Condividi:        

help virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

help virus

Postdi micro78 » 22/02/09 13:03

ho un problema con il pc
dopo aver navigato su internet il pc si e arrestato dicendo che windows si e riavviato a causa di un errore e per non creare danni ha riavviato il pc , ho fatto una scansione con antimalware , spybot e avira antivir
l unica cosa che ho trovato e stato questo : TR/Crypt.CFI.Gen
pero dopo averlo tolto me lo ha fatto dinuovo, la cosa strana e che se non mi connetto ad internet non si spegne.
micro78
Utente Senior
 
Post: 309
Iscritto il: 13/09/08 23:45

Sponsor
 

Re: help virus

Postdi shel » 22/02/09 13:10

ciao

scarica hijackthis, http://news.swzone.it/swznews-20402.php , lancialo e seleziona la voce" do a system scan and save a logfile". Mettilo in fase di download in C:\Programmi e posta il report che ti rilascia
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: help virus

Postdi micro78 » 22/02/09 18:19

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.16.41, on 22/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Vista Start Menu\VistaStartMenu.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Office Mouse Driver\MouseDrv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HDAudDeck] C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmi\Office Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Programmi\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C232BA14-E545-4419-B56F-BEC4CA4BDD2E}: NameServer = 85.37.17.41 85.38.28.83
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
micro78
Utente Senior
 
Post: 309
Iscritto il: 13/09/08 23:45

Re: help virus

Postdi shel » 22/02/09 19:33

nemmeno avira e' riuscito a scovarlo? strano

scarica ===> ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

appena lo lanci fara' una scansione rapida - appena finita, scegli quellla completa e posta il rapporto
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: help virus

Postdi micro78 » 22/02/09 20:25

cosa c e di strano?
micro78
Utente Senior
 
Post: 309
Iscritto il: 13/09/08 23:45

Re: help virus

Postdi shel » 22/02/09 20:35

cosa c e di strano?


che nemmeno avira e' riuscito a scovarli

fai la scansione e posta il report
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: help virus

Postdi micro78 » 24/02/09 18:42

niente da fare
ho provato con spybot , malware antimalware ,antivir, avg , launch dr web , ed in piu ho spyeware blaster

ma le scansioni non hanno trovato nulla.

solo come scritto in precedenza la prima scansione di antivir mi aveva trovato un malware
TR/Crypt.CFI.Gen poi piu nulla
micro78
Utente Senior
 
Post: 309
Iscritto il: 13/09/08 23:45

Re: help virus

Postdi shel » 24/02/09 22:40

solo come scritto in precedenza la prima scansione di antivir mi aveva trovato un malware
TR/Crypt.CFI.Gen poi piu nulla



prova a fare una nuova scansione con avira, ma vedi prima se il file lo ha messo in quarantena
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: help virus

Postdi Frate Aurelio » 25/02/09 00:10

@shel
Ciao e perdonami l'intrusione.

@micro78
Se shel è d'accordo utilizza subito Combofix.

Scarica Combofix (puoi salvarlo sul desktop) da:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● Per saperne di più su Combofix vedi:
http://steven.altervista.org/files/tools.html#tools1
● Importante:
- Non funziona in modalità provvisoria.
- Chiudere la connessione a Internet (meglio se spegni il modem).
- Disabilitare temporaneamente l’antivirus, antispyware e firewall.
- Chiudere tutti i programmi aperti.
- Non usare nessun programma sino al termine.
- Se durante la scansione viene richiesta la rimozione di driver, acconsentire.
- Sono eventualmente drivers infetti.
- Durante la scansione non usare il PC. Lasciare inattiva la tastiera e attendere il termine di tutte le operazione.
- Combofix puo riavviare il PC, non fate assolutamente nulla.

Caricamento ComboFix
Cliccare su:
- combofix.exe
- Premere Invio.
- Alla richiesta di creare una console di ripristino rispondere:
NO
Importante:
Non usare nessun programma sino a che Combofix non abbia terminato.
- Al termine, verrà creato un file log in C:\ComboFix.txt
Viene aperto da Combofix con il Blocco Note o potrebbe,inoltre, essere riaperto dal citato percorso.
Eseguire:
- Modifica►Seleziona tutto►Tasto Destro del mouse►copia
Postarlo nel Topic seguendo la seguente istruzione:
- Copiare nella risposta al topic i seguenti tag:
[code][/code]
- Incollare, il log di Combofix, in mezzo alle due parentesi quadre centrali.

Frate Aurelio
Avatar utente
Frate Aurelio
Moderatore
 
Post: 251
Iscritto il: 16/01/09 00:01

Re: help virus

Postdi micro78 » 25/02/09 17:50

Codice: Seleziona tutto
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((   Files Creati Da 2009-01-25 al 2009-02-25  )))))))))))))))))))))))))))))))))))
.

2009-02-23 19:58 . 2009-02-23 20:00   <DIR>   d--------   c:\programmi\SpywareBlaster
2009-02-23 19:58 . 2009-02-24 17:59   <DIR>   d-a------   c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-02-23 19:58 . 2005-04-15 20:58   1,071,088   --a------   c:\windows\system32\MSCOMCTL.OCX
2009-02-23 19:58 . 2005-08-25 19:18   118,784   --a------   c:\windows\system32\MSSTDFMT.DLL
2009-02-22 23:07 . 2009-02-22 23:05   185,856   --a------   c:\windows\system32\framedyn(2).dll
2009-02-22 22:35 . 2009-02-23 18:02   <DIR>   d--------   c:\windows\system32\drivers\Avg(2)
2009-02-22 22:35 . 2009-02-22 22:35   <DIR>   d--------   c:\programmi\AVG
2009-02-22 22:35 . 2009-02-22 22:35   10,520   --a------   c:\windows\system32\avgrsstx(2).dll
2009-02-22 20:27 . 2009-02-22 20:27   <DIR>   d--------   c:\documents and settings\mikko\DoctorWeb
2009-02-20 19:03 . 2006-07-17 17:02   6,528   --a------   c:\windows\system32\drivers\MOUSEWD.SYS
2009-02-20 19:02 . 2009-02-22 22:14   <DIR>   d--------   c:\programmi\Office Mouse Driver
2009-02-01 22:48 . 2009-02-01 22:48   5,248   --a------   c:\windows\system32\giveio.sys
2009-02-01 22:45 . 2009-02-01 22:50   <DIR>   d--------   c:\programmi\SSC Service Utility
2009-02-01 20:30 . 2009-02-01 20:30   <DIR>   d--------   c:\programmi\EPSON
2009-02-01 20:30 . 2003-02-19 02:04   72,825   --a------   c:\windows\system32\EBPMON24.DLL
2009-02-01 20:30 . 2003-05-21 03:25   63,488   --a------   c:\windows\system32\ECBTEG.DLL
2009-02-01 20:30 . 2000-06-07 02:01   34,304   --a------   c:\windows\system32\EBPCHP.DLL
2009-02-01 20:30 . 2003-04-10 19:29   31,744   --a------   c:\windows\system32\E_DCINST.DLL
2009-02-01 20:30 . 2008-04-13 11:47   25,856   --a------   c:\windows\system32\drivers\usbprint.sys
2009-02-01 20:30 . 2008-04-13 11:47   25,856   --a--c---   c:\windows\system32\dllcache\usbprint.sys
2009-02-01 20:30 . 2001-09-04 03:04   182   --a------   c:\windows\system32\EBPPORT4.DAT
2009-02-01 20:27 . 2009-02-01 20:27   25   --a------   c:\windows\CDEC64Euro.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 16:18   ---------   d-----w   c:\documents and settings\mikko\Dati applicazioni\Vista Start Menu
2009-02-24 18:32   ---------   d-----w   c:\documents and settings\mikko\Dati applicazioni\uTorrent
2009-02-23 17:50   ---------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-22 21:14   ---------   d--h--w   c:\programmi\InstallShield Installation Information
2009-02-22 21:14   ---------   d-----w   c:\documents and settings\mikko\Dati applicazioni\dvdcss
2009-02-22 21:14   ---------   d-----w   c:\documents and settings\All Users\Dati applicazioni\comodo
2009-02-20 19:47   24,336   ----a-w   c:\windows\system32\drivers\cmdhlp.sys
2009-02-20 19:45   155,384   ----a-w   c:\windows\system32\guard32.dll
2009-02-20 19:45   110,992   ----a-w   c:\windows\system32\drivers\cmdguard.sys
2009-02-14 20:19   ---------   d-----w   c:\programmi\eMule
2009-02-12 10:27   ---------   d-----w   c:\programmi\Spybot - Search & Destroy
2009-02-10 10:34   ---------   d-----w   c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-01-25 16:53   ---------   d-----w   c:\programmi\Malwarebytes' Anti-Malware
2009-01-14 15:11   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2008-12-29 13:22   ---------   d-----w   c:\programmi\CCleaner
2008-12-27 14:07   ---------   d-----w   c:\programmi\iTunes
2008-12-27 14:07   ---------   d-----w   c:\programmi\iPod
2008-12-27 14:07   ---------   d-----w   c:\programmi\File comuni\Apple
2008-12-27 14:07   ---------   d-----w   c:\documents and settings\mikko\Dati applicazioni\Apple Computer
2008-12-27 14:07   ---------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-27 14:07   ---------   d-----w   c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-27 14:06   ---------   d-----w   c:\programmi\QuickTime
2008-12-27 14:06   ---------   d-----w   c:\programmi\Bonjour
2008-12-27 14:06   ---------   d-----w   c:\programmi\Apple Software Update
2008-12-27 14:05   ---------   d-----w   c:\documents and settings\All Users\Dati applicazioni\Apple
2008-11-15 12:12   8   --sh--r   c:\windows\system32\8736CE1C6F.sys
2008-11-15 12:12   2,516   --sha-w   c:\windows\system32\KGyGaAvL.sys
2008-11-14 21:04   16,384   --sha-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-11-14 21:04   32,768   --sha-w   c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2008-11-14 21:04   32,768   --sha-w   c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008111420081115\index.dat
2008-11-14 21:04   32,768   --sha-w   c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2008-04-27 14:25  361344  8e036eec565910417ea020ce0962aa24   c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot@2008-11-20_14.13.12,95   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 14:36:54   262,144   ----a-w   c:\windows\ATKKBService.exe
+ 2006-09-04 12:49:52   241,664   ----a-w   c:\windows\ATKKBService.exe
+ 2008-10-04 19:16:46   1,887,080   ----a-w   c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-12-27 14:07:29   102,400   ----a-r   c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2009-02-21 13:08:12   4,710   ----a-r   c:\windows\Installer\{45A0D3A2-6079-4338-A8D2-6E742884E0CB}\ARPPRODUCTICON.exe
+ 2008-12-27 14:06:18   27,136   ----a-r   c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
- 2008-11-14 21:21:12   10,134   ----a-r   c:\windows\Installer\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\ARPPRODUCTICON.exe
+ 2008-12-18 21:50:14   10,134   ----a-r   c:\windows\Installer\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\ARPPRODUCTICON.exe
+ 2008-12-27 14:06:56   86,016   ----a-r   c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2008-12-07 16:45:47   11,502   ----a-r   c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
- 2000-08-31 07:00:00   28,672   ----a-w   c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00   29,696   ----a-w   c:\windows\NIRCMD.exe
- 2008-05-28 14:36:52   45,568   ----a-w   c:\windows\system32\aschs.dll
+ 2005-08-31 13:16:00   45,568   ----a-w   c:\windows\system32\aschs.dll
- 2008-05-28 14:36:52   45,568   ----a-w   c:\windows\system32\ASCHT.dll
+ 2005-08-31 13:16:00   45,568   ----a-w   c:\windows\system32\ASCHT.dll
- 2008-05-28 14:36:52   46,080   ----a-w   c:\windows\system32\aseng.dll
+ 2005-08-31 13:16:00   46,080   ----a-w   c:\windows\system32\aseng.dll
- 2008-05-28 14:36:52   46,592   ----a-w   c:\windows\system32\asfrench.dll
+ 2005-08-31 13:16:00   46,592   ----a-w   c:\windows\system32\asfrench.dll
- 2008-05-28 14:36:52   46,080   ----a-w   c:\windows\system32\asgerman.dll
+ 2005-08-31 13:16:00   46,080   ----a-w   c:\windows\system32\asgerman.dll
- 2008-05-28 14:36:52   45,568   ----a-w   c:\windows\system32\asjapan.dll
+ 2005-08-31 13:16:00   45,568   ----a-w   c:\windows\system32\asjapan.dll
- 2008-05-28 14:36:52   45,568   ----a-w   c:\windows\system32\askorean.dll
+ 2005-08-31 13:16:00   45,568   ----a-w   c:\windows\system32\askorean.dll
- 2008-05-28 14:36:52   46,080   ----a-w   c:\windows\system32\asrussian.dll
+ 2005-08-31 13:16:00   46,080   ----a-w   c:\windows\system32\asrussian.dll
- 2008-05-28 14:36:52   242,816   ----a-w   c:\windows\system32\ATKDISP.dll
+ 2006-09-04 12:49:22   245,248   ----a-w   c:\windows\system32\ATKDISP.dll
- 2008-05-28 14:36:52   2,093,056   ----a-w   c:\windows\system32\ATKDispCPL.dll
+ 2006-08-18 17:14:00   1,671,168   ----a-w   c:\windows\system32\ATKDispCPL.dll
- 2008-05-28 14:36:54   36,352   ----a-w   c:\windows\system32\ATKOGL32.dll
+ 2006-09-04 12:50:16   37,888   ----a-w   c:\windows\system32\ATKOGL32.dll
- 2008-05-28 14:36:54   11,264   ----a-w   c:\windows\system32\ATKOSDMini.DLL
+ 2006-09-04 12:50:32   10,496   ----a-w   c:\windows\system32\ATKOSDMini.DLL
- 2008-05-28 14:36:54   5,424,640   ----a-w   c:\windows\system32\ATKOSDX32.dll
+ 2006-09-04 12:50:08   2,033,664   ----a-w   c:\windows\system32\ATKOSDX32.dll
+ 2009-02-20 20:54:01   3,350,528   ----a-w   c:\windows\system32\config\systemprofile\ntuser.dat
+ 2007-03-12 15:42:30   1,123,696   ----a-w   c:\windows\system32\D3DCompiler_33.dll
+ 2007-05-16 15:45:16   1,124,720   ----a-w   c:\windows\system32\D3DCompiler_34.dll
+ 2007-07-19 17:14:42   1,358,192   ----a-w   c:\windows\system32\D3DCompiler_35.dll
+ 2007-10-12 14:14:00   1,374,232   ----a-w   c:\windows\system32\D3DCompiler_36.dll
+ 2008-03-05 14:56:58   1,420,824   ----a-w   c:\windows\system32\D3DCompiler_37.dll
+ 2008-05-30 13:11:46   1,491,992   ----a-w   c:\windows\system32\D3DCompiler_38.dll
+ 2007-03-15 15:57:58   443,752   ----a-w   c:\windows\system32\d3dx10_33.dll
+ 2007-05-16 15:45:16   443,752   ----a-w   c:\windows\system32\d3dx10_34.dll
+ 2007-07-19 17:14:42   444,776   ----a-w   c:\windows\system32\d3dx10_35.dll
+ 2007-10-02 08:56:34   444,776   ----a-w   c:\windows\system32\d3dx10_36.dll
+ 2008-02-05 22:07:36   462,864   ----a-w   c:\windows\system32\d3dx10_37.dll
+ 2008-05-30 13:11:46   467,984   ----a-w   c:\windows\system32\d3dx10_38.dll
+ 2006-09-28 15:05:20   2,414,360   ----a-w   c:\windows\system32\d3dx9_31.dll
+ 2006-11-29 12:06:18   3,426,072   ----a-w   c:\windows\system32\d3dx9_32.dll
+ 2007-03-12 15:42:30   3,495,784   ----a-w   c:\windows\system32\d3dx9_33.dll
+ 2007-05-16 15:45:16   3,497,832   ----a-w   c:\windows\system32\d3dx9_34.dll
+ 2007-07-19 17:14:42   3,727,720   ----a-w   c:\windows\system32\d3dx9_35.dll
+ 2007-10-12 14:14:00   3,734,536   ----a-w   c:\windows\system32\d3dx9_36.dll
+ 2008-03-05 14:56:58   3,786,760   ----a-w   c:\windows\system32\D3DX9_37.dll
+ 2008-05-30 13:11:46   3,850,760   ----a-w   c:\windows\system32\D3DX9_38.dll
- 2008-05-16 18:31:00   6,557,408   -c--a-w   c:\windows\system32\dllcache\nv4_mini.sys
+ 2008-11-12 13:54:00   6,188,320   -c--a-w   c:\windows\system32\dllcache\nv4_mini.sys
+ 2008-08-29 09:18:58   87,336   ----a-w   c:\windows\system32\dns-sd.exe
+ 2008-08-29 08:53:50   61,440   ----a-w   c:\windows\system32\dnssd.dll
- 2008-05-28 14:36:54   11,136   ----a-w   c:\windows\system32\drivers\atkkbnt.sys
+ 2005-10-18 14:01:00   11,008   ----a-w   c:\windows\system32\drivers\atkkbnt.sys
- 2008-11-15 16:14:21   75,072   ----a-w   c:\windows\system32\drivers\avipbb.sys
+ 2008-11-25 11:15:41   75,072   ----a-w   c:\windows\system32\drivers\avipbb.sys
+ 2006-06-30 10:38:00   599,424   ----a-w   c:\windows\system32\drivers\Bravo_a_crystal.sys
+ 2006-06-30 10:35:00   599,424   ----a-w   c:\windows\system32\drivers\Bravo_a_enriched.sys
+ 2006-06-30 10:37:00   599,424   ----a-w   c:\windows\system32\drivers\Bravo_a_theater.sys
+ 2006-06-30 10:36:00   599,424   ----a-w   c:\windows\system32\drivers\Bravo_a_vivid.sys
+ 2006-06-30 10:34:00   599,424   ----a-w   c:\windows\system32\drivers\Bravo_n_crystal.sys
+ 2006-06-30 10:31:00   599,424   ----a-w   c:\windows\system32\drivers\Bravo_n_enriched.sys
+ 2006-06-30 10:32:00   599,424   ----a-w   c:\windows\system32\drivers\Bravo_n_theater.sys
+ 2006-06-30 10:28:00   599,424   ----a-w   c:\windows\system32\drivers\Bravo_n_vivid.sys
+ 2008-04-17 12:12:54   15,464   ----a-w   c:\windows\system32\drivers\GEARAspiWDM.sys
- 2008-11-18 16:57:16   79,504   ----a-w   c:\windows\system32\drivers\inspect.sys
+ 2009-02-20 19:47:06   80,144   ----a-w   c:\windows\system32\drivers\inspect.sys
+ 2007-06-11 11:11:13   64,880   ----a-w   c:\windows\system32\drivers\pe3ah4nb.sys
+ 2007-06-11 11:10:51   55,160   ----a-w   c:\windows\system32\drivers\ps6ah4nb.sys
+ 2008-04-17 12:12:54   107,368   -c--a-w   c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 12:12:54   15,464   -c--a-w   c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-11-07 13:23:30   32,000   -c--a-w   c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2008-11-16 17:44:59   118,152   ----a-w   c:\windows\system32\FNTCACHE.DAT
+ 2008-12-18 20:00:33   118,952   ----a-w   c:\windows\system32\FNTCACHE.DAT
+ 2008-04-17 12:12:54   107,368   ----a-w   c:\windows\system32\GEARAspi.dll
- 2008-05-16 18:31:00   425,984   ----a-w   c:\windows\system32\keystone.exe
+ 2008-11-12 13:54:00   425,984   ----a-w   c:\windows\system32\keystone.exe
+ 2008-10-05 03:16:26   235,936   ----a-r   c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2008-12-26 16:58:27   89,102   ----a-w   c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-05-16 18:31:00   442,368   ----a-w   c:\windows\system32\nvappbar.exe
+ 2008-11-12 13:54:00   442,368   ----a-w   c:\windows\system32\nvappbar.exe
- 2008-05-16 18:31:00   147,456   ----a-w   c:\windows\system32\nvcolor.exe
+ 2008-11-12 13:54:00   143,360   ----a-w   c:\windows\system32\nvcolor.exe
- 2008-05-16 18:31:00   768,544   ----a-w   c:\windows\system32\nvcplui.exe
+ 2008-11-12 13:54:00   801,312   ----a-w   c:\windows\system32\nvcplui.exe
- 2008-05-16 18:31:00   1,079,840   ----a-w   c:\windows\system32\nvcpluir.dll
+ 2008-11-12 13:54:00   1,108,512   ----a-w   c:\windows\system32\nvcpluir.dll
- 2008-05-16 18:31:00   1,339,392   ----a-w   c:\windows\system32\nvdspsch.exe
+ 2008-11-12 13:54:00   1,339,392   ----a-w   c:\windows\system32\nvdspsch.exe
- 2008-05-16 18:31:00   1,486,848   ----a-w   c:\windows\system32\nview.dll
+ 2008-11-12 13:54:00   1,486,848   ----a-w   c:\windows\system32\nview.dll
- 2008-05-16 18:31:00   45,056   ----a-w   c:\windows\system32\nvmccsrs.dll
+ 2008-11-12 13:54:00   45,056   ----a-w   c:\windows\system32\nvmccsrs.dll
- 2008-05-16 18:31:00   327,680   ----a-w   c:\windows\system32\nvrsar.dll
+ 2008-11-12 13:54:00   331,776   ----a-w   c:\windows\system32\nvrsar.dll
- 2008-05-16 18:31:00   249,856   ----a-w   c:\windows\system32\nvrscs.dll
+ 2008-11-12 13:54:00   245,760   ----a-w   c:\windows\system32\nvrscs.dll
- 2008-05-16 18:31:00   253,952   ----a-w   c:\windows\system32\nvrsda.dll
+ 2008-11-12 13:54:00   253,952   ----a-w   c:\windows\system32\nvrsda.dll
- 2008-05-16 18:31:00   278,528   ----a-w   c:\windows\system32\nvrsde.dll
+ 2008-11-12 13:54:00   278,528   ----a-w   c:\windows\system32\nvrsde.dll
- 2008-05-16 18:31:00   282,624   ----a-w   c:\windows\system32\nvrsel.dll
+ 2008-11-12 13:54:00   282,624   ----a-w   c:\windows\system32\nvrsel.dll
- 2008-05-16 18:31:00   249,856   ----a-w   c:\windows\system32\nvrseng.dll
+ 2008-11-12 13:54:00   245,760   ----a-w   c:\windows\system32\nvrseng.dll
- 2008-05-16 18:31:00   282,624   ----a-w   c:\windows\system32\nvrses.dll
+ 2008-11-12 13:54:00   282,624   ----a-w   c:\windows\system32\nvrses.dll
- 2008-05-16 18:31:00   274,432   ----a-w   c:\windows\system32\nvrsesm.dll
+ 2008-11-12 13:54:00   274,432   ----a-w   c:\windows\system32\nvrsesm.dll
- 2008-05-16 18:31:00   249,856   ----a-w   c:\windows\system32\nvrsfi.dll
+ 2008-11-12 13:54:00   249,856   ----a-w   c:\windows\system32\nvrsfi.dll
- 2008-05-16 18:31:00   286,720   ----a-w   c:\windows\system32\nvrsfr.dll
+ 2008-11-12 13:54:00   282,624   ----a-w   c:\windows\system32\nvrsfr.dll
- 2008-05-16 18:31:00   327,680   ----a-w   c:\windows\system32\nvrshe.dll
+ 2008-11-12 13:54:00   331,776   ----a-w   c:\windows\system32\nvrshe.dll
- 2008-05-16 18:31:00   258,048   ----a-w   c:\windows\system32\nvrshu.dll
+ 2008-11-12 13:54:00   258,048   ----a-w   c:\windows\system32\nvrshu.dll
- 2008-05-16 18:31:00   282,624   ----a-w   c:\windows\system32\nvrsit.dll
+ 2008-11-12 13:54:00   278,528   ----a-w   c:\windows\system32\nvrsit.dll
- 2008-05-16 18:31:00   266,240   ----a-w   c:\windows\system32\nvrsja.dll
+ 2008-11-12 13:54:00   270,336   ----a-w   c:\windows\system32\nvrsja.dll
- 2008-05-16 18:31:00   258,048   ----a-w   c:\windows\system32\nvrsko.dll
+ 2008-11-12 13:54:00   262,144   ----a-w   c:\windows\system32\nvrsko.dll
- 2008-05-16 18:31:00   274,432   ----a-w   c:\windows\system32\nvrsnl.dll
+ 2008-11-12 13:54:00   274,432   ----a-w   c:\windows\system32\nvrsnl.dll
- 2008-05-16 18:31:00   253,952   ----a-w   c:\windows\system32\nvrsno.dll
+ 2008-11-12 13:54:00   253,952   ----a-w   c:\windows\system32\nvrsno.dll
- 2008-05-16 18:31:00   258,048   ----a-w   c:\windows\system32\nvrspl.dll
+ 2008-11-12 13:54:00   253,952   ----a-w   c:\windows\system32\nvrspl.dll
- 2008-05-16 18:31:00   274,432   ----a-w   c:\windows\system32\nvrspt.dll
+ 2008-11-12 13:54:00   270,336   ----a-w   c:\windows\system32\nvrspt.dll
- 2008-05-16 18:31:00   266,240   ----a-w   c:\windows\system32\nvrsptb.dll
+ 2008-11-12 13:54:00   266,240   ----a-w   c:\windows\system32\nvrsptb.dll
- 2008-05-16 18:31:00   270,336   ----a-w   c:\windows\system32\nvrsru.dll
+ 2008-11-12 13:54:00   266,240   ----a-w   c:\windows\system32\nvrsru.dll
- 2008-05-16 18:31:00   258,048   ----a-w   c:\windows\system32\nvrssk.dll
+ 2008-11-12 13:54:00   258,048   ----a-w   c:\windows\system32\nvrssk.dll
- 2008-05-16 18:31:00   258,048   ----a-w   c:\windows\system32\nvrssl.dll
+ 2008-11-12 13:54:00   258,048   ----a-w   c:\windows\system32\nvrssl.dll
- 2008-05-16 18:31:00   253,952   ----a-w   c:\windows\system32\nvrssv.dll
+ 2008-11-12 13:54:00   253,952   ----a-w   c:\windows\system32\nvrssv.dll
- 2008-05-16 18:31:00   253,952   ----a-w   c:\windows\system32\nvrsth.dll
+ 2008-11-12 13:54:00   253,952   ----a-w   c:\windows\system32\nvrsth.dll
- 2008-05-16 18:31:00   258,048   ----a-w   c:\windows\system32\nvrstr.dll
+ 2008-11-12 13:54:00   253,952   ----a-w   c:\windows\system32\nvrstr.dll
- 2008-05-16 18:31:00   225,280   ----a-w   c:\windows\system32\nvrszhc.dll
+ 2008-11-12 13:54:00   225,280   ----a-w   c:\windows\system32\nvrszhc.dll
- 2008-05-16 18:31:00   126,976   ----a-w   c:\windows\system32\nvrszht.dll
+ 2008-11-12 13:54:00   122,880   ----a-w   c:\windows\system32\nvrszht.dll
- 2008-05-16 18:31:00   466,944   ----a-w   c:\windows\system32\nvshell.dll
+ 2008-11-12 13:54:00   466,944   ----a-w   c:\windows\system32\nvshell.dll
- 2008-05-16 18:31:00   446,464   ----a-w   c:\windows\system32\nvudisp.exe
+ 2008-11-12 13:54:00   453,152   ----a-w   c:\windows\system32\nvudisp.exe
- 2008-05-08 14:57:04   446,464   ----a-w   c:\windows\system32\NVUNINST.EXE
+ 2008-11-12 12:45:46   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
- 2008-05-16 18:31:00   1,703,936   ----a-w   c:\windows\system32\nvwdmcpl.dll
+ 2008-11-12 13:54:00   1,703,936   ----a-w   c:\windows\system32\nvwdmcpl.dll
- 2008-05-16 18:31:00   1,019,904   ----a-w   c:\windows\system32\nvwimg.dll
+ 2008-11-12 13:54:00   1,019,904   ----a-w   c:\windows\system32\nvwimg.dll
- 2008-05-16 18:31:00   282,624   ----a-w   c:\windows\system32\nvwrsar.dll
+ 2008-11-12 13:54:00   282,624   ----a-w   c:\windows\system32\nvwrsar.dll
- 2008-05-16 18:31:00   286,720   ----a-w   c:\windows\system32\nvwrscs.dll
+ 2008-11-12 13:54:00   286,720   ----a-w   c:\windows\system32\nvwrscs.dll
- 2008-05-16 18:31:00   294,912   ----a-w   c:\windows\system32\nvwrsda.dll
+ 2008-11-12 13:54:00   294,912   ----a-w   c:\windows\system32\nvwrsda.dll
- 2008-05-16 18:31:00   311,296   ----a-w   c:\windows\system32\nvwrsde.dll
+ 2008-11-12 13:54:00   311,296   ----a-w   c:\windows\system32\nvwrsde.dll
- 2008-05-16 18:31:00   335,872   ----a-w   c:\windows\system32\nvwrsel.dll
+ 2008-11-12 13:54:00   335,872   ----a-w   c:\windows\system32\nvwrsel.dll
- 2008-05-16 18:31:00   286,720   ----a-w   c:\windows\system32\nvwrseng.dll
+ 2008-11-12 13:54:00   286,720   ----a-w   c:\windows\system32\nvwrseng.dll
- 2008-05-16 18:31:00   335,872   ----a-w   c:\windows\system32\nvwrses.dll
+ 2008-11-12 13:54:00   335,872   ----a-w   c:\windows\system32\nvwrses.dll
- 2008-05-16 18:31:00   327,680   ----a-w   c:\windows\system32\nvwrsesm.dll
+ 2008-11-12 13:54:00   327,680   ----a-w   c:\windows\system32\nvwrsesm.dll
- 2008-05-16 18:31:00   303,104   ----a-w   c:\windows\system32\nvwrsfi.dll
+ 2008-11-12 13:54:00   303,104   ----a-w   c:\windows\system32\nvwrsfi.dll
- 2008-05-16 18:31:00   327,680   ----a-w   c:\windows\system32\nvwrsfr.dll
+ 2008-11-12 13:54:00   327,680   ----a-w   c:\windows\system32\nvwrsfr.dll
- 2008-05-16 18:31:00   278,528   ----a-w   c:\windows\system32\nvwrshe.dll
+ 2008-11-12 13:54:00   278,528   ----a-w   c:\windows\system32\nvwrshe.dll
- 2008-05-16 18:31:00   315,392   ----a-w   c:\windows\system32\nvwrshu.dll
+ 2008-11-12 13:54:00   315,392   ----a-w   c:\windows\system32\nvwrshu.dll
- 2008-05-16 18:31:00   323,584   ----a-w   c:\windows\system32\nvwrsit.dll
+ 2008-11-12 13:54:00   323,584   ----a-w   c:\windows\system32\nvwrsit.dll
- 2008-05-16 18:31:00   212,992   ----a-w   c:\windows\system32\nvwrsja.dll
+ 2008-11-12 13:54:00   212,992   ----a-w   c:\windows\system32\nvwrsja.dll
- 2008-05-16 18:31:00   196,608   ----a-w   c:\windows\system32\nvwrsko.dll
+ 2008-11-12 13:54:00   196,608   ----a-w   c:\windows\system32\nvwrsko.dll
- 2008-05-16 18:31:00   319,488   ----a-w   c:\windows\system32\nvwrsnl.dll
+ 2008-11-12 13:54:00   319,488   ----a-w   c:\windows\system32\nvwrsnl.dll
- 2008-05-16 18:31:00   299,008   ----a-w   c:\windows\system32\nvwrsno.dll
+ 2008-11-12 13:54:00   299,008   ----a-w   c:\windows\system32\nvwrsno.dll
- 2008-05-16 18:31:00   294,912   ----a-w   c:\windows\system32\nvwrspl.dll
+ 2008-11-12 13:54:00   294,912   ----a-w   c:\windows\system32\nvwrspl.dll
- 2008-05-16 18:31:00   323,584   ----a-w   c:\windows\system32\nvwrspt.dll
+ 2008-11-12 13:54:00   323,584   ----a-w   c:\windows\system32\nvwrspt.dll
- 2008-05-16 18:31:00   319,488   ----a-w   c:\windows\system32\nvwrsptb.dll
+ 2008-11-12 13:54:00   319,488   ----a-w   c:\windows\system32\nvwrsptb.dll
- 2008-05-16 18:31:00   315,392   ----a-w   c:\windows\system32\nvwrsru.dll
+ 2008-11-12 13:54:00   315,392   ----a-w   c:\windows\system32\nvwrsru.dll
- 2008-05-16 18:31:00   299,008   ----a-w   c:\windows\system32\nvwrssk.dll
+ 2008-11-12 13:54:00   299,008   ----a-w   c:\windows\system32\nvwrssk.dll
- 2008-05-16 18:31:00   303,104   ----a-w   c:\windows\system32\nvwrssl.dll
+ 2008-11-12 13:54:00   303,104   ----a-w   c:\windows\system32\nvwrssl.dll
- 2008-05-16 18:31:00   294,912   ----a-w   c:\windows\system32\nvwrssv.dll
+ 2008-11-12 13:54:00   294,912   ----a-w   c:\windows\system32\nvwrssv.dll
- 2008-05-16 18:31:00   290,816   ----a-w   c:\windows\system32\nvwrsth.dll
+ 2008-11-12 13:54:00   290,816   ----a-w   c:\windows\system32\nvwrsth.dll
- 2008-05-16 18:31:00   303,104   ----a-w   c:\windows\system32\nvwrstr.dll
+ 2008-11-12 13:54:00   303,104   ----a-w   c:\windows\system32\nvwrstr.dll
- 2008-05-16 18:31:00   163,840   ----a-w   c:\windows\system32\nvwrszhc.dll
+ 2008-11-12 13:54:00   163,840   ----a-w   c:\windows\system32\nvwrszhc.dll
- 2008-05-16 18:31:00   167,936   ----a-w   c:\windows\system32\nvwrszht.dll
+ 2008-11-12 13:54:00   167,936   ----a-w   c:\windows\system32\nvwrszht.dll
- 2008-05-16 18:31:00   1,630,208   ----a-w   c:\windows\system32\nwiz.exe
+ 2008-11-12 13:54:00   1,630,208   ----a-w   c:\windows\system32\nwiz.exe
- 2008-11-20 12:55:10   40,128   ----a-w   c:\windows\system32\perfc009.dat
+ 2009-02-25 15:50:02   40,128   ----a-w   c:\windows\system32\perfc009.dat
- 2008-11-20 12:55:10   47,814   ----a-w   c:\windows\system32\perfc010.dat
+ 2009-02-25 15:50:02   47,814   ----a-w   c:\windows\system32\perfc010.dat
- 2008-11-20 12:55:10   311,740   ----a-w   c:\windows\system32\perfh009.dat
+ 2009-02-25 15:50:02   311,740   ----a-w   c:\windows\system32\perfh009.dat
- 2008-11-20 12:55:10   345,382   ----a-w   c:\windows\system32\perfh010.dat
+ 2009-02-25 15:50:02   345,382   ----a-w   c:\windows\system32\perfh010.dat
+ 2007-06-11 11:11:38   407,152   ----a-w   c:\windows\system32\pr2ah4nb.exe
+ 2008-04-13 10:45:16   60,160   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\drmk.sys
+ 2008-04-13 11:16:38   141,056   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\ks.sys
+ 2008-04-13 18:13:42   4,096   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\ksuser.dll
+ 2008-04-13 11:19:42   146,048   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\portcls.sys
+ 2008-04-13 10:45:16   49,408   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\stream.sys
+ 2008-04-13 18:14:30   23,552   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\wdmaud.drv
+ 2008-02-15 06:12:00   1,389,056   ----a-r   c:\windows\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\monfilt.sys
+ 2008-05-09 13:23:22   238,080   ----a-r   c:\windows\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\viahduaa.sys
+ 2008-04-13 10:45:16   60,160   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]006\DriverFiles\i386\drmk.sys
+ 2008-04-13 11:16:38   141,056   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]006\DriverFiles\i386\ks.sys
+ 2008-04-13 18:13:42   4,096   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]006\DriverFiles\i386\ksuser.dll
+ 2008-04-13 11:19:42   146,048   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]006\DriverFiles\i386\portcls.sys
+ 2008-04-13 10:45:16   49,408   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]006\DriverFiles\i386\stream.sys
+ 2008-04-13 18:14:30   23,552   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]006\DriverFiles\i386\wdmaud.drv
+ 2008-05-03 14:46:00   40,960   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]006\DriverFiles\nvcohda.dll
+ 2008-05-03 14:46:00   38,176   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]006\DriverFiles\nvhda32.sys
+ 2008-05-03 14:46:00   442,368   ----a-w   c:\windows\system32\ReinstallBackups\[u]0[/u]006\DriverFiles\nvuhda.exe
+ 2009-02-23 17:50:41   223,472   ----a-w   c:\windows\system32\Restore\rstrlog.dat
+ 2002-06-12 04:00:00   315,392   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DCON02.DLL
+ 2003-04-23 05:00:00   53,155   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DDSP13.DLL
+ 2003-05-08 04:00:00   118,272   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DHMM11.DLL
+ 2003-05-08 04:00:00   199,680   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DHT303.DLL
+ 2003-06-03 02:04:00   1,145,344   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DI08CE.DLL
+ 2003-04-03 04:00:00   400,896   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DJB306.DLL
+ 2003-04-03 05:00:00   64,784   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DMAI16.DLL
+ 2003-01-14 03:00:00   151,552   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DMSG00.EXE
+ 2003-01-09 04:00:00   144,384   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DPPE03.EXE
+ 2003-02-05 04:00:00   509,952   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DPUI03.DLL
+ 2003-07-08 04:00:00   1,421,824   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DS80CE.DLL
+ 2003-05-23 05:00:00   381,200   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DU18CE.DLL
+ 2003-07-08 04:00:00   84,480   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_DUMWB2.DLL
+ 2003-06-19 01:00:00   823,296   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_H490C2.DLL
+ 2003-06-20 01:00:00   90,624   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_H4E0C2.DLL
+ 2002-07-01 02:02:00   62,464   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\E_S00RP2.EXE
+ 2002-11-15 01:03:00   139,264   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\EBAPI4.DLL
+ 2003-04-24 01:05:00   176,128   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\EBPLPT4.DLL
+ 2002-09-30 01:01:00   94,208   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\EBPSHRE4.DLL
+ 2002-06-07 04:00:00   28,160   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\EPIBSR30.EXE
+ 2003-04-17 04:00:00   52,736   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\EPIPGI10.DLL
+ 2003-02-20 01:08:00   54,784   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\EPSET32.DLL
+ 2003-02-04 05:58:00   419,808   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
+ 2003-05-26 07:00:04   179,200   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\EPUTIX25.DLL
+ 2003-05-26 07:00:04   38,400   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\EPUTIX25.EXE
+ 2002-12-11 01:03:00   122,880   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\SAGENT4.EXE
+ 2003-02-04 05:58:00   48,128   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\SETUP32.DLL
+ 2002-06-12 04:00:00   315,392   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DCON02.DLL
+ 2003-04-23 05:00:00   53,155   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DDSP13.DLL
+ 2003-05-08 04:00:00   118,272   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DHMM11.DLL
+ 2003-05-08 04:00:00   199,680   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DHT303.DLL
+ 2003-06-03 02:04:00   1,145,344   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DI08CE.DLL
+ 2003-04-03 04:00:00   400,896   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DJB306.DLL
+ 2003-04-03 05:00:00   64,784   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DMAI16.DLL
+ 2003-01-14 03:00:00   151,552   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DMSG00.EXE
+ 2003-01-09 04:00:00   144,384   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DPPE03.EXE
+ 2003-02-05 04:00:00   509,952   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DPUI03.DLL
+ 2003-07-08 04:00:00   1,421,824   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DS80CE.DLL
+ 2003-05-23 05:00:00   381,200   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DU18CE.DLL
+ 2003-07-08 04:00:00   84,480   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_DUMWB2.DLL
+ 2003-06-19 01:00:00   823,296   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_H490C2.DLL
+ 2003-06-20 01:00:00   90,624   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_H4E0C2.DLL
+ 2002-07-01 02:02:00   62,464   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\E_S00RP2.EXE
+ 2002-11-15 01:03:00   139,264   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\EBAPI4.DLL
+ 2003-04-24 01:05:00   176,128   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\EBPLPT4.DLL
+ 2002-09-30 01:01:00   94,208   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\EBPSHRE4.DLL
+ 2002-06-07 04:00:00   28,160   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\EPIBSR30.EXE
+ 2003-04-17 04:00:00   52,736   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\EPIPGI10.DLL
+ 2003-02-20 01:08:00   54,784   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\EPSET32.DLL
+ 2003-02-04 05:58:00   419,808   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\EPUPDATE.EXE
+ 2003-05-26 07:00:04   179,200   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\EPUTIX25.DLL
+ 2003-05-26 07:00:04   38,400   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\EPUTIX25.EXE
+ 2002-12-11 01:03:00   122,880   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\SAGENT4.EXE
+ 2003-02-04 05:58:00   48,128   ----a-w   c:\windows\system32\spool\drivers\w32x86\epsonstylus_c643b49\SETUP32.DLL
+ 2003-02-04 05:58:00   419,808   ----a-w   c:\windows\system32\spool\drivers\w32x86\EPUPDATE.EXE
+ 2003-02-04 05:58:00   48,128   ----a-w   c:\windows\system32\spool\drivers\w32x86\SETUP32.DLL
+ 2007-03-05 11:42:18   15,128   ----a-w   c:\windows\system32\x3daudio1_1.dll
+ 2007-10-22 02:37:16   17,928   ----a-w   c:\windows\system32\X3DAudio1_2.dll
+ 2008-03-05 15:00:06   25,608   ----a-w   c:\windows\system32\X3DAudio1_3.dll
+ 2008-05-30 13:17:00   25,608   ----a-w   c:\windows\system32\X3DAudio1_4.dll
+ 2007-10-22 02:39:54   267,272   ----a-w   c:\windows\system32\xactengine2_10.dll
+ 2006-09-28 15:05:56   237,848   ----a-w   c:\windows\system32\xactengine2_4.dll
+ 2006-12-08 11:02:00   251,672   ----a-w   c:\windows\system32\xactengine2_5.dll
+ 2007-01-24 14:27:30   255,848   ----a-w   c:\windows\system32\xactengine2_6.dll
+ 2007-04-04 17:55:00   261,480   ----a-w   c:\windows\system32\xactengine2_7.dll
+ 2007-06-20 19:46:04   266,088   ----a-w   c:\windows\system32\xactengine2_8.dll
+ 2007-07-19 23:57:12   267,112   ----a-w   c:\windows\system32\xactengine2_9.dll
+ 2008-03-05 15:03:20   238,088   ----a-w   c:\windows\system32\xactengine3_0.dll
+ 2008-05-30 13:18:52   238,088   ----a-w   c:\windows\system32\xactengine3_1.dll
+ 2008-05-30 13:17:30   65,032   ----a-w   c:\windows\system32\XAPOFX1_0.dll
+ 2008-03-05 15:03:54   479,752   ----a-w   c:\windows\system32\XAudio2_0.dll
+ 2008-05-30 13:19:18   507,400   ----a-w   c:\windows\system32\XAudio2_1.dll
+ 2007-04-04 17:53:42   81,768   ----a-w   c:\windows\system32\xinput1_3.dll
.
-- Snapshot per reimpostare la data corrente --
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"VistaStartMenu"="c:\programmi\Vista Start Menu\VistaStartMenu.exe" [2007-12-12 1704624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"HDAudDeck"="c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-15 29831168]
"Ulead AutoDetector v2"="c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"WireLessMouse"="c:\programmi\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2009-02-20 1850616]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-04-27 c:\windows\system32\advpack.dll]
"_nltide_3"="advpack.dll" [2008-04-27 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-11-16 18:49 4608 c:\programmi\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
--a------ 2009-01-14 16:11 1273488 c:\programmi\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2009-01-14 16:11 399504 c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\windows\system32\drivers\pe3ah4nb.sys [2007-06-11 64880]
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys [2007-06-11 55160]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-11-15 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-11-15 24336]
R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2009-02-20 6528]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-05-03 38176]
R3 ovt530;Hercules Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [2008-11-15 161792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-11-14 238080]
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc --> c:\windows\system32\pr2ah4nb.exe svc [?]
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-22 c:\windows\Tasks\AWC Update.job
- c:\programmi\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-06 11:37]

2009-02-22 c:\windows\Tasks\AWC Update.job
- c:\programmi\IObit\Advanced SystemCare 3\ [2009-02-24 17:58]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\mikko\Dati applicazioni\Mozilla\Firefox\Profiles\bw5rqorz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 17:34:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-02-25 17.35.31
ComboFix-quarantined-files.txt  2009-02-25 16:35:30

Pre-Run: 17.597.403.136 byte disponibili
Post-Run: 17,586,802,688 byte disponibili

505
micro78
Utente Senior
 
Post: 309
Iscritto il: 13/09/08 23:45

Re: help virus

Postdi micro78 » 27/02/09 12:47

nessuno sa aiutarmi
se puo essere utile posso riportare il messaggio che mi viene fuori prima di riavviarsi
micro78
Utente Senior
 
Post: 309
Iscritto il: 13/09/08 23:45

Re: help virus

Postdi Luke57 » 28/02/09 15:53

micro78 ha scritto:nessuno sa aiutarmi
se puo essere utile posso riportare il messaggio che mi viene fuori prima di riavviarsi

Ciao, è l'unico modo per capirci qualcosa.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: help virus

Postdi micro78 » 03/03/09 11:15

si e verificato un problema e windows e stato arrestato x inpedire danni al pc
se e la prima volta che appare la schermata di errore .riavviare il pc
se la schermata riappare procedere come segue:
verificare che sia disponibile sufficiente spazio sull HD
se il messaggio di arresto specifica un driver ,disattivare il driver e richiedere al produttore gli aggiornamenti del driver.provare a cambiare scheda video , contattare il fornitore dell hardware x richiedere agiornamenti del bios,disattivare nel bios le opzioni relative alla memoria quali cache o shadowing .
per utilizzare la modalita provvisoria allo scopo di rimuovere o disattivare componenti, riavviare il pc e premere F8 x selezionare le opzioni di avvio avanzate selezionare mod provvisoria.

info tecniche:
STOP : 0x0000008E (0x0000005, 0xBADD4981,0xB62254BAC, 0X00000000)
***MOUSEWD.SYS-ADDRESS BADD4981 BASE AT BADD4000, DATE STAMP 44bb520d



in un secondo riavvio il messagggio e lo stesso cambia solo
STOP : 0x0000008E (0x0000005, 0xBADD4981,0xB6BEFBAC, 0X00000000)
***MOUSEWD.SYS-ADDRESS BADD4981 BASE AT BADD4000, DATE STAMP 44bb520d
micro78
Utente Senior
 
Post: 309
Iscritto il: 13/09/08 23:45

Re: help virus

Postdi micro78 » 03/03/09 23:10

help
micro78
Utente Senior
 
Post: 309
Iscritto il: 13/09/08 23:45

Re: help virus

Postdi micro78 » 12/03/09 20:14

ho scoperto!!!!!!!!!!
pensa te. era il mouse anzi il software del mouse.
ho comprato un pleomax by samsung modello spm-4600 9 tasti
quando inserisco il software mi si arresta il pc
che strano
sapete come trovare il software su internet. io no lo ho trovato c erano altri modelli......
ora uso il mouse ma senza i tasti multimediali
micro78
Utente Senior
 
Post: 309
Iscritto il: 13/09/08 23:45


Torna a Sicurezza e Privacy


Topic correlati a "help virus":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 34 ospiti