Condividi:        

problema grosso

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

problema grosso

Postdi francois87 » 15/06/09 11:20

salve a tutti,ieri pomeriggio mi sono scaricato una versione di windows live messenger dal sito ufficiale perchè la versione che avevo prima non mi ci faceva più entrare.questa mattina quando ho acceso il computer mi è comparsa una finestra con delle scritte in cinese; immediatamente lo chiusa dal tasto X,ma dopo un pò il computer mi si è riavviato da solo.riavviandosi mi è comparsa di nuovo la stessa finestra.mi potreste dare una mano???vi allego l'immagine del problema.
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Sponsor
 

Re: problema grosso

Postdi francois87 » 15/06/09 11:29

ragazzi non riesco a mandare il file di immagine
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi Luke57 » 15/06/09 17:44

Ciao, sei sicura di non averla scaricata dal sito cinese? Non è propriamente la mia lingua ;) ma comunque carica l'immagine in un sito di hosting e fornisci il link per poterla vedere (tipo easyshare.com et similia)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema grosso

Postdi francois87 » 16/06/09 12:25

ciao luke 57...ecco il link del file...
http://www.easy-share.com/1905803959/file1.JPG
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi Luke57 » 16/06/09 12:39

Ciao, disattiva l'antivirus e d elimina, se ci sono, precedenti versioni di combofix dal computer.
scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" ,basta che cambi il nome che ti appare in abc.exe)
Disconnettiti da internet
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file o allegalo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema grosso

Postdi francois87 » 17/06/09 15:27

ciao luke57 ecco il log di combofix:

ComboFix 09-06-16.05 - User 2010-06-17 16:11.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.146 [GMT 2:00]
Eseguito da: c:\documents and settings\User\desktop\abc.exe
Opzioni usate :: /killall
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2010-05-17 al 2010-06-17 )))))))))))))))))))))))))))))))))))
.

2010-06-16 11:16 . 2010-06-16 11:16 -------- d-----w- c:\windows\Sun
2010-06-16 11:11 . 2010-06-16 11:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-06-16 11:10 . 2010-06-16 11:10 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1471875.exe
2010-06-16 11:10 . 2010-06-16 11:10 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1471703.exe
2010-06-16 11:10 . 2010-06-16 11:10 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1470718.exe
2010-06-16 11:10 . 2010-06-16 11:10 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1470000.exe
2010-06-16 11:10 . 2010-06-16 11:10 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1469687.exe
2010-06-16 11:10 . 2010-06-16 11:10 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1468468.exe
2010-06-16 11:10 . 2010-06-16 11:10 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1463953.exe
2010-06-16 11:10 . 2010-06-16 11:10 1733 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1461671.exe
2010-06-16 11:10 . 2010-06-16 11:10 7035 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1444468.exe
2010-06-16 11:10 . 2010-06-16 11:10 7035 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1441109.exe
2010-06-16 11:10 . 2010-06-16 11:10 7035 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1436546.exe
2010-06-16 11:08 . 2010-06-16 11:08 -------- d-----w- c:\programmi\Java
2010-06-16 11:08 . 2010-06-16 11:08 306 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1361531.exe
2010-06-16 11:08 . 2010-06-16 11:08 306 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1361343.exe
2010-06-16 11:08 . 2010-06-16 11:08 306 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1360640.exe
2010-06-16 11:08 . 2010-06-16 11:08 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1351796.exe
2010-06-16 11:07 . 2010-06-16 11:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-06-16 11:07 . 2010-06-16 11:07 7026 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1298484.exe
2010-06-16 11:07 . 2010-06-16 11:07 7026 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1298171.exe
2010-06-16 11:07 . 2010-06-16 11:07 7026 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1297437.exe
2010-06-16 11:07 . 2010-06-16 11:07 152576 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2010-06-16 11:07 . 2010-06-16 11:07 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1261468.exe
2010-06-16 11:07 . 2010-06-16 11:07 6999 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1253656.exe
2010-06-16 11:07 . 2010-06-16 11:07 6999 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1253281.exe
2010-06-16 11:07 . 2010-06-16 11:07 6999 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1252500.exe
2010-06-16 11:07 . 2010-06-16 11:07 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1250156.exe
2010-06-16 11:05 . 2010-06-16 11:05 7053 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1155203.exe
2010-06-16 11:05 . 2010-06-16 11:05 7053 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1155031.exe
2010-06-16 11:05 . 2010-06-16 11:05 7053 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1154687.exe
2010-06-16 10:57 . 2010-06-16 10:57 100356 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\659187.exe
2010-06-16 10:55 . 2010-06-16 10:55 7014 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\568046.exe
2010-06-16 10:55 . 2010-06-16 10:55 7014 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\567781.exe
2010-06-16 10:55 . 2010-06-16 10:55 7014 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\561843.exe
2010-06-16 10:54 . 2010-06-16 10:54 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\477171.exe
2010-06-16 10:54 . 2010-06-16 10:54 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\471656.exe
2010-06-16 10:52 . 2010-06-16 10:52 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\394906.exe
2010-06-16 10:52 . 2010-06-16 10:52 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\394500.exe
2010-06-16 10:52 . 2010-06-16 10:52 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\393906.exe
2010-06-16 10:52 . 2010-06-16 10:52 61034 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\392406.exe
2010-06-16 10:52 . 2010-06-16 10:52 61207 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\391125.exe
2010-06-16 10:52 . 2010-06-16 10:52 60846 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\387390.exe
2010-06-16 10:52 . 2010-06-16 10:52 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\386125.exe
2010-06-16 10:52 . 2010-06-16 10:52 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\385328.exe
2010-06-16 10:52 . 2010-06-16 10:52 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\383390.exe
2010-06-16 10:51 . 2010-06-16 10:51 6164 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\294750.exe
2010-06-16 10:50 . 2010-06-16 10:50 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\278578.exe
2010-06-16 10:48 . 2010-06-16 10:48 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\154187.exe
2010-06-16 10:48 . 2010-06-16 10:48 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\144968.exe
2010-06-15 18:08 . 2010-06-15 18:08 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2712562.exe
2010-06-15 18:08 . 2010-06-15 18:08 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2712390.exe
2010-06-15 18:08 . 2010-06-15 18:08 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2712015.exe
2010-06-15 18:08 . 2010-06-15 18:08 61640 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2710609.exe
2010-06-15 18:08 . 2010-06-15 18:08 60699 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2709359.exe
2010-06-15 18:08 . 2010-06-15 18:08 60387 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2705609.exe
2010-06-15 18:08 . 2010-06-15 18:08 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2704093.exe
2010-06-15 18:08 . 2010-06-15 18:08 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2703093.exe
2010-06-15 18:08 . 2010-06-15 18:08 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2700812.exe
2010-06-15 18:08 . 2010-06-15 18:08 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2657265.exe
2010-06-15 18:07 . 2010-06-15 18:07 67678 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2643296.exe
2010-06-15 18:06 . 2010-06-15 18:06 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2540656.exe
2010-06-15 18:06 . 2010-06-15 18:06 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\2533421.exe
2010-06-15 15:17 . 2010-06-15 15:17 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4723562.exe
2010-06-15 15:17 . 2010-06-15 15:17 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4723468.exe
2010-06-15 15:17 . 2010-06-15 15:17 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4722437.exe
2010-06-15 15:17 . 2010-06-15 15:17 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4721984.exe
2010-06-15 15:17 . 2010-06-15 15:17 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4721671.exe
2010-06-15 15:17 . 2010-06-15 15:17 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4721187.exe
2010-06-15 15:17 . 2010-06-15 15:17 7035 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4689078.exe
2010-06-15 15:17 . 2010-06-15 15:17 7035 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4687437.exe
2010-06-15 15:17 . 2010-06-15 15:17 7035 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4685875.exe
2010-06-15 15:15 . 2010-06-15 15:15 306 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4606734.exe
2010-06-15 15:15 . 2010-06-15 15:15 306 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4605921.exe
2010-06-15 15:15 . 2010-06-15 15:15 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4600406.exe
2010-06-15 15:15 . 2010-06-15 15:15 415 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4599375.exe
2010-06-15 15:15 . 2010-06-15 15:15 415 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4599359.exe
2010-06-15 15:15 . 2010-06-15 15:15 415 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4598562.exe
2010-06-15 15:15 . 2010-06-15 15:15 7026 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4598015.exe
2010-06-15 15:15 . 2010-06-15 15:15 7026 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4597640.exe
2010-06-15 15:15 . 2010-06-15 15:15 7026 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4590875.exe
2010-06-15 15:14 . 2010-06-15 15:15 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4564859.exe
2010-06-15 15:14 . 2010-06-15 15:14 6999 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4557453.exe
2010-06-15 15:14 . 2010-06-15 15:14 6999 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4556203.exe
2010-06-15 14:13 . 2010-06-15 14:13 7053 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\893281.exe
2010-06-15 14:13 . 2010-06-15 14:13 7053 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\892859.exe
2010-06-15 14:13 . 2010-06-15 14:13 7053 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\888734.exe
2010-06-15 14:08 . 2010-06-15 14:08 7014 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\549390.exe
2010-06-15 14:08 . 2010-06-15 14:08 7014 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\545156.exe
2010-06-15 14:07 . 2010-06-15 14:07 7014 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\531890.exe
2010-06-15 14:06 . 2010-06-15 14:06 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\433671.exe
2010-06-15 14:06 . 2010-06-15 14:06 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\429937.exe
2010-06-15 14:04 . 2010-06-15 14:04 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\352078.exe
2010-06-15 14:04 . 2010-06-15 14:04 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\351859.exe
2010-06-15 14:04 . 2010-06-15 14:04 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\351218.exe
2010-06-15 14:04 . 2010-06-15 14:04 24723 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\348296.exe
2010-06-15 14:04 . 2010-06-15 14:04 24723 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\347250.exe
2010-06-15 14:04 . 2010-06-15 14:04 24723 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\341531.exe
2010-06-15 14:03 . 2010-06-15 14:03 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\274609.exe
2010-06-15 14:03 . 2010-06-15 14:03 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\268078.exe
2010-06-15 14:01 . 2010-06-15 14:01 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\165843.exe
2010-06-15 14:01 . 2010-06-15 14:01 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\144125.exe
2010-06-15 10:53 . 2010-06-15 10:53 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\288109.exe
2010-06-15 10:52 . 2010-06-15 10:52 7014 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\277968.exe
2010-06-15 10:52 . 2010-06-15 10:52 7014 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\277812.exe
2010-06-15 10:52 . 2010-06-15 10:52 7014 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\274171.exe
2010-06-15 10:52 . 2010-06-15 10:52 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\247890.exe
2010-06-15 10:52 . 2010-06-15 10:52 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\243296.exe
2010-06-15 10:51 . 2010-06-15 10:51 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\217796.exe
2010-06-15 10:51 . 2010-06-15 10:51 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\217359.exe
2010-06-15 10:51 . 2010-06-15 10:51 7062 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\216718.exe
2010-06-15 10:51 . 2010-06-15 10:51 24723 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\213703.exe
2010-06-15 10:51 . 2010-06-15 10:51 24723 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\212937.exe
2010-06-15 10:51 . 2010-06-15 10:51 24723 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\207343.exe
2010-06-15 10:51 . 2010-06-15 10:51 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\188281.exe
2010-06-15 10:51 . 2010-06-15 10:51 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\182250.exe
2010-06-15 10:50 . 2010-06-15 10:50 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\157859.exe
2010-06-15 10:50 . 2010-06-15 10:50 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\152656.exe
2010-06-15 09:26 . 2010-06-15 09:26 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\777265.exe
2010-06-15 09:26 . 2010-06-15 09:26 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\777234.exe
2010-06-15 09:26 . 2010-06-15 09:26 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\776328.exe
2010-06-15 09:26 . 2010-06-15 09:26 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\775828.exe
2010-06-15 09:26 . 2010-06-15 09:26 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\775609.exe
2010-06-15 09:26 . 2010-06-15 09:26 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\774953.exe
2010-06-15 09:26 . 2010-06-15 09:26 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\770812.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 12:00 . 2010-04-23 11:49 3416 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-06-16 11:59 . 2010-04-04 12:10 -------- d-----w- c:\programmi\FindyKill
2010-06-16 11:06 . 2010-06-16 11:06 766 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1249203.exe
2010-06-16 11:06 . 2010-06-16 11:06 766 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1248609.exe
2010-06-16 11:06 . 2010-06-16 11:06 766 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1247062.exe
2010-06-16 11:06 . 2010-06-16 11:06 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1240093.exe
2010-06-16 11:06 . 2010-06-16 11:06 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1240031.exe
2010-06-16 11:06 . 2010-06-16 11:06 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1239234.exe
2010-06-16 11:06 . 2010-06-16 11:06 80 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1236453.exe
2010-06-16 11:06 . 2010-06-16 11:06 80 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1236343.exe
2010-06-16 11:06 . 2010-06-16 11:06 80 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1235484.exe
2010-06-16 11:06 . 2010-06-16 11:06 3252 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1232953.exe
2010-06-16 11:06 . 2010-06-16 11:06 3252 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1232875.exe
2010-06-16 11:06 . 2010-06-16 11:06 3252 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1232203.exe
2010-06-16 10:47 . 2010-04-10 10:18 112763 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys
2010-06-15 15:14 . 2010-06-15 14:14 6582 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\953453.exe
2010-06-15 09:53 . 2009-02-03 16:16 -------- d-----w- c:\programmi\eMule
2010-06-15 09:18 . 2010-04-10 11:00 304 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\334937.exe
2010-06-15 09:01 . 2009-03-29 16:47 -------- d--h--w- c:\documents and settings\User\Dati applicazioni\drivers
2010-06-01 15:54 . 2009-02-14 11:15 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Canon
2010-05-15 16:33 . 2010-05-15 16:30 -------- d-----w- c:\programmi\cdcover
2010-05-07 10:24 . 2010-05-07 10:24 -------- d-----w- c:\documents and settings\User\Dati applicazioni\dvdcss
2010-05-06 14:16 . 2009-01-31 11:43 -------- d-----w- c:\programmi\File comuni\Adobe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_4ae13d6c.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_294823.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_18be6784.exe
2010-04-23 13:18 . 2010-04-23 11:59 -------- d-----w- c:\programmi\jlgsolera
2010-04-23 12:00 . 2010-04-23 12:00 133 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_70347633.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_611d2f5f.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_468a2e62.exe
2010-04-15 12:51 . 2009-02-02 20:29 75688 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-10 11:04 . 2010-04-10 11:04 287 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\587765.exe
2010-04-10 11:04 . 2010-04-10 11:04 287 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\587687.exe
2010-04-10 11:04 . 2010-04-10 11:04 287 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\587234.exe
2010-04-10 11:04 . 2010-04-10 11:04 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\560515.exe
2010-04-10 11:04 . 2010-04-10 11:04 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\559453.exe
2010-04-10 11:04 . 2010-04-10 11:04 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\558234.exe
2010-04-10 11:00 . 2010-04-10 11:00 1230 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\352328.exe
2010-04-10 11:00 . 2010-04-10 11:00 15951 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\351156.exe
2010-04-10 11:00 . 2010-04-10 11:00 15951 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\350000.exe
2010-04-10 11:00 . 2010-04-10 11:00 878596 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\338625.exe
2010-04-10 11:00 . 2010-04-10 11:00 304 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\335281.exe
2010-04-10 11:00 . 2010-04-10 11:00 304 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\335218.exe
2010-04-10 10:59 . 2010-04-10 10:59 99844 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\256515.exe
2010-04-10 10:58 . 2010-04-10 10:58 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\236296.exe
2010-04-10 10:58 . 2010-04-10 10:58 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\235328.exe
2010-04-10 10:58 . 2010-04-10 10:58 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\233109.exe
2010-04-10 10:57 . 2010-04-10 10:57 180 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\141359.exe
2010-04-10 10:57 . 2010-04-10 10:57 180 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\141250.exe
2010-04-10 10:57 . 2010-04-10 10:57 180 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\139109.exe
2010-04-10 10:35 . 2010-04-10 10:35 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1046015.exe
2010-04-10 10:35 . 2010-04-10 10:35 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1045953.exe
2010-04-10 10:35 . 2010-04-10 10:35 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1045062.exe
2010-04-10 10:35 . 2010-04-10 10:35 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1044593.exe
2010-04-10 10:35 . 2010-04-10 10:35 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1044328.exe
2010-04-10 10:35 . 2010-04-10 10:35 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1043671.exe
2010-04-10 10:35 . 2010-04-10 10:35 67667 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1039000.exe
2010-04-10 10:35 . 2010-04-10 10:35 7153 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1036453.exe
2010-04-10 10:35 . 2010-04-10 10:35 7153 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1036171.exe
2010-04-10 10:35 . 2010-04-10 10:35 7153 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1035171.exe
2010-04-10 10:34 . 2010-04-10 10:34 7138 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1017156.exe
2010-04-10 10:34 . 2010-04-10 10:34 7138 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1016890.exe
2010-04-10 10:34 . 2010-04-10 10:34 7138 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1016171.exe
2010-04-10 10:32 . 2010-04-10 10:32 287 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\843781.exe
2010-04-10 10:32 . 2010-04-10 10:32 287 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\843687.exe
2010-04-10 10:32 . 2010-04-10 10:32 287 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\843328.exe
2010-04-10 10:30 . 2010-04-10 10:30 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\754531.exe
2010-04-10 10:30 . 2010-04-10 10:30 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\722109.exe
2010-04-10 10:27 . 2010-04-10 10:27 7053 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\590953.exe
2010-04-10 10:27 . 2010-04-10 10:27 7053 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\590640.exe
2010-04-10 10:27 . 2010-04-10 10:27 7053 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\589750.exe
2010-04-10 10:26 . 2010-04-10 10:26 15951 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\501921.exe
2010-04-10 10:26 . 2010-04-10 10:26 1230 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\501015.exe
2010-04-10 10:26 . 2010-04-10 10:26 15951 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\499218.exe
2010-04-10 10:26 . 2010-04-10 10:26 878596 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\481453.exe
2010-04-10 10:25 . 2010-04-10 10:25 304 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\477593.exe
2010-04-10 10:25 . 2010-04-10 10:25 304 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\477546.exe
2010-04-10 10:25 . 2010-04-10 10:25 304 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\477140.exe
2010-04-10 10:24 . 2010-04-10 10:24 99844 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\376765.exe
2010-04-10 10:23 . 2010-04-10 10:23 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\337734.exe
2010-04-10 10:23 . 2010-04-10 10:23 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\336828.exe
2010-04-10 10:23 . 2010-04-10 10:23 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\334265.exe
2010-04-10 10:21 . 2010-04-10 10:21 180 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\185968.exe
2010-04-10 10:21 . 2010-04-10 10:21 180 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\185906.exe
2010-04-10 10:21 . 2010-04-10 10:21 180 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\184500.exe
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\D3DBF3RV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\8WU5ZBRV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\OHZ131FV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\O2GDV9N7.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\6QIBLBT3.DAT
2010-04-04 12:12 . 2009-03-29 16:22 106 ----a-w- c:\windows\system32\jpg.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-06-15_09.49.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-17 14:13 . 2010-06-17 14:13 16384 c:\windows\temp\Perflib_Perfdata_608.dat
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\fltmc.exe
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\fltlib.dll
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\fltlib.dll
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\dllcache\fltmc.exe
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\dllcache\fltlib.dll
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\dllcache\fltlib.dll
+ 2010-06-16 11:11 . 2010-06-16 11:09 148888 c:\windows\system32\javaws.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\javaw.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\java.exe
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\drivers\fltmgr.sys
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\dllcache\fltmgr.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-01-05 856064]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2010-06-16 78008]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-06-16 148888]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-06-12 1495040]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-2-2 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6d6d9b8-74b0-11df-a3fc-000827dd3010}]
\Shell\AutoRun\command - G:\yftvl.com
\Shell\open\Command - G:\yftvl.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e15510fc-4488-11df-a351-000827dd3010}]
\Shell\AutoRun\command - G:\1ogf.exe
\Shell\open\Command - G:\1ogf.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-MsnMsgr - c:\programmi\MSN Messenger\MsnMsgr.Exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 16:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-17 16:18 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-17 14:18
ComboFix2.txt 2010-04-29 11:18
ComboFix3.txt 2010-04-10 11:18
ComboFix4.txt 2009-03-29 20:19

Pre-Run: 49,912,942,592 byte disponibili
Post-Run: 49,914,339,328 byte disponibili

336 --- E O F --- 2010-06-16 12:01
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi Luke57 » 17/06/09 16:38

Ciao, apri un file di testo, al suo interno copiaci il seguente testo.

Codice: Seleziona tutto
Folder::
c:\documents and settings\User\Dati applicazioni\drivers\downld

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6d6d9b8-74b0-11df-a3fc-000827dd3010}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e15510fc-4488-11df-a351-000827dd3010}]


salvalo sul desktop con il nome obbligatorio di CFScript.txt

trascina con il puntatore del mouse sull'icona di combofix ; il programma avvierà una nuova scansione. Al termine di essa, riavvia e posta il nuovo report.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema grosso

Postdi francois87 » 21/06/09 18:06

ciao luke57 ecco il log di combofix:

ComboFix 09-06-16.05 - User 2010-06-21 18:56.14 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.52 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Dati applicazioni\drivers\downld
c:\documents and settings\User\Dati applicazioni\drivers\downld\1016171.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1016890.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1017156.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1035171.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1036171.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1036453.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1039000.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1043671.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1044328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1044593.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1045062.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1045953.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1046015.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1154687.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1155031.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1155203.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1232203.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1232875.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1232953.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1235484.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1236343.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1236453.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1239234.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1240031.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1240093.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1247062.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1248609.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1249203.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1250156.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1252500.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1253281.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1253656.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1261468.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1297437.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1298171.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1298484.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1351796.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1360640.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1361343.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1361531.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\139109.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\141250.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\141359.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1436546.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1441109.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\144125.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1444468.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\144968.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1461671.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1463953.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1468468.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1469687.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1470000.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1470718.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1471703.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\1471875.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\152656.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\154187.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\157859.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\165843.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\182250.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\184500.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\185906.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\185968.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\188281.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\207343.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\212937.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\213703.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\215031.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\216718.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\217359.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\217796.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\233109.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\235328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\236296.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\243296.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\247890.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2533421.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2540656.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\256515.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2643296.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2657265.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\268078.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2700812.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2703093.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2704093.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2705609.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2709359.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2710609.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2712015.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2712390.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\2712562.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\274171.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\274609.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\277812.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\277968.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\278078.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\278578.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\280156.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\280968.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\283250.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\283703.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\283890.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\288109.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\294750.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\324375.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\329328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\334265.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\334937.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\335218.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\335281.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\336828.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\337734.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\338625.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\341531.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\347250.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\348296.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\350000.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\351156.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\351218.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\351859.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\352078.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\352328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\370515.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\374312.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\374468.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\376765.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\383390.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\383781.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\385328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\386125.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\387390.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\391125.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\392406.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\393906.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\394500.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\394906.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\429937.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\433671.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\441687.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\442062.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\442218.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\448828.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\449265.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\449328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\452156.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\452921.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\453015.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\455562.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4556203.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4557453.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4564859.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\456625.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\456718.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\458203.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4590875.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4597640.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4598015.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4598562.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4599359.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4599375.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4600406.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4605921.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4606734.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\465390.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\467203.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\468171.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4685875.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4687437.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4689078.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\469296.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\471656.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4721187.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4721671.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4721984.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4722437.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4723468.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\4723562.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\473125.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\474421.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\475406.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\477140.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\477171.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\477546.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\477593.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\481453.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\499218.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\501015.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\501921.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\531890.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\545156.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\549390.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\558234.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\559453.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\560515.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\561843.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\567781.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\568046.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\586500.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\587234.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\587687.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\587765.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\589750.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\590140.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\590390.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\590640.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\590953.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\602656.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\603421.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\603437.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\605750.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\606468.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\606546.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\607718.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\608531.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\608609.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\609156.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\610031.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\610093.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\611406.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\612390.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\612609.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\615656.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\615859.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\616500.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\616609.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\617328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\618078.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\618281.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\619875.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\622265.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\623125.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\623343.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\627734.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\629921.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\630906.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\632000.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\632203.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\635828.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\639343.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\639796.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\659187.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\667718.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\668328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\671546.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\672281.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\672984.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\673093.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\673515.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\679156.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\679843.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\680031.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\722109.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\753296.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\754531.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\756734.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\756968.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\770812.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\77250.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\774953.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\775609.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\775828.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\776328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\777234.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\777265.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\843328.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\843687.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\843781.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\888734.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\892859.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\893281.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\90734.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\932453.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\933203.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\933312.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\935937.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\936687.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\936703.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\939343.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\940234.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\940312.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\947593.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\948937.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\949453.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\951031.exe
c:\documents and settings\User\Dati applicazioni\drivers\downld\953453.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-05-21 al 2010-06-21 )))))))))))))))))))))))))))))))))))
.

2010-06-16 11:16 . 2010-06-16 11:16 -------- d-----w- c:\windows\Sun
2010-06-16 11:11 . 2010-06-16 11:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-06-16 11:08 . 2010-06-16 11:08 -------- d-----w- c:\programmi\Java
2010-06-16 11:07 . 2010-06-16 11:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-06-16 11:07 . 2010-06-16 11:07 152576 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2010-06-15 09:01 . 2010-06-16 10:47 7168 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\srosa2.sys
2010-06-15 09:01 . 2006-01-05 23:09 856064 ------w- c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe
2010-06-01 10:45 . 2010-06-01 10:45 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 16:58 . 2009-03-29 16:47 -------- d--h--w- c:\documents and settings\User\Dati applicazioni\drivers
2010-06-21 15:53 . 2009-02-03 16:16 -------- d-----w- c:\programmi\eMule
2010-06-16 12:00 . 2010-04-23 11:49 3416 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-06-16 11:59 . 2010-04-04 12:10 -------- d-----w- c:\programmi\FindyKill
2010-06-16 10:47 . 2010-04-10 10:18 112763 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys
2010-06-01 15:54 . 2009-02-14 11:15 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Canon
2010-05-15 16:33 . 2010-05-15 16:30 -------- d-----w- c:\programmi\cdcover
2010-05-07 10:24 . 2010-05-07 10:24 -------- d-----w- c:\documents and settings\User\Dati applicazioni\dvdcss
2010-05-06 14:16 . 2009-01-31 11:43 -------- d-----w- c:\programmi\File comuni\Adobe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_4ae13d6c.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_294823.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_18be6784.exe
2010-04-23 13:18 . 2010-04-23 11:59 -------- d-----w- c:\programmi\jlgsolera
2010-04-23 12:00 . 2010-04-23 12:00 133 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_70347633.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_611d2f5f.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_468a2e62.exe
2010-04-15 12:51 . 2009-02-02 20:29 75688 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\D3DBF3RV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\8WU5ZBRV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\OHZ131FV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\O2GDV9N7.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\6QIBLBT3.DAT
2010-04-04 12:12 . 2009-03-29 16:22 106 ----a-w- c:\windows\system32\jpg.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-06-15_09.49.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-20 12:22 . 2010-06-20 12:22 16384 c:\windows\temp\Perflib_Perfdata_5e8.dat
- 2009-01-31 08:40 . 2009-01-31 08:40 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-31 08:40 . 2010-06-17 15:38 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\fltmc.exe
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\fltlib.dll
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\fltlib.dll
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\dllcache\fltmc.exe
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\dllcache\fltlib.dll
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\dllcache\fltlib.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 148888 c:\windows\system32\javaws.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\javaw.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\java.exe
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\drivers\fltmgr.sys
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\dllcache\fltmgr.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]
"AdobeUpdater"="c:\programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe" [2009-02-04 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-01-05 856064]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2010-06-16 78008]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-06-16 148888]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-06-12 1495040]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-2-2 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 18:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
Ora fine scansione: 2010-06-21 19:02
ComboFix-quarantined-files.txt 2010-06-21 17:02
ComboFix2.txt 2010-06-17 14:18
ComboFix3.txt 2010-04-29 11:18
ComboFix4.txt 2010-04-10 11:18
ComboFix5.txt 2010-06-21 16:55

Pre-Run: 48,622,972,928 byte disponibili
Post-Run: 48,647,159,808 byte disponibili

424 --- E O F --- 2010-06-16 12:01
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi Luke57 » 22/06/09 08:09

Ciao, adesso salvando le modifiche inserisci questo script nel file CFScript.txt

Codice: Seleziona tutto
File::
c:\documents and settings\User\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe
c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys


Soòito trascinamento e sansione, posta il nuovo report
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema grosso

Postdi francois87 » 22/06/09 09:15

ciao luke57 stamani ,accendendo il computer mi è comparsa di nuovo il messaggio in cinese;da premettere che non mi compariva più da l'ultima volta che ti avevo postato il link dell'immagine.Ora procedo con l'ultima operazione da te richiesta.
http://www.easy-share.com/1906015342/FILE2.JPG
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi francois87 » 22/06/09 09:53

luke57,l'operazione da te richiesta l'ho dovuta avviare per ben 2 volte,perchè la prima volta non me li ha fatto cancellare i file scritti nel "txt".la seconda volta e andata a buon fine(spero)solo che quando combofix si è riavviato mi è comparso di nuovo il messaggio cinese ecco il link:

http://www.easy-share.com/1906015754/file3.JPG

ecco il log di combofix:

ComboFix 09-06-16.05 - User 2010-06-22 10:31.16 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.51 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -

FILE ::
"c:\documents and settings\User\Dati applicazioni\drivers\srosa2.sys"
"c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys"
"c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys
c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-05-22 al 2010-06-22 )))))))))))))))))))))))))))))))))))
.

2010-06-22 08:24 . 2010-06-22 08:24 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\203453.exe
2010-06-22 08:23 . 2010-06-22 08:23 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\163640.exe
2010-06-22 08:23 . 2010-06-22 08:23 10247 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\162156.exe
2010-06-22 08:22 . 2010-06-22 08:23 -------- d--h--w- c:\documents and settings\User\Dati applicazioni\m
2010-06-22 08:22 . 2010-06-22 08:22 99332 ------w- c:\documents and settings\User\Dati applicazioni\m\flec006.exe
2010-06-22 08:22 . 2010-06-22 08:22 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\97046.exe
2010-06-22 08:22 . 2010-06-22 08:22 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\83703.exe
2010-06-16 11:16 . 2010-06-16 11:16 -------- d-----w- c:\windows\Sun
2010-06-16 11:11 . 2010-06-16 11:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-06-16 11:08 . 2010-06-16 11:08 -------- d-----w- c:\programmi\Java
2010-06-16 11:07 . 2010-06-16 11:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-06-16 11:07 . 2010-06-16 11:07 152576 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2010-06-01 10:45 . 2010-06-01 10:45 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 08:34 . 2009-03-29 16:47 -------- d--h--w- c:\documents and settings\User\Dati applicazioni\drivers
2010-06-21 18:07 . 2009-02-03 16:16 -------- d-----w- c:\programmi\eMule
2010-06-16 12:00 . 2010-04-23 11:49 3416 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-06-16 11:59 . 2010-04-04 12:10 -------- d-----w- c:\programmi\FindyKill
2010-06-01 15:54 . 2009-02-14 11:15 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Canon
2010-05-15 16:33 . 2010-05-15 16:30 -------- d-----w- c:\programmi\cdcover
2010-05-07 10:24 . 2010-05-07 10:24 -------- d-----w- c:\documents and settings\User\Dati applicazioni\dvdcss
2010-05-06 14:16 . 2009-01-31 11:43 -------- d-----w- c:\programmi\File comuni\Adobe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_4ae13d6c.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_294823.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_18be6784.exe
2010-04-23 13:18 . 2010-04-23 11:59 -------- d-----w- c:\programmi\jlgsolera
2010-04-23 12:00 . 2010-04-23 12:00 133 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_70347633.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_611d2f5f.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_468a2e62.exe
2010-04-15 12:51 . 2009-02-02 20:29 75688 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\D3DBF3RV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\8WU5ZBRV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\OHZ131FV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\O2GDV9N7.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\6QIBLBT3.DAT
2010-04-04 12:12 . 2009-03-29 16:22 106 ----a-w- c:\windows\system32\jpg.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-06-15_09.49.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-22 08:34 . 2010-06-22 08:34 16384 c:\windows\temp\Perflib_Perfdata_5a8.dat
- 2009-01-31 08:40 . 2009-01-31 08:40 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-31 08:40 . 2010-06-17 15:38 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\fltmc.exe
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\fltlib.dll
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\fltlib.dll
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\dllcache\fltmc.exe
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\dllcache\fltlib.dll
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\dllcache\fltlib.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 148888 c:\windows\system32\javaws.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\javaw.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\java.exe
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\drivers\fltmgr.sys
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\dllcache\fltmgr.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]
"AdobeUpdater"="c:\programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe" [2006-01-05 856064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-01-05 856064]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2010-06-22 78008]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-06-16 148888]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-06-12 1495040]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-2-2 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

La chiave di registro SafeBoot ha bisogno di essere riparata. Questo pc non può avviarsi in Modalità Provvisoria.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-22 10:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\rundll32.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-22 10:44 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-22 08:44
ComboFix2.txt 2010-06-21 17:02
ComboFix3.txt 2010-06-17 14:18
ComboFix4.txt 2010-04-29 11:18
ComboFix5.txt 2010-06-22 08:18

Pre-Run: 49,484,062,720 byte disponibili
Post-Run: 49,377,071,104 byte disponibili

181 --- E O F --- 2010-06-16 12:01
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi Luke57 » 22/06/09 10:03

Ciao, sei infetto dal bagle e combofix non riesce a eliminare, in una volta, tutti i numerosi file infetti, Scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now".
http://www.suspectfile.com/systemscan
Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.
http://www.savefile.com/
Nota: systemscan viene riconosciuto come infetto per il tipo di scansione effettuata, ovviamente non lo è.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema grosso

Postdi francois87 » 22/06/09 11:21

francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi Luke57 » 22/06/09 12:12

Ciao, apri un file di testo dal blocco note di windows e al siuo interno copia il seguente script:

Codice: Seleziona tutto
Windows Registry Editor Version 5.00

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-
"mule_st_key"=-
"german.exe"=-
;


salvalo in C:\ con il nome di fix.reg (cambiando l'estnsione del file da .txt a .reg)
tipo di file=tutti i file

Riesegui Systemscan, clicca sul pulsante "Removal Script" e, nella finestra che si apre, copia/incolla questo script:
(attenzione a copiarlo tutto)

Codice: Seleziona tutto
Files to delete:
C:\Documents and Settings\User\Dati applicazioni\drivers\wfsintwq.sys
C:\Documents and Settings\User\Dati applicazioni\drivers\winupgro.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe



Folders to delete:
C:\WINDOWS\temp
C:\DOCUME~1\User\IMPOST~1\Temp
C:\Documents and Settings\User\Dati applicazioni\m
C:\Documents and Settings\User\Dati applicazioni\drivers\downld

Drivers to disable:
srosa


Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Programs to launch on reboot:
C:\fix.reg



Clicca su "Proceed with removal" (vai avanti finchè non si avvia) e il pc si riavviera' per eseguire lo script.
Al riavvio troverai la finestra di SystemScan con un messaggio (blu se lo script e' stato eseguito correttamente - rossa in caso contrario): controlla l'esito (C:\avenger.txt) e incollalo in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema grosso

Postdi francois87 » 22/06/09 12:45

luke57 quando incollo la scritta sul programma e premo "Proceed with removal", mi compare una finestra con scritto:
Please copy and past a valid script file
clik su OK.
ho provato più volte a ripetere la procedura, ma mi da lo stesso problema.
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi Luke57 » 22/06/09 12:47

Ciao, allora utilizza avenger, ho visto che lo hai nel computer. Inserisci il medesimo script, premi execute.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema grosso

Postdi francois87 » 22/06/09 12:55

no me lo fa utilizzare,lo estraggo dall'archivio,micompare l'icona del programma che balla(si alterna tra la sua immagine e un'imagine bianca),ci clikko e mi dice che non è un'applicazione di win32
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi Luke57 » 22/06/09 15:13

Ciao, elimina la versione di avenger che hai nel computer, vai qui:
http://rapidshare.com/files/247373756/87.zip.html

scarica il file (free user) rinominato.
Estrai l'eseguibile, avvialo, nello spazio inserisci lo script, premi execute.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema grosso

Postdi francois87 » 22/06/09 17:03

luke57 l'antivirus e fuori uso, il programma l'ho scaricato,l'ho estratto,l'unico problema è che mi da circa 3 secondi per fare l'operazione di copia e incolla dello scrip perchè poi mi si chiude in automatico il programma e non ci riesco.sto virus sembra che capisce cosa stiamo facendo.
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Re: problema grosso

Postdi francois87 » 22/06/09 17:14

ho cercato di avviare la procedura da te richiesta il più velocemente possibile.il risultato è negativo,perchè mi compare un messaggio di errore quando avvio avenger...
il messaggio di errore è il seguente:
http://www.easy-share.com/1906028854/file4.JPG
francois87
Utente Junior
 
Post: 99
Iscritto il: 26/01/08 16:40

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "problema grosso":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 36 ospiti