Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda stevens » lun lug 13, 2009 6:59 pm

sarebbe meglio avenger...

proviamo ''a manina''

visualizza i file nascosti

-Tasto destro su Start--Esplora--Menù Strumenti--Opzioni Cartella--Visualizzazione
-Mettere la spunta a 'Visualizza tutti i files' o "Visualizza cartelle e files nascosti"
-Togliere la spunta a 'Non visualizzare cartelle e files di sistema' o "Nascondi i files protetti di sistema"

segui il percorso dei file e della cartella ed elimina a mano
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda Sem93 » lun lug 13, 2009 7:04 pm

ok grz mille ora provo e ti faccio sapere :)
Avatar utente
Sem93
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: lun lug 13, 2009 1:42 pm
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda Sem93 » lun lug 13, 2009 7:06 pm

Nono trovato.. nnt xD ora vedo di eliminarli
Avatar utente
Sem93
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: lun lug 13, 2009 1:42 pm
Top
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda Sem93 » lun lug 13, 2009 7:23 pm

Ho cercato di eliminarli manualmente ma niente.. i file interessati non sono nelle cartelle..
Avatar utente
Sem93
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: lun lug 13, 2009 1:42 pm
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda stevens » lun lug 13, 2009 8:07 pm

prova ad eliminarli nuovamente con avenger

se si blocca, insisti e dimmi l'eventuale errore che ti appare
usa anche il ''cerca'' di windows per localizzarli....potrebbero anche non essere piu' nel pc

se non riesci, useremo combofix
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda gidan80 » lun lug 27, 2009 9:45 am

prova a scaricarlo di nuovo e a rinominarlo con un nome a caso prima di eseguirlo e vedi se funziona...
Avatar utente
gidan80
Aficionado
Aficionado
 
Messaggi: 59
Iscritto il: lun set 01, 2008 12:14 pm
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda xrwnis » ven lug 31, 2009 11:24 am

Ciao a tutti! Ho lo stesso problema dell'utente Sem93. Ho un sistema operativo windows vista. ho cercato di seguire le istruzioni per rimuovere il bagle della guida di MegaLab (questa qui http://www.MegaLab.it/2657/9/bagle-un-worm-che-attacca-gli-antivirus), solo che il caro amico mi ha bloccato anche la connessione a internet, quindi non ho modo di eseguire la scansione online...Ho provato con FindyKill ma nel report finale non ho trovato da nessuna parte Not Deleted... Ad ogni modo eccolo qui...

----------------- FindyKill V4.707 ------------------

* User : Alessia - PC-ALESSIA
* executed from : C:\Program Files\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 11:58:24 the 31/07/2009
* Windows Vista - Internet Explorer 8.0.6001.18783


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch

Deleted ! - C:\Windows\prefetch\KEY_GEN.EXE-5C74FABF.pf

»»»» Supression files in C:\Windows\system32


»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\Alessia\AppData\Roaming

Deleted ! - "C:\Users\Alessia\AppData\Roaming\inst.exe"

»»»» Supression files in C:\Users\Alessia\AppData\Local\Temp


»»»» Supression files in C:\Users\Alessia\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\ProgramData\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q3E9G31\b64[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VR9RCBXN\b64[1].jpg
Deleted ! - C:\Users\Alessia\Downloads\eMule\Incoming\AlbumArt_{74E90842-5C97-4C6B-835F-5B6452F9F7D8}_Large.jpg
Deleted ! - C:\Users\Alessia\Downloads\eMule\Incoming\AlbumArt_{74E90842-5C97-4C6B-835F-5B6452F9F7D8}_Small.jpg
Deleted ! - C:\Users\All Users\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa
D: - Unit… fissa

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Alessia\AppData\Local\VirtualStore\Program Files\HP Games\Bejeweled 2 Deluxe\cached\sounds\firecrackle.wav
C:\Users\Alessia\Desktop\Ale\planet\Textures\CrackedEarth0023_M.jpg
C:\Users\Alessia\Desktop\Ale\planet\Textures\Crackles0020_1_L.jpg
C:\Users\Alessia\Desktop\progimp\Messi su cd\Antivirus Nod 32 (ITA) v.2.70.31\Crack
C:\Users\Alessia\Desktop\progimp\Messi su cd\Antivirus Nod 32 (ITA) v.2.70.31\Crack\NOD32.FiX.v2.1-nsane.exe
C:\Users\Alessia\Desktop\progimp\Messi su cd\giochi\Diner Dash 2\How To Crack.txt
C:\Users\Alessia\Desktop\progimp\Messi su cd\giochi\Tumblebugs\crack_tumblebugs.exe
C:\Users\Alessia\Desktop\progimp\VMWare\keygen
C:\Users\Alessia\Desktop\progimp\VMWare\keygen\keygen.exe
C:\Users\Alessia\Desktop\progimp\VMWare\keygen\zwt.nfo
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack.rar
C:\Users\Alessia\Downloads\eMule\Incoming\Snow Patrol - Crack the shutters.mp3
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack\badcopy3.exe
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack\Crack
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack\Torrent downloaded from Demonoid.com.txt
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack\Crack\BadCopy.exe
C:\ProgramData\Fugazo\Cooking Academy\cached\sounds\eggcrack.wav


---------------- ! End of report ! ------------------


Qualche suggerimento?
Avatar utente
xrwnis
Neo Iscritto
Neo Iscritto
 
Messaggi: 14
Iscritto il: ven lug 31, 2009 10:50 am
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda Amantide » ven lug 31, 2009 1:16 pm

Ciao e benvenuta [^]

xrwnis ha scritto:Ho provato con FindyKill ma nel report finale non ho trovato da nessuna parte Not Deleted..

Importante è che ci siano le voci DELETED [std]

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda xrwnis » ven lug 31, 2009 2:52 pm

Allora, ho scaricato Combofix l'ho eseguito ma dopo qualche minuto di scansione esce il seguente messaggio:
Combofix ha rilevato la presenza di Rootkit ed è necessario riavviare il pc. Annotare i nomi poichè potranno servirci dopo
C:\Users\Alessia\AppData\Roaming\Drivers\11s11ro1s1a2.sys
Clicco su ok e si riavvia il pc, dopo però il file di report non c'è da nessuna parte...
Avatar utente
xrwnis
Neo Iscritto
Neo Iscritto
 
Messaggi: 14
Iscritto il: ven lug 31, 2009 10:50 am
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda Amantide » ven lug 31, 2009 3:58 pm

Riesegui entrambi programmi, sia Combofix che Findykill, dalla modalità provvisoria.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda xrwnis » sab ago 01, 2009 10:47 am

Ce l'ho fatta ad eseguirli dalla modalità provvisoria.
Questo è il report di Findykill

----------------- FindyKill V4.707 ------------------

* User : Alessia - PC-ALESSIA
* executed from : C:\Program Files\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 11:15:32 the 01/08/2009
* Windows Vista - Internet Explorer 8.0.6001.18783


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\Sitecom Europe BV\Common\RalinkRegistryWriter.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch

Deleted ! - C:\Windows\prefetch\201631.EXE-F4F76DCA.pf
Deleted ! - C:\Windows\prefetch\326525.EXE-2DEDD5F4.pf

»»»» Supression files in C:\Windows\system32


»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\Alessia\AppData\Roaming

Not deleted !! - "C:\Users\Alessia\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\Alessia\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\Alessia\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\Alessia\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\4TOPS_Compare_Excel_Files_1.2.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Ace_Currency_Calculator_1.2.2.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Acker DVD to PSP Converter 2.1.88.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Admin's bar toolbar for Firefox 1.5.0.4.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\ADSS_Plot_.NET_1.5.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\All About Sports Vista Gadget.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Amazing_Photo_Editor_6.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Animals Vista Icons.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Argumentative 0.5.49.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Arovax Shield 2.1.103.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Ascendo Photos 3.27.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Ascendo_Photos_for_Blackberry_2.44.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Aspose.Word 4.2.0.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\AudiMovie_2.2_[Crack].zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\AuRadio 2.0.0.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Automobile_Tracker_4.5a.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Autorun Starter 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Babarosa_Gif_Animator_3.6_(Serial).zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Bless The Children 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Bliss 1.5.3.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\BurnInTest Standard 6.0 Build 1009.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Cactus_Spam_Filter_1.13_Patch.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\CAD_Import_.NET_6.0_[Crack].zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\CD_Bank_Cataloguer_2.8.0_build_430_Apha.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Compare_and_Merge_2.3.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\CreateNoid 2.4.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Crimson Skies Screensaver 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Crypt4Free 4.7.3.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Crystal Desktop 1.96.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\CustomizeGoogle 0.66.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\DiffRes_Web_Page_Preview_1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Diskwriter_0.9.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Displaying 114001 - 116000 of 118543.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\DLL Export Viewer 1.20.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Doorkeeper_1.4.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\DrunkZoo 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Easy_Rate_Finder_2.1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Easy_Website_Template_Generator_1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Eelpout_1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Email_Address_Extractor_3.0_Key+Serial.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\EMS_Data_Generator_for_SQL_Server_2.3.0.3_[Key+Serial].zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Excel_Search_and_Replace_2.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\F-Opasrv 1.03.4470.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\FastFox_Typing_Expander_1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\FileGateway_1.4.0.109.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\FlashSlider 4.2.0.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\FlyRec_1.1.43_[With_Crack].zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Forecastfox Enhanced 0.9.5.2.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Framy Honey classic 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Free Picture Finder 3.9 Build 1228.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\GaiaFormat 0.2.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Gazz_Interest_Calculator_1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\GeoLocation 1.2.1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\GogoL! 1.50.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\GraphInquire ActiveX 1.0 (Key+Serial).zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\ilikesoft Flash Extractor 1.1 Build 1.1.0.89.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\InstantConference Outlook Add-In 1.0.1.5.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\International_Clock_1.3.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\JarCheck 1.2.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\JobPro_Central_4.4.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Kaspersky.Internet.Security.6.0.0.303.es.(llave.activacion).zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Kellerman_Logger_1.12_(Key+Serial).zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\LeoStatistic_14.5.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Magic Photo Show 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Mail_PassView_1.38.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\McAfee SiteAdvisor for Internet Explorer 1.7.0.53.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\middle_man 0.3.0004.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\MIKLSOFT_Renamer_1.65_Key+Serial.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Mindjet_MindManager_Pro_6.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Moyea_DVD_to_Zune_Converter_1.1.1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Multi-SETI Monitor R3.10.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\MusicGiants_1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\MyPCinfo_0.90e.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Netrek_XP_2006_1.1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\newObjects_Active_Label_ActiveX_1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Notes icons.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\NTDoX 1.0.0.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\NT_File_Recovery_1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\NVIDIA BIOS Editor (NiBiTor) 3.9.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Olympus SBM 1.41.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Operation_Flashpoint_Cold_War_Crisis_-_The_Hunter_map.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Password Spectator Pro 3.20.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\PESX 1.12.0.13.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Phone_Book_5.1_(Patch).zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Photo_to_Color_Sketch_4.0.5_[Patch].zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Pixel_3D_1.10_Crack.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Progress_Planner_1.7.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\ProKalc 7.9c.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Radio Margaritaville 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Random Number Generator Pro 1.48.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Red_Cats_Screensaver_1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\RuleForge 1.0.5 Beta.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Sharks 2 Slide Show 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Shock Sticker 2.93.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\ShowGPS_2.59_[With_Crack].zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\ShowMyScreen 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Signsrch 0.1.5a.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\SmartCut Pro 1.4.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Splash Wallpaper Generator 1.0.1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\SplashID_Password_Manager_3.4_(With_Crack).zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\SQLphone_Designer_5.4.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Still_Life_2.3.1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Super_Video_Joiner_4.7_Key+Serial.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Symantec.Norton.Systemworks.2007.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\TaskPrompt 2.3.2.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\THttpScan_4.7.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Timeless_Time_&_Expense_Personal_2.60.13.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Tiny_Box_2.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\TomaWeb_FTP_uploader_1.1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Toolbar_TV_for_Firefox_1.5.0.5.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Transcribe 7.51.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Translator_Internet_GOLD_2.00_KeyGen.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Transport Giant v1.2 patch.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\TurnToolBox 2008.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Unlinker by twinturbo.org 1.3.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Vegas_Slots_2.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\VeryPDF Form Filler 3.1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\VHDL_TestBench_Tool_2.01.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Virtorio Address Book 2.4.2.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\VUBB_forum2.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Widget Manager 1.37.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Window_Media_Joiner_1.2_[Serial].zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\WinPaster_1.1.1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Word Freqency Checker 1.0.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\WWFDesktop_3.16.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Xipster_1.1.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\Zero Footprint Crypt 4.03.05.zip
Deleted ! - C:\Users\Alessia\AppData\Roaming\m\shared\zFTPServer_Suite_2.0.zip
Deleted ! - "C:\Users\Alessia\AppData\Roaming\m\shared"
Not deleted !! - "C:\Users\Alessia\AppData\Roaming\m"

»»»» Supression files in C:\Users\Alessia\AppData\Local\Temp


»»»» Supression files in C:\Users\Alessia\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\ProgramData\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q3E9G31\b64[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VR9RCBXN\b64[1].jpg
Deleted ! - C:\Users\Alessia\Downloads\eMule\Incoming\AlbumArt_{74E90842-5C97-4C6B-835F-5B6452F9F7D8}_Large.jpg
Deleted ! - C:\Users\Alessia\Downloads\eMule\Incoming\AlbumArt_{74E90842-5C97-4C6B-835F-5B6452F9F7D8}_Small.jpg
Deleted ! - C:\Users\All Users\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q3E9G31\b64_3[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q3E9G31\b64_3[2].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q3E9G31\b64_3[3].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q3E9G31\b64_6[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NH67G78\b64[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NH67G78\b64[2].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NH67G78\b64_1[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NH67G78\b64_3[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NH67G78\b64_3[2].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM7CW6KU\b64[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM7CW6KU\b64[2].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM7CW6KU\b64[3].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM7CW6KU\b64[4].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM7CW6KU\b64_3[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM7CW6KU\b64_3[2].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM7CW6KU\b64_3[3].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VR9RCBXN\b64_3[1].jpg
Deleted ! - C:\Users\Alessia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VR9RCBXN\b64_6[1].jpg

--------------- [ Registry / Infected keys ] ----------------


--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unità fissa
D: - Unità fissa

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Alessia\AppData\Local\VirtualStore\Program Files\HP Games\Bejeweled 2 Deluxe\cached\sounds\firecrackle.wav
C:\Users\Alessia\Desktop\Ale\planet\Textures\CrackedEarth0023_M.jpg
C:\Users\Alessia\Desktop\Ale\planet\Textures\Crackles0020_1_L.jpg
C:\Users\Alessia\Desktop\progimp\Messi su cd\Antivirus Nod 32 (ITA) v.2.70.31\Crack
C:\Users\Alessia\Desktop\progimp\Messi su cd\Antivirus Nod 32 (ITA) v.2.70.31\Crack\NOD32.FiX.v2.1-nsane.exe
C:\Users\Alessia\Desktop\progimp\Messi su cd\giochi\Diner Dash 2\How To Crack.txt
C:\Users\Alessia\Desktop\progimp\Messi su cd\giochi\Tumblebugs\crack_tumblebugs.exe
C:\Users\Alessia\Desktop\progimp\VMWare\keygen
C:\Users\Alessia\Desktop\progimp\VMWare\keygen\keygen.exe
C:\Users\Alessia\Desktop\progimp\VMWare\keygen\zwt.nfo
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack.rar
C:\Users\Alessia\Downloads\eMule\Incoming\Snow Patrol - Crack the shutters.mp3
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack\badcopy3.exe
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack\Crack
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack\Torrent downloaded from Demonoid.com.txt
C:\Users\Alessia\Downloads\eMule\Incoming\Bad.Copy.Pro.v3.80.build.1108.With.Working.Crack\Bad Copy Pro v3.80 build 1108 With Working Crack\Crack\BadCopy.exe
C:\ProgramData\Fugazo\Cooking Academy\cached\sounds\eggcrack.wav


---------------- ! End of report ! ------------------


e questo il report di Combofix

ComboFix 09-07-29.04 - SYSTEM 01/08/2009 11.29.13.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3069.2665 [GMT 2:00]
Eseguito da: c:\windows\system32\config\systemprofile\Desktop\Combo2.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
PEV Error: AppFile
PEV Error: AppFolder
PEV Error: DesktopFile
PEV Error: DesktopFolder
PEV Error: FavFile
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile
PEV Error: MenuFile
PEV Error: MenuFolder
PEV Error: PersonalFile
PEV Error: PersonalFolder
PEV Error: ProgramsFile
PEV Error: ProgramsFolder
PEV Error: StartUpFile
PEV Error: UserFile
PEV Error: UserFolder
/wow section non completata

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_111111S1RO1S1A
-------\Service_111111s1ro1s1a


((((((((((((((((((((((((( Files Creati Da 2009-07-01 al 2009-08-01 )))))))))))))))))))))))))))))))))))
.

2009-07-31 13:29 . 2009-07-31 13:29 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\645672.exe
2009-07-31 13:29 . 2009-07-31 13:29 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\644596.exe
2009-07-31 13:29 . 2009-07-31 13:29 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\643145.exe
2009-07-31 13:28 . 2009-07-31 13:28 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\634253.exe
2009-07-31 13:28 . 2009-07-31 13:28 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\633582.exe
2009-07-31 13:28 . 2009-07-31 13:28 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\632740.exe
2009-07-31 13:28 . 2009-07-31 13:28 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\591352.exe
2009-07-31 13:28 . 2009-07-31 13:28 99332 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\588357.exe
2009-07-31 13:27 . 2009-07-31 13:27 10349 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\529966.exe
2009-07-31 13:27 . 2009-07-31 13:27 10349 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\529701.exe
2009-07-31 13:27 . 2009-07-31 13:27 10349 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\528359.exe
2009-07-31 13:25 . 2009-07-31 13:25 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\412029.exe
2009-07-31 13:24 . 2009-07-31 13:24 61440 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\359348.exe
2009-07-31 13:24 . 2009-07-31 13:24 1445 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\357351.exe
2009-07-31 13:17 . 2009-07-31 13:17 10286 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\624784.exe
2009-07-31 13:17 . 2009-07-31 13:17 10286 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\624160.exe
2009-07-31 13:17 . 2009-07-31 13:17 10286 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\623348.exe
2009-07-31 13:17 . 2009-07-31 13:17 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\619183.exe
2009-07-31 13:17 . 2009-07-31 13:17 766 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\618356.exe
2009-07-31 13:17 . 2009-07-31 13:17 766 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\617888.exe
2009-07-31 13:17 . 2009-07-31 13:17 766 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\616125.exe
2009-07-31 13:17 . 2009-07-31 13:17 5124 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\614706.exe
2009-07-31 13:16 . 2009-07-31 13:16 488 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\608513.exe
2009-07-31 13:16 . 2009-07-31 13:16 488 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\607623.exe
2009-07-31 13:16 . 2009-07-31 13:16 185 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\601181.exe
2009-07-31 13:16 . 2009-07-31 13:16 185 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\600323.exe
2009-07-31 13:16 . 2009-07-31 13:16 185 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\597546.exe
2009-07-31 13:16 . 2009-07-31 13:16 3252 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\595892.exe
2009-07-31 13:16 . 2009-07-31 13:16 3252 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\595081.exe
2009-07-31 13:16 . 2009-07-31 13:16 3252 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\591025.exe
2009-07-31 13:16 . 2009-07-31 13:16 10340 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\563756.exe
2009-07-31 13:16 . 2009-07-31 13:16 10340 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\559575.exe
2009-07-31 13:16 . 2009-07-31 13:16 10340 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\555987.exe
2009-07-31 13:13 . 2009-07-31 13:13 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\426241.exe
2009-07-31 13:13 . 2009-07-31 13:13 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\425648.exe
2009-07-31 13:13 . 2009-07-31 13:13 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\424884.exe
2009-07-31 13:13 . 2009-07-31 13:13 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\407162.exe
2009-07-31 13:13 . 2009-07-31 13:13 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\406117.exe
2009-07-31 13:13 . 2009-07-31 13:13 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\405072.exe
2009-07-31 13:13 . 2009-07-31 13:13 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\370798.exe
2009-07-31 13:12 . 2009-07-31 13:12 99332 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\365900.exe
2009-07-31 13:12 . 2009-07-31 13:12 10349 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\329115.exe
2009-07-31 13:12 . 2009-07-31 13:12 10349 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\328740.exe
2009-07-31 13:12 . 2009-07-31 13:12 10349 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\327867.exe
2009-07-31 13:11 . 2009-07-31 13:11 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\284280.exe
2009-07-31 13:11 . 2009-07-31 13:11 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\268165.exe
2009-07-31 13:10 . 2009-07-31 13:10 99332 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\201631.exe
2009-07-31 11:35 . 2009-07-31 11:35 488 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\1070806.exe
2009-07-31 11:35 . 2009-07-31 11:35 488 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\1070026.exe
2009-07-31 11:35 . 2009-07-31 11:35 3601 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\1069574.exe
2009-07-31 11:35 . 2009-07-31 11:35 3601 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\1069433.exe
2009-07-31 11:35 . 2009-07-31 11:35 3601 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\1068388.exe
2009-07-31 11:34 . 2009-07-31 11:34 10322 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\1048030.exe
2009-07-31 11:34 . 2009-07-31 11:34 10322 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\1046844.exe
2009-07-31 11:34 . 2009-07-31 11:34 10322 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\1046002.exe
2009-07-31 11:33 . 2009-07-31 11:33 306 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\972385.exe
2009-07-31 11:33 . 2009-07-31 11:33 306 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\972369.exe
2009-07-31 11:33 . 2009-07-31 11:33 306 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\972042.exe
2009-07-31 11:33 . 2009-07-31 11:33 10313 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\955630.exe
2009-07-31 11:33 . 2009-07-31 11:33 10313 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\954944.exe
2009-07-31 11:33 . 2009-07-31 11:33 10313 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\954211.exe
2009-07-31 11:31 . 2009-07-31 11:31 610820 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\834371.exe
2009-07-31 11:31 . 2009-07-31 11:31 10286 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\824356.exe
2009-07-31 11:31 . 2009-07-31 11:31 10286 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\823841.exe
2009-07-31 11:31 . 2009-07-31 11:31 10286 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\819988.exe
2009-07-31 11:31 . 2009-07-31 11:31 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\818896.exe
2009-07-31 11:31 . 2009-07-31 11:31 766 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\817897.exe
2009-07-31 11:31 . 2009-07-31 11:31 766 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\817211.exe
2009-07-31 11:31 . 2009-07-31 11:31 766 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\815370.exe
2009-07-31 11:30 . 2009-07-31 11:30 488 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\808428.exe
2009-07-31 11:30 . 2009-07-31 11:30 488 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\807601.exe
2009-07-31 11:30 . 2009-07-31 11:30 185 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\801829.exe
2009-07-31 11:30 . 2009-07-31 11:30 185 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\800924.exe
2009-07-31 11:30 . 2009-07-31 11:30 185 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\798147.exe
2009-07-31 11:30 . 2009-07-31 11:30 3252 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\796899.exe
2009-07-31 11:30 . 2009-07-31 11:30 3252 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\795979.exe
2009-07-31 11:30 . 2009-07-31 11:30 3252 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\794747.exe
2009-07-31 11:30 . 2009-07-31 11:30 10340 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\786541.exe
2009-07-31 11:30 . 2009-07-31 11:30 10340 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\786291.exe
2009-07-31 11:30 . 2009-07-31 11:30 10340 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\785480.exe
2009-07-31 11:28 . 2009-07-31 11:28 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\641897.exe
2009-07-31 11:28 . 2009-07-31 11:28 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\641538.exe
2009-07-31 11:28 . 2009-07-31 11:28 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\640493.exe
2009-07-31 11:27 . 2009-07-31 11:27 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\603911.exe
2009-07-31 11:27 . 2009-07-31 11:27 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\602959.exe
2009-07-31 11:27 . 2009-07-31 11:27 10301 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\601773.exe
2009-07-31 11:27 . 2009-07-31 11:27 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\572976.exe
2009-07-31 11:27 . 2009-07-31 11:27 10250 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\570355.exe
2009-07-31 11:26 . 2009-07-31 11:26 99332 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\565222.exe
2009-07-31 11:26 . 2009-07-31 11:26 61440 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\485194.exe
2009-07-31 11:24 . 2009-07-31 11:24 10349 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\421920.exe
2009-07-31 11:24 . 2009-07-31 11:24 10349 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\421514.exe
2009-07-31 11:24 . 2009-07-31 11:24 10349 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\419237.exe
2009-07-31 11:23 . 2009-07-31 11:23 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\381438.exe
2009-07-31 11:23 . 2009-07-31 11:23 71684 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\360565.exe
2009-07-31 11:22 . 2009-08-01 09:16 -------- d--h--w- c:\users\Alessia\AppData\Roaming\m
2009-07-31 11:22 . 2009-07-31 13:28 99332 ------w- c:\users\Alessia\AppData\Roaming\m\flec006.exe
2009-07-31 11:22 . 2009-07-31 11:22 99332 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\326525.exe
2009-07-31 09:44 . 2009-08-01 09:23 -------- d-----w- c:\program files\FindyKill
2009-07-29 09:54 . 2009-07-29 09:54 1445 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\261498953.exe
2009-07-29 09:54 . 2009-07-29 09:54 99332 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\261497346.exe
2009-07-29 09:54 . 2009-07-29 09:54 99332 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\downld\261495443.exe
2009-07-29 09:54 . 2009-08-01 09:06 114959 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\111wfs1intwq.sys
2009-07-29 09:54 . 2009-08-01 09:06 7168 ----a-w- c:\users\Alessia\AppData\Roaming\drivers\11s11ro1s1a2.sys
2009-07-29 09:54 . 2004-05-19 08:05 856064 ------w- c:\users\Alessia\AppData\Roaming\drivers\winupgro.exe
2009-07-29 09:53 . 2009-07-29 09:54 -------- d--h--w- c:\users\Alessia\AppData\Roaming\drivers
2009-07-29 09:26 . 2009-07-29 09:37 -------- d-----w- c:\users\Alessia\AppData\Roaming\GetRightToGo
2009-07-26 09:42 . 2009-07-26 09:42 -------- d-----w- c:\users\Alessia\AppData\Roaming\Stellarium
2009-07-26 09:41 . 2009-07-26 09:42 -------- d-----w- c:\program files\Stellarium
2009-07-22 17:35 . 2009-07-22 17:35 -------- d-----w- c:\users\Alessia\AppData\Roaming\MonkeyJam
2009-07-22 17:35 . 2009-07-22 17:35 -------- d-----w- c:\program files\MonkeyJam
2009-07-22 16:35 . 2009-07-22 16:35 -------- d-----w- c:\program files\LuckyTender
2009-07-22 15:50 . 2009-07-22 15:50 -------- d-----w- c:\users\Alessia\AppData\Roaming\NeroDigital(TM)
2009-07-21 11:17 . 2009-07-21 11:17 -------- d-----w- c:\windows\system32\Adobe
2009-07-17 18:06 . 2009-07-17 18:06 -------- d-----w- c:\program files\Jufsoft
2009-07-17 17:37 . 2009-07-17 18:44 -------- d-----w- c:\program files\Runtime Software
2009-07-15 11:18 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:18 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:18 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:18 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 11:01 . 2009-07-14 11:01 -------- d-----w- c:\users\Alessia\AppData\Local\Hewlett-Packard
2009-07-09 11:54 . 2009-07-09 11:59 -------- d-----w- C:\audiograbber

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 09:37 . 2009-03-10 21:06 -------- d-----w- c:\progra~2\VMware
2009-08-01 09:33 . 2007-11-27 07:24 664544 ----a-w- c:\windows\system32\perfh010.dat
2009-08-01 09:33 . 2007-11-27 07:24 120952 ----a-w- c:\windows\system32\perfc010.dat
2009-08-01 09:25 . 2008-11-07 19:43 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-31 13:18 . 2008-11-13 15:04 -------- d-----w- c:\program files\ESET
2009-07-31 08:43 . 2009-03-10 21:16 -------- d-----w- c:\users\Alessia\AppData\Roaming\VMware
2009-07-29 09:59 . 2008-05-27 00:45 -------- d-----w- c:\progra~2\NVIDIA
2009-07-29 09:53 . 2008-10-15 18:15 -------- d-----w- c:\program files\Common Files\LightScribe
2009-07-26 16:04 . 2008-05-27 00:41 -------- d-----w- c:\progra~2\WildTangent
2009-07-26 11:18 . 2008-08-10 18:34 27525 ----a-w- c:\users\Alessia\AppData\Roaming\nvModes.dat
2009-07-24 09:29 . 2009-02-27 18:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-16 13:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 13:20 . 2007-11-27 00:19 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-15 15:17 . 2008-09-27 14:04 -------- d-----w- c:\program files\Foxit Software
2009-06-27 14:33 . 2009-06-27 14:33 -------- d-----w- c:\program files\Free iPod Video Converter
2009-06-27 14:21 . 2009-06-27 14:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-27 14:11 . 2008-10-13 14:18 -------- d-----w- c:\progra~2\Nero
2009-06-26 14:50 . 2009-06-26 14:50 -------- d-----w- c:\program files\QUAD Utilities
2009-06-26 14:14 . 2009-04-21 17:28 -------- d-----w- c:\program files\OrCAD_Demo
2009-06-26 14:12 . 2008-08-10 13:37 117448 ----a-w- c:\users\Alessia\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-15 20:58 . 2009-06-15 20:58 -------- d-----w- c:\users\Alessia\AppData\Roaming\Uniblue
2009-06-10 05:48 . 2007-11-27 00:07 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 19:51 . 2008-09-24 17:20 -------- d-----w- c:\users\Alessia\AppData\Roaming\Skype
2009-06-09 19:27 . 2008-09-24 17:22 -------- d-----w- c:\users\Alessia\AppData\Roaming\skypePM
2009-06-08 16:47 . 2009-06-08 16:47 -------- d-----w- c:\users\Alessia\AppData\Roaming\SharePod
2009-05-17 10:14 . 2008-09-29 16:56 7592 ----a-w- c:\users\Alessia\AppData\Local\d3d9caps.dat
2009-05-09 05:50 . 2009-06-26 13:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-26 13:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-03 17:00 . 2008-09-05 14:22 96 ----a-w- c:\users\Alessia\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-09-18 84528]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-17 4702208]

c:\users\Alessia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Sitecom Wireless Utility.lnk - c:\program files\Sitecom Europe BV\Common\SitecomUI.exe [2009-3-15 1572864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3104564014-82589701-1229868536-1000]
"EnableNotificationsRef"=dword:0000000a

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5DBB0C4D-969D-459E-A788-A31354634EC3}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{DD521377-4A4F-4CED-AEA5-6A924730F285}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{09C2B2D1-0D75-4E60-AC02-ED58D3C8B862}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1696ECB7-2E9A-42D2-9A56-2896720A8441}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{2A32C354-4AD9-42C2-99EA-7C1966AC3CFF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C3CFAB5E-10BC-410D-8852-C2E7DC655F99}"= UDP:c:\program files\eMule\emule.exe:eMule
"{6BB6D1D2-851F-4FA2-B2FA-04743F48AA25}"= TCP:c:\program files\eMule\emule.exe:eMule
"{5C2E6546-EA47-4E5F-A9EE-57F727C47C33}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F6388495-ABD1-4EC1-AF4B-5DA7D8369766}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DEFADB62-9810-4553-B03A-A99DA85005B0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0DAE7107-3642-40E5-8EFF-CC43F1343FF0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3B1B8A94-A323-4F75-99E2-421566092112}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{9CD47C5A-7E85-4ACE-A353-F12BC444AD34}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D9F24F6A-0702-443C-8FAA-FD833B9EAA2A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E564024D-4564-473D-97F0-158B01C11E79}"= UDP:c:\program files\VMware\VMware Workstation\vmware-authd.exe:VMware Authd
"{2AA03A04-6208-4923-A13A-9EB004576960}"= TCP:c:\program files\VMware\VMware Workstation\vmware-authd.exe:VMware Authd
"{E3AA6B66-B7BF-4916-8F70-74F54E8F5965}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7A4F8BC9-B9B3-43D6-AE94-828AC182EF9A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [15/03/2009 19.12.52 599040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Cerca - c:\program files\aol\aol toolbar 5.0\resources\it-it\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\program files\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: mikeshinoda.com\www
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(908)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Sitecom Europe BV\Common\RalinkRegistryWriter.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\windows\System32\vmnat.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\System32\vmnetdhcp.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-01 11.44.58 - Il pc è stato riavviato [Alessia]
ComboFix-quarantined-files.txt 2009-08-01 09:44

Pre-Run: 97.301.610.496 byte disponibili
Post-Run: 94.040.915.968 byte disponibili

333 --- E O F --- 2009-07-23 17:48
Avatar utente
xrwnis
Neo Iscritto
Neo Iscritto
 
Messaggi: 14
Iscritto il: ven lug 31, 2009 10:50 am
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda Amantide » sab ago 01, 2009 12:33 pm

Ok, Combofix è riuscito a disabilitare il rootkit.
Ci sono un altro po' di cose da eliminare però.
Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.

Codice: Seleziona tutto
File::
C:\Users\Alessia\AppData\Roaming\m\flec006.exe
c:\users\Alessia\AppData\Roaming\drivers\111wfs1intwq.sys
c:\users\Alessia\AppData\Roaming\drivers\11s11ro1s1a2.sys
c:\users\Alessia\AppData\Roaming\drivers\winupgro.exe

Folder::
C:\Users\Alessia\AppData\Roaming\m
c:\users\Alessia\AppData\Roaming\drivers\downld

Driver::
111wfs1intwq
11s11ro1s1a2


Ora trascina il file CFScript.txt sull'icona di Combofix.exe ed aspetta il termine della scansione. Posta il nuovo log di Combofix.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda xrwnis » sab ago 01, 2009 2:53 pm

Ecco qui

ComboFix 09-07-29.04 - Alessia 01/08/2009 15.48.29.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3069.1883 [GMT 2:00]
Eseguito da: c:\users\Alessia\Desktop\Combo2.exe
Opzioni usate :: c:\users\Alessia\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\QUAD Utilities
c:\users\Alessia\AppData\Roaming\drivers\111wfs1intwq.sys
c:\users\Alessia\AppData\Roaming\drivers\11s11ro1s1a2.sys
c:\users\Alessia\AppData\Roaming\drivers\downld
c:\users\Alessia\AppData\Roaming\drivers\downld\1046002.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\1046844.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\1048030.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\1068388.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\1069433.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\1069574.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\1070026.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\1070806.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\201631.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\261495443.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\261497346.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\261498953.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\268165.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\284280.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\326525.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\327867.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\328740.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\329115.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\357351.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\359348.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\360565.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\365900.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\370798.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\381438.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\405072.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\406117.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\407162.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\412029.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\419237.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\421514.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\421920.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\424884.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\425648.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\426241.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\485194.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\528359.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\529701.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\529966.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\555987.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\559575.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\563756.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\565222.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\570355.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\572976.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\588357.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\591025.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\591352.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\595081.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\595892.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\597546.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\600323.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\601181.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\601773.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\602959.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\603911.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\607623.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\608513.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\614706.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\616125.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\617888.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\618356.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\619183.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\623348.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\624160.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\624784.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\632740.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\633582.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\634253.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\640493.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\641538.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\641897.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\643145.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\644596.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\645672.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\785480.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\786291.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\786541.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\794747.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\795979.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\796899.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\798147.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\800924.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\801829.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\807601.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\808428.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\815370.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\817211.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\817897.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\818896.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\819988.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\823841.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\824356.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\834371.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\954211.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\954944.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\955630.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\972042.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\972369.exe
c:\users\Alessia\AppData\Roaming\drivers\downld\972385.exe
c:\users\Alessia\AppData\Roaming\drivers\winupgro.exe
c:\users\Alessia\AppData\Roaming\m
c:\users\Alessia\AppData\Roaming\m\flec006.exe
c:\windows\Installer\2e0a3d.msp
c:\windows\Installer\39fb9.msi
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Creati Da 2009-07-01 al 2009-08-01 )))))))))))))))))))))))))))))))))))
.

2009-08-01 09:45 . 2009-08-01 13:52 -------- d-----w- c:\users\Alessia\AppData\Local\temp
2009-07-31 09:44 . 2009-08-01 09:23 -------- d-----w- c:\program files\FindyKill
2009-07-29 09:53 . 2009-08-01 13:51 -------- d--h--w- c:\users\Alessia\AppData\Roaming\drivers
2009-07-29 09:26 . 2009-07-29 09:37 -------- d-----w- c:\users\Alessia\AppData\Roaming\GetRightToGo
2009-07-26 09:42 . 2009-07-26 09:42 -------- d-----w- c:\users\Alessia\AppData\Roaming\Stellarium
2009-07-26 09:41 . 2009-07-26 09:42 -------- d-----w- c:\program files\Stellarium
2009-07-22 17:35 . 2009-07-22 17:35 -------- d-----w- c:\users\Alessia\AppData\Roaming\MonkeyJam
2009-07-22 17:35 . 2009-07-22 17:35 -------- d-----w- c:\program files\MonkeyJam
2009-07-22 16:35 . 2009-07-22 16:35 -------- d-----w- c:\program files\LuckyTender
2009-07-22 15:50 . 2009-07-22 15:50 -------- d-----w- c:\users\Alessia\AppData\Roaming\NeroDigital(TM)
2009-07-21 11:17 . 2009-07-21 11:17 -------- d-----w- c:\windows\system32\Adobe
2009-07-17 18:06 . 2009-07-17 18:06 -------- d-----w- c:\program files\Jufsoft
2009-07-17 17:37 . 2009-07-17 18:44 -------- d-----w- c:\program files\Runtime Software
2009-07-15 11:18 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:18 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:18 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:18 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 11:01 . 2009-07-14 11:01 -------- d-----w- c:\users\Alessia\AppData\Local\Hewlett-Packard
2009-07-09 11:54 . 2009-07-09 11:59 -------- d-----w- C:\audiograbber

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 13:35 . 2007-11-27 07:24 665530 ----a-w- c:\windows\system32\perfh010.dat
2009-08-01 13:35 . 2007-11-27 07:24 121536 ----a-w- c:\windows\system32\perfc010.dat
2009-08-01 13:31 . 2009-03-10 21:06 -------- d-----w- c:\progra~2\VMware
2009-08-01 09:46 . 2008-11-07 19:43 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-31 13:18 . 2008-11-13 15:04 -------- d-----w- c:\program files\ESET
2009-07-31 08:43 . 2009-03-10 21:16 -------- d-----w- c:\users\Alessia\AppData\Roaming\VMware
2009-07-29 09:59 . 2008-05-27 00:45 -------- d-----w- c:\progra~2\NVIDIA
2009-07-29 09:53 . 2008-10-15 18:15 -------- d-----w- c:\program files\Common Files\LightScribe
2009-07-26 16:04 . 2008-05-27 00:41 -------- d-----w- c:\progra~2\WildTangent
2009-07-26 11:18 . 2008-08-10 18:34 27525 ----a-w- c:\users\Alessia\AppData\Roaming\nvModes.dat
2009-07-24 09:29 . 2009-02-27 18:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-16 13:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 13:20 . 2007-11-27 00:19 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-15 15:17 . 2008-09-27 14:04 -------- d-----w- c:\program files\Foxit Software
2009-06-27 14:33 . 2009-06-27 14:33 -------- d-----w- c:\program files\Free iPod Video Converter
2009-06-27 14:21 . 2009-06-27 14:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-27 14:11 . 2008-10-13 14:18 -------- d-----w- c:\progra~2\Nero
2009-06-26 14:14 . 2009-04-21 17:28 -------- d-----w- c:\program files\OrCAD_Demo
2009-06-26 14:12 . 2008-08-10 13:37 117448 ----a-w- c:\users\Alessia\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-15 20:58 . 2009-06-15 20:58 -------- d-----w- c:\users\Alessia\AppData\Roaming\Uniblue
2009-06-10 05:48 . 2007-11-27 00:07 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 19:51 . 2008-09-24 17:20 -------- d-----w- c:\users\Alessia\AppData\Roaming\Skype
2009-06-09 19:27 . 2008-09-24 17:22 -------- d-----w- c:\users\Alessia\AppData\Roaming\skypePM
2009-06-08 16:47 . 2009-06-08 16:47 -------- d-----w- c:\users\Alessia\AppData\Roaming\SharePod
2009-05-17 10:14 . 2008-09-29 16:56 7592 ----a-w- c:\users\Alessia\AppData\Local\d3d9caps.dat
2009-05-09 05:50 . 2009-06-26 13:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-26 13:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-03 17:00 . 2008-09-05 14:22 96 ----a-w- c:\users\Alessia\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-09-18 84528]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-17 4702208]

c:\users\Alessia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Sitecom Wireless Utility.lnk - c:\program files\Sitecom Europe BV\Common\SitecomUI.exe [2009-3-15 1572864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3104564014-82589701-1229868536-1000]
"EnableNotificationsRef"=dword:0000000a

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5DBB0C4D-969D-459E-A788-A31354634EC3}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{DD521377-4A4F-4CED-AEA5-6A924730F285}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{09C2B2D1-0D75-4E60-AC02-ED58D3C8B862}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1696ECB7-2E9A-42D2-9A56-2896720A8441}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{2A32C354-4AD9-42C2-99EA-7C1966AC3CFF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C3CFAB5E-10BC-410D-8852-C2E7DC655F99}"= UDP:c:\program files\eMule\emule.exe:eMule
"{6BB6D1D2-851F-4FA2-B2FA-04743F48AA25}"= TCP:c:\program files\eMule\emule.exe:eMule
"{5C2E6546-EA47-4E5F-A9EE-57F727C47C33}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F6388495-ABD1-4EC1-AF4B-5DA7D8369766}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DEFADB62-9810-4553-B03A-A99DA85005B0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0DAE7107-3642-40E5-8EFF-CC43F1343FF0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3B1B8A94-A323-4F75-99E2-421566092112}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{9CD47C5A-7E85-4ACE-A353-F12BC444AD34}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D9F24F6A-0702-443C-8FAA-FD833B9EAA2A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E564024D-4564-473D-97F0-158B01C11E79}"= UDP:c:\program files\VMware\VMware Workstation\vmware-authd.exe:VMware Authd
"{2AA03A04-6208-4923-A13A-9EB004576960}"= TCP:c:\program files\VMware\VMware Workstation\vmware-authd.exe:VMware Authd
"{E3AA6B66-B7BF-4916-8F70-74F54E8F5965}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7A4F8BC9-B9B3-43D6-AE94-828AC182EF9A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02/02/2006 0.49.14 204800]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Sitecom Europe BV\Common\RalinkRegistryWriter.exe [10/09/2008 20.16.17 53760]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [19/09/2008 0.12.22 54960]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [15/03/2009 19.12.52 599040]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: &AOL Toolbar Cerca - c:\program files\aol\aol toolbar 5.0\resources\it-it\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\program files\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: mikeshinoda.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 15:52
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(4156)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Ora fine scansione: 2009-08-01 15.54.27
ComboFix-quarantined-files.txt 2009-08-01 13:54
ComboFix2.txt 2009-08-01 09:44

Pre-Run: 93.967.708.160 byte disponibili
Post-Run: 93.930.258.432 byte disponibili

296 --- E O F --- 2009-07-23 17:48


Grazie mille x l'aiuto e la disponibilità....
Avatar utente
xrwnis
Neo Iscritto
Neo Iscritto
 
Messaggi: 14
Iscritto il: ven lug 31, 2009 10:50 am
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda crazy.cat » sab ago 01, 2009 3:00 pm

Adesso prova a riscaricare il tuo programma antivirus e reinstallarlo.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: AIUTO!!!! Non mi fa installare più antivirus!! forse bagle?

Messaggioda xrwnis » sab ago 01, 2009 3:39 pm

[^] Ha funzionato!! Grazie ancora!! [:)]
Avatar utente
xrwnis
Neo Iscritto
Neo Iscritto
 
Messaggi: 14
Iscritto il: ven lug 31, 2009 10:50 am
Top
Precedente
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising