Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » grosso problema

3 pages: 1 [2] 3
grosso problema Opzioni
Topic Precedente · Topic Sucessivo
xelex
Inviato: Wednesday, February 04, 2009 6:48:04 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
No! C'è solo questo!
Torna in alto
 
shapiro
Inviato: Wednesday, February 04, 2009 8:08:04 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
finiamo le operazioni di pulizia


scarica Avenger da qui

http://swandog46.geekstogo.com/avenger.zip

lo installi e lo lanci

Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:


files to delete:
C:\WINDOWS\iun6002.exe
C:\Documents and Settings\Luca\Desktop\Plugins\crac.exe
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\wintems.exe
%SystemDrive%\WINDOWS\system32\hldrrr.exe
%SystemDrive%\WINDOWS\system32\trusted.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%UserProfile%\Dati applicazioni\hidires\hidr.exe
%UserProfile%\Dati applicazioni\hidires\rosa.sys
%UserProfile%\Dati applicazioni\m\list.oct
%UserProfile%\Dati applicazioni\m\data.oct
%UserProfile%\Dati applicazioni\m\flec006.exe
%UserProfile%\Dati applicazioni\m\svrlist.oct
%SystemDrive%\system32\re_file.exe
%SystemDrive%\elist.xpt
%UserProfile%\Dati applicazioni\hidires\m_hook.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.ex_
%SystemDrive%\WINDOWS\system32\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\edlm.exe
%SystemDrive%\WINDOWS\system32\edlm2.exe
%SystemDrive%\Windows\system32\ldR64.dll
%SystemDrive%\WINDOWS\system32\german.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys.XXX
%SystemDrive%\WINDOWS\system32\mdelk.exe.XXX
%SystemDrive%\WINDOWS\system32\wintems.exe.XXX
%SystemDrive%\WINDOWS\system32\1.exe

Folders to delete:
%SystemDrive%\WINDOWS\exefqd
%SystemDrive%\WINDOWS\exefnd
%SystemDrive%\WINDOWS\exefld
%UserProfile%\Dati applicazioni\hidires
%UserProfile%\Dati applicazioni\hidn
%UserProfile%\Dati applicazioni\m\shared
%UserProfile%\Dati applicazioni\m
%SystemDrive%\WINDOWS\System32\drivers\down
%SystemDrive%\WINDOWS\system32\drivers\downld

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\CurrentControlSet\Services\rosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | german.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drv_st_key

Drivers to disable:
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe

Spunta "Automatically disable any rootkits found"

clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

posta il log di avenger che trovi in c:\




Disattiva l'antivirus e i programmi anti-spyware
Disconnetti il pc da internet
Se hai delle icone di collegamento a programmi sul desktop, crea una cartella apposita e copiale al suo interno

scarica ► http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Doppio click su combofix.exe e segui le istruzioni passo a passo

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.

Nota bene : durante la scansione verranno creati dei file sul desktop e scompariranno le icone, potrebbe succedere che qualche programma ti chiede cosa fare per la rimozione dei drivers, in questo caso accossenti, si tratta probabilmente di drivers infetti.

Il programma creerà la cartella C:\QooBox ed all'interno della stessa verrà posizionato un backup dei files rimossi ed un file di backup del registro di windows chiamato Hiv-backup.

NON TOCCARE MOUSE E TASTIERA durante la scansione.
Torna in alto
 
xelex
Inviato: Wednesday, February 04, 2009 9:04:56 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
Ecco qua!



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\iun6002.exe" not found!
Deletion of file "C:\WINDOWS\iun6002.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Documents and Settings\Luca\Desktop\Plugins\crac.exe"
Deletion of file "C:\Documents and Settings\Luca\Desktop\Plugins\crac.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\WINDOWS\system32\drivers\hidr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\trusted.exe" not found!
Deletion of file "C:\WINDOWS\system32\trusted.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Users\Sony\Dati applicazioni\hidires\hidr.exe"
Deletion of file "C:\Users\Sony\Dati applicazioni\hidires\hidr.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Users\Sony\Dati applicazioni\hidires\rosa.sys"
Deletion of file "C:\Users\Sony\Dati applicazioni\hidires\rosa.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Users\Sony\Dati applicazioni\m\list.oct"
Deletion of file "C:\Users\Sony\Dati applicazioni\m\list.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Users\Sony\Dati applicazioni\m\data.oct"
Deletion of file "C:\Users\Sony\Dati applicazioni\m\data.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Users\Sony\Dati applicazioni\m\flec006.exe"
Deletion of file "C:\Users\Sony\Dati applicazioni\m\flec006.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Users\Sony\Dati applicazioni\m\svrlist.oct"
Deletion of file "C:\Users\Sony\Dati applicazioni\m\svrlist.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\system32\re_file.exe"
Deletion of file "C:\system32\re_file.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\elist.xpt" not found!
Deletion of file "C:\elist.xpt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Users\Sony\Dati applicazioni\hidires\m_hook.sys"
Deletion of file "C:\Users\Sony\Dati applicazioni\hidires\m_hook.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.ex_" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.ex_" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\edlm.exe" not found!
Deletion of file "C:\WINDOWS\system32\edlm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\edlm2.exe" not found!
Deletion of file "C:\WINDOWS\system32\edlm2.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\ldR64.dll" not found!
Deletion of file "C:\Windows\system32\ldR64.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\german.exe" not found!
Deletion of file "C:\WINDOWS\system32\german.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa.sys.XXX" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe.XXX" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe.XXX" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefqd" not found!
Deletion of folder "C:\WINDOWS\exefqd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefnd" not found!
Deletion of folder "C:\WINDOWS\exefnd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefld" not found!
Deletion of folder "C:\WINDOWS\exefld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Users\Sony\Dati applicazioni\hidires" not found!
Deletion of folder "C:\Users\Sony\Dati applicazioni\hidires" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Users\Sony\Dati applicazioni\hidn" not found!
Deletion of folder "C:\Users\Sony\Dati applicazioni\hidn" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open folder "C:\Users\Sony\Dati applicazioni\m\shared"
Deletion of folder "C:\Users\Sony\Dati applicazioni\m\shared" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "C:\Users\Sony\Dati applicazioni\m" not found!
Deletion of folder "C:\Users\Sony\Dati applicazioni\m" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\System32\drivers\down" not found!
Deletion of folder "C:\WINDOWS\System32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\hidr.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\srosa.sys"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\pci32.sys"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.




ComboFix 09-02-04.01 - Sony 2009-02-04 20.51.48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1040.18.3070.2065 [GMT 1:00]
Eseguito da: c:\users\Sony\Downloads\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
c:\users\Sony\AppData\Roaming\drivers\downld
c:\users\Sony\AppData\Roaming\drivers\downld\101946.exe
c:\users\Sony\AppData\Roaming\drivers\downld\102773.exe
c:\users\Sony\AppData\Roaming\drivers\downld\105238.exe
c:\users\Sony\AppData\Roaming\drivers\downld\105643.exe
c:\users\Sony\AppData\Roaming\drivers\downld\106923.exe
c:\users\Sony\AppData\Roaming\drivers\downld\107391.exe
c:\users\Sony\AppData\Roaming\drivers\downld\108654.exe
c:\users\Sony\AppData\Roaming\drivers\downld\110245.exe
c:\users\Sony\AppData\Roaming\drivers\downld\117172.exe
c:\users\Sony\AppData\Roaming\drivers\downld\117343.exe
c:\users\Sony\AppData\Roaming\drivers\downld\118404.exe
c:\users\Sony\AppData\Roaming\drivers\downld\118794.exe
c:\users\Sony\AppData\Roaming\drivers\downld\119824.exe
c:\users\Sony\AppData\Roaming\drivers\downld\131259.exe
c:\users\Sony\AppData\Roaming\drivers\downld\134457.exe
c:\users\Sony\AppData\Roaming\drivers\downld\134675.exe
c:\users\Sony\AppData\Roaming\drivers\downld\140697.exe
c:\users\Sony\AppData\Roaming\drivers\downld\146469.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14738475.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14738771.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14738787.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14751750.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14753310.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14753966.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14789612.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14792342.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14792904.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14840999.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14841404.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14841420.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14917673.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14919296.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14919452.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14926050.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14926082.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14929607.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14931058.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14945348.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14947064.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14947766.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14948593.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14949622.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14950153.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14951026.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14951479.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14951791.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14969528.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14970526.exe
c:\users\Sony\AppData\Roaming\drivers\downld\14970979.exe
c:\users\Sony\AppData\Roaming\drivers\downld\150057.exe
c:\users\Sony\AppData\Roaming\drivers\downld\150338.exe
c:\users\Sony\AppData\Roaming\drivers\downld\15040773.exe
c:\users\Sony\AppData\Roaming\drivers\downld\15042178.exe
c:\users\Sony\AppData\Roaming\drivers\downld\15042770.exe
c:\users\Sony\AppData\Roaming\drivers\downld\15074735.exe
c:\users\Sony\AppData\Roaming\drivers\downld\15075250.exe
c:\users\Sony\AppData\Roaming\drivers\downld\15075406.exe
c:\users\Sony\AppData\Roaming\drivers\downld\151476.exe
c:\users\Sony\AppData\Roaming\drivers\downld\156079.exe
c:\users\Sony\AppData\Roaming\drivers\downld\159760.exe
c:\users\Sony\AppData\Roaming\drivers\downld\161273.exe
c:\users\Sony\AppData\Roaming\drivers\downld\162584.exe
c:\users\Sony\AppData\Roaming\drivers\downld\169510.exe
c:\users\Sony\AppData\Roaming\drivers\downld\169822.exe
c:\users\Sony\AppData\Roaming\drivers\downld\203706.exe
c:\users\Sony\AppData\Roaming\drivers\downld\207512.exe
c:\users\Sony\AppData\Roaming\drivers\downld\207840.exe
c:\users\Sony\AppData\Roaming\drivers\downld\207980.exe
c:\users\Sony\AppData\Roaming\drivers\downld\212223.exe
c:\users\Sony\AppData\Roaming\drivers\downld\212660.exe
c:\users\Sony\AppData\Roaming\drivers\downld\218760.exe
c:\users\Sony\AppData\Roaming\drivers\downld\219587.exe
c:\users\Sony\AppData\Roaming\drivers\downld\222020.exe
c:\users\Sony\AppData\Roaming\drivers\downld\222753.exe
c:\users\Sony\AppData\Roaming\drivers\downld\231848.exe
c:\users\Sony\AppData\Roaming\drivers\downld\233049.exe
c:\users\Sony\AppData\Roaming\drivers\downld\233408.exe
c:\users\Sony\AppData\Roaming\drivers\downld\239555.exe
c:\users\Sony\AppData\Roaming\drivers\downld\240085.exe
c:\users\Sony\AppData\Roaming\drivers\downld\240194.exe
c:\users\Sony\AppData\Roaming\drivers\downld\240335.exe
c:\users\Sony\AppData\Roaming\drivers\downld\242269.exe
c:\users\Sony\AppData\Roaming\drivers\downld\243018.exe
c:\users\Sony\AppData\Roaming\drivers\downld\243657.exe
c:\users\Sony\AppData\Roaming\drivers\downld\243782.exe
c:\users\Sony\AppData\Roaming\drivers\downld\244219.exe
c:\users\Sony\AppData\Roaming\drivers\downld\249601.exe
c:\users\Sony\AppData\Roaming\drivers\downld\250428.exe
c:\users\Sony\AppData\Roaming\drivers\downld\251036.exe
c:\users\Sony\AppData\Roaming\drivers\downld\251801.exe
c:\users\Sony\AppData\Roaming\drivers\downld\252394.exe
c:\users\Sony\AppData\Roaming\drivers\downld\253392.exe
c:\users\Sony\AppData\Roaming\drivers\downld\254827.exe
c:\users\Sony\AppData\Roaming\drivers\downld\256044.exe
c:\users\Sony\AppData\Roaming\drivers\downld\256684.exe
c:\users\Sony\AppData\Roaming\drivers\downld\258556.exe
c:\users\Sony\AppData\Roaming\drivers\downld\259538.exe
c:\users\Sony\AppData\Roaming\drivers\downld\259694.exe
c:\users\Sony\AppData\Roaming\drivers\downld\260771.exe
c:\users\Sony\AppData\Roaming\drivers\downld\260818.exe
c:\users\Sony\AppData\Roaming\drivers\downld\261676.exe
c:\users\Sony\AppData\Roaming\drivers\downld\262939.exe
c:\users\Sony\AppData\Roaming\drivers\downld\263922.exe
c:\users\Sony\AppData\Roaming\drivers\downld\264671.exe
c:\users\Sony\AppData\Roaming\drivers\downld\265794.exe
c:\users\Sony\AppData\Roaming\drivers\downld\266356.exe
c:\users\Sony\AppData\Roaming\drivers\downld\267058.exe
c:\users\Sony\AppData\Roaming\drivers\downld\269912.exe
c:\users\Sony\AppData\Roaming\drivers\downld\271878.exe
c:\users\Sony\AppData\Roaming\drivers\downld\272549.exe
c:\users\Sony\AppData\Roaming\drivers\downld\280052.exe
c:\users\Sony\AppData\Roaming\drivers\downld\280723.exe
c:\users\Sony\AppData\Roaming\drivers\downld\281503.exe
c:\users\Sony\AppData\Roaming\drivers\downld\281550.exe
c:\users\Sony\AppData\Roaming\drivers\downld\281815.exe
c:\users\Sony\AppData\Roaming\drivers\downld\282533.exe
c:\users\Sony\AppData\Roaming\drivers\downld\282720.exe
c:\users\Sony\AppData\Roaming\drivers\downld\283407.exe
c:\users\Sony\AppData\Roaming\drivers\downld\292018.exe
c:\users\Sony\AppData\Roaming\drivers\downld\292455.exe
c:\users\Sony\AppData\Roaming\drivers\downld\292720.exe
c:\users\Sony\AppData\Roaming\drivers\downld\298773.exe
c:\users\Sony\AppData\Roaming\drivers\downld\299038.exe
c:\users\Sony\AppData\Roaming\drivers\downld\299147.exe
c:\users\Sony\AppData\Roaming\drivers\downld\304950.exe
c:\users\Sony\AppData\Roaming\drivers\downld\307384.exe
c:\users\Sony\AppData\Roaming\drivers\downld\308164.exe
c:\users\Sony\AppData\Roaming\drivers\downld\312797.exe
c:\users\Sony\AppData\Roaming\drivers\downld\314264.exe
c:\users\Sony\AppData\Roaming\drivers\downld\314700.exe
c:\users\Sony\AppData\Roaming\drivers\downld\315527.exe
c:\users\Sony\AppData\Roaming\drivers\downld\315839.exe
c:\users\Sony\AppData\Roaming\drivers\downld\315995.exe
c:\users\Sony\AppData\Roaming\drivers\downld\316572.exe
c:\users\Sony\AppData\Roaming\drivers\downld\318834.exe
c:\users\Sony\AppData\Roaming\drivers\downld\320176.exe
c:\users\Sony\AppData\Roaming\drivers\downld\320691.exe
c:\users\Sony\AppData\Roaming\drivers\downld\321596.exe
c:\users\Sony\AppData\Roaming\drivers\downld\323156.exe
c:\users\Sony\AppData\Roaming\drivers\downld\325246.exe
c:\users\Sony\AppData\Roaming\drivers\downld\325730.exe
c:\users\Sony\AppData\Roaming\drivers\downld\326120.exe
c:\users\Sony\AppData\Roaming\drivers\downld\331798.exe
c:\users\Sony\AppData\Roaming\drivers\downld\332484.exe
c:\users\Sony\AppData\Roaming\drivers\downld\332718.exe
c:\users\Sony\AppData\Roaming\drivers\downld\335136.exe
c:\users\Sony\AppData\Roaming\drivers\downld\335183.exe
c:\users\Sony\AppData\Roaming\drivers\downld\335760.exe
c:\users\Sony\AppData\Roaming\drivers\downld\336010.exe
c:\users\Sony\AppData\Roaming\drivers\downld\336213.exe
c:\users\Sony\AppData\Roaming\drivers\downld\336322.exe
c:\users\Sony\AppData\Roaming\drivers\downld\344356.exe
c:\users\Sony\AppData\Roaming\drivers\downld\345417.exe
c:\users\Sony\AppData\Roaming\drivers\downld\345979.exe
c:\users\Sony\AppData\Roaming\drivers\downld\346088.exe
c:\users\Sony\AppData\Roaming\drivers\downld\347383.exe
c:\users\Sony\AppData\Roaming\drivers\downld\347429.exe
c:\users\Sony\AppData\Roaming\drivers\downld\348178.exe
c:\users\Sony\AppData\Roaming\drivers\downld\349005.exe
c:\users\Sony\AppData\Roaming\drivers\downld\350253.exe
c:\users\Sony\AppData\Roaming\drivers\downld\350690.exe
c:\users\Sony\AppData\Roaming\drivers\downld\350971.exe
c:\users\Sony\AppData\Roaming\drivers\downld\351470.exe
c:\users\Sony\AppData\Roaming\drivers\downld\351579.exe
c:\users\Sony\AppData\Roaming\drivers\downld\351953.exe
c:\users\Sony\AppData\Roaming\drivers\downld\352952.exe
c:\users\Sony\AppData\Roaming\drivers\downld\353716.exe
c:\users\Sony\AppData\Roaming\drivers\downld\354683.exe
c:\users\Sony\AppData\Roaming\drivers\downld\355167.exe
c:\users\Sony\AppData\Roaming\drivers\downld\355526.exe
c:\users\Sony\AppData\Roaming\drivers\downld\358240.exe
c:\users\Sony\AppData\Roaming\drivers\downld\359317.exe
c:\users\Sony\AppData\Roaming\drivers\downld\359660.exe
c:\users\Sony\AppData\Roaming\drivers\downld\362873.exe
c:\users\Sony\AppData\Roaming\drivers\downld\363887.exe
c:\users\Sony\AppData\Roaming\drivers\downld\364667.exe
c:\users\Sony\AppData\Roaming\drivers\downld\367335.exe
c:\users\Sony\AppData\Roaming\drivers\downld\368224.exe
c:\users\Sony\AppData\Roaming\drivers\downld\369129.exe
c:\users\Sony\AppData\Roaming\drivers\downld\375962.exe
c:\users\Sony\AppData\Roaming\drivers\downld\376352.exe
c:\users\Sony\AppData\Roaming\drivers\downld\376804.exe
c:\users\Sony\AppData\Roaming\drivers\downld\381937.exe
c:\users\Sony\AppData\Roaming\drivers\downld\383013.exe
c:\users\Sony\AppData\Roaming\drivers\downld\383637.exe
c:\users\Sony\AppData\Roaming\drivers\downld\383840.exe
c:\users\Sony\AppData\Roaming\drivers\downld\386274.exe
c:\users\Sony\AppData\Roaming\drivers\downld\386898.exe
c:\users\Sony\AppData\Roaming\drivers\downld\387054.exe
c:\users\Sony\AppData\Roaming\drivers\downld\387506.exe
c:\users\Sony\AppData\Roaming\drivers\downld\388645.exe
c:\users\Sony\AppData\Roaming\drivers\downld\389706.exe
c:\users\Sony\AppData\Roaming\drivers\downld\390314.exe
c:\users\Sony\AppData\Roaming\drivers\downld\390626.exe
c:\users\Sony\AppData\Roaming\drivers\downld\390938.exe
c:\users\Sony\AppData\Roaming\drivers\downld\391858.exe
c:\users\Sony\AppData\Roaming\drivers\downld\393075.exe
c:\users\Sony\AppData\Roaming\drivers\downld\394604.exe
c:\users\Sony\AppData\Roaming\drivers\downld\394666.exe
c:\users\Sony\AppData\Roaming\drivers\downld\395181.exe
c:\users\Sony\AppData\Roaming\drivers\downld\395571.exe
c:\users\Sony\AppData\Roaming\drivers\downld\395946.exe
c:\users\Sony\AppData\Roaming\drivers\downld\396991.exe
c:\users\Sony\AppData\Roaming\drivers\downld\398332.exe
c:\users\Sony\AppData\Roaming\drivers\downld\399830.exe
c:\users\Sony\AppData\Roaming\drivers\downld\400532.exe
c:\users\Sony\AppData\Roaming\drivers\downld\401671.exe
c:\users\Sony\AppData\Roaming\drivers\downld\402700.exe
c:\users\Sony\AppData\Roaming\drivers\downld\403418.exe
c:\users\Sony\AppData\Roaming\drivers\downld\404432.exe
c:\users\Sony\AppData\Roaming\drivers\downld\404916.exe
c:\users\Sony\AppData\Roaming\drivers\downld\405462.exe
c:\users\Sony\AppData\Roaming\drivers\downld\406413.exe
c:\users\Sony\AppData\Roaming\drivers\downld\416070.exe
c:\users\Sony\AppData\Roaming\drivers\downld\417989.exe
c:\users\Sony\AppData\Roaming\drivers\downld\418301.exe
c:\users\Sony\AppData\Roaming\drivers\downld\419221.exe
c:\users\Sony\AppData\Roaming\drivers\downld\420001.exe
c:\users\Sony\AppData\Roaming\drivers\downld\420219.exe
c:\users\Sony\AppData\Roaming\drivers\downld\420953.exe
c:\users\Sony\AppData\Roaming\drivers\downld\429314.exe
c:\users\Sony\AppData\Roaming\drivers\downld\439532.exe
c:\users\Sony\AppData\Roaming\drivers\downld\441186.exe
c:\users\Sony\AppData\Roaming\drivers\downld\441826.exe
c:\users\Sony\AppData\Roaming\drivers\downld\442481.exe
c:\users\Sony\AppData\Roaming\drivers\downld\445648.exe
c:\users\Sony\AppData\Roaming\drivers\downld\447161.exe
c:\users\Sony\AppData\Roaming\drivers\downld\448346.exe
c:\users\Sony\AppData\Roaming\drivers\downld\450172.exe
c:\users\Sony\AppData\Roaming\drivers\downld\450593.exe
c:\users\Sony\AppData\Roaming\drivers\downld\451217.exe
c:\users\Sony\AppData\Roaming\drivers\downld\463463.exe
c:\users\Sony\AppData\Roaming\drivers\downld\464180.exe
c:\users\Sony\AppData\Roaming\drivers\downld\464758.exe
c:\users\Sony\AppData\Roaming\drivers\downld\465241.exe
c:\users\Sony\AppData\Roaming\drivers\downld\465678.exe
c:\users\Sony\AppData\Roaming\drivers\downld\466848.exe
c:\users\Sony\AppData\Roaming\drivers\downld\469485.exe
c:\users\Sony\AppData\Roaming\drivers\downld\470608.exe
c:\users\Sony\AppData\Roaming\drivers\downld\471637.exe
c:\users\Sony\AppData\Roaming\drivers\downld\476583.exe
c:\users\Sony\AppData\Roaming\drivers\downld\478267.exe
c:\users\Sony\AppData\Roaming\drivers\downld\478751.exe
c:\users\Sony\AppData\Roaming\drivers\downld\483353.exe
c:\users\Sony\AppData\Roaming\drivers\downld\484039.exe
c:\users\Sony\AppData\Roaming\drivers\downld\484913.exe
c:\users\Sony\AppData\Roaming\drivers\downld\493103.exe
c:\users\Sony\AppData\Roaming\drivers\downld\495786.exe
c:\users\Sony\AppData\Roaming\drivers\downld\497128.exe
c:\users\Sony\AppData\Roaming\drivers\downld\498953.exe
c:\users\Sony\AppData\Roaming\drivers\downld\500919.exe
c:\users\Sony\AppData\Roaming\drivers\downld\502229.exe
c:\users\Sony\AppData\Roaming\drivers\downld\504210.exe
c:\users\Sony\AppData\Roaming\drivers\downld\505037.exe
c:\users\Sony\AppData\Roaming\drivers\downld\506285.exe
c:\users\Sony\AppData\Roaming\drivers\downld\506987.exe
c:\users\Sony\AppData\Roaming\drivers\downld\508703.exe
c:\users\Sony\AppData\Roaming\drivers\downld\510731.exe
c:\users\Sony\AppData\Roaming\drivers\downld\522587.exe
c:\users\Sony\AppData\Roaming\drivers\downld\523773.exe
c:\users\Sony\AppData\Roaming\drivers\downld\523991.exe
c:\users\Sony\AppData\Roaming\drivers\downld\537485.exe
c:\users\Sony\AppData\Roaming\drivers\downld\540231.exe
c:\users\Sony\AppData\Roaming\drivers\downld\542384.exe
c:\users\Sony\AppData\Roaming\drivers\downld\576501.exe
c:\users\Sony\AppData\Roaming\drivers\downld\576922.exe
c:\users\Sony\AppData\Roaming\drivers\downld\577281.exe
c:\users\Sony\AppData\Roaming\drivers\downld\591696.exe
c:\users\Sony\AppData\Roaming\drivers\downld\592320.exe
c:\users\Sony\AppData\Roaming\drivers\downld\592694.exe
c:\users\Sony\AppData\Roaming\drivers\downld\600697.exe
c:\users\Sony\AppData\Roaming\drivers\downld\601243.exe
c:\users\Sony\AppData\Roaming\drivers\downld\601430.exe
c:\users\Sony\AppData\Roaming\drivers\downld\60731.exe
c:\users\Sony\AppData\Roaming\drivers\downld\61511.exe
c:\users\Sony\AppData\Roaming\drivers\downld\61823.exe
c:\users\Sony\AppData\Roaming\drivers\downld\75707.exe
c:\users\Sony\AppData\Roaming\drivers\downld\78218.exe
c:\users\Sony\AppData\Roaming\drivers\downld\79108.exe
c:\users\Sony\AppData\Roaming\drivers\downld\79170.exe
c:\users\Sony\AppData\Roaming\drivers\downld\79186.exe
c:\users\Sony\AppData\Roaming\drivers\downld\83054.exe
c:\users\Sony\AppData\Roaming\drivers\downld\91354.exe
c:\users\Sony\AppData\Roaming\drivers\downld\96533.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Creati Da 2009-01-04 al 2009-02-04 )))))))))))))))))))))))))))))))))))
.

2009-02-03 21:48 . 2009-02-03 22:33 <DIR> d-------- c:\users\Sony\DoctorWeb
2009-02-03 15:19 . 2009-02-03 15:19 <DIR> d-------- c:\users\Sony\AppData\Roaming\Malwarebytes
2009-02-03 15:19 . 2009-02-03 15:19 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-03 15:19 . 2009-02-03 15:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 15:19 . 2009-02-03 15:19 <DIR> d-------- c:\progra~2\Malwarebytes
2009-02-03 15:19 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-03 15:19 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-03 13:24 . 2009-02-04 00:10 493,312,211 --a------ c:\windows\MEMORY.DMP
2009-02-03 13:20 . 2009-02-03 13:35 <DIR> d-------- c:\program files\FindyKill
2009-02-03 10:38 . 2009-02-03 10:38 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 10:15 . 2009-02-03 10:15 <DIR> d-------- c:\users\Sony\AppData\Roaming\Spyware Terminator
2009-02-03 09:41 . 2009-02-03 09:56 <DIR> d-------- c:\users\All Users\Spyware Terminator
2009-02-03 09:41 . 2009-02-03 09:56 <DIR> d-------- c:\program files\Spyware Terminator
2009-02-03 09:41 . 2009-02-03 09:41 <DIR> d-------- c:\program files\Crawler
2009-02-03 09:41 . 2009-02-03 09:56 <DIR> d-------- c:\progra~2\Spyware Terminator
2009-02-03 09:41 . 2009-02-03 09:41 142,592 --a------ c:\windows\System32\drivers\sp_rsdrv2.sys
2009-02-03 09:28 . 2009-02-03 13:20 <DIR> d-------- c:\users\Sony\.housecall6.6
2009-02-03 09:20 . 2009-02-03 10:36 <DIR> d-------- c:\users\All Users\avg8
2009-02-03 09:20 . 2009-02-03 10:36 <DIR> d-------- c:\progra~2\avg8
2009-02-03 08:58 . 2009-02-03 08:58 <DIR> d-------- c:\users\Sony\AppData\Roaming\PC Tools
2009-02-03 08:58 . 2009-02-03 08:58 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-03 08:58 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2009-02-03 08:44 . 2009-02-03 08:45 <DIR> d-------- C:\Update
2009-02-03 08:07 . 2009-02-03 08:33 <DIR> d-------- c:\users\Sony\AppData\Roaming\Vidalia
2009-02-02 23:22 . 2009-02-02 23:24 <DIR> d-------- c:\users\Sony\AppData\Roaming\vlc
2009-02-02 23:22 . 2009-02-02 23:22 <DIR> d-------- c:\program files\VideoLAN
2009-02-02 22:51 . 2009-02-03 08:06 <DIR> d-------- c:\users\Sony\AppData\Roaming\Orbit
2009-02-02 22:51 . 2009-02-02 22:51 <DIR> d-------- c:\users\Sony\AppData\Roaming\GrabPro
2009-02-02 22:51 . 2009-02-02 23:11 <DIR> d-------- C:\downloads
2009-02-02 22:50 . 2009-02-03 00:00 <DIR> d-------- c:\users\Sony\dwhelper
2009-02-02 22:23 . 2009-02-03 08:33 <DIR> d-------- c:\users\Sony\AppData\Roaming\tor
2009-02-02 22:23 . 2009-02-02 22:23 <DIR> d-------- c:\program files\Vidalia Bundle
2009-02-02 20:32 . 2009-02-02 20:32 <DIR> d-------- c:\windows\Sun
2009-02-02 20:28 . 2009-02-02 20:28 410,984 --a------ c:\windows\System32\deploytk.dll
2009-02-02 20:22 . 2009-02-02 20:22 0 --a------ c:\windows\nsreg.dat
2009-02-02 19:50 . 2009-02-02 19:50 <DIR> d-------- c:\users\Sony\AppData\Roaming\Download Manager
2009-02-02 19:50 . 2009-02-02 19:50 <DIR> d-------- c:\users\Sony\AppData\Roaming\BSD
2009-02-02 19:50 . 2008-12-04 18:52 1,386,496 --a------ c:\windows\bsdsetup.dll
2009-02-02 19:39 . 2009-02-02 19:39 <DIR> d-------- c:\users\Sony\AppData\Roaming\CopyTransPhoto
2009-02-02 19:38 . 2009-02-02 19:38 <DIR> d-------- c:\users\Sony\AppData\Roaming\CopyTransControlCenter
2009-02-02 19:38 . 2009-02-02 19:53 <DIR> d-------- c:\users\All Users\CopyTransControlCenter
2009-02-02 19:38 . 2009-02-02 19:53 <DIR> d-------- c:\progra~2\CopyTransControlCenter
2009-02-02 19:26 . 2009-02-02 19:26 <DIR> d-------- c:\program files\Haali
2009-02-02 19:25 . 2009-02-02 19:25 563,712 --a------ c:\windows\System32\Redemption.dll
2009-02-02 19:24 . 2009-02-02 19:53 <DIR> d-------- c:\program files\doubleTwist
2009-02-02 19:20 . 2009-02-02 19:20 <DIR> d-------- c:\program files\Common Files\eSellerate
2009-02-02 19:16 . 2009-02-02 19:16 <DIR> d-------- c:\program files\UltraISO
2009-02-02 19:16 . 2009-02-02 19:16 <DIR> d-------- c:\program files\Common Files\EZB Systems
2009-02-02 18:36 . 2009-02-04 20:54 <DIR> d--h----- c:\users\Sony\AppData\Roaming\drivers
2009-02-02 18:32 . 2009-02-02 18:32 <DIR> d-------- c:\users\All Users\eMule
2009-02-02 18:32 . 2009-02-02 18:32 <DIR> d-------- c:\progra~2\eMule
2009-02-02 18:27 . 2009-02-02 18:27 <DIR> d-------- c:\users\Sony\AppData\Roaming\DAEMON Tools Pro
2009-02-02 18:27 . 2009-02-02 18:27 <DIR> d-------- c:\users\Sony\AppData\Roaming\DAEMON Tools
2009-02-02 18:27 . 2009-02-02 18:27 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2009-02-02 18:27 . 2009-02-02 18:27 <DIR> d-------- c:\progra~2\DAEMON Tools Lite
2009-02-02 18:26 . 2009-02-02 19:54 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-02-02 18:26 . 2009-02-02 18:27 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-02 18:22 . 2009-02-02 18:22 <DIR> d-------- c:\users\Sony\AppData\Roaming\DAEMON Tools Lite
2009-02-02 18:22 . 2009-02-02 18:22 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2009-02-02 17:22 . 2009-02-02 17:22 <DIR> d-------- c:\users\Sony\AppData\Roaming\Apple Computer
2009-02-02 17:22 . 2009-02-02 17:22 <DIR> d-------- c:\program files\iTunes
2009-02-02 17:22 . 2009-02-02 17:22 <DIR> d-------- c:\program files\iPod
2009-02-02 17:22 . 2009-02-02 17:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-02 17:21 . 2009-02-02 17:22 <DIR> d-------- c:\users\All Users\Apple Computer
2009-02-02 17:21 . 2009-02-02 17:21 <DIR> d-------- c:\users\All Users\Apple
2009-02-02 17:21 . 2009-02-02 17:21 <DIR> d-------- c:\program files\QuickTime
2009-02-02 17:21 . 2009-02-02 17:21 <DIR> d-------- c:\program files\Bonjour
2009-02-02 17:21 . 2009-02-02 17:21 <DIR> d-------- c:\program files\Apple Software Update
2009-02-02 17:21 . 2009-02-02 17:22 <DIR> d-------- c:\progra~2\Apple Computer
2009-02-02 17:21 . 2009-02-02 17:21 <DIR> d-------- c:\progra~2\Apple
2009-02-02 17:20 . 2009-02-02 17:20 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-02 17:20 . 2009-02-02 17:20 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-02-02 17:20 . 2009-02-02 17:20 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-02-02 17:17 . 2009-02-02 17:17 <DIR> d-------- c:\program files\URUSoft
2009-02-02 17:15 . 2009-02-02 17:15 <DIR> d-------- c:\program files\eMule
2009-02-02 17:06 . 2009-02-02 23:12 <DIR> d-------- c:\users\Sony\AppData\Roaming\DivX
2009-02-02 16:53 . 2009-02-02 16:53 <DIR> d-------- c:\users\All Users\Messenger Plus!
2009-02-02 16:53 . 2009-02-02 16:53 <DIR> d-------- c:\progra~2\Messenger Plus!
2009-02-02 16:45 . 2009-02-02 16:45 16 --a------ c:\windows\System32\coh.cache
2009-02-02 16:40 . 2009-02-02 16:40 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-02 16:37 . 2007-07-12 02:49 186,256 --a------ c:\windows\System32\SymNPPWA.dll
2009-02-02 16:36 . 2009-02-02 16:36 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-02-02 16:36 . 2009-02-02 16:36 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-02 16:36 . 2009-02-02 16:36 <DIR> d-------- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-02 16:36 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-02-02 16:36 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-02-02 16:35 . 2009-02-04 20:47 <DIR> d-------- c:\users\Sony\Tracing
2009-02-02 16:35 . 2009-02-02 16:35 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-02 16:35 . 2009-02-02 16:35 <DIR> d-------- c:\program files\Microsoft
2009-02-02 16:34 . 2009-02-02 17:21 <DIR> d-------- c:\program files\Windows Live
2009-02-02 16:29 . 2009-02-02 16:29 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-30 10:28 . 2009-02-03 09:22 <DIR> d-a------ c:\users\All Users\TEMP
2009-01-30 10:28 . 2009-02-03 09:22 <DIR> d-a------ c:\progra~2\TEMP
2009-01-30 09:03 . 2007-11-27 09:39 <DIR> dr------- c:\users\Sony\Videos
2009-01-30 09:03 . 2009-01-30 09:04 <DIR> dr------- c:\users\Sony\Searches
2009-01-30 09:03 . 2007-11-26 10:30 <DIR> dr------- c:\users\Sony\Saved Games
2009-01-30 09:03 . 2009-02-02 20:07 <DIR> dr------- c:\users\Sony\Pictures
2009-01-30 09:03 . 2009-02-04 08:13 <DIR> dr------- c:\users\Sony\Music
2009-01-30 09:03 . 2009-01-30 09:04 <DIR> dr------- c:\users\Sony\Links
2009-01-30 09:03 . 2009-02-04 20:49 <DIR> dr------- c:\users\Sony\Downloads
2009-01-30 09:03 . 2009-02-04 20:40 <DIR> dr------- c:\users\Sony\Documents
2009-01-30 09:03 . 2007-11-26 10:30 <DIR> dr------- c:\users\Sony\Contacts
2009-01-30 09:03 . 2009-02-03 08:44 <DIR> d-------- c:\users\Sony\AppData\Roaming\Sony Corporation
2009-01-30 09:03 . 2006-11-02 13:37 <DIR> d-------- c:\users\Sony\AppData\Roaming\Media Center Programs
2009-01-30 09:03 . 2007-11-26 10:30 <DIR> d--h----- c:\users\Sony\AppData
2009-01-30 09:03 . 2009-02-03 21:48 <DIR> d-------- c:\users\Sony
2009-01-30 09:03 . 2009-02-04 00:11 56,088 --a------ c:\users\Sony\AppData\Roaming\nvModes.dat
2009-01-30 09:03 . 2009-01-30 09:03 0 -rah----- c:\windows\System32\drivers\Sony_VGN-NR21ZS.mrk
2009-01-30 08:58 . 2009-01-30 08:58 <DIR> dr------- c:\windows\System32\config\systemprofile\Contacts
2009-01-30 08:52 . 2009-01-30 08:52 40 --ah----- c:\windows\System32\ivireg.ivr
2009-01-30 08:44 . 2009-02-02 18:24 <DIR> d-------- c:\program files\Norton 360
2009-01-30 08:42 . 2009-02-02 18:24 <DIR> d-------- c:\users\All Users\Symantec
2009-01-30 08:42 . 2009-02-02 18:24 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-30 08:42 . 2009-02-02 18:24 <DIR> d-------- c:\progra~2\Symantec
2009-01-30 08:40 . 2009-01-30 08:40 <DIR> d-------- c:\program files\Common Files\InterVideo
2009-01-30 08:39 . 2009-01-30 08:40 <DIR> d-------- c:\program files\InterVideo
2009-01-30 08:37 . 2009-01-30 08:37 <DIR> d-------- C:\Documentation
2009-01-30 08:37 . 2009-01-30 08:37 0 --a------ c:\windows\VAIOUpdt.INI
2009-01-30 08:31 . 2009-01-30 08:31 <DIR> d-------- c:\program files\Sony Corporation
2009-01-30 08:26 . 2009-01-30 08:26 <DIR> d-------- c:\users\All Users\Sonic
2009-01-30 08:26 . 2009-01-30 08:26 <DIR> d-------- c:\program files\Roxio
2009-01-30 08:26 . 2009-01-30 08:26 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-01-30 08:26 . 2009-01-30 08:26 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2009-01-30 08:26 . 2009-01-30 08:26 <DIR> d-------- c:\progra~2\Sonic
2009-01-30 08:25 . 2007-10-19 22:47 129,520 --------- c:\windows\System32\pxafs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 12:40 --------- d-----w c:\program files\Picasa2
2009-02-03 07:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-03 07:51 --------- d-----w c:\program files\Sony
2009-02-02 22:12 --------- d-----w c:\progra~2\Sony Corporation
2009-02-02 19:28 --------- d-----w c:\program files\Java
2009-02-02 17:24 --------- d-----w c:\program files\Google
2009-01-30 07:28 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-30 07:26 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-30 07:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-04 23:38 308,072 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2007-11-26 10:20 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-11-26 253952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-16 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-16 81920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-27 1838592]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-27 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-02 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-02-03 1168264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 20:05 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1487980511-2100154818-2611834082-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{62AEDA7A-D2ED-44D5-8044-60CACCF48B03}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{55E3B527-A213-4C3B-9DAD-FB125637D8BE}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{1C123C77-A8A2-4A70-B727-8EF2EFD5F7EC}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{609E01CF-4D8C-4A90-9E5E-6D213B5FC0CB}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{CCD90CE6-4770-4347-BDD3-2C97A83B1F39}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{71A98349-4F9D-4184-B245-74C672855169}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{48D676BF-4B3D-458F-9DF9-D9C6F44893E6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2ADFE274-7879-4E67-A68B-BF00D8E6EA2F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{98BABF3F-EBB0-403C-AA78-2B65EA6D8F5F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7F84C35D-C677-4531-8CFE-98C9473AC725}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{29329584-ED69-4CBB-8238-001245498CA6}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{63363C63-AD3A-495C-BA71-CF731300FFF8}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2009-01-30 204800]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2007-11-26 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-11-26 812544]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2009-01-30 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2009-01-30 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2009-01-30 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-30 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-01-30 79136]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - sptd
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\3qiyxshc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 20:59:34
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\Sony\AppData\Local\Temp\CabCA8E.tmp 27023 bytes
c:\users\Sony\AppData\Local\Temp\TarCA8F.tmp 32768 bytes
c:\users\Sony\AppData\Roaming\Microsoft\Windows\Cookies\sony@live[2].txt 404 bytes

Scansione completata con successo
Files nascosti: 3

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-04 21:02:27 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-04 20:02:24

Pre-Run: 191.373.355.008 byte disponibili
Post-Run: 190,090,422,272 byte disponibili

572
Torna in alto
 
shapiro
Inviato: Wednesday, February 04, 2009 9:59:49 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
puoi postarmi un log di hjt?
Torna in alto
 
xelex
Inviato: Wednesday, February 04, 2009 10:04:38 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
Logfile of HijackThis v1.99.1
Scan saved at 22.03.51, on 04/02/2009
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Sony\AppData\Local\Temp\Rar$EX00.559\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Torna in alto
 
shapiro
Inviato: Wednesday, February 04, 2009 10:16:01 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
elimina queste voci con hjt

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)



usi un programma della Sony?
Torna in alto
 
xelex
Inviato: Wednesday, February 04, 2009 10:25:29 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
Per fare cosa?
Torna in alto
 
shapiro
Inviato: Wednesday, February 04, 2009 10:31:44 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ti invio un messaggio privato- rispondi nello stesso modo
Torna in alto
 
shapiro
Inviato: Thursday, February 05, 2009 11:56:17 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
disinstalla il tuo antivirus e fai una nuova installazione


Riattiva i servizi che trovi disabilitati


Apri la lista dei Servizi
Start > Esegui >digita SERVICES.MSC >Ok ed abilita, dove è necessario, questi servizi disabilitati: Avvisi, Centro sicurezza PC, Aggiornamenti automatici, Connessioni di rete, Zero Configuration reti senza fili e Windows Firewall/ Condivisione connessione Internet (ICS). (Per avviare un servizio, clic con il tasto destro su Proprietà >Automatico > Ok > Avvia > Ok).
Torna in alto
 
xelex
Inviato: Friday, February 06, 2009 12:00:49 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
Ok, abilitato tutti i servizi!
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 12:03:52 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
disinstalla ComboFix in questa maniera:

Start\esegui

nella casella di dlialogo copia ed incolla questo comando: combofix /u


2) vai in Disco Locale C: ed elimina la cartella QooBox

3) elimina l'eventuale cartella che avevi creato sul Desktop in cui avevi posizionato Combofix.
Torna in alto
 
xelex
Inviato: Friday, February 06, 2009 12:42:59 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
Mi dice: impossibile trovare il comando.
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 12:56:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
vai in C\ e vedi se hai ancora installato combofix
Torna in alto
 
xelex
Inviato: Friday, February 06, 2009 1:24:13 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
C'è la cartella ComboFix ma è vuota. L'altra che dicevi la elimino.
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 1:30:10 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
la cartella QooBox devi eliminarla
Torna in alto
 
xelex
Inviato: Friday, February 06, 2009 1:42:36 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
Fatto!
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 4:03:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
controlla di nuovo questa procedura per disinstallare Combofix


Start\esegui

nella casella di dlialogo copia ed incolla questo comando: combofix /u


fammi sapere come va' il pc
Torna in alto
 
xelex
Inviato: Friday, February 06, 2009 4:06:50 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
Mi dice di nuovo: Impossibile trovare il file.

Cmq ora il pc va benissimo. Applause
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 4:27:43 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
bene cosi'

per finire fai una scansione col tuo antivirus- se ancora non hai deciso cosa scegliere, ti consiglio avira
Torna in alto
 
xelex
Inviato: Friday, February 06, 2009 6:04:06 PM
Rank: Member

Iscritto dal : 2/3/2006
Posts: 3
Ok lo installo e faccio una scansione poi ti faccio sapere!
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: 1 [2] 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » grosso problema


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.