Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Virus (forse) indomabile

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Virus (forse) indomabile

Messaggioda Light » mar giu 02, 2009 7:28 pm

Non sò se si tratta effettivamente di un virus o se è un problema di hardware.. ma credo sia la prima possibilità perché è una cosa riscontrata di colpo ieri pomeriggio poco tempo dopo aver aperto un programma scaricato da e-mule.

Ogni volta che apro il pc il CPU raggiunge percentuali assurde... mi basta aprire una scansione con l'antivirus o due programmi insieme che il CPU arriva all'80% e in più dopo un po' si blocca tutto, puntatore incluso. Questo seguito da un lungo "biip" proveniente dal case.. e devo chiudere il pc.


Per favore aiutatemi sono disperato...
Ultima modifica di ba_61 il mar giu 02, 2009 8:44 pm, modificato 1 volta in totale.
Motivazione: Spostato
Avatar utente
Light
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: mer feb 11, 2009 10:30 am

Re: Virus (forse) indomabile

Messaggioda ste_95 » mar giu 02, 2009 7:34 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Virus (forse) indomabile

Messaggioda Light » mar giu 02, 2009 8:56 pm

ComboFix 09-05-31.06 - user 02/06/2009 21.31.14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1919.1224 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {546B024C-D95F-4995-8063-871895A8F370}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\ntuser.dat
C:\Documents and Settings\Administrator\NtUser.dat.LOG
C:\Documents and Settings\Administrator\ntuser.ini
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Default User\NTUSER.DAT
C:\Documents and Settings\Default User\NtUser.dat.LOG
C:\Documents and Settings\LocalService\ntuser.dat
C:\Documents and Settings\LocalService\ntuser.dat.LOG
C:\Documents and Settings\LocalService\ntuser.ini
C:\Documents and Settings\NetworkService\NTUSER.DAT
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
C:\Documents and Settings\NetworkService\ntuser.ini
C:\Documents and Settings\user\.recently-used.xbel
C:\Documents and Settings\user\Dati applicazioni\drivers\downld
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1007531.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1009015.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1009687.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1016890.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1235328.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1235484.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1235500.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1244453.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1244671.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1244796.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1257312.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1257609.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1257734.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1314500.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1314671.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1314687.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1326781.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1327015.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1327218.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1353328.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1356546.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1366015.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1376328.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1377437.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\1377531.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15668437.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15668453.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15682062.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15682593.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15682937.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15685031.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15688906.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15689390.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15696265.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15696781.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15697125.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15753453.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15753468.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15810078.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15810312.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15810421.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15819265.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15819281.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15821671.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15821687.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15841015.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15842046.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15842671.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15843656.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15844453.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15845312.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15846343.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15846656.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15846890.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15870796.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15871437.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\15874937.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16537625.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16537640.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16564406.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16565640.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16565781.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16579796.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16580125.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16580500.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16593437.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16593875.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\16593953.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\181968.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\183609.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\183656.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\196093.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\196843.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\196906.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\199265.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\203359.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\204281.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\204937.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\206015.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\206656.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\207031.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\207625.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\208656.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\208796.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\209078.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\209312.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\212046.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\212625.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\212968.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\221750.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\222687.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\223031.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\246875.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\247046.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\247125.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\247609.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\253625.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\253781.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\284468.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\284781.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\284906.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\293531.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\294062.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\296125.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\296718.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\306828.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\308500.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\30997375.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31048562.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31053015.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31053437.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31054296.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31056546.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31056953.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31128937.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31130281.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31130625.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\311421.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\312125.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\312796.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31317000.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31317015.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\313234.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\313937.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31599312.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31599781.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31603859.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31635687.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31635703.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31645109.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31704953.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31715218.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31715734.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31717937.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31720078.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31722171.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31723125.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31724406.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31724531.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\317375.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\317500.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31780265.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31781265.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\31781562.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32484187.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32484203.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32544609.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32553812.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32622906.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32627421.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32627578.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32641796.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32642093.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\32642578.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\328890.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\329593.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\330078.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\368984.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\373125.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\373156.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\392234.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\393093.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\393500.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\394093.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\395718.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\396375.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\406500.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\409859.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\411093.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\411687.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\411984.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\412968.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\444703.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\446281.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\446437.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\446765.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\446781.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\447062.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\447140.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\448187.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\448203.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\449140.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\449687.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\449703.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\457312.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\457796.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\458156.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\458656.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\458812.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\459734.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\459968.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\460156.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\460359.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\460875.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\461546.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\462015.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\462765.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\464453.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\465296.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\465703.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\471906.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\478046.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\497156.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\498000.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\499796.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\505671.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\513656.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\513843.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\513875.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\530859.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\531500.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\540625.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\540875.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\540984.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\543421.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\543968.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\544000.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\545953.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\546390.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\548546.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\549031.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\549109.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\549609.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\549640.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\558828.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\559968.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\560406.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\561093.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\561734.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\562156.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\570640.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\571703.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\572109.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\572765.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\573406.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\573828.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\574484.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\574750.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\574843.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\585515.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\586046.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\586343.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\587046.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\664359.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\665171.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\665718.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\982375.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\982515.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\982531.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\991890.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\992140.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\downld\992578.exe
C:\Documents and Settings\user\Dati applicazioni\drivers\srosa2.sys
C:\Documents and Settings\user\Dati applicazioni\m
C:\Documents and Settings\user\Dati applicazioni\m\list.oct
C:\Documents and Settings\user\Dati applicazioni\m\shared\(Giochi Nokia) Anno1503.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\[APP - ITA] trend micro mobile security 2.0 crack(1).zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\2_Avg.Anti.Virus.Pro.7.+.Crack.and.Serial(By.Ice.Icool).zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\2d ruler 1.2.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\3f Software Planner 2006 4.0.1.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\A Great Grabber 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Aberystwyth Webcams 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\ActionOutline 3.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\ActiveTreeNotes 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\AdeptXLS 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Advanced Data Export .NET 1.6.0.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Alagus Printer Installer 2.0 build 0919.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\AlphaTIX 1.0.6.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\American Soldier At War Clock Screen Saver 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\AMUST 1-Login 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Ask Oscar 1.1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\AstroChip 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\avast!.Professional.v4.7.871.+.Keygen.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Avast.4.7.844.FR.Antivirus.et.antitrojan.août.2006.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Avast.Antivirus.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Avast.Professional.Edition.v4.6.652.Keymaker.Only-ACME.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\AVG.+.Firewall.+.Serial.+.Cracks.-.V.7.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\BackTrakPro 2.0.1 build 27.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Backup Plus 7.7.1.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Bay Reflections Screen Saver 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\BekArts Mail's Happy 1.3.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\BetterAWStats 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Biorhythms Plus! 2008 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Black Guard 3.1.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\bus.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\ClamWin Virus Databases 6 December 2008.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Computer.Associates.SAP.R-3.Agent.v9.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Console 2.00 Build 138 Beta.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Custodia AntiVirus 2008 20.41.01.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Daniusoft Video to BlackBerry Converter 2.0.1.8.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Dealighted dealfinder 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\DnnScanFree 01.00.00.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Dr Glitter 1.46.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\drweb 4.32b expires 07-04-2010.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\DVD Apple TV Ripper 4.3.9.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Easy Audio Converter PRO 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Easy Web Editor 2008.24.243.387.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\everywheretime 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Extended Cookie Manager 0.9.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\FabFilter One 3.04.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Faststone Image Viewer 3.6.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Find'n'Block Personal Firewall 2.2.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\FlySwatter 1.1.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Fonts.com Search 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Free SMTP Server 2.4.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Frobisher Font TrueType 1.51.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Gargoyles 1.00.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Get Icons 2.5.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\GoBinder 2006.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\GOO DVD to 3GP Ripper 2.00.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Grocery List Manager 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Hasty Pudding.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Hitwise To Go - UK 5.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\HS Invoice Manager 1.3.5.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\ID3 Editor Lite 1.4.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\IM DVD Image Capture 3.0.1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Instant Invoice n CashBook 2007 4.5.7.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Javascript Box 1.0.0.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Jeep 401 - 500 Screen Saver 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\JODReports 2.0.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\KidsWatch Time Control Advanced 3.5.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Knowbody Scale Alert 4.1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Laetitia Casta Screensaver3.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Launch Express 1.10.2 Build 57.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\LingvoSoft Dictionary 2007 English - Japanese Kana Romaji 4.0.22.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\LingvoSoft Talking Dictionary 2008 English - Portuguese 4.1.29.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\MacIP Change 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Math Scratch 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Merge Join and Combine Multiple PDF Files into One 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\MIDI Control Center 1.7.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Mobile.Systems.QuickWrite.v2.20.S60v3.SymbianOS9.1.Regged-BiNPDA.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Moreover Soccer 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\MOS-AXP - Access 2002 Core Practice Test Questions 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\netcrafttoolbar 1.1.1.8.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\News File Grabber 4.6.0.2.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\News Server 1.0.2.2.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\NoVirusThanks.org Uploader 1.0.1.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\OTPLS 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\OutReach 1.2.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Patch.10.per.McAfee.VirusScan.8.0i.Enterprise.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\PeopleFinders.com People Search 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Philipp Winterberg - Rugen 2.00.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Plato Video Creator 3.36.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\PortFlash 3.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Power WMA Recorder 3.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\ProofLocker 1.1.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Reduce Exe 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\ReportWay 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\ReSharper NHibernate Plugin 0.9.4 (1.0 Alpha 4).zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Retirement Planner 1.5.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Safabyte Network Pro Suite 2008 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Sapphire Plug-ins AE 2.03.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Scenic Drive - Dry Creek Road in the Rain 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Screen Grabber 3.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Sophos.Antivirus.V3.90.Multilanguage-SHooTERS[Soulreaver&S4cK].zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Spam Bot Blocker 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Spirits On The Wind 1.0.6.2634.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Spring Fantasy Screensaver 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Sterling2 1.7.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Stimulus 4.1.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Sunny Morning - Animated Screensaver 5.07.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Symantec.AntiVirus.Corporate.Edition.v10.1.5.5000-DVT.part4.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Symantec.Antivirus.Corporate.Edition.v9.0.DivxPost.Net.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Symantec_Win_Fax_10_Pro.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\TabKeeper 1.1.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\This Is PK Mind Over Matter.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\TicketsNow Search 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\TimerPro 2.00.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\TreeDBNotes Pro 3.3.6 Build 005.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\twin peaks screensaver 01.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\UGadget 1.6.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\ViceVersa Plus 2.4.2.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Video Games 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\VischeckPS 1.01.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\VisLogic 1.7.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\VoIP H.323 SDK 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Wacky Fraction Calculator 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Watermill 3D Photo Screensaver 1.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Website Capture Plugin 1.1.0.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\Win Kicks 2.0.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\WMV To MP3 Converter 1.00.zip
C:\Documents and Settings\user\Dati applicazioni\m\shared\WS Tools 1.zip
C:\Documents and Settings\user\Dati applicazioni\m\srvlist.oct
C:\Documents and Settings\user\default.pls
C:\Documents and Settings\user\Menu Avvio\Programmi\Videos.url
C:\Documents and Settings\user\ntuser.dat
C:\Documents and Settings\user\ntuser.dat.LOG
C:\Documents and Settings\user\ntuser.ini
C:\Documents and Settings\user\Preferiti\Videos.url
C:\Documents and Settings\user\stdout.txt
C:\Documents and Settings\user\svg2lvl.log
C:\WINDOWS\system32\acleditz.exe
C:\WINDOWS\system32\config\systemprofile\ntuser.dat
C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
C:\WINDOWS\Temp\scsE.tmp
C:\WINDOWS\Temp\scsF.tmp
.
---- Esecuzione precedente -------
.
C:\Recyclers
C:\WINDOWS\msmmsgr.exe
C:\WINDOWS\system32\blat.exe
C:\WINDOWS\system32\digiwet.dll
C:\WINDOWS\Temp\scsE.tmp
C:\WINDOWS\Temp\scsF.tmp

----- BITS: Possibili siti infetti -----

hxxp://www.hhdsoftware.com
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AUDIOSRVBITS
-------\Service_AudioSrvBITS


((((((((((((((((((((((((( Files Creati Da 2009-05-02 al 2009-06-02 )))))))))))))))))))))))))))))))))))
.

2009-06-02 19:45:46 . 2009-06-02 19:45:47 0 d-----w- C:\Documents and Settings\LocalService.NT AUTHORITY\Dati applicazioni\VMware
2009-06-02 19:43:13 . 2007-09-11 20:59:26 0 d-s---w- C:\Documents and Settings\Administrator.USER-C4BD2E0F42\Dati applicazioni\Microsoft
2009-06-02 19:43:12 . 2007-09-11 20:59:26 0 d-s---w- C:\Documents and Settings\LocalService.NT AUTHORITY\Dati applicazioni\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 19:46:37 . 2009-05-29 05:50:43 108736 ----a-w- C:\WINDOWS\system32\drivers\56f6b0a3.sys
2009-06-02 19:46:29 . 2009-06-02 19:43:13 262144 ----a-w- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat
2009-06-02 19:46:29 . 2009-06-02 19:43:10 262144 ----a-w- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat
2009-06-02 19:46:28 . 2009-06-02 19:43:15 524288 ---ha-w- C:\Documents and Settings\Administrator.USER-C4BD2E0F42\ntuser.dat
2009-06-02 19:46:11 . 2009-06-02 19:46:11 0 d-----w- C:\Documents and Settings\Administrator.USER-C4BD2E0F42\Dati applicazioni\Identities
2009-06-02 19:45:43 . 2009-04-28 20:00:07 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\VMware
2009-06-02 19:45:40 . 2007-11-04 21:19:58 0 d-----w- C:\Programmi\cFosSpeed
2009-06-02 19:42:20 . 2009-02-11 11:56:51 3630956 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx
2009-06-02 19:42:20 . 2009-02-11 11:56:51 310183968 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat
2009-06-02 18:06:34 . 2008-04-03 20:02:36 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2009-06-02 14:51:14 . 2007-09-27 16:34:45 0 d-----w- C:\Programmi\eMule
2009-06-02 14:44:57 . 2008-01-29 15:34:47 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-02 14:44:37 . 2009-06-02 14:44:36 0 d-----w- C:\Programmi\EMC
2009-05-29 05:50:44 . 2009-05-24 21:06:10 100 --s-a-w- C:\WINDOWS\system32\806969618.dat
2009-05-22 05:37:04 . 2007-10-14 22:09:03 0 d-----w- C:\Programmi\Messenger Plus! Live
2009-05-21 19:50:06 . 2007-10-03 16:31:40 0 d-----w- C:\Programmi\Mozilla Thunderbird
2009-05-20 16:16:07 . 2008-07-06 13:36:18 413696 ----a-w- C:\WINDOWS\system32\wrap_oal.dll
2009-05-20 16:16:07 . 2008-07-06 13:34:12 110592 ----a-w- C:\WINDOWS\system32\OpenAL32.dll
2009-05-20 15:59:16 . 2009-05-20 15:59:16 0 d-----w- C:\Programmi\Deep Silver
2009-05-20 15:58:22 . 2009-05-20 15:58:08 0 d-----w- C:\Programmi\AGEIA Technologies
2009-05-20 15:57:57 . 2009-05-20 15:57:55 0 d-----w- C:\Programmi\File comuni\Wise Installation Wizard
2009-05-20 10:36:34 . 2009-05-07 15:14:34 0 d-----w- C:\Programmi\Sacred Edizione Oro
2009-05-15 12:35:13 . 2001-08-31 12:00:00 83154 ----a-w- C:\WINDOWS\system32\perfc010.dat
2009-05-15 12:35:13 . 2001-08-31 12:00:00 485618 ----a-w- C:\WINDOWS\system32\perfh010.dat
2009-05-14 20:37:19 . 2009-05-14 20:12:41 0 d-----w- C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2009-05-14 20:37:19 . 2009-05-14 20:12:41 0 d-----w- C:\Programmi\Conduit
2009-05-14 20:12:26 . 2009-05-14 20:12:24 0 d-----w- C:\Programmi\MegaPack CoolStreaming
2009-05-07 15:18:44 . 2009-05-07 15:14:28 0 d--h--w- C:\Programmi\FX Uninstall Information
2009-05-04 11:38:48 . 2009-05-04 11:38:48 361600 ----a-w- C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2009-05-04 11:38:48 . 2004-08-03 21:14:42 361600 ----a-w- C:\WINDOWS\system32\drivers\TCPIP.SYS
2009-05-03 22:23:19 . 2009-04-28 12:11:34 0 d-----w- C:\Programmi\Eurobarre
2009-05-03 22:21:57 . 2009-05-03 22:21:57 97792 ----a-w- C:\WINDOWS\system32\drivers\ACEDRV05.sys
2009-05-03 21:37:29 . 2009-05-03 21:37:29 0 d-----w- C:\Programmi\Ascaron Entertainment
2009-04-28 19:58:58 . 2009-04-28 19:58:57 0 d-----w- C:\Programmi\VMware
2009-04-28 12:11:33 . 2009-04-28 12:11:33 15872 ------w- C:\WINDOWS\system32\winskfr.dll
2009-04-27 19:12:39 . 2009-04-27 19:12:29 0 d-----w- C:\Programmi\Guitar Pro 5
2009-04-23 21:51:34 . 2009-02-10 21:35:07 0 d-----w- C:\Programmi\File comuni\Nokia
2009-04-23 21:51:34 . 2009-02-10 21:33:37 0 d-----w- C:\Programmi\Nokia
2009-04-23 21:50:55 . 2009-04-23 21:50:55 36864 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Installations\{EF4F620F-F295-41D7-92C0-6B635709C850}\Installer\CommonCustomActions\Sleep.exe
2009-04-23 21:50:55 . 2009-04-23 21:50:55 3351812 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Installations\{EF4F620F-F295-41D7-92C0-6B635709C850}\Installer\CommonCustomActions\msxml6Exec.exe
2009-04-23 21:50:55 . 2009-04-23 21:50:55 3181612 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Installations\{EF4F620F-F295-41D7-92C0-6B635709C850}\Installer\CommonCustomActions\vcredistExec.exe
2009-04-23 21:50:46 . 2009-02-10 21:38:27 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2009-04-23 21:50:30 . 2009-04-23 21:50:25 0 d-----w- C:\Programmi\NSS
2009-04-23 21:48:36 . 2009-04-23 21:50:59 24521320 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Installations\{EF4F620F-F295-41D7-92C0-6B635709C850}\NokiaSoftwareUpdaterSetup_it.exe
2009-04-13 17:05:30 . 2009-02-07 16:49:15 0 d-----w- C:\Programmi\Drive Rescue
2009-04-07 15:34:35 . 2009-04-07 15:34:35 0 d-----w- C:\Programmi\Gameforge4D
2009-03-06 14:19:00 . 2004-08-19 13:39:22 286208 ----a-w- C:\WINDOWS\system32\pdh.dll
2009-02-11 11:33:32 . 2009-02-11 11:33:31 2440 ----a-w- C:\Programmi\rwdizxis.txt
2008-03-28 20:53:02 . 2008-03-28 20:52:55 50027 ----a-w- C:\Programmi\Uninstal.exe
2005-09-19 11:47:00 . 2007-09-29 16:54:01 44158 ----a-w- C:\Programmi\mozilla firefox\components\inspector.dll
.

------- Sigcheck -------

[-] 2006-04-20 12:18:35 360576 B2220C618B42A2212A59D91EBD6FC4B4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53:32 360832 64798ECFA43D78C7178375FCDD16D8C8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44:42 360960 744E57C99232201AE98C49168B918F48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51:12 361600 9AEFA14BD6B182D61E3119FA5F436D3D C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59:02 361600 AD978A1B783B5719720CFF204B666C8E C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45:13 360320 2A5554FC5B1E04E131230E3CE035C3F9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 10:20:18 361344 93EA8D04EC73A85DB02EB8805988F733 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-05-04 11:38:48 361600 07D26189C25F030F7828B7F669170FD6 C:\WINDOWS\system32\dllcache\TCPIP.SYS
[-] 2009-05-04 11:38:48 361600 07D26189C25F030F7828B7F669170FD6 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 06:35:00 7634944]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-10-04 20:22:20 185632]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51:55 39792]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 13:57:24 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 07:25:06 1828136]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-11-20 12:20:54 290088]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 12:28:45 266497]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-11-04 09:30:50 413696]
"vmware-tray"="C:\Programmi\VMware\VMware Workstation\vmware-tray.exe" [2008-10-28 21:07:58 96816]
"WinGuard Pro"="c:\Drivers\wgp\wgpro0.exe" [2009-05-12 20:55:58 254744]
"NvMediaCenter"="NvMCTray.dll" - C:\WINDOWS\system32\nvmctray.dll [2006-10-31 06:35:00 86016]
"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2006-08-01 11:10:18 16049664]
"BluetoothAuthenticationAgent"="bthprops.cpl" - C:\WINDOWS\system32\bthprops.cpl [2008-04-13 17:14:26 110592]
"AGRSMMSG"="AGRSMMSG.exe" - C:\WINDOWS\AGRSMMSG.exe [2006-04-28 07:54:44 89542]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 17:14:04 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
morte.bat [2008-6-29 123]
Privoxy.lnk - C:\Programmi\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-9-11 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Free Download Manager\\fdmwi.exe"=
"C:\\Programmi\\Metin2_Italiano\\metin2.bin"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Free Download Manager\\fdm.exe"=
"C:\\Programmi\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"C:\\Programmi\\BioWare Corp\\Neverwinter Nights\\nwmain.exe"=
"C:\\Programmi\\BioWare Corp\\nwn2main.exe"=
"C:\\Programmi\\BioWare Corp\\nwn2main_amdxp.exe"=
"C:\\Programmi\\BioWare Corp\\nwupdate.exe"=
"C:\\Programmi\\BioWare Corp\\nwn2server.exe"=
"C:\\Python25\\pythonw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\NAMCO BANDAI Games\\Warhammer® Mark of Chaos\\Warhammer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Aspyr\\Guitar Hero III\\GH3.exe"=
"C:\\Programmi\\ActiveState Komodo IDE 4\\lib\\mozilla\\komodo.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\msnCrak\\MSN_CRAK.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\VMware\\VMware Workstation\\vmware-authd.exe"=
"C:\\Programmi\\Sacred Edizione Oro\\Sacred.exe"=
"C:\\Programmi\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"C:\\Programmi\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8118:TCP"= 8118:TCP:porta
"9050:TCP"= 9050:TCP:porta
"1730:UDP"= 1730:UDP:Windows Media Format SDK (Mediacenter.exe)
"1731:UDP"= 1731:UDP:Windows Media Format SDK (Mediacenter.exe)
"1734:UDP"= 1734:UDP:Windows Media Format SDK (Mediacenter.exe)
"1735:UDP"= 1735:UDP:Windows Media Format SDK (Mediacenter.exe)
"1736:UDP"= 1736:UDP:Windows Media Format SDK (Mediacenter.exe)

R1 is-64F1Tdrv;is-64F1Tdrv;C:\WINDOWS\system32\drivers\39464749.sys [11/02/2009 14.09.23 148496]
R1 is-H39V2drv;is-H39V2drv;C:\WINDOWS\system32\drivers\96947276.sys [11/02/2009 13.56.24 148496]
R1 is-IA42Qdrv;is-IA42Qdrv;C:\WINDOWS\system32\drivers\22590095.sys [11/02/2009 16.53.25 148496]
R1 is-MNF3Edrv;is-MNF3Edrv;C:\WINDOWS\system32\drivers\42926856.sys [11/02/2009 13.56.46 148496]
R1 is-P440Qdrv;is-P440Qdrv;C:\WINDOWS\system32\drivers\25326688.sys [11/02/2009 16.05.07 148496]
R2 ssoftnt4;ssoftnt4;C:\WINDOWS\system32\drivers\ssoftnt4.sys [05/07/2008 13.06.51 100728]
R2 vmci;VMware vmci;C:\WINDOWS\system32\drivers\vmci.sys [28/10/2008 23.08.58 54960]
S2 Mesppanger;Mesppanger;c:\Recyclers\svchost.exe --> c:\Recyclers\svchost.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [12/02/2009 18.53.45 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [12/02/2009 18.53.46 8320]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [25/01/2007 19.31.34 42000]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\drivers\prodigy.sys [23/04/2009 23.50.30 32377]
S3 tapavpn;Steganos Anonym VPN Adapter;C:\WINDOWS\system32\drivers\tapavpn.sys [19/10/2007 10.50.50 24320]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]

2009-06-02 C:\WINDOWS\Tasks\WGASetup.job
- C:\WINDOWS\system32\KB905474\wgasetup.exe [2009-04-01 01:00:26 . 2009-03-10 20:18:10]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{4254B9C7-BF69-49E0-A16E-5261E3AD36DD} - (no file)
Notify-WgaLogon - (no file)
SafeBoot-procexp90.sys


.
------- Scansione supplementare -------
.
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Programmi\Free Download Manager\FUM\fumiebtn.dll
LSP: C:\Programmi\VMware\VMware Workstation\vsocklib.dll
TCP: {FA468CA9-0951-446A-B1A3-08FF046658D7} = 85.37.17.51 85.38.28.97
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath -
.


ecco
Avatar utente
Light
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: mer feb 11, 2009 10:30 am


Re: Virus (forse) indomabile

Messaggioda Light » mar giu 02, 2009 10:11 pm

Nessuno riesce ad aiutarmi !?
Avatar utente
Light
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: mer feb 11, 2009 10:30 am

Re: Virus (forse) indomabile

Messaggioda Amantide » mar giu 02, 2009 11:07 pm

Un po' di roba è stata rimossa da Combofix.
Per terminare la rimozione di Bagle scarica FindyKill (by Chiquitine29)ed installalo (è in francese però è di facile comprensione).
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt

Fai anche la scansione completa con Malwarebytes' Anti-Malware e posta qui il report della scansione tramite il tag LOG.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Virus (forse) indomabile

Messaggioda Light » mer giu 03, 2009 9:58 am

Ora lo faccio..
ma si tratta sicuro di bagle!?! possibile che mi ha bruciato la ram?
[V]
come detto sopra se aproun antivirus il CPU arriva al 100% e il bios mi da un lungo eprolungato beep...
a breve vi posto i log
Avatar utente
Light
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: mer feb 11, 2009 10:30 am

Re: Virus (forse) indomabile

Messaggioda Light » mer giu 03, 2009 10:42 am

Il problema permane.. comunque ecco i log
FindyKill

############################## [ FindyKill V4.732 ]

# User : Administrator (Administrators) # USER-C4BD2E0F42
# Update on 02/06/09 by Chiquitine29
# Start at: 11.19.52 | 03/06/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : CyberDefender Internet Security 2008 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | (!) Outdated ]
# FW : ActiveArmor Firewall[ (!) Disabled ]1.0

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 232,88 Go (28,26 Go free) # NTFS
# D:\ # Disco CD-ROM
# F:\ # Disco CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\cFosSpeed\spd.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files \ Folders ]


################## [ Infected Temp Files ]


################## [ Registry / Infected keys ]


################## [ Cleaning Removable drives ]


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

# -> Nothing found.

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of Report # FindyKill V4.732 ! ]


Anti-malware

Malwarebytes' Anti-Malware 1.37
Versione del database: 2182
Windows 5.1.2600 Service Pack 3

03/06/2009 11.42.30
mbam-log-2009-06-03 (11-42-28).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 104888
Tempo trascorso: 4 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\documents and settings\user\Desktop\EvID4226Patch.exe (Malware.Tool) -> No action taken.
Avatar utente
Light
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: mer feb 11, 2009 10:30 am

Re: Virus (forse) indomabile

Messaggioda crazy.cat » mer giu 03, 2009 11:10 am

Il bagle sembra essersene andato, devi solo cancellare questo file c:\documents and settings\user\Desktop\EvID4226Patch.exe e poi reinstallare i tuoi programmi di sicurezza.
In quanto al beep potrebbe essere un problema di surriscaldamento, prova ad aprire il pc e controlla che le ventole della cpu e dell'alimentatore girino bene e che siano pulite.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Virus (forse) indomabile

Messaggioda Light » mer giu 03, 2009 12:15 pm

Il problema sta nel fatto che misi blocca nello stesso modo anche dopo aver aperto il case averci piazzato affianco un ventilatore [8)]


quindi stavo pensando a un attacco al processore tramire trojan horseo roba simile..spero di no...
ma vorrei sapere se ci sono modi per accertarsene
Avatar utente
Light
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: mer feb 11, 2009 10:30 am

Re: Virus (forse) indomabile

Messaggioda Mikleman » mer giu 03, 2009 2:15 pm

ma no no
non è legato a un virus
allora dimmi quanti beep fa e il tipo
Per esempio:
due beep brevi\1 lungo\ 1 breve\uno lungo

Inoltre compra una bomboletta ad aria compressa e,facendoti aiutare da qualcuno,pulisci l'interno del pc (se hai la ventola intasata di polvere è molto probabile che surriscaldi o semplicemente non riesca a girare bene e quindi vada in autosalvataggio)
Avatar utente
Mikleman
Aficionado
Aficionado
 
Messaggi: 87
Iscritto il: lun mar 30, 2009 10:37 pm

Re: Virus (forse) indomabile

Messaggioda Light » mer giu 03, 2009 4:22 pm

Fa un solo beep continuo, per questo ho pensato alla RAM.
Ma anche piazzandoci un ventilatore accanto ha gli stessi sintomi....
Avatar utente
Light
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: mer feb 11, 2009 10:30 am

Re: Virus (forse) indomabile

Messaggioda Mikleman » mer giu 03, 2009 7:52 pm

Light ha scritto:Fa un solo beep continuo, per questo ho pensato alla RAM.
Ma anche piazzandoci un ventilatore accanto ha gli stessi sintomi....

il ventilatore accanto non fa che danneggiare l'hardware
usa il mio procedimento,spero tu sappia farlo [8D]
In ogni caso non ci vuole molto [rolleyes]
Avatar utente
Mikleman
Aficionado
Aficionado
 
Messaggi: 87
Iscritto il: lun mar 30, 2009 10:37 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising