Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus?? penso proprio di si....

3 pages: [1] 2 3
Virus?? penso proprio di si.... Opzioni
Topic Precedente · Topic Sucessivo
smokerjoe
Inviato: Monday, February 02, 2009 12:19:47 PM
Rank: Member

Iscritto dal : 2/2/2009
Posts: 13
ciao ragazzi ho un problema enorme quando tento di aprire un qualsiasi programma mi esce fuori un avviso che mi dice ke il programma non è un'applicazione di win32 valida non so cosa fare qualkuno mi aiuti pleaseeee ah compreso l'antivirus hijackthis....
Torna in alto
 
Sponsor
Inviato: Monday, February 02, 2009 12:19:47 PM

 
Torna in alto
 
shapiro
Inviato: Monday, February 02, 2009 12:42:27 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

hai preso il piu' brutto virus che potevi - hai un bagle


scarica http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe


Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
Dovrai usare prima il tasto 1 (invio) per la ricerca e successivamente il tanto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.


Durante la pulizia ci saranno dei riavvii, quindi e' del tutto normale

Mi raccomando, massima calma e segui passo passo quello che ti indico

Per qualsiasi domanda, sono qui
Torna in alto
 
maopapof
Inviato: Monday, February 02, 2009 12:42:49 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,179
apri in modalità provvisoria fai una pulizia con ccleanear e poi fai una scansione con Malwarebytes' Anti-Malware che ti pulisce il tutto ( lo trovi ... http://www.download.com/Malwarebytes-Anti-Malware/3000-18510_4-10804572.html?cdlPid=10997763 ) poi fai una scansione con hjiack e fai che postarlo sul forum e vedrai che qualcuno lo guarderà sicuramente .... ciaux e buon lavoro :O)
Torna in alto
 
smokerjoe
Inviato: Monday, February 02, 2009 12:48:23 PM
Rank: Member

Iscritto dal : 2/2/2009
Posts: 13
non mi ha fatto eliminare niente mi è uscito access denied in the key....una roba del genere cmq nel registro alla fine mi ha dato cmq il log eccolo:



###################### [ FindyKill V4.715 ]

# User: Joe - GIO
# Executed from : D:\Programmi\FindyKill
# Update on 29/01/09 by Chiquitine29
# Start at 12:44:38 the 02/02/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Scan ] ##############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////


D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\Programmi\Bonjour\mDNSResponder.exe
D:\Programmi\Java\jre6\bin\jqs.exe
D:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
D:\Programmi\System Protect\SysProtect_srv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
D:\Programmi\System Protect\SysProtect_Tray.exe
D:\Programmi\Search Settings\SearchSettings.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
D:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
D:\Programmi\Messenger\msmsgs.exe
D:\Documents and Settings\Joe\Dati applicazioni\drivers\winupgro.exe
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Joe\Dati applicazioni\m\flec006.exe
D:\Documents and Settings\Joe\Dati applicazioni\drivers\downld\405421.exe
D:\Documents and Settings\Joe\Impostazioni locali\Temporary Internet Files\Content.IE5\DCRILC6U\baglegui[1].com
D:\WINDOWS\system32\wintems.exe

\\\\\\\\\\\\\\\\\\ [ Infected processes stopped ] ///////////////////


"D:\Documents and Settings\Joe\Dati applicazioni\drivers\winupgro.exe" (1528)
"D:\Documents and Settings\Joe\Dati applicazioni\m\flec006.exe" (3008)
"D:\Documents and Settings\Joe\Dati applicazioni\drivers\downld\405421.exe" (3428)
"D:\WINDOWS\system32\wintems.exe" (3504)


\\\\\\\\\\\\\\\\\\ [ Infected files / folders ] ///////////////////


################## [ D:\ ]


################## [ D:\WINDOWS ]


################## [ D:\WINDOWS\Prefetch ]

Found ! - D:\WINDOWS\prefetch\176843.EXE-1757FAF0.pf
Found ! - D:\WINDOWS\prefetch\189984.EXE-30606D8B.pf
Found ! - D:\WINDOWS\prefetch\350000.EXE-127F30F6.pf
Found ! - D:\WINDOWS\prefetch\385718.EXE-34F5C6AE.pf
Found ! - D:\WINDOWS\prefetch\386046.EXE-07B048EE.pf
Found ! - D:\WINDOWS\prefetch\402343.EXE-02FBBC95.pf
Found ! - D:\WINDOWS\prefetch\405421.EXE-037ACC74.pf
Found ! - D:\WINDOWS\prefetch\420515.EXE-1B3B421D.pf
Found ! - D:\WINDOWS\prefetch\576921.EXE-2C0464E2.pf
Found ! - D:\WINDOWS\prefetch\578796.EXE-2931A25B.pf
Found ! - D:\WINDOWS\prefetch\611765.EXE-0C6422E4.pf
Found ! - D:\WINDOWS\prefetch\633437.EXE-2507A233.pf
Found ! - D:\WINDOWS\prefetch\643640.EXE-2243CFF3.pf
Found ! - D:\WINDOWS\prefetch\FLEC006.EXE-2AB2AC8C.pf
Found ! - D:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - D:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-2D78C54D.pf
Found ! - D:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-2D78C54D.pf

################## [ D:\WINDOWS\system32 ]

Found ! [02/02/2009 12.32] - D:\WINDOWS\system32\mdelk.exe
Found ! [02/02/2009 12.32] - D:\WINDOWS\system32\wintems.exe
Found ! [02/02/2009 12.33] - D:\WINDOWS\system32\ban_list.txt

################## [ D:\WINDOWS\system32\drivers ]

Found ! [02/02/2009 12.09] - "D:\WINDOWS\system32\drivers\down"

################## [ D:\Documents and Settings\Joe\Dati applicazioni ]

Found ! [02/02/2009 12.29] - "D:\Documents and Settings\Joe\Dati applicazioni\m\flec006.exe"
Found ! [02/02/2009 12.30] - "D:\Documents and Settings\Joe\Dati applicazioni\m\list.oct"
Found ! [02/02/2009 12.30] - "D:\Documents and Settings\Joe\Dati applicazioni\m\data.oct"
Found ! [02/02/2009 12.30] - "D:\Documents and Settings\Joe\Dati applicazioni\m\srvlist.oct"
Found ! [02/02/2009 12.33] - "D:\Documents and Settings\Joe\Dati applicazioni\m\shared"
Found ! [02/02/2009 12.08] - "D:\Documents and Settings\Joe\Dati applicazioni\m"
Found ! [02/02/2009 11.57] - "D:\Documents and Settings\Joe\Dati applicazioni\drivers"
Found ! [02/02/2009 12.27] - "D:\Documents and Settings\Joe\Dati applicazioni\drivers\srosa2.sys"
Found ! [02/02/2009 12.27] - "D:\Documents and Settings\Joe\Dati applicazioni\drivers\wfsintwq.sys"
Found ! [27/05/2004 01.03] - "D:\Documents and Settings\Joe\Dati applicazioni\drivers\winupgro.exe"
Found ! [02/02/2009 12.33] - "D:\Documents and Settings\Joe\Dati applicazioni\drivers\downld"

################## [ D:\DOCUME~1\Joe\Impostazioni locali\Temp ]

Found ! - D:\DOCUME~1\Joe\Impostazioni locali\Temp\Rar$EX00.531\install_crack.exe

\\\\\\\\\\\\\\\\\\ [ Registry / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=D:\WINDOWS\system32\ctfmon.exe
msnmsgr="D:\Programmi\MSN Messenger\msnmsgr.exe" /background
SmartRAM="D:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
Advanced SystemCare 3="D:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
EPSON Stylus DX6000 Series=D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "D:\WINDOWS\TEMP\E_S11C.tmp" /EF "HKCU"
MSMSGS="D:\Programmi\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CnxDslTaskBar="D:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
SystemProtect=D:\Programmi\System Protect\SysProtect_Tray.exe
avast!=D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher="D:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MediaFace Integration=D:\Programmi\Fellowes\MediaFACE 4.2\SetHook.exe
SunJavaUpdateSched="D:\Programmi\Java\jre6\bin\jusched.exe"
SearchSettings=D:\Programmi\Search Settings\SearchSettings.exe
GrooveMonitor="D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
VIRIT LITE MONITOR=D:\VEXPLITE\MONLITE.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////


Found ! - HKEY_USERS\S-1-5-21-725345543-1604221776-839522115-1006\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-725345543-1604221776-839522115-1006\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-725345543-1604221776-839522115-1006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-725345543-1604221776-839522115-1006\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-725345543-1604221776-839522115-1006\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-725345543-1604221776-839522115-1006\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-725345543-1604221776-839522115-1006\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-725345543-1604221776-839522115-1006\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

\\\\\\\\\\\\\\\\\\ [ States / Services ] ///////////////////

# Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Safe boot mode not available !!

# Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Safe boot mode not available !!

# Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Safe boot mode not available !!


# Services : [ Auto=2 / Request=3 / Disable=4 ]

/!\ Ndisuio - # Type of startup = 4

EapHost - # Type of startup = 3

/!\ Ip6Fw - # Type of startup = 4

/!\ SharedAccess - # Type of startup = 4

/!\ wuauserv - # Type of startup = 4

/!\ wscsvc - # Type of startup = 4


\\\\\\\\\\\\\\\\\\ [ Searching in removable drives ] ///////////////////


# Informations :

C: - Unit… fissa

D: - Unit… fissa


# Presence of files :



\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////


-> Not found !


################## [ ! End of report # FindyKill V4.715 ! ]

Torna in alto
 
shapiro
Inviato: Monday, February 02, 2009 12:52:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
bene cosi'

ora vedi se ti riesce entrare in provvisoria


Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^)
Torna in alto
 
smokerjoe
Inviato: Monday, February 02, 2009 12:58:27 PM
Rank: Member

Iscritto dal : 2/2/2009
Posts: 13
non entra in modalità provvisoria io faccio star esegui msconfig boot.ini safeboot riavvio ma mi parte sempre normalmente windows
Torna in alto
 
shapiro
Inviato: Monday, February 02, 2009 1:03:51 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scarica questa cartella- decomprimila - scegli il file .reg adatto al tuo sistema operativo

doppio click e accetti le modifiche al registro

http://wikisend.com/download/611208/SafeBoot.zip


una volta fatto, riprova la provvisoria
Torna in alto
 
smokerjoe
Inviato: Monday, February 02, 2009 1:08:44 PM
Rank: Member

Iscritto dal : 2/2/2009
Posts: 13
se faccio il doppio click mi apre il blocco note e se lo estraggo e provo ad aprirlo dal pc mi dice impossibile trovare il file ..................verificare ke il percorso e il nome del file siano corretti e ritentare per cercare un file clicca start quindi scegliere trova
Torna in alto
 
shapiro
Inviato: Monday, February 02, 2009 1:12:27 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
lascia stare- proseguiamo direttamente in questo modo

scarica questo programmino... il download lo trovi in fondo alla pagina http://www.zonavirus.com/datos/descargas/95/elibagla.asp

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione


quando avra' finito troverai il log in C:\InfoSat.txt. - copiali in blocco note e postalo nel forum



Se non te lo fa' scaricare, prova da qui

http://wikisend.com/download/932660/paperino.EXE
Torna in alto
 
smokerjoe
Inviato: Monday, February 02, 2009 1:23:30 PM
Rank: Member

Iscritto dal : 2/2/2009
Posts: 13
quando clicco due volte sul file da te fatto scarikare mi dice por favor, envienos una muestra del fichero C:\muestras\winupgro.exe.muestra elibagle v 12.16 a "virus@satinfo.es". Gracias.
Torna in alto
 
shapiro
Inviato: Monday, February 02, 2009 1:28:47 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
disattiva il ripristino e riprova

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino!
Torna in alto
 
smokerjoe
Inviato: Monday, February 02, 2009 1:37:45 PM
Rank: Member

Iscritto dal : 2/2/2009
Posts: 13
ecco il log di elibagle


Mon Feb 02 13:15:55 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

Mon Feb 02 13:17:01 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.

Mon Feb 02 13:17:21 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.

Mon Feb 02 13:17:45 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.16
a "virus@satinfo.es". Gracias.
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\M\LIST.OCT --> Eliminado Bagle
D:\WINDOWS\SYSTEM32\DRIVERS\DOWN\578796.EXE --> Eliminado Bagle
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\DOWNLD\166953.EXE --> Eliminado Bagle.dldr
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\DOWNLD\189984.EXE --> Eliminado Bagle.dldr
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\DOWNLD\402343.EXE --> Eliminado Bagle.dldr
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\DOWNLD\405421.EXE --> Eliminado Bagle
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\DOWNLD\420515.EXE --> Eliminado Bagle
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\DOWNLD\501656.EXE --> Eliminado Bagle
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\DOWNLD\511984.EXE --> Eliminado Bagle
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\DOWNLD\633437.EXE --> Eliminado Bagle
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\DOWNLD\643640.EXE --> Eliminado Bagle

Mon Feb 02 13:18:02 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.

Mon Feb 02 13:21:10 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.

Mon Feb 02 13:34:32 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.16
a "virus@satinfo.es". Gracias.
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Eliminada Carpeta "%WinSys%\Drivers\Down"
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Mon Feb 02 13:34:52 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 999
Nº Total de Ficheros: 11649
Nº de Ficheros Analizados: 723
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Feb 02 13:35:25 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 999
Nº Total de Ficheros: 11649
Nº de Ficheros Analizados: 723
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Feb 02 13:36:07 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
D:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.16
a "virus@satinfo.es". Gracias.
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
D:\DOCUMENTS AND SETTINGS\JOE\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Feb 02 13:36:09 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 999
Nº Total de Ficheros: 11649
Nº de Ficheros Analizados: 723
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Torna in alto
 
shapiro
Inviato: Monday, February 02, 2009 1:41:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
shapiro
Inviato: Monday, February 02, 2009 1:58:44 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ti lascio dei compiti da fare- saro' di ritorno verso le 15,30

Disattiva l'antivirus e i programmi anti-spyware
Disconnetti il pc da internet
Se hai delle icone di collegamento a programmi sul desktop, crea una cartella apposita e copiale al suo interno

scarica http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Doppio click su combofix.exe e segui le istruzioni passo a passo, ricordati di dare invio dopo i vari passaggi

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.

Nota bene : durante la scansione verranno creati dei file sul desktop e scompariranno le icone, potrebbe succedere che qualche programma ti chiede cosa fare per la rimozione dei drivers, in questo caso accossenti, si tratta probabilmente di drivers infetti.

Il programma creerà la cartella C:\QooBox ed all'interno della stessa verrà posizionato un backup dei files rimossi ed un file di backup del registro di windows chiamato Hiv-backup.

NON TOCCARE MOUSE E TASTIERA durante la scansione


Dovrai postare i due report- siamo gia' a buon punto, ma manca ancora prima di pulire per bene il pc
Torna in alto
 
smokerjoe
Inviato: Monday, February 02, 2009 3:01:00 PM
Rank: Member

Iscritto dal : 2/2/2009
Posts: 13
allora la scansione di malware-bytes ha prodotto questo risultato ecco il log:

Malwarebytes' Anti-Malware 1.33
Versione del database: 1714
Windows 5.1.2600 Service Pack 3

02/02/2009 14.52.48
mbam-log-2009-02-02 (14-52-32).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 157586
Tempo trascorso: 1 hour(s), 5 minute(s), 33 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 2
File infetti: 7

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
D:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\m (Trojan.Agent) -> No action taken.

File infetti:
D:\Documents and Settings\Joe\Dati applicazioni\m\data.oct (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\m\list.oct (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\m\srvlist.oct (Trojan.Agent) -> No action taken.
D:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> No action taken.
D:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\m\flec006.exe (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\drivers\winupgro.exe (Trojan.Agent) -> No action taken.

Come hai consigliato te non ho eliminato i file infetti

Ho provato ad avviare combofix ma mi da sempre lo stesso messaggio mi dice ke il programma non è un'applicazione di win32 valida quindi non ho potuto usarlo aspetto tue notizie :)
Torna in alto
 
shapiro
Inviato: Monday, February 02, 2009 3:47:13 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
allora.....fai in questo modo

elimina la copia di combofix presente(tasto destro-elimina) scarica nuovamente combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe rinomina combofix prima di salvarlo sul desktop in abc.exe
(per rinominare il file, tasto destro salva con nome=abc.exe)

Una volta scaricato il programma, clicca su start, esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall <==copia e incolla

Premi ok e vedi se parte
Torna in alto
 
smokerjoe
Inviato: Monday, February 02, 2009 4:12:29 PM
Rank: Member

Iscritto dal : 2/2/2009
Posts: 13
log di malware-bytes:

Malwarebytes' Anti-Malware 1.33
Versione del database: 1714
Windows 5.1.2600 Service Pack 3

02/02/2009 14.52.48
mbam-log-2009-02-02 (14-52-32).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 157586
Tempo trascorso: 1 hour(s), 5 minute(s), 33 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 2
File infetti: 7

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
D:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\m (Trojan.Agent) -> No action taken.

File infetti:
D:\Documents and Settings\Joe\Dati applicazioni\m\data.oct (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\m\list.oct (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\m\srvlist.oct (Trojan.Agent) -> No action taken.
D:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> No action taken.
D:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\m\flec006.exe (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Joe\Dati applicazioni\drivers\winupgro.exe (Trojan.Agent) -> No action taken.

Come hai consigliato te non ho eliminato i file infetti

Log di combofix:

ComboFix 09-02-01.01 - Joe 2009-02-02 15:59:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1023.747 [GMT 1:00]
Eseguito da: d:\documents and settings\Joe\Desktop\abc.exe
AV: avast! antivirus 4.8.1296 [VPS 090201-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
d:\documents and settings\Joe\Dati applicazioni\drivers\downld
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1050031.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1050703.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1051265.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1056609.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1057593.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1058031.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1060625.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1061625.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1075296.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1077609.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1078984.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1080609.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1081828.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1082406.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1083359.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1084421.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1084906.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\112609.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\113546.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\113562.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1190250.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1191031.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1191312.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1195890.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1209640.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1211453.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\1211937.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\122875.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\124000.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\124453.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\130218.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\130593.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\130843.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\134781.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\138578.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\138843.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\140328.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\142796.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\143546.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\154796.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\155703.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\156218.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\177609.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\177765.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\198500.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\198828.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\199109.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\213750.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\218296.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\218875.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\246968.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\247484.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\247765.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\252265.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\252828.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\253109.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\255437.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\256296.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\256515.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\269859.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\270171.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\270406.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\274937.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\275875.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\276078.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\278421.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\279312.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\279781.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\328296.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\329625.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\330156.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\331140.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\332156.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\333343.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\334515.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\334921.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\334953.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\335187.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\335609.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\335859.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\349343.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\351187.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\351468.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\351609.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\353156.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\353953.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\354921.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\356093.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\357046.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\358593.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\359078.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\359343.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\361359.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\365203.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\365750.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\371203.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\371875.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\372406.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\400250.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\400765.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\400859.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\409062.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\409312.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\409328.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\414734.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\425000.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\426343.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\427375.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\463609.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\464500.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\465109.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\480921.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\482171.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\484906.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\494984.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\495171.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\495250.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\495500.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\495515.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\497656.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\498500.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\498859.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\516312.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\526906.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\527500.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\578531.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\580578.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\581468.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\582109.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\582734.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\583890.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\585796.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\586312.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\586625.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\597421.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\598578.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\598984.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\626296.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\626765.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\626937.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\648390.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\649031.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\649437.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\689765.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\691484.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\692390.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\959859.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\967437.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\967687.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\downld\967734.exe
d:\documents and settings\Joe\Dati applicazioni\drivers\srosa2.sys
d:\documents and settings\Joe\Dati applicazioni\drivers\wfsintwq.sys
d:\documents and settings\Joe\Dati applicazioni\drivers\winupgro.exe
d:\documents and settings\Joe\Dati applicazioni\m
d:\documents and settings\Joe\Dati applicazioni\m\data.oct
d:\documents and settings\Joe\Dati applicazioni\m\flec006.exe
d:\documents and settings\Joe\Dati applicazioni\m\list.oct
d:\documents and settings\Joe\Dati applicazioni\m\shared\.Winrar.v3.42.Tr.Nod32.v2.12.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\[HGame_XP][AVG][jpn_jpn][いたいけな彼女][Game.Disc].zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\[Mcafee.VirusScan.Plus.2007.简体中文版].mcafee2007.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\190-531 - Administering Lotus QuickPlace 3 Practice Exam Questions 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\ABest MOV Video Converter 6.17.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Abscissa.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Acids & Bases - The Ritzytown Water Proj 2.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\ActivityRecording 1.9.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Adblock Filterset.G Updater 0.3.1.3.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Advanced Bookmark Search 0.3.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\AIM2Fone 2.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\All Recorder 3.3.5.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Allok MPEG4 Converter 5.1.0925.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\America 2.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\AnimeVision 0.6.5 buid 1820.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\APP.ITA.-.Panda.Platinum.Internet.Security.2006.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Auto Web View Screensaver 4.00.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Avira Premium Security Suite 8.2.0.251.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Barcode ActiveX Control 4.7.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Baseball Statistic Calculator 2.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\BatchCCEWS 0.9.1.6 Final.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\BBC Asian Network Radio 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Big Stretch 0.2.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Bitdefender.Professional.Plus.v8.0.Crack.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Camping Memories Screen Saver Collection 2.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Car Book Plus 5.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\CatalogBlog 2.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Categorizing Data for Excel 2.3.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Classroom Timer 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Clipboard Assistant 1.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Complimentary $100 Seafood Dinner 1.12.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Cookie Crumble 1.0.2510.42108.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Cranberry Gin 1.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Cute Password Manager 2008 1.3.9.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\CXY 2.1.40.77.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Daniusoft DVD to 3GP Converter 1.3.29.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\DatabaseToDoc 2.4.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Dead Pixel Tester 2.30.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Drive Doppler 1.31.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Easymenu 2.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\eduCam! 1.9.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Emsa Web monitor 1.0.21.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Ewisoft Template Builder 1.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Exif Date Changer 1.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\EyeDefender 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Fast smarty harvester 1.2.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\File Assembler 1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\File Identifier 1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\FileWatcher 2.5.4.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Flexsite 2.8e.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Flickr Photo Search 1.01.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Flower Tower 3D Nokia n73 240x320.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\foo dsp continuator 0.5.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\FRAMER 3.3.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\GMT Clock 1.31.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Great Stella 4.1.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Groovy backgrounds 12.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\HtmlTree Plug-in 1.4.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\IdeaSling RSS Reader 2.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\IET Discover Plugin (Firefox Edition) 1.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Inno7zip 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\inSpeak Communicator 4.2.0 Build 477.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Intelliscore Polyphonic WAV to MIDI Converter 7.2.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\iPod Access Photo 1.6.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\ItelPop 1.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Jaguar XK120 Screensaver 1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\JPEE Email Utility Lite 5.3.4.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Kernel Palm PDB 4.03.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Ligos Indeo Codec 5.11.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\ListRenamer 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\localTrezor 1.0.8.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Maid Of The Wave Theme.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\McAfee.SpamKiller.v4.0.47.1.Retail-ACME.ShareReactor.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\McAfee.Spamkiller.v7.0.14.Retail-ZWT.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Mighty Ticker 1.1.4.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Millionaire 1.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\MMup 1.0.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Mortgages+ 1.2.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\NOD32_Antivirus_System_v2.70.23_Full.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\OakDoc PS to PDF Converter Command Line 2.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\OggCarton for Linux 1.0 Beta.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Page Popup Maker 2.1.2.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\PaintingAll Paul Cezanne Screensaver 1.1.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Palm Coast Screensaver 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\PDFsearcher 1.1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Pepinator Vocabulary Trainer 1.0.8.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Perfgraph 2.0.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Photo Slideshow Builder 3.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Picture Magnifier 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\PictureGirdle 2.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Plato DVD iPod Ripper 7.85.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\ProcessActivityView 1.05.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Project64 1.6.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Qlick 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Quick Macros 2.2.1.3 Beta.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\ReSieve 2.0.37.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Rotate Image 0.1.3.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\ShopWiki Form Filler Assistant 1.20.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Siemens Mobile Control 2.2.8.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\SimVector 4.22 Build 422001.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\SizeFixer SRL 1.2.2.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\spider-man_3_s60v2_multilang_gioco_giochi_Java_Nokia_6600_7610_6630_3650_3660_66803_.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\SQL Assistant 1.0.70.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Stock Photo Assistant 1.3.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Stormpay Shopping Cart 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Sundi 1.060.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Symantec.Norton.Personal.Firewall.2005.Full.(Spanish-Español).Keygen.By.Charly-Team.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Systerac XP Tools 4.02.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Tasks Reminder 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\The Easy Bee 3.1.4.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Tinnes Desktop Calendar 0.42b.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Traditional Chinese ClearType Fonts.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Troi Activator Plug-in 2.0.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\TwinSeek 1.2.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Ultra trigger FX Pro 1.000.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\URL Suffix 0.3.3.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\UseBestMail Personal Edition 1.0.1.4.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Visendo popConnect 6.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Voxelsoft HIDE 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Voxengo LF-Punch 1.4.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\WIDI Recognition System Professional 3.3.2 Build 588.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\Wikipedia Lookup Extension 0.3.1.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\YahooTaster 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\ZakatCalculater 1.0.zip
d:\documents and settings\Joe\Dati applicazioni\m\shared\ZipTools 1.2.zip
d:\documents and settings\Joe\Dati applicazioni\m\srvlist.oct
d:\programmi\MSN Messenger\msnmsgr.exe
d:\windows\system32\43upd.dll
d:\windows\system32\44upd.dll
d:\windows\system32\45upd.dll
d:\windows\system32\46upd.dll
d:\windows\system32\ban_list.txt
d:\windows\system32\drivers\down
d:\windows\system32\mdelk.exe
d:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Creati Da 2009-01-02 al 2009-02-02 )))))))))))))))))))))))))))))))))))
.

2009-02-02 13:45 . 2009-02-02 13:45 <DIR> d-------- d:\programmi\Malwarebytes' Anti-Malware
2009-02-02 13:45 . 2009-01-14 16:11 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 13:45 . 2009-01-14 16:11 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-02-02 12:43 . 2009-02-02 12:47 <DIR> d-------- d:\programmi\FindyKill
2009-02-02 11:52 . 2009-02-02 16:01 <DIR> d--h----- d:\documents and settings\Joe\Dati applicazioni\drivers
2009-02-02 11:46 . 2008-08-30 12:11 40,960 --a------ d:\windows\system32\drivers\VIRAGTLT.SYS
2009-02-01 09:37 . 2009-02-01 09:50 <DIR> d-------- d:\documents and settings\Franco\Dati applicazioni\MEGAUPLOADTOOLBAR
2009-02-01 09:37 . 2009-02-01 09:47 <DIR> d-------- d:\documents and settings\Franco\Dati applicazioni\EmailNotifier
2009-01-31 21:14 . 2001-08-30 20:41 12,160 --a------ d:\windows\system32\drivers\mouhid.sys
2009-01-31 21:14 . 2001-08-30 20:41 12,160 --a------ d:\windows\system32\dllcache\mouhid.sys
2009-01-31 21:14 . 2008-04-13 19:45 10,368 --a------ d:\windows\system32\drivers\hidusb.sys
2009-01-31 21:14 . 2008-04-13 19:45 10,368 --a------ d:\windows\system32\dllcache\hidusb.sys
2009-01-26 20:44 . 2009-01-26 20:44 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\MozillaControl
2009-01-26 20:40 . 2009-01-26 20:40 <DIR> d-------- d:\windows\'Full Speed' Internet Booster + Performance Tests
2009-01-26 20:40 . 2009-01-26 20:41 <DIR> d-------- d:\programmi\'Full Speed' Internet Booster + Performance Tests
2009-01-26 13:40 . 2009-01-26 13:40 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\Malwarebytes
2009-01-26 13:40 . 2009-01-26 13:40 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-25 13:48 . 2009-01-25 13:48 50 --a------ d:\windows\MegaManager.INI
2009-01-25 13:07 . 2009-01-25 13:07 <DIR> d-------- d:\programmi\Microsoft Silverlight
2009-01-24 14:00 . 2009-01-24 14:03 <DIR> d-------- d:\programmi\MegauploadToolbar
2009-01-24 14:00 . 2009-02-02 15:51 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\MegauploadToolbar
2009-01-24 14:00 . 2009-01-24 14:00 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\Megaupload
2009-01-24 14:00 . 2009-01-24 14:00 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\EmailNotifier
2009-01-24 14:00 . 2009-01-24 14:00 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Megaupload
2009-01-24 14:00 . 2009-01-24 14:00 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\EmailNotifier
2009-01-22 14:48 . 2009-01-22 14:48 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\NCH Software
2009-01-22 14:47 . 2009-01-22 14:47 <DIR> d-------- d:\programmi\NCH Software
2009-01-18 20:14 . 2009-01-18 20:14 268 --ah----- D:\sqmdata19.sqm
2009-01-18 20:14 . 2009-01-18 20:14 244 --ah----- D:\sqmnoopt19.sqm
2009-01-14 20:33 . 2009-01-14 20:33 268 --ah----- D:\sqmdata18.sqm
2009-01-14 20:33 . 2009-01-14 20:33 244 --ah----- D:\sqmnoopt18.sqm
2009-01-14 15:22 . 2009-01-14 15:22 268 --ah----- D:\sqmdata17.sqm
2009-01-14 15:22 . 2009-01-14 15:22 244 --ah----- D:\sqmnoopt17.sqm
2009-01-14 13:28 . 2009-01-14 13:28 584 --a------ d:\windows\imsins.BAK
2009-01-14 13:25 . 2008-06-20 18:46 247,296 --------- d:\windows\system32\dllcache\mswsock.dll
2009-01-14 13:25 . 2008-06-20 12:08 225,856 --------- d:\windows\system32\dllcache\tcpip6.sys
2009-01-14 13:25 . 2008-06-20 18:46 147,968 --------- d:\windows\system32\dllcache\dnsapi.dll
2009-01-13 21:04 . 2009-01-13 21:04 268 --ah----- D:\sqmdata16.sqm
2009-01-13 21:04 . 2009-01-13 21:04 244 --ah----- D:\sqmnoopt16.sqm
2009-01-12 21:08 . 2009-01-12 21:08 268 --ah----- D:\sqmdata15.sqm
2009-01-12 21:08 . 2009-01-12 21:08 244 --ah----- D:\sqmnoopt15.sqm
2009-01-12 20:52 . 2009-01-12 20:53 <DIR> d-------- d:\programmi\uTorrent
2009-01-12 20:43 . 2008-06-20 12:51 361,600 --a------ d:\windows\system32\dllcache\tcpip.sys
2009-01-12 20:43 . 2009-01-12 20:43 361,344 --a------ d:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-01-12 20:17 . 2009-01-12 20:17 268 --ah----- D:\sqmdata14.sqm
2009-01-12 20:17 . 2009-01-12 20:17 244 --ah----- D:\sqmnoopt14.sqm
2009-01-12 14:56 . 2009-01-12 14:56 268 --ah----- D:\sqmdata13.sqm
2009-01-12 14:56 . 2009-01-12 14:56 244 --ah----- D:\sqmnoopt13.sqm
2009-01-12 14:37 . 2009-01-12 14:37 268 --ah----- D:\sqmdata12.sqm
2009-01-12 14:37 . 2009-01-12 14:37 244 --ah----- D:\sqmnoopt12.sqm
2009-01-10 22:18 . 2009-01-26 11:50 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\FrostWire
2009-01-10 22:16 . 2009-01-10 22:18 <DIR> d-------- d:\programmi\FrostWire
2009-01-10 22:16 . 2009-01-10 22:16 <DIR> d-------- d:\programmi\AskBarDis
2009-01-10 21:27 . 2009-01-10 21:27 547,840 --a------ d:\windows\system32\wiaaut.dll
2009-01-10 21:27 . 2009-01-10 21:27 108,336 --a------ d:\windows\system32\Mswinsck.ocx
2009-01-10 21:27 . 2009-01-10 21:27 102,400 --a------ d:\windows\system32\DinkITXPUIMenus.ocx
2009-01-10 21:27 . 2009-01-10 21:27 65,536 --a------ d:\windows\system32\EnhSliderOcx.ocx
2009-01-10 21:27 . 2009-01-10 21:27 64,000 --a------ d:\windows\system32\wiaaut.oca
2009-01-09 14:47 . 2009-01-26 11:50 <DIR> d-------- d:\documents and settings\Joe\Incomplete
2009-01-09 14:46 . 2009-01-10 22:16 <DIR> d-------- d:\programmi\LimeWire
2009-01-09 14:46 . 2009-01-10 22:07 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\LimeWire
2009-01-08 20:09 . 2009-01-08 20:09 410,984 --a------ d:\windows\system32\deploytk.dll
2009-01-08 20:09 . 2009-01-08 20:09 73,728 --a------ d:\windows\system32\javacpl.cpl
2009-01-08 19:02 . 2009-01-08 19:02 <DIR> d-------- d:\programmi\MP3SPLITTER
2009-01-08 19:02 . 2009-01-13 14:39 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\uTorrent
2009-01-06 16:48 . 2009-01-06 16:48 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-01-06 13:15 . 2009-01-08 19:02 <DIR> d-------- d:\programmi\mp3DirectCut
2009-01-05 15:28 . 2009-01-08 19:02 <DIR> d-------- d:\documents and settings\Joe\Dati applicazioni\uTorrent(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 15:01 --------- d-----w d:\programmi\MSN Messenger
2009-02-02 11:51 --------- d-----w d:\programmi\VEXPLITE
2009-02-02 10:53 --------- d-----w d:\programmi\eMule
2009-01-24 12:59 --------- d--h--w d:\programmi\InstallShield Installation Information
2009-01-22 13:46 --------- d-----w d:\programmi\NCH Swift Sound
2009-01-14 12:29 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-01 17:55 --------- d-----w d:\programmi\Java
2008-12-23 11:38 --------- d-----w d:\documents and settings\Franco\Dati applicazioni\DivX
2008-12-17 19:29 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\FLEXnet
2008-12-17 19:26 --------- d-----w d:\programmi\File comuni\Adobe
2008-12-17 19:26 --------- d-----w d:\programmi\Bonjour
2008-12-17 19:18 --------- d-----w d:\programmi\File comuni\Macrovision Shared
2008-12-17 19:11 --------- d-----w d:\programmi\Adobe CS3
2008-12-17 09:36 --------- d-----w d:\programmi\SlySoft
2008-12-14 12:32 --------- d-----w d:\documents and settings\Joe\Dati applicazioni\Any Video Converter Professional
2008-12-14 12:27 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\SlySoft
2008-12-13 12:44 --------- d-----w d:\documents and settings\Franco\Dati applicazioni\Search Settings
2008-12-13 12:31 --------- d-----w d:\programmi\MSBuild
2008-12-13 12:31 --------- d-----w d:\programmi\Microsoft Works
2008-12-13 12:30 --------- d-----w d:\programmi\Microsoft.NET
2008-12-13 12:28 --------- d-----w d:\programmi\Microsoft Visual Studio 8
2008-12-13 10:34 --------- d-----w d:\programmi\Free Audio Pack
2008-12-13 10:32 --------- d-----w d:\programmi\Search Settings
2008-12-13 10:32 --------- d-----w d:\documents and settings\Joe\Dati applicazioni\Search Settings
2008-12-12 11:23 81,920 ----a-w d:\documents and settings\Joe\Dati applicazioni\ezpinst.exe
2008-12-12 11:23 47,360 ----a-w d:\windows\system32\drivers\pcouffin.sys
2008-12-12 11:23 47,360 ----a-w d:\documents and settings\Joe\Dati applicazioni\pcouffin.sys
2008-12-12 11:23 --------- d-----w d:\programmi\Video Convert Master
2008-12-12 11:23 --------- d-----w d:\documents and settings\Joe\Dati applicazioni\Vso
2008-12-12 11:03 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-12-11 10:57 333,952 ----a-w d:\windows\system32\drivers\srv.sys
2008-12-10 19:06 --------- d-----w d:\documents and settings\Joe\Dati applicazioni\NCH Swift Sound
2008-12-10 19:06 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2008-12-10 17:55 --------- d-----w d:\programmi\File comuni\AVSMedia
2008-12-10 13:52 --------- d-----w d:\documents and settings\Joe\Dati applicazioni\AVS4YOU
2008-12-10 13:52 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2008-12-10 13:25 --------- d-----w d:\programmi\File comuni\Java
2008-12-10 11:37 --------- d-----w d:\programmi\Fellowes
2008-12-10 11:37 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Fellowes
2008-12-10 11:34 --------- d-----w d:\programmi\EPSON
2008-12-10 11:33 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\EPSON
2008-12-10 11:27 --------- d-----w d:\programmi\File comuni\InstallShield
2008-12-10 11:25 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\UDL
2008-12-07 22:59 --------- d---a-w d:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-05 10:10 --------- d-----w d:\programmi\GSpot
2008-12-04 22:17 --------- d-----w d:\programmi\IObit
2008-12-04 21:30 --------- d-----w d:\programmi\VideoLAN
2008-12-04 20:32 --------- d-----w d:\programmi\Trend Micro
2008-12-04 13:25 --------- d-----w d:\programmi\NOS
2008-12-04 13:25 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\NOS
2008-12-04 09:58 --------- d-----w d:\programmi\Total Video Converter
2008-12-03 20:17 167,424 ----a-w d:\windows\system32\SpoonUninstall.exe
2008-12-03 20:16 67,584 ----a-w d:\windows\system32\xanalyze.dll
2008-12-03 20:16 --------- d-----w d:\programmi\Illustrate
2008-12-03 19:06 --------- d-----w d:\documents and settings\Joe\Dati applicazioni\Media Player Classic
2008-11-24 14:32 57,344 ----a-w d:\windows\system32\ff_vfw.dll
2006-10-11 08:04 61,036 ----a-w d:\programmi\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w d:\programmi\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w d:\programmi\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w d:\programmi\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w d:\programmi\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 21:44 1947080 --a------ d:\programmi\MegauploadToolbar\megauploadtoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "d:\programmi\MegauploadToolbar\megauploadtoolbar.dll" [2008-08-04 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "d:\programmi\MegauploadToolbar\megauploadtoolbar.dll" [2008-08-04 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SmartRAM"="d:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2008-11-06 202256]
"Advanced SystemCare 3"="d:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-26 2235920]
"EPSON Stylus DX6000 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE" [2006-09-22 139264]
"MSMSGS"="d:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="d:\programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848]
"SystemProtect"="d:\programmi\System Protect\SysProtect_Tray.exe" [2008-11-17 1223680]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-02 81000]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"MediaFace Integration"="d:\programmi\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 53248]
"SunJavaUpdateSched"="d:\programmi\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"SearchSettings"="d:\programmi\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"GrooveMonitor"="d:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-10-16 d:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Lanterna\\Lantmirc.exe"=
"d:\\Programmi\\MSN Messenger\\livecall.exe"=
"d:\\Programmi\\eMule\\emule.exe"=
"d:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\uTorrent\\uTorrent.exe"=

R0 d344bus;d344bus;d:\windows\system32\drivers\d344bus.sys [2008-11-17 137216]
R0 d344prt;d344prt;d:\windows\system32\drivers\d344prt.sys [2008-11-17 5248]
R0 VIRAGTLT;VIRAGTLT;d:\windows\system32\drivers\VIRAGTLT.SYS [2009-02-02 40960]
R2 SP_Service;System Protect Deletion Prevention Service;d:\programmi\System Protect\SysProtect_srv.exe [2008-11-17 598528]
R3 ACSSCR;ACR38 Smart Card Reader;d:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;d:\windows\system32\drivers\CnxEtP.sys [2008-11-17 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;d:\windows\system32\drivers\CnxEtU.sys [2008-11-17 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;d:\windows\system32\drivers\CnxTgN.sys [2008-11-17 108675]
R3 sp_prot;System Protect Filter Driver;d:\windows\system32\drivers\sp_prot.sys [2008-11-17 12288]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys --> d:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 viritsvclite;Virit eXplorer Lite;d:\programmi\VEXPLITE\VIRITSVC.EXE [2006-02-24 57344]
S3 Ndisprot;ArcNet NDIS Protocol Driver;d:\windows\system32\drivers\ndisprot.sys [2008-11-21 27904]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - d:\programmi\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - d:\programmi\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - d:\programmi\AskBarDis\bar\bin\askBar.dll
HKCU-Run-msnmsgr - d:\programmi\MSN Messenger\msnmsgr.exe
HKLM-Run-VIRIT LITE MONITOR - d:\vexplite\MONLITE.EXE


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica link utilizzando Mega Manager...
FF - ProfilePath - d:\documents and settings\Joe\Dati applicazioni\Mozilla\Firefox\Profiles\hzxwmart.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101677&l=dis
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: d:\programmi\Mozilla Firefox\components\xpinstal.dll
FF - component: d:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: d:\programmi\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: d:\programmi\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 16:05:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
d:\windows\system32\scardsvr.exe
d:\programmi\Bonjour\mDNSResponder.exe
d:\programmi\Java\jre6\bin\jqs.exe
d:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-02 16:08:06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-02 15:08:04

Pre-Run: 17,346,256,896 byte disponibili
Post-Run: 17,422,716,928 byte disponibili

556 --- E O F --- 2009-01-14 12:29:23

Report di combofix:
Non li trovo... non c sono nella cartella qoobox
Torna in alto
 
shapiro
Inviato: Monday, February 02, 2009 4:20:06 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
riavvia malwarebytes ed elimina tutto

sai dirmi se il pc ha ripreso un po?

riesci ora ad entrare in provvisoria?
Torna in alto
 
smokerjoe
Inviato: Monday, February 02, 2009 4:28:12 PM
Rank: Member

Iscritto dal : 2/2/2009
Posts: 13
Allora x la modalità provvisoria niente da fare il pc sembra essersi ripreso un pokino cioè prima di usare combofix era diventato lentissimo e mi usava un casino di ram adesso si è velocizzato è tornato cm prima solo ke il problema rimane quando apro i programmi mi dice sempre ke il programma non è un'applicazione di win32 valida (premetto ke sto rifacendo la scansione con malware-bytes x eliminarli quindi quelli nn li ho ankora eliminati)....
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: [1] 2 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus?? penso proprio di si....


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.