pc lentissimo dopo rimozione antimalware doctor e altri virus

[mildiego]

Buonasera a tutti..
innanzitutto complimeti per il forum e per la gente che vi appartiene, è da parecchio tempo che vi seguo anche se non ero ancora registrato...complimenti!!!

purtroppo ho un grave problema.

due giorni fa mi sono arrivati due ( e spero solo due) virus: ANTIMALWARE DOCTOR E SICURITY SUITE..quei cagacasso virus che sembrano antivirus e rompono bloccando tutto..
ecco, ho usato hiJackThis,ho trovato la stringa di antimalware doctor, l'ho FIX CHECKED cosi mi ha permesso di usare il pc ( prima mi bloccava tutto, sia taskmanager,sia pannello di controllo che ogni cosa), ho istallato SUPERANTISPYWARE,ho fatto una scansione dove mi ha trovato 550 minacce, ho eliminato tutto, ho riavviato e APPARENTEMENTE NON CI SONO + VIRUS ( ho rifatto scansioni con avg e ancora con superantispyware ma niente)

SOLO CHE ORA IL PC VA LENTISSIMO, sia ad accendersi ( circa 7volte tanto rispetto a prima) sia nelle aprire le cose..

ho guardato in taskmanager ma non ci sono applicazioni aperte, in istallazioni applicazioni ma non ho trovato niente di strano,in c: programmi ma nessuna cartella sospetta..

CHE PUO' ESSERE?

INTANTO VI LASCIO LA SCHERMATA DI hiJackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.55.03, on 08/09/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Search Guard PlusU\sgpUpdaters.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\iexplore.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SGPUpdater] C:\Programmi\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Programmi\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iekvsvre] C:\Documents and Settings\Alessia\Impostazioni locali\Dati applicazioni\atncfuvdd\dakayrkuqiw.exe
O4 - HKLM\..\Run: [byivqr] RUNDLL32.EXE C:\WINDOWS\system32\msllhsjn.dll,w
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programmi\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\Alessia\IMPOST~1\Temp\Krd.exe
O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\Alessia\Dati applicazioni\2F363246736054AAB7FB0DA3AB360782\medi afix70700en02.exe
O4 - HKCU\..\Run: [iekvsvre] C:\Documents and Settings\Alessia\Impostazioni locali\Dati applicazioni\atncfuvdd\dakayrkuqiw.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\iexplore.exe
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [a5x3tq] C:\DOCUME~1\TEMP\IMPOST~1\Temp\202fbh.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/mis...ex-2.2.5.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10F34E2A-1768-404F-8517-3B47EC3CDF48}: NameServer = 85.37.17.15 85.38.28.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{10F34E2A-1768-404F-8517-3B47EC3CDF48}: NameServer = 85.37.17.15 85.38.28.74
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9551 bytes


AIUTATEMIIIIIIIIIIIIIIIIIIIII per favore


ps: poi all'accensione di oggi mi è comparsa una finestra dove mi diceva che il file msllhjn.dll del percorso C:\windows\system32\ non era trovato..centra qualcosa?

[menatwork]

ciao mildiego, sembra che hai ancora parecchio da eliminare

segui attentamente questi passaggi

Lancia HiJackThis -> Clicca Do a scan only -> Metti la spunta a fianco delle righe che ti segnalo qui sotto -> Clicca su Fix Checked

O4 - HKLM\..\Run: [SGPUpdater] C:\Programmi\Search Guard PlusU\sgpUpdaters.exe

O4 - HKLM\..\Run: [FBSearch] C:\Programmi\Search Guard Plus\SearchGuardPlus.exe

O4 - HKLM\..\Run: [iekvsvre] C:\Documents and Settings\Alessia\Impostazioni locali\Dati applicazioni\atncfuvdd\dakayrkuqiw.exe

O4 - HKLM\..\Run: [byivqr] RUNDLL32.EXE C:\WINDOWS\system32\msllhsjn.dll,w

O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\Alessia\Dati applicazioni\2F363246736054AAB7FB0DA3AB360782\medi afix70700en02.exe

O4 - HKCU\..\Run: [iekvsvre] C:\Documents and Settings\Alessia\Impostazioni locali\Dati applicazioni\atncfuvdd\dakayrkuqiw.exe

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKLM\..\Policies\Explorer\Run: [a5x3tq] C:\DOCUME~1\TEMP\IMPOST~1\Temp\202fbh.exe

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

disattiva l'antivirus

scarica combofix sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega il rapporto C:\ComboFix.txt nella tua risposta

come usare correttamente combofix

[mildiego]

ti ringrazio infinitamente, ora seguo tutta la procedura poi te lo allego.
ancora grazie mille

[mildiego]

ecco il log, non riesco ad allegarlo perchè mi dice che il formato txt non è supportato!
aiutami sono disperato, ho provato con mille antimalware ma niente


PARTE 1:
ComboFix 10-09-09.04 - Alessia 10/09/2010 19.17.47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.764 [GMT 2:00]
Eseguito da: c:\documents and settings\Alessia\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\docume~1\Alessia\IMPOST~1\Temp\install_flash_pl ayer.exe
c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Windows Server
c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Windows Server\admin.txt
c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Windows Server\server.dat
c:\documents and settings\Alessia\Menu Avvio\Programmi\Antimalware Doctor
c:\documents and settings\Alessia\Menu Avvio\Programmi\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Alessia\Menu Avvio\Programmi\Antimalware Doctor\Uninstall.lnk
C:\khq
c:\windows\system32\winlogon.bak
D:\khq
E:\khq

La copia infetta di c:\windows\system32\drivers\AGP440.SYS è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack
c:\windows\system32\winlogon.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2010-08-10 al 2010-09-10 )))))))))))))))))))))))))))))))))))
.

2010-09-10 16:04 . 2010-09-10 16:04 -------- d-----w- c:\programmi\CCleaner
2010-09-10 14:28 . 2010-09-10 14:28 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Malwarebytes
2010-09-10 14:28 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-10 14:28 . 2010-09-10 14:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-09-10 14:28 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-10 14:28 . 2010-09-10 14:29 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-09-08 19:07 . 2010-09-10 09:39 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-08 19:06 . 2010-09-08 19:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hitman Pro
2010-09-08 19:06 . 2010-09-08 19:06 -------- d-----w- c:\programmi\Hitman Pro 3.5
2010-09-08 16:46 . 2010-09-08 16:46 388096 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 16:46 . 2010-09-08 16:46 -------- d-----w- c:\programmi\Trend Micro
2010-09-06 19:25 . 2010-09-10 09:55 63488 ----a-w- c:\documents and settings\Alessia\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\SD10006.dll
2010-09-06 19:25 . 2010-09-06 19:25 52224 ----a-w- c:\documents and settings\Alessia\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\SD10005.dll
2010-09-06 19:25 . 2010-09-10 09:55 117760 ----a-w- c:\documents and settings\Alessia\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware \SDDLLS\UIREPAIR.DLL
2010-09-06 19:20 . 2010-09-06 19:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-09-06 19:20 . 2010-09-06 19:20 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\SUPERAntiSpyware.com
2010-09-06 19:19 . 2010-09-10 09:53 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-09-06 16:05 . 2010-09-06 16:28 -------- d--h--w- c:\documents and settings\TEMP\Impostazioni locali
2010-09-06 16:04 . 2010-09-06 16:28 -------- d-----w- c:\documents and settings\TEMP
2010-09-06 15:50 . 2010-09-06 15:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-06 15:39 . 2010-09-06 19:41 -------- d-----w- C:\system32
2010-09-01 14:15 . 2008-10-10 16:25 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-01 14:15 . 2008-10-04 08:22 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-09-01 14:15 . 2010-09-01 14:15 -------- d-----w- c:\programmi\ffdshow
2010-09-01 13:35 . 2010-09-05 14:38 -------- d-----w- c:\programmi\Free DVD Creator
2010-08-31 15:48 . 2010-08-31 15:48 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Ashampoo
2010-08-31 15:48 . 2010-08-31 15:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ashampoo
2010-08-31 15:48 . 2010-08-31 15:48 -------- d-----w- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\ashampoo
2010-08-31 15:48 . 2010-08-31 15:48 -------- d-----w- c:\programmi\Ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-09-10 16:42 . 2010-01-26 14:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-09-10 16:24 . 2009-11-21 17:04 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-06 15:20 . 2009-12-31 14:08 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\BitTorrent
2010-08-29 12:47 . 2009-07-30 13:42 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Apple Computer
2010-06-26 14:56 . 2004-09-07 12:00 70458 ----a-w- c:\windows\system32\perfc010.dat
2010-06-26 14:56 . 2004-09-07 12:00 440584 ----a-w- c:\windows\system32\perfh010.dat
.

[mildiego]

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\atapi.sys
[-] 2004-09-07 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\asyncmac.sys
[-] 2004-09-07 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-09-07 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-09-07 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-09-07 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\kbdclass.sys
[-] 2004-09-07 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ndis.sys
[-] 2004-09-07 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-09-07 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ntfs.sys
[-] 2004-09-07 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2004-09-07 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-09-07 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-09-07 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\tcpip.sys
[-] 2004-09-07 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\browser.dll
[-] 2004-09-07 . 2793F147A00AF8F4D4085264699D5FC1 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-09-07 . 2793F147A00AF8F4D4085264699D5FC1 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\lsass.exe
[-] 2004-09-07 . 4E4D7FA847A3FA5A67D56E57C8D238E8 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-09-07 . 4E4D7FA847A3FA5A67D56E57C8D238E8 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\netman.dll
[-] 2004-09-07 . FFFCA7990C2DD86D8A52CF68F7D7FAEA . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2004-09-07 . FFFCA7990C2DD86D8A52CF68F7D7FAEA . 198144 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\qmgr.dll
[-] 2004-09-07 . ADED7931B7375E715B882FFC503C22D9 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-09-07 . ADED7931B7375E715B882FFC503C22D9 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . F2E200F9B250885AAD3FFB6331A18CCC . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . F2E200F9B250885AAD3FFB6331A18CCC . 399360 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . BD0E7E3F65B0AFDC1CBDEF402CCAF6EC . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\rpcss.dll
[-] 2004-09-07 . 106C5BF2AA26E086EB06B9A23F707A28 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . AA6602EA22899E57D4661DDA87C3EE21 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2009-02-09 . AA6602EA22899E57D4661DDA87C3EE21 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . BCF1770A35BDA3BD13A9E2054F15F37E . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\services.exe
[-] 2004-09-07 . 1A58CA8F695B31E800AE6DDFC02814B0 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\spoolsv.exe
[-] 2004-09-07 . 6285401DBE7F87ACC297BC2C2DF616B8 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2004-09-07 . 6285401DBE7F87ACC297BC2C2DF616B8 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2009-07-30 . 2E4B40A64C2FAFD29480D6516B993B09 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\winlogon.exe

[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\comctl32.dll
[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\asms\60\msft\windows\commo n\controls\comctl32.dll
[-] 2004-09-07 . BAA0F16E5C5BE20AC531FA7FAF97F80A . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-09-07 . BAA0F16E5C5BE20AC531FA7FAF97F80A . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\cryptsvc.dll
[-] 2004-09-07 . DE740544A6EA19D37FC40225D2EB4B6D . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-09-07 . DE740544A6EA19D37FC40225D2EB4B6D . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:17 . F50ACDBA24EBBE21F8C0671367F36291 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\es.dll
[-] 2004-09-07 12:00 . 72AA9CCCCE43302C04F0A891665F3B56 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\imm32.dll
[-] 2004-09-07 . 9D9B51197DF11CC6216C150DC418BFF1 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-09-07 . 9D9B51197DF11CC6216C150DC418BFF1 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[mildiego]

[-] 2009-03-21 . C71A4010BBA2B2998FDF28130E8A0173 . 1030144 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . C71A4010BBA2B2998FDF28130E8A0173 . 1030144 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 98993B11907E932A7ED121AAEEC2F3E0 . 1033216 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\kernel32.dll
[-] 2004-09-07 . 8F36C913022FEACB9F58FC0A4DB6A22D . 1027584 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\linkinfo.dll
[-] 2004-09-07 . C42C778F4D9153EE6D8611C3D2E65C14 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2004-09-07 . C42C778F4D9153EE6D8611C3D2E65C14 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\lpk.dll
[-] 2004-09-07 . 26C853EF391BFF202F176A4C829C21F4 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-09-07 . 26C853EF391BFF202F176A4C829C21F4 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2009-07-19 . C977B8BD90795AB2AC79C364616C35CB . 5937152 . . [8.00.6001.18812] . . c:\windows\system32\mshtml.dll
[-] 2009-07-19 . C977B8BD90795AB2AC79C364616C35CB . 5937152 . . [8.00.6001.18812] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-07-19 . C1ABBFE345CC9557BAA8FBDC8B572D06 . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-07-18 . 36EEDBEEBAB9501054F015949EE13A9F . 3083264 . . [6.00.2900.3603] . . c:\windows\SoftwareDistribution\Download\1d7df0a86 9e6f974caf818d72857e592\sp2gdr\mshtml.dll
[-] 2009-07-18 . E0F562646D092A4331F395C7FF2082EA . 3090432 . . [6.00.2900.5848] . . c:\windows\SoftwareDistribution\Download\1d7df0a86 9e6f974caf818d72857e592\sp3gdr\mshtml.dll
[-] 2009-07-18 . F34657661DAEA10A730DB02BB648D20E . 3090432 . . [6.00.2900.3603] . . c:\windows\SoftwareDistribution\Download\1d7df0a86 9e6f974caf818d72857e592\sp2qfe\mshtml.dll
[-] 2009-07-18 . BC76BE4EB17F5915DAB7D9374B5F6A3E . 3090944 . . [6.00.2900.5848] . . c:\windows\SoftwareDistribution\Download\1d7df0a86 9e6f974caf818d72857e592\sp3qfe\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\mshtml.dll
[-] 2004-09-07 . 1BB81448E5CE9C2DFC2CE6EAA247A933 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie8\mshtml.dll

[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\msvcrt.dll
[-] 2008-04-14 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\asms\70\msft\windows\mswin crt\msvcrt.dll
[-] 2004-09-07 . 9EDBEA2D479362F9E86A657973757D2F . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-09-07 . 9EDBEA2D479362F9E86A657973757D2F . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . E0723611F1A6CAAA66956AD234781617 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . E0723611F1A6CAAA66956AD234781617 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . DBEA9D34E2A62E3484F65AC975566D7B . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\mswsock.dll
[-] 2004-09-07 . A6FE7AAFA03CB1F0DFC725413CA02DEB . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\netlogon.dll
[-] 2004-09-07 . 0EE8E1F9334347D7917B017977723741 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-09-07 . 0EE8E1F9334347D7917B017977723741 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . 6B45DCA7B594AF854D98797E5D0DA966 . 2139648 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 . 8B00193F2405A83F834DB1E43C1B566C . 2184192 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-09 . 8B00193F2405A83F834DB1E43C1B566C . 2184192 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-09 . 653218414CC0F50BDB8F9C51057D5A3C . 2189824 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ntoskrnl.exe
[-] 2004-09-07 . 8AB08C18BED548F7A534E9650911F660 . 2151936 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\powrprof.dll
[-] 2004-09-07 . E780698FBC393CFE9C49E44D088DF8A0 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-09-07 . E780698FBC393CFE9C49E44D088DF8A0 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\scecli.dll
[-] 2004-09-07 . ED4E6CF924A1A82A824C0FDA6FA617AA . 186880 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-09-07 . ED4E6CF924A1A82A824C0FDA6FA617AA . 186880 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\sfc.dll
[-] 2004-09-07 . E998EF9F3174DAF205316E63CB8B5598 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-09-07 . E998EF9F3174DAF205316E63CB8B5598 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\svchost.exe
[-] 2004-09-07 . 30B08704E17975EAB783752B86B528B8 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-09-07 . 30B08704E17975EAB783752B86B528B8 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\tapisrv.dll
[-] 2004-09-07 . CB58335B406B5A922F639779D9345B9F . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2004-09-07 . CB58335B406B5A922F639779D9345B9F . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\user32.dll
[-] 2004-09-07 . FD8AE458F9D47E7819B272A3C15D4DDD . 578048 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-09-07 . FD8AE458F9D47E7819B272A3C15D4DDD . 578048 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\userinit.exe
[-] 2004-09-07 . 48F56FFF2406AC5301522AA4DE699114 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-09-07 . 48F56FFF2406AC5301522AA4DE699114 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[mildiego]

[-] 2009-07-03 . D58780F07D0F5C83B3DB634BBB273D39 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 9A9F818B89CD92F1BAD393B525A16051 . 915456 . . [8.00.6001.18806] . . c:\windows\system32\wininet.dll
[-] 2009-07-03 . 9A9F818B89CD92F1BAD393B525A16051 . 915456 . . [8.00.6001.18806] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-06-26 . 0B823D7A32D727B3088319D51D2EC7C7 . 669184 . . [6.00.2900.5835] . . c:\windows\SoftwareDistribution\Download\1d7df0a86 9e6f974caf818d72857e592\sp3gdr\wininet.dll
[-] 2009-06-26 . 3EA1BC97CDA43FE367F293DE72E6EB39 . 670720 . . [6.00.2900.5835] . . c:\windows\SoftwareDistribution\Download\1d7df0a86 9e6f974caf818d72857e592\sp3qfe\wininet.dll
[-] 2009-06-26 . 892D42FDF50A69C13A1D8C8A8531AEAC . 662016 . . [6.00.2900.3592] . . c:\windows\SoftwareDistribution\Download\1d7df0a86 9e6f974caf818d72857e592\sp2gdr\wininet.dll
[-] 2009-06-26 . 32E085EF9486E9EF242B50530976B723 . 670720 . . [6.00.2900.3592] . . c:\windows\SoftwareDistribution\Download\1d7df0a86 9e6f974caf818d72857e592\sp2qfe\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\wininet.dll
[-] 2004-09-07 . EC976A1309878C938A2FE8871CE585FE . 658944 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ws2_32.dll
[-] 2004-09-07 . 8A31728EEE6C24EEA44C1EAE45AF890E . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-09-07 . 8A31728EEE6C24EEA44C1EAE45AF890E . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ws2help.dll
[-] 2004-09-07 . BB2C4CAC0C3400BFCE43D7EC7A60EA52 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-09-07 . BB2C4CAC0C3400BFCE43D7EC7A60EA52 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\explorer.exe
[-] 2004-09-07 . D009E427DE2E129FF87B03D87F349C73 . 1034752 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-09-07 . D009E427DE2E129FF87B03D87F349C73 . 1034752 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ole32.dll
[-] 2004-09-07 . E7D73D967D096A22648236469AC4478C . 1281024 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-09-07 . E7D73D967D096A22648236469AC4478C . 1281024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\srsvc.dll
[-] 2004-09-07 . 214309547734066D0B6FC9E54B1FFF59 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-09-07 . 214309547734066D0B6FC9E54B1FFF59 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\wscntfy.exe
[-] 2004-09-07 . 507BDFA0EB9E77273274AF95D86CABAF . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-09-07 . 507BDFA0EB9E77273274AF95D86CABAF . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\xmlprov.dll
[-] 2004-09-07 . F9672BB64F213209EB4A8F79BB650B78 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-09-07 . F9672BB64F213209EB4A8F79BB650B78 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\eventlog.dll
[-] 2004-09-07 . 78F6430748CF29224D5EEE718295FCF8 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-09-07 . 78F6430748CF29224D5EEE718295FCF8 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\sfcfiles.dll
[-] 2004-09-07 . A01D8C8DE7C5F35FB4AD687E4AE77305 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-09-07 . A01D8C8DE7C5F35FB4AD687E4AE77305 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ctfmon.exe
[-] 2004-09-07 . 33F14C55448FFA3E9DAE4854CC632D33 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-09-07 . 33F14C55448FFA3E9DAE4854CC632D33 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\shsvcs.dll
[-] 2004-09-07 . 30CB0425EC2DC9C0D9B2A5E577CCDEF2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2004-09-07 . 30CB0425EC2DC9C0D9B2A5E577CCDEF2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\regsvc.dll
[-] 2004-09-07 . 618A6C70EFB455AE6763ECCAE487E720 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-09-07 . 618A6C70EFB455AE6763ECCAE487E720 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\schedsvc.dll
[-] 2004-09-07 . E99FB4D661DB14D7A2572859A73C1CE2 . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-09-07 . E99FB4D661DB14D7A2572859A73C1CE2 . 193024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ssdpsrv.dll
[-] 2004-09-07 . 3F3AB7EFB09E0B2C9BD10A264E45BEB5 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-09-07 . 3F3AB7EFB09E0B2C9BD10A264E45BEB5 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\termsrv.dll
[-] 2004-09-07 . BCED1CC05B03D872C8756C9867B1E1EF . 296960 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-09-07 . BCED1CC05B03D872C8756C9867B1E1EF . 296960 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\appmgmts.dll
[-] 2004-09-07 . 57893A4A739ABAE3B9D204EA255BDE97 . 175104 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-09-07 . 57893A4A739ABAE3B9D204EA255BDE97 . 175104 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2004-09-07 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\aec.sys
[-] 2004-09-07 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ip6fw.sys
[-] 2004-09-07 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-09-07 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\mfc40u.dll
[-] 2004-09-07 12:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2004-09-07 12:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\msgsvc.dll
[-] 2004-09-07 . 940BFE2416B409E99F36E60A2AC4A8AA . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-09-07 . 940BFE2416B409E99F36E60A2AC4A8AA . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2004-09-07 12:00 . 2AEAD5031A06726376E86A5669933336 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-09-07 12:00 . 2AEAD5031A06726376E86A5669933336 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 806A7A41A7AC42BDC1EE9A47E61151CE . 2019328 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-09 . EF5DA3C7F20F9CD705B641FA90D472E0 . 2061440 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-09 . EF5DA3C7F20F9CD705B641FA90D472E0 . 2061440 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-09 . A9E9D393BF5E247C526D39B9AF8DEF06 . 2066688 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ntkrnlpa.exe
[-] 2004-09-07 . 4B42A1C0085CE18E4BE81A25A3D1C9CF . 2018816 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ntmssvc.dll
[-] 2004-09-07 12:00 . 35A8D5699FFE595DC5DF732E98D873EB . 437248 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-09-07 12:00 . 35A8D5699FFE595DC5DF732E98D873EB . 437248 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\upnphost.dll
[-] 2004-09-07 . 2611128AD7BE1959AD2082AC263E314E . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2004-09-07 . 2611128AD7BE1959AD2082AC263E314E . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\dsound.dll
[-] 2004-09-07 . 8C413DAEA2DB4D2A62DCF2A042B50539 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-09-07 . 8C413DAEA2DB4D2A62DCF2A042B50539 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll

[mildiego]

[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\d3d9.dll
[-] 2004-09-07 . E9F0D1D4A39CE10B385E33C56AEF45D1 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-09-07 . E9F0D1D4A39CE10B385E33C56AEF45D1 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\ddraw.dll
[-] 2004-09-07 . 98FF8FA087537290F0879A3BE413D3E8 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-09-07 . 98FF8FA087537290F0879A3BE413D3E8 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\olepro32.dll
[-] 2004-09-07 12:00 . FFD080014FD3B90501D0B6F700453DB8 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-09-07 12:00 . FFD080014FD3B90501D0B6F700453DB8 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\perfctrs.dll
[-] 2004-09-07 . CC9DE0CABAA8321583910B32A1FF930B . 40960 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-09-07 . CC9DE0CABAA8321583910B32A1FF930B . 40960 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll

[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\version.dll
[-] 2004-09-07 . DEA597ABFA0D251629F4C1F860EE165B . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-09-07 . DEA597ABFA0D251629F4C1F860EE165B . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"Google Update"="c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-10 135664]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\ iexplore.exe" [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86 \3\hpztsb08.exe" [2003-03-11 172032]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.e xe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-08-03 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-07 110592]
"HitmanPro35"="c:\programmi\Hitman Pro 3.5\HitmanPro35.exe" [2010-09-08 6300480]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sa sdifsv.sys [17/02/2010 20.25.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SA SKUTIL.SYS [10/05/2010 20.41.30 67656]
S0 caniz;caniz; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/07/2009 12.40.38 685816]
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-287218729-1801674531-1003Core.job
- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-10 14:01]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-287218729-1801674531-1003UA.job
- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-10 14:01]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Alessia\Dati applicazioni\Mozilla\Firefox\Profiles\wah3rquy.def ault\
FF - prefs.js: browser.startup.homepage - www.fantacalcio.it
FF - plugin: c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-DriverUpdaterPro - c:\programmi\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 19:24
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-09-10 19:28:06
ComboFix-quarantined-files.txt 2010-09-10 17:28

Pre-Run: 9.594.503.168 byte disponibili
Post-Run: 11.534.950.400 byte disponibili

- - End Of File - - 5E99860CBFEBD47D350DD6DE9DC11161




basta..scusatemi se l'ho messo cosi' ma non riesco ad allegarlo essendo in formato txt..help me!

[menatwork]

una parte delle infezioni e' stata eliminata da combofix

ora dobbiamo recuperare il file winlogon.exe e' importante. quello che hai combofix lo riconosce infetto

se hai il cd di windows dovremo fare una procedura, altrimenti prova a copiarlo dalla cartella dllCache

visualizza i file nascosti

vai nella cartella c:\windows\system32\ dllCache e lo copi nella cartella c:\windows\system32


fatto questo, scarica CCleaner durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''

Correzione errori File di Registro
CCleaner
Cliccare i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati (Pulsante in basso a Destra)
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI


Scarica malwarebytes

.Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto

[mildiego]

grazie mille!
purtroppo non ho la cartella dllcache, ma ho il file winlogon direttamente in c:\windows\system32