www.MegaLab.it

da **Antonypax** » dom apr 05, 2009 4:19 pm

IL pc è diventato lentissimo, l' antivirus nn mi funziona, nemmeno photoshop ecc. ogni volta che kerco d usare questi programmi mi scrive: non è un' applicazione win32 valida
nn so cosa fare mi date una mano?

da **Amantide** » dom apr 05, 2009 4:30 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto: [LOG]qui va inserito il log[/LOG]

Se in precedenza hai già provato ad usare Combofix, prima di riscaricarlo vai su Start>> Esegui e digiti combofix /u

da **Antonypax** » dom apr 05, 2009 5:12 pm

Amantide ha scritto:Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]

Se in precedenza hai già provato ad usare Combofix, prima di riscaricarlo vai su Start>> Esegui e digiti combofix /u

ComboFix 09-04-04.01 - Antonypax 2009-04-05 17:54:59.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1022.698 [GMT 2:00]
Eseguito da: c:\documents and settings\Antonypax\Desktop\ouaaa.exe
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Antonypax\Application Data\drivers\downld
c:\documents and settings\Antonypax\Application Data\drivers\downld\17959062.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17961281.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17961296.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17986921.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17991078.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17991718.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18028109.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18029859.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18030437.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18071859.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18141546.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18141703.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18141718.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18145750.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18152343.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18154000.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18155640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18208984.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18209750.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18209953.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18212640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18214046.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18217078.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18218078.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18219171.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18225578.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18228281.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18229406.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18231515.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18390265.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18392546.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18394015.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18424359.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18425265.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18425281.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18428031.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18428687.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18497953.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18498828.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18499062.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18517000.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18522093.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18522640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18522812.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18523218.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18523968.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18523984.exe
c:\documents and settings\Antonypax\Application Data\drivers\srosa2.sys
c:\documents and settings\Antonypax\Application Data\drivers\wfsintwq.sys
c:\documents and settings\Antonypax\Application Data\drivers\winupgro.exe
c:\documents and settings\Antonypax\Application Data\m
c:\documents and settings\Antonypax\Application Data\m\data.oct
c:\documents and settings\Antonypax\Application Data\m\flec006.exe
c:\documents and settings\Antonypax\Application Data\m\list.oct
c:\documents and settings\Antonypax\Application Data\m\shared\12 TO THE MOON 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\2D Truss Analysis Static Edition 1.0 KeyGen.zip
c:\documents and settings\Antonypax\Application Data\m\shared\3D Space Asteroids 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Address Book Database Software 7.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Aimersoft iPod Converter Suite 1.0.22 (Serial).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Allok MOV Converter 4.1.1129.zip
c:\documents and settings\Antonypax\Application Data\m\shared\AquaSoft SlideShow Studio 5.7.01.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Async Flash Studio 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\AVTJet Impression Workshop 1.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Batch WinFax2PDF 2.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Battlefield 1942 - Citadel Isle map.zip
c:\documents and settings\Antonypax\Application Data\m\shared\BESchedule 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\BPS Spyware and Adware Remover 9.4.0.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\BrainBurst 1.4.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Brap FM 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Britney Spears Screen Saver 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Browzar 1.4.0.0 Beta.zip
c:\documents and settings\Antonypax\Application Data\m\shared\BugTimer Performance Test Manager 2.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\CD DVD catalog 2.4.0.0 Key+Serial.zip
c:\documents and settings\Antonypax\Application Data\m\shared\ChibiTracker 0.9a.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Clean & Clear 0.99.zip
c:\documents and settings\Antonypax\Application Data\m\shared\ClickOK 1.0 (With Crack).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Clients 1.3.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\ClockEveryWhere 2.05.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Clonedir 2.6.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Coupon Dude 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\D2GSaver 1.11 [Crack].zip
c:\documents and settings\Antonypax\Application Data\m\shared\DoMo Homepage 1.0.75.052307 Beta.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Dugged 0.4.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Eat My Dust demo, large version.zip
c:\documents and settings\Antonypax\Application Data\m\shared\eComm PRO 2.09.003.4361.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Elementec Backup & Compress 1.1.6.zip
c:\documents and settings\Antonypax\Application Data\m\shared\FileWorks 3.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\FreeShield 2.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\GE-Graph 2.2.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\GetData Graph Digitizer 2.22 [With Crack].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Google Complete Search 1.0.0.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\HandyFileSearch 1.1.0 [Key+Serial].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Heart of Midlothian FC RSS Feed 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Hidden Information Explorer 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\High Fiber Diet 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\HomeCost Estimator for Excel 5.00.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Html Java Swing Applet Creator 2.0.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Hue and cry 1.30.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Hummer SUT Screensaver.zip
c:\documents and settings\Antonypax\Application Data\m\shared\I, Robot Screensaver.zip
c:\documents and settings\Antonypax\Application Data\m\shared\iCopy - Simple Photocopier 1.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\IMMonitor Enterprise 2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\InfoLayout 1.2 With Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Intelore FileMaker Password Recovery 1.0c.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Islamic Miracle Screensaver 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Jack Nicklaus 1999 Online Golf Championship game client.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Java Sudoku 1.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\JavaScript Vertical Gallery Slider 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\JPEG Lossless Resave plug-in for Photoshop 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Keylogger Spy Monitor 6.2.3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Kurvaceous.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Liveswif 2.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Mail Checker 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Mail Shower 0.8.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Mail Them Pro 8.12 [Cracked].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Manchester Cams 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Meyoo Web Phone 0.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Mind4Math Advanced 1.1 (Serial).zip
c:\documents and settings\Antonypax\Application Data\m\shared\MX CSS Menus 2.0.1 Key+Serial.zip
c:\documents and settings\Antonypax\Application Data\m\shared\My Buddy Icons 4.90.70601 Key.zip
c:\documents and settings\Antonypax\Application Data\m\shared\My Command Button (formerly SMButton) 5.00.zip
c:\documents and settings\Antonypax\Application Data\m\shared\MYdbPAL for MySQL 3.0.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\MySpeed Server Professional 7.2a.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Norton Internet Security 2006 Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\OE Quick Tools 4.0.27 (Patch).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Okoker Delete 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Onyx Arranger Lite Edition 2.1 build 117.zip
c:\documents and settings\Antonypax\Application Data\m\shared\OpusFlow CRM for Outlook 5.8.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Oxygen Phone Manager for Symbian phones 2.18.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Palm USAF Flight Log 1.9.zip
c:\documents and settings\Antonypax\Application Data\m\shared\PayPunch Lite 6.14.155.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Plato DVD Zune Ripper 7.85.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Point Of Sale Business Application 2.2.3.88.zip
c:\documents and settings\Antonypax\Application Data\m\shared\PostgreSQL Maestro 7.6 [Key+Serial].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Pro Tow XTR 7.43.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Quick Menu 1.3.5 With Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\QwikChange Folder Monitor 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\RAM Booster Pro 5.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\RecoverPlus Pro 2.6.6.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Registry Shower 2007 3.6 build 230507D [Cracked].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Rewind Volume 1.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\RRs Unit Converter 3.0c Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SD Capture 4.6 [Patch].zip
c:\documents and settings\Antonypax\Application Data\m\shared\SeaTTY 1.73.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Serial Activation Key(Keygen) For Norton Antivirus 2006.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SlideMarks 1.0.48.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SmartAssistant 2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SnipeRight Professional 1.1.6 (Key+Serial).zip
c:\documents and settings\Antonypax\Application Data\m\shared\SocksChain 3.153.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Sony Playstation Portable DVD Converter 3.20.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Speedy Eggbert.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Spy Eraser 1.5 [Patch].zip
c:\documents and settings\Antonypax\Application Data\m\shared\StockSpy 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Stormpay Shopping Cart 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Streamcatbuilder 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\submissions 1.2 Build 20070423.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SV2 Power Search 1.0b.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Symantec.Norton.GoBack.ita.zip
c:\documents and settings\Antonypax\Application Data\m\shared\TabTuner 1.0.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Tea Timer 1.5.3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Text Clock Plus 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\The Apple Blog RSS 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\The Sims - Dallas Cowboys Cheerleaders skin.zip
c:\documents and settings\Antonypax\Application Data\m\shared\The Wireless Toolkit 2.5.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Titledrome 2.0.3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Total Privacy 5.30c.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Training Manager 2008 Enterprise 1.0.1065.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Unreal Tournament 2003 - Railgunner skin.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Unreal Tournament 2004 BR Thornsv2 2k4 Map.zip
c:\documents and settings\Antonypax\Application Data\m\shared\URL Gather 1.2.1 [Patch].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Video MSU Cartoonizer VirtualDub plugin 3.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Video Pilot 1.21 Patch.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Volume Scroller 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Wacky Animals Screensaver 3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Wallpaper Cycler 3.1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Win Mp3 Merge App 1.2 [KeyGen].zip
c:\documents and settings\Antonypax\Application Data\m\shared\WinSettings Pro 2.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\X-Map 1.0.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Xilisoft Download YouTube Video 1.0.38.0723.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Zilch Professional - Debt Reduction 4.0.zip
c:\documents and settings\Antonypax\Application Data\m\srvlist.oct
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\down
c:\windows\system32\drivers\down\18225687.exe
c:\windows\system32\drivers\down\18245984.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA

((((((((((((((((((((((((( Files Creati Da 2009-03-05 al 2009-04-05 )))))))))))))))))))))))))))))))))))
.

2009-04-03 20:29 . 2009-04-03 20:29 268 --ah----- C:\sqmdata13.sqm
2009-04-03 20:29 . 2009-04-03 20:29 244 --ah----- C:\sqmnoopt13.sqm
2009-03-16 17:34 . 2009-03-16 20:03 172 --a------ c:\documents and settings\Antonypax\Application Data\wklnhst.dat
2009-03-10 16:50 . 2009-03-13 22:20 <DIR> d-------- C:\Temp
2009-03-09 20:37 . 2009-03-09 20:37 <DIR> d-------- C:\od
2009-03-08 22:09 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 22:09 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-06 21:10 . 2009-03-06 21:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-03-06 17:08 . 2004-12-16 17:32 176,128 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-06 17:07 . 2009-03-06 17:07 <DIR> d-------- c:\programmi\NVIDIA Corporation
2009-03-06 17:07 . 2009-03-06 17:07 <DIR> d-------- c:\programmi\File comuni\NVIDIA Shared
2009-03-06 17:07 . 2005-04-04 19:59 176,128 --a------ c:\windows\system32\nvumpu.exe
2009-03-06 17:07 . 2005-04-04 19:59 176,128 --a------ c:\windows\system32\nvuaudio.exe
2009-03-06 16:59 . 2009-03-06 16:59 <DIR> d-------- C:\NVIDIA
2009-03-05 21:54 . 2009-03-05 21:54 21,764 --a------ c:\windows\system32\CoreAAC-uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 15:57 --------- d--h--w c:\documents and settings\Antonypax\Application Data\drivers
2009-04-05 15:42 --------- d-----w c:\documents and settings\Antonypax\Application Data\Skype
2009-04-05 15:12 --------- d-----w c:\programmi\File comuni\Autodesk Shared
2009-04-05 15:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Autodesk
2009-04-05 14:43 --------- d-----w c:\documents and settings\Antonypax\Application Data\skypePM
2009-03-25 13:36 --------- d-----w c:\programmi\Messenger Plus! Live
2009-03-21 23:26 --------- d-----w c:\documents and settings\Antonypax\Application Data\Ulead Systems
2009-03-19 16:17 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-19 16:17 --------- d-----w c:\programmi\Java
2009-03-15 22:10 --------- d-----w c:\documents and settings\Antonypax\Application Data\LimeWire
2009-03-08 18:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-08 15:21 --------- d-----w c:\programmi\ESET
2009-03-06 22:28 --------- d-----w c:\programmi\Desktop XP
2009-03-06 21:14 --------- d-----w c:\programmi\Windows Live Safety Center
2009-03-06 15:07 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-27 13:30 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-25 21:34 --------- d-----w c:\documents and settings\Antonypax\Application Data\gtk-2.0
2009-02-24 17:45 --------- d-----w c:\documents and settings\Antonypax\Application Data\Autodesk
2009-02-24 17:44 --------- d-----w c:\programmi\Autodesk
2009-02-21 10:30 --------- d-----w c:\programmi\iHabbix V3
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:04 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 22:18 6,656 ----a-w c:\windows\system32\haspvdd.dll
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-25 21:50 31,334,932 -c--a-w c:\programmi\Windows Live.zip
2008-08-23 15:07 2,075 -c--a-w c:\documents and settings\Antonypax\Application Data\SAS7_000.DAT
2008-02-20 00:29 22 -csha-w c:\windows\SMINST\HPCD.sys
2008-08-25 12:25 88 -csh--r c:\windows\system32\E3BFE33ED7.sys
2008-08-25 12:42 3,452 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-10 19:24 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008091020080911\index.dat
.

------- Sigcheck -------

2008-04-14 04:14 978432 3d46c53ca961c49272037f98807537bd c:\windows\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-04-11 06:00 976896 cb74a931e8ea461edebabf8a91c9cc11 c:\windows\$NtServicePackUninstall$\explorer.exe
2006-04-11 06:00 1034752 d009e427de2e129ff87b03d87f349c73 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:14 978432 3d46c53ca961c49272037f98807537bd c:\windows\ServicePackFiles\i386\explorer.exe

2008-10-16 15:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 15:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 15:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-22_12.18.02,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB873333\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB873333\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB873339\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB873339\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB885250\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB885250\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB885836\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB885836\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB886185\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB886185\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB887472\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB887472\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB888113\update\update.exe
+ 2009-04-05 15:06:39 662,528 -c--a-w c:\windows\$hf_mig$\KB888113\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB888302\update\update.exe
+ 2009-04-05 15:06:39 662,528 -c--a-w c:\windows\$hf_mig$\KB888302\update\update.exe
- 2009-03-08 09:20:03 726,240 -c--a-w c:\windows\$hf_mig$\KB890046\update\update.exe
+ 2009-04-05 15:06:39 726,240 -c--a-w c:\windows\$hf_mig$\KB890046\update\update.exe
- 2009-03-08 09:20:03 726,240 -c--a-w c:\windows\$hf_mig$\KB890859\update\update.exe
+ 2009-04-05 15:06:39 726,240 -c--a-w c:\windows\$hf_mig$\KB890859\update\update.exe
- 2009-03-08 09:20:04 662,528 -c--a-w c:\windows\$hf_mig$\KB891781\update\update.exe
+ 2009-04-05 15:06:39 662,528 -c--a-w c:\windows\$hf_mig$\KB891781\update\update.exe
- 2009-03-08 09:20:04 726,240 -c--a-w c:\windows\$hf_mig$\KB893066\update\update.exe
+ 2009-04-05 15:06:39 726,240 -c--a-w c:\windows\$hf_mig$\KB893066\update\update.exe
- 2009-03-08 09:20:04 726,240 -c--a-w c:\windows\$hf_mig$\KB893756\update\update.exe
+ 2009-04-05 15:06:39 726,240 -c--a-w c:\windows\$hf_mig$\KB893756\update\update.exe
- 2009-03-08 09:20:04 726,240 -c--a-w c:\windows\$hf_mig$\KB894391\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB894391\update\update.exe
- 2009-03-08 09:20:04 726,240 -c--a-w c:\windows\$hf_mig$\KB896358\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896358\update\update.exe
- 2009-03-08 09:20:05 726,240 -c--a-w c:\windows\$hf_mig$\KB896422\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896422\update\update.exe
- 2009-03-08 09:20:06 726,240 -c--a-w c:\windows\$hf_mig$\KB896423\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896423\update\update.exe
- 2009-03-07 09:26:28 726,240 -c--a-w c:\windows\$hf_mig$\KB896428\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896428\update\update.exe
- 2009-03-07 09:26:29 726,240 -c--a-w c:\windows\$hf_mig$\KB896727\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896727\update\update.exe
- 2009-03-07 09:26:29 726,240 -c--a-w c:\windows\$hf_mig$\KB898461\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB898461\update\update.exe
- 2009-03-07 09:26:29 726,240 -c--a-w c:\windows\$hf_mig$\KB899587\update\update.exe
+ 2009-04-05 15:06:41 726,240 -c--a-w c:\windows\$hf_mig$\KB899587\update\update.exe
- 2009-03-08 15:22:56 155,417 ----a-w c:\windows\BricoPacks\Vista Inspirat 2\Update.exe
+ 2009-04-05 14:43:46 155,417 ----a-w c:\windows\BricoPacks\Vista Inspirat 2\Update.exe
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2009-03-19 19:59:16 29,926 ----a-r c:\windows\Installer\{518B3E76-4C05-4F30-A802-D87FB2086B67}\MsblIco.Exe
+ 2009-03-31 18:43:23 29,926 ----a-r c:\windows\Installer\{518B3E76-4C05-4F30-A802-D87FB2086B67}\MsblIco.Exe
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2009-03-12 16:25:24 1,836,048 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-05 15:51:03 1,765,696 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-10-30 22:25:18 74,600 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-04 07:42:43 74,600 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-30 22:25:18 87,968 ----a-w c:\windows\system32\perfc010.dat
+ 2009-04-04 07:42:44 87,968 ----a-w c:\windows\system32\perfc010.dat
- 2008-10-30 22:25:18 452,678 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-04 07:42:44 452,678 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-30 22:25:18 501,424 ----a-w c:\windows\system32\perfh010.dat
+ 2009-04-04 07:42:44 501,424 ----a-w c:\windows\system32\perfh010.dat
+ 2009-04-05 15:53:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1c8.dat
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Dancer"="c:\programmi\Windows Plus\Dancer\Dancer.exe" [2004-08-10 188416]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ulead AutoDetector v2"="c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe" [2009-04-05 90112]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"NVMixerTray"="c:\programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Antonypax\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - g:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.mjpg"= Pvmjpg21.dll
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.PIM1"= pclepim1.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-06-06 61952]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys -->

c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

S2 CachemanXPService;CachemanXP;h:\programmi\CachemanXP\CachemanXP.exe -->

h:\programmi\CachemanXP\CachemanXP.exe [?]

S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2006-07-03 242736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RMCDRWFV;RMCDRWFV;c:\docume~1\ANTONY~1\IMPOST~1\Temp\RMCDRWFV.exe -->

c:\docume~1\ANTONY~1\IMPOST~1\Temp\RMCDRWFV.exe [?]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys -->

c:\windows\system32\drivers\ScreamingBAudio.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7940f16e-652b-11dd-af14-001636b39327}]
\Shell\AutoRun\command - G:\ClickMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b369733e-2144-11de-9a0a-001636b39327}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/webhp?rls=ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 18:02:11
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@?????????????`?@?????L?@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1387477-214851956-2962684071-1005\Software\SecuROM\License information*]
"datasecu"=hex:f5,3a,5a,0e,1c,8f,c0,59,96,9e,2a,05,9e,17,6f,9e,5e,22,e6,e2,02,
9d,d0,f7,00,e7,55,6c,95,e2,ab,62,e2,88,59,6f,f1,da,08,79,21,a7,96,fa,7f,4d,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5d,11,df,0d,10,
6f,84,29,c8,28,51,af,b0,29,a3,98,3a,7c,46,41,a5,62,bf,7d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,92,b7,2e,96,b0,
eb,9a,83,71,3b,04,66,8b,46,0d,96,47,95,f2,fa,18,43,93,b5,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,29,b6,85,2b,6f,
7e,99,b7,25,da,ec,7e,55,20,c9,26,9a,1f,06,e4,d7,f1,47,f3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,fe,69,70,06,
27,71,e8,3e,1e,9e,e0,57,5a,93,61,9b,f2,1a,f9,db,96,6e,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,1b,4e,94,52,7e,
63,9b,53,cd,44,cd,b9,a6,33,6c,cd,bb,e5,07,1f,5a,e2,d2,11,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2f,79,9e,d7,f1,
b1,79,1c,b0,18,ed,a7,3f,8d,37,a4,e5,f7,a0,7a,a4,b1,6c,88,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,61,48,68,35,09,
96,13,8c,31,77,e1,ba,b1,f8,68,02,d2,2e,df,c8,21,9a,2c,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,a3,60,da,1b,94,
73,a2,39,83,6c,56,8b,a0,85,96,ab,a3,40,fe,d8,c5,e1,36,d4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d3,ff,3b,8b,65,
61,5a,9b,51,fa,6e,91,28,9e,14,cc,cf,8b,1e,8f,c7,8d,c7,d4,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d9,03,ac,5b,27,
8f,af,88,b1,cd,45,5a,a8,c4,f8,b9,4a,aa,10,b0,2f,2e,d9,f6,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e2,d6,83,1e,97,
d3,8b,7b,e3,0e,66,d5,eb,bc,2f,6b,d9,f0,a5,56,1c,b7,81,ee,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,ac,31,73,e2,5b,
1b,f6,9c,fa,ea,66,7f,d4,3b,6b,70,08,1e,e0,38,d9,e1,a0,64,6c,43,2d,1e,aa,22,\
.
Ora fine scansione: 2009-04-05 18:05:46
ComboFix-quarantined-files.txt 2009-04-05 16:05:44
ComboFix2.txt 2009-03-22 11:19:40
ComboFix3.txt 2009-03-08 20:01:34

Pre-Run: 58,363,514,880 byte disponibili
Post-Run: 59,039,571,968 byte disponibili

518 --- E O F --- 2009-03-20 17:01:26

da **Amantide** » dom apr 05, 2009 5:28 pm

Sembra che sia stato rimosso tutto, ma per sicurezza scarica anche FindyKill ed eseguilo scegliendo l'opzione 2.

da **Antonypax** » dom apr 05, 2009 6:34 pm

Amantide ha scritto:Sembra che sia stato rimosso tutto, ma per sicurezza scarica anche FindyKill ed eseguilo scegliendo l'opzione 2.

fatto
t metto il log:

############################## [ FindyKill V4.722 ]

# User : Antonypax (Administrators) # PC302014470238
# Update on 04/04/09 by Chiquitine29
# Start at: 19.12.56 | 05/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Genuine Intel(R) CPU T2250 @ 1.73GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090319-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disco rigido locale # 103,08 Go (54,94 Go free) [OS] # NTFS
# D:\ # Disco rigido locale # 7,69 Go (678,7 Mo free) [HP_RECOVERY] # FAT32
# E:\ # Disco CD-ROM # 592,53 Mo (0 Mo free) [Sims2EP1_1] # CDFS
# F:\ # Disco CD-ROM
# G:\ # Disco rigido locale # 186,26 Go (71,68 Go free) [TREKSTOR] # FAT32
# H:\ # Disco CD-ROM # 6,67 Mo (0 Mo free) [U3 System] # CDFS
# I:\ # Disco rimovibile
# J:\ # Disco rimovibile # 3,74 Go (3,67 Go free) [Cruzer] # FAT32

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

################## [ C:\WINDOWS\System32... ]

################## [ C:\Users\...\AppData\Roaming ]

Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers"

################## [ Cleaning .. Temp Files... ]

################## [ Registry / Infected keys ]

Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro

################## [ Cleaning Removable drives ]

# Deleting Files :

Not deleted ! "E:\autorun.inf"
Not deleted ! "H:\autorun.inf"

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Qoobox\Quarantine\C\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe.vir
CRC32 .. : cadd41b0
MD5 .... : ef9930a4e419142ccae6335ebb87b98e

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Antonypax\Application Data\drivers\downld\18145750.exe.vir
# Taille : 863748 # MD5 : 2EE1FAEBB127647063AAEF58A992519A
File was renamed : 18145750.exe.vir.REN

Deleted ! : C:\Qoobox\Quarantine\C\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe.vir
# Taille : 864256 # MD5 : EF9930A4E419142CCAE6335EBB87B98E

Deleted ! : C:\Qoobox\Quarantine\C\Documents and Settings\Antonypax\Application Data\m\data.oct.vir
# Taille : 864256 # MD5 : EF9930A4E419142CCAE6335EBB87B98E

Suspect ! : C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down\18225687.exe.vir
# Taille : 1015804 # MD5 : 3007C8275D60790148DF158DAFDF84F2
File was renamed : 18225687.exe.vir.REN

################## [ Corrupted files # Re-Installation required ]

C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
C:\Programmi\Spybot - Search & Destroy\blindman.exe
C:\Programmi\Spybot - Search & Destroy\Update.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\navapsvc.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\NavShcom.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\NAVStub.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\Navw32.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\Navwnt.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\SAVScan.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccApp.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccEvtMgr.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccSetMgr.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\NMain.exe
C:\SWSetup\InetSec06\IT\Support\Proxy\ccPxyCre\ccProxy.exe
C:\SWSetup\InetSec06\IT\Support\SPBBC\SPBBC\SYMSHARE\SPBBC\SPBBCSVC.EXE
C:\SWSetup\InetSec06\IT\Support\SymNet\SymNet\SYMSHARE\SNDSrvc.exe
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893066\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB896727\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911164\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\$NtUninstallKB898461$\update.exe
C:\WINDOWS\$NtUninstallKB904942$\update.exe
C:\WINDOWS\$NtUninstallKB915865$\update.exe
C:\WINDOWS\$NtUninstallKB932823-v3$\update.exe
C:\WINDOWS\$NtUninstallKB942763$\update.exe
C:\WINDOWS\$NtUninstallKB950749$\update.exe
C:\WINDOWS\$NtUninstallKB950760$\update.exe
C:\WINDOWS\$NtUninstallKB950762_0$\update.exe
C:\WINDOWS\$NtUninstallKB951376-v2$\update.exe
C:\WINDOWS\$NtUninstallKB951698$\update.exe
C:\WINDOWS\$NtUninstallKB951748$\update.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe
C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
C:\WINDOWS\ie7updates\KB950759-IE7\update.exe
C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe
C:\WINDOWS\SoftwareDistribution\Download\e727e3ae91da0ff4beef60db8a3bc368\update\update.exe
C:\WINDOWS\system32\dllcache\sysinfo.exe
G:\Programmi\File comuni\Sonic Shared\Sonic Central\Data\Launch.exe
G:\Programmi\File comuni\Sonic Shared\Sonic Central\Audio\Launch.exe
G:\Programmi\ESET\nod32.exe
G:\Programmi\ESET\nod32krn.exe
G:\Programmi\ESET\nod32kui.exe
G:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
G:\Programmi\Avast\ashAvast.exe
G:\Programmi\Avast\ashChest.exe
G:\Programmi\Avast\ashDisp.exe
G:\Programmi\Avast\ashLogV.exe
G:\Programmi\Avast\ashMaiSv.exe
G:\Programmi\Avast\ashPopWz.exe
G:\Programmi\Avast\ashQuick.exe
G:\Programmi\Avast\ashServ.exe
G:\Programmi\Avast\ashSimp2.exe
G:\Programmi\Avast\ashSimpl.exe
G:\Programmi\Avast\ashSkPcc.exe
G:\Programmi\Avast\ashSkPck.exe
G:\Programmi\Avast\ashUpd.exe
G:\Programmi\Avast\ashWebSv.exe
G:\Programmi\Avast\aswRegSvr.exe
G:\Programmi\Avast\aswUpdSv.exe
G:\Programmi\Avast\copyx64.exe
G:\Programmi\Avast\sched.exe
G:\Programmi\Avast\VisthLic.exe
G:\Programmi\Avast\VisthUpd.exe
G:\Programmi\Avast\ashEnhcd.exe

################## [ ! End of Report # FindyKill V4.722 ! ]

da **ste_95** » dom apr 05, 2009 7:40 pm

Cancella la cartella C:\Qoobox e prova a disinstallare e a reinstallare il tuo antivirus.

da **Antonypax** » dom apr 05, 2009 7:58 pm

ste_95 ha scritto:Cancella la cartella C:\Qoobox e prova a disinstallare e a reinstallare il tuo antivirus.

fatto

da **ste_95** » dom apr 05, 2009 8:04 pm

Sei riuscito?

da **Antonypax** » lun apr 06, 2009 6:04 pm

ste_95 ha scritto:Sei riuscito?

lo disinstallato ma nn riesco a rimetterlo!
comunque cosa devo fare adesso?

da **ste_95** » lun apr 06, 2009 6:07 pm

Antonypax ha scritto:comunque cosa devo fare adesso?

Hai sempre l'errore di applicazione non valida?

da **Antonypax** » lun apr 06, 2009 6:20 pm

ste_95 ha scritto:
Antonypax ha scritto:comunque cosa devo fare adesso?

Hai sempre l'errore di applicazione non valida?

l' errore nn ce +
xò si manifesta in un altro modo
Quando uso esempio Photoshop, mi si blokka all' inizio , e nn riesco ad usarlo
SPORE neanke nn si avvia
The sims 2 mi si blokka
Ed è anche leento il PC

da **Antonypax** » mar apr 07, 2009 7:23 pm

che faccio adesso?

da **ste_95** » mar apr 07, 2009 7:42 pm

Ma sei riuscito a reinstallare il tuo antivirus? Riesci ad aprire i software di sicurezza?

da **Antonypax** » mar apr 07, 2009 9:22 pm

ste_95 ha scritto:Ma sei riuscito a reinstallare il tuo antivirus? Riesci ad aprire i software di sicurezza?

no

da **ste_95** » mer apr 08, 2009 5:48 am

Riprova FindyKill.

Amantide ha scritto:Sembra che sia stato rimosso tutto, ma per sicurezza scarica anche FindyKill ed eseguilo scegliendo l'opzione 2.

da **Antonypax** » gio apr 09, 2009 7:26 pm

ste_95 ha scritto:Riprova FindyKill.
Amantide ha scritto:Sembra che sia stato rimosso tutto, ma per sicurezza scarica anche FindyKill ed eseguilo scegliendo l'opzione 2.

ho fatto con findykill, ho cercato le minacce:

############################## [ FindyKill V4.722 ]

# User : Antonypax (Administrators) # PC302014470238
# Update on 04/04/09 by Chiquitine29
# Start at: 20.24.22 | 09/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Genuine Intel(R) CPU T2250 @ 1.73GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090319-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disco rigido locale # 103,08 Go (54,6 Go free) [OS] # NTFS
# D:\ # Disco rigido locale # 7,69 Go (678,63 Mo free) [HP_RECOVERY] # FAT32
# E:\ # Disco CD-ROM # 592,53 Mo (0 Mo free) [Sims2EP1_1] # CDFS
# F:\ # Disco CD-ROM
# G:\ # Disco rigido locale # 186,26 Go (71,37 Go free) [TREKSTOR] # FAT32
# I:\ # Disco rimovibile

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Plus\Dancer\Dancer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wintems.exe
G:\Programmi\CamTrack\camtrack.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\fileco~1\instal~1\update~1\isuspm.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe
C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected processes stopped ]

"C:\WINDOWS\system32\wintems.exe" (1016)
"C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe" (2988)

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

Found ! C:\WINDOWS\Prefetch\1083343.EXE-29CADE9E.pf
Found ! C:\WINDOWS\Prefetch\1200937.EXE-038DF2F7.pf
Found ! C:\WINDOWS\Prefetch\1206125.EXE-237D0687.pf
Found ! C:\WINDOWS\Prefetch\1215625.EXE-02BBAF5B.pf
Found ! C:\WINDOWS\Prefetch\1466328.EXE-35D27B0B.pf
Found ! C:\WINDOWS\Prefetch\16013875.EXE-3B35C51F.pf
Found ! C:\WINDOWS\Prefetch\16143734.EXE-22698CEE.pf
Found ! C:\WINDOWS\Prefetch\16148421.EXE-19DA433C.pf
Found ! C:\WINDOWS\Prefetch\16152796.EXE-2E2E0BA5.pf
Found ! C:\WINDOWS\Prefetch\16384312.EXE-079A4344.pf
Found ! C:\WINDOWS\Prefetch\8844671.EXE-2C99A9BB.pf
Found ! C:\WINDOWS\Prefetch\8920812.EXE-0AD5715E.pf
Found ! C:\WINDOWS\Prefetch\8964812.EXE-2907D533.pf
Found ! C:\WINDOWS\Prefetch\8972750.EXE-33FD867F.pf
Found ! C:\WINDOWS\Prefetch\8982171.EXE-0337CD84.pf
Found ! C:\WINDOWS\Prefetch\9197187.EXE-1F42DE8A.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-35E96CB6.pf
Found ! C:\WINDOWS\Prefetch\KEY_GEN.EXE-102AC7B8.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Found ! C:\WINDOWS\Prefetch\PATCH.EXE-134653F7.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\System32... ]

Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\ban_list.txt

################## [ C:\Documents and Settings\Antonypax\Application Data ]

Found ! "C:\Documents and Settings\Antonypax\Application Data\m\shared"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m\srvlist.oct"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers\downld"

################## [ C:\Documents and Settings\Antonypax...\Temp Files... ]

################## [ Registry / Infected keys ]

Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_gen
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

################## [ Searching in removable drives ]

# Contents of autorun : E:\autorun.inf

# Presence of files :

Found ! "E:\autorun.inf"

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ ! End of report # FindyKill V4.722 ! ]

adesso faccio: Pulisci

da **Antonypax** » gio apr 09, 2009 8:21 pm

Findikill

############################## [ FindyKill V4.722 ]

# User : Antonypax (Administrators) # PC302014470238
# Update on 04/04/09 by Chiquitine29
# Start at: 20.43.50 | 09/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Genuine Intel(R) CPU T2250 @ 1.73GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090319-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disco rigido locale # 103,08 Go (54,61 Go free) [OS] # NTFS
# D:\ # Disco rigido locale # 7,69 Go (678,63 Mo free) [HP_RECOVERY] # FAT32
# E:\ # Disco CD-ROM # 592,53 Mo (0 Mo free) [Sims2EP1_1] # CDFS
# F:\ # Disco CD-ROM
# G:\ # Disco rigido locale # 186,26 Go (71,37 Go free) [TREKSTOR] # FAT32
# I:\ # Disco rimovibile

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

Deleted ! C:\WINDOWS\Prefetch\1083343.EXE-29CADE9E.pf
Deleted ! C:\WINDOWS\Prefetch\1200937.EXE-038DF2F7.pf
Deleted ! C:\WINDOWS\Prefetch\1206125.EXE-237D0687.pf
Deleted ! C:\WINDOWS\Prefetch\1215625.EXE-02BBAF5B.pf
Deleted ! C:\WINDOWS\Prefetch\1466328.EXE-35D27B0B.pf
Deleted ! C:\WINDOWS\Prefetch\16013875.EXE-3B35C51F.pf
Deleted ! C:\WINDOWS\Prefetch\16143734.EXE-22698CEE.pf
Deleted ! C:\WINDOWS\Prefetch\16148421.EXE-19DA433C.pf
Deleted ! C:\WINDOWS\Prefetch\16152796.EXE-2E2E0BA5.pf
Deleted ! C:\WINDOWS\Prefetch\16384312.EXE-079A4344.pf
Deleted ! C:\WINDOWS\Prefetch\8844671.EXE-2C99A9BB.pf
Deleted ! C:\WINDOWS\Prefetch\8920812.EXE-0AD5715E.pf
Deleted ! C:\WINDOWS\Prefetch\8964812.EXE-2907D533.pf
Deleted ! C:\WINDOWS\Prefetch\8972750.EXE-33FD867F.pf
Deleted ! C:\WINDOWS\Prefetch\8982171.EXE-0337CD84.pf
Deleted ! C:\WINDOWS\Prefetch\9197187.EXE-1F42DE8A.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-35E96CB6.pf
Deleted ! C:\WINDOWS\Prefetch\KEY_GEN.EXE-102AC7B8.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Deleted ! C:\WINDOWS\Prefetch\PATCH.EXE-134653F7.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-057FCA11.pf

################## [ C:\WINDOWS\System32... ]

Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! C:\WINDOWS\system32\ban_list.txt

################## [ C:\Users\...\AppData\Roaming ]

Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\list.oct"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\data.oct"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\shared"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers"

################## [ Cleaning .. Temp Files... ]

################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\FirtR
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_gen
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]

# Deleting Files :

Not deleted ! "E:\autorun.inf"

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe
CRC32 .. : 13aa1e4a
MD5 .... : b1a5a89500614b6883431fc5b1495783

Suspect ! : G:\Recycled\Dg4.16-03-2011\key_gen.exe
# Taille : 802816 # MD5 : 79D8A7FC37FF6AF5072F4D3B0120ECCA
File was renamed : key_gen.exe.REN

Suspect ! : G:\Recycled\Dg10.303\patch.exe
# Taille : 864256 # MD5 : 3B0299D2ED3587A62BD15341DE6396EF
File was renamed : patch.exe.REN

Suspect ! : G:\Recycled\Dg13.Edition+Seriale\setup.exe
# Taille : 864256 # MD5 : 3B0299D2ED3587A62BD15341DE6396EF
File was renamed : setup.exe.REN

Suspect ! : G:\Recycled\Dg14.(Jolpe)\setup.exe
# Taille : 802816 # MD5 : 79D8A7FC37FF6AF5072F4D3B0120ECCA
File was renamed : setup.exe.REN

Deleted ! : G:\Documenti\eMule AdunanzA\Incoming\Programmi-Ita-AntiVir.Personal.Edition.zip
Contain crac.exe [856064] with Bagle CRC32 : 13AA1E4A

Deleted ! : G:\Documenti\eMule AdunanzA\Incoming\Programmi-Ita-AntiVir.Personal.Edition\crac.exe
# Taille : 856064 # MD5 : B1A5A89500614B6883431FC5B1495783

################## [ Corrupted files # Re-Installation required ]

C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
C:\Programmi\Spybot - Search & Destroy\blindman.exe
C:\Programmi\Spybot - Search & Destroy\Update.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\navapsvc.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\NavShcom.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\NAVStub.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\Navw32.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\Navwnt.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\SAVScan.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccApp.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccEvtMgr.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccSetMgr.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\NMain.exe
C:\SWSetup\InetSec06\IT\Support\Proxy\ccPxyCre\ccProxy.exe
C:\SWSetup\InetSec06\IT\Support\SPBBC\SPBBC\SYMSHARE\SPBBC\SPBBCSVC.EXE
C:\SWSetup\InetSec06\IT\Support\SymNet\SymNet\SYMSHARE\SNDSrvc.exe
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893066\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB896727\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911164\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\$NtUninstallKB898461$\update.exe
C:\WINDOWS\$NtUninstallKB904942$\update.exe
C:\WINDOWS\$NtUninstallKB915865$\update.exe
C:\WINDOWS\$NtUninstallKB932823-v3$\update.exe
C:\WINDOWS\$NtUninstallKB942763$\update.exe
C:\WINDOWS\$NtUninstallKB950749$\update.exe
C:\WINDOWS\$NtUninstallKB950760$\update.exe
C:\WINDOWS\$NtUninstallKB950762_0$\update.exe
C:\WINDOWS\$NtUninstallKB951376-v2$\update.exe
C:\WINDOWS\$NtUninstallKB951698$\update.exe
C:\WINDOWS\$NtUninstallKB951748$\update.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe
C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
C:\WINDOWS\ie7updates\KB950759-IE7\update.exe
C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe
C:\WINDOWS\SoftwareDistribution\Download\e727e3ae91da0ff4beef60db8a3bc368\update\update.exe
C:\WINDOWS\system32\dllcache\sysinfo.exe
G:\Programmi\File comuni\Sonic Shared\Sonic Central\Data\Launch.exe
G:\Programmi\File comuni\Sonic Shared\Sonic Central\Audio\Launch.exe
G:\Programmi\ESET\nod32.exe
G:\Programmi\ESET\nod32krn.exe
G:\Programmi\ESET\nod32kui.exe
G:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

################## [ ! End of Report # FindyKill V4.722 ! ]

da **ste_95** » gio apr 09, 2009 8:24 pm

Prova a riscaricare e reinstallare il tuo antivirus.

da **Antonypax** » ven apr 10, 2009 10:46 pm

ste_95 ha scritto:Prova a riscaricare e reinstallare il tuo antivirus.

mi funziona d nuovo l' antivirus

da **ste_95** » sab apr 11, 2009 5:54 am

Ottimo!
Ora usa questo per ripristinare i servizi e le funzioni disabilitate da Bagle. [^]

www.MegaLab.it

credo un Bagle

credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Re: credo un Bagle

Chi c’è in linea