ------w c:\windows\system32\wmpsrcwp.dll
- 2005-01-28 12:44:28 774,904 ----a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 ----a-w c:\windows\system32\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
- 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\system32\wmvadvd.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\WMVADVD.dll
- 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\WMVADVE.DLL
- 2005-01-28 12:44:28 2,370,296 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2006-10-18 20:47:22 1,543,680 ------w c:\windows\system32\WMVDECOD.dll
- 2005-01-28 12:44:28 895,736 ----a-w c:\windows\system32\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 1,574,912 ------w c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 20:47:22 1,382,912 ------w c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 20:47:22 767,488 ------w c:\windows\system32\WMVSENCD.dll
+ 2006-10-18 20:47:22 656,896 ------w c:\windows\system32\WMVXENCD.dll
- 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wpd_ci.dll
+ 2006-10-18 20:47:22 629,760 ----a-w c:\windows\system32\wpd_ci.dll
- 2005-01-28 12:44:28 61,952 ----a-w c:\windows\system32\wpdconns.dll
+ 2006-10-18 20:47:22 35,840 ----a-w c:\windows\system32\wpdconns.dll
- 2005-01-28 12:44:28 114,176 ----a-w c:\windows\system32\wpdmtp.dll
+ 2006-10-18 20:47:22 154,624 ----a-w c:\windows\system32\wpdmtp.dll
- 2005-01-28 12:44:28 66,560 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 63,488 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 2,603,008 ------w c:\windows\system32\WpdShext.dll
+ 2006-10-18 19:00:14 17,408 ------w c:\windows\system32\wpdshextautoplay.exe
+ 2006-11-02 10:52:26 41,984 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-18 20:47:22 133,632 ------w c:\windows\system32\WPDShServiceObj.dll
- 2005-01-28 12:44:28 331,264 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-10-18 20:47:22 356,352 ----a-w c:\windows\system32\wpdsp.dll
- 2008-07-18 20:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-18 20:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-18 20:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-18 20:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
+ 2006-09-28 19:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-28 17:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-28 17:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 17:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-28 17:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
- 2008-07-18 20:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-18 20:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-18 20:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2009-01-21 07:21:16 16,384 ----atw c:\windows\temp\Perflib_Perfdata_600.dat
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
SuperHybridEngine.lnk - c:\programmi\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-07-09 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 09:20 57344 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2008-06-19 09:42 2808832 c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2008-06-18 11:01 77824 c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\eMule\\emule.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-23 111184]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-07-09 11264]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-05-17 36864]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-23 20560]
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-28 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-qekewey - c:\documents and settings\ivanagiordano\impostazioni locali\dati applicazioni\qekewey.exe
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\documents and settings\IvanaGiordano\Dati applicazioni\Mozilla\Firefox\Profiles\g14in05u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.google.it
.

**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 00:20:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\CLBCATQ.DLL
.
Ora fine scansione: 2009-01-29 0.23.15
ComboFix-quarantined-files.txt 2009-01-28 23:23:11
ComboFix2.txt 2008-11-04 08:38:11

Pre-Run: 46.993.858.560 byte disponibili
Post-Run: 47,144,448,000 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe

814 --- E O F --- 2009-01-15 10:57:55
PinkGlitter
Utente Junior
 
Post: 21
Iscritto il: 03/11/08 21:46

Re: Si aprono pagine web da sole che fare?

Postdi Internauta987 » 31/01/09 11:38

Salve a tutti! :)

Ma si tratta dello stesso problema quando al posto delle pagine si aprono da sole nuove schede in Internet Explorer? :-?

Grazie anticipatamente. ;)
Internauta987
Newbie
 
Post: 2
Iscritto il: 31/01/09 11:21


Torna a Sicurezza e Privacy


Topic correlati a "Si aprono pagine web da sole che fare?":


Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti