problema grosso

[Luke57]

Ciao, elimina la versione di combofix che hai sul computer, elimina anche la cartella C:\qboox (è di combofix).

scarica di nuovo combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
devi rinominare il file prima di salvarlo sul desktop in 123.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file" ,basta che cambi il nome che ti appare in 123.exe)
Disconnettiti da internet
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\123.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file o allegalo.

[francois87]

La cartella C:\qboox non esiste su C:\ ma esiste la cartella C:\Qoobox che non mi ha fatto cancellare.ho cancellato per cui solo il programma.l'ho avviato come da te detto...alla fine quando si è riavvito mi sono comparsi questa volta due finestre cinesi anzichè una..

http://www.easy-share.com/1906031335/file5.JPG

adesso mentre ti scrivevo il messaggio mi è comparso un messaggio di blocco di un programma un certo fleg006 (non sono riuscito a reperire l'immagine perchè con sti copia e incolla non ci sto capendo più niente)

ecco il log di combofix:

ComboFix 09-06-21.01 - User 2010-06-22 18:33.17 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.127 [GMT 2:00]
Eseguito da: c:\documents and settings\User\desktop\123.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\down
c:\windows\system32\drivers\down\3754656.exe
c:\windows\system32\drivers\down\3773593.exe
c:\windows\system32\drivers\down\3779390.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-05-22 al 2010-06-22 )))))))))))))))))))))))))))))))))))
.

2010-06-22 16:23 . 2010-06-22 16:23 61440 ----a-w- c:\windows\system32\drivers\byxnp.sys
2010-06-22 16:07 . 2010-06-22 16:07 61440 ----a-w- c:\windows\system32\drivers\qnsjr.sys
2010-06-22 16:07 . 2010-06-22 16:07 61440 ----a-w- c:\windows\system32\drivers\vrzzzdn.sys
2010-06-22 16:07 . 2010-06-22 16:07 61440 ----a-w- c:\windows\system32\drivers\gaawqe.sys
2010-06-22 16:05 . 2010-06-22 16:05 61440 ----a-w- c:\windows\system32\drivers\ktvh.sys
2010-06-22 16:05 . 2010-06-22 16:23 135168 ----a-w- C:\zip.exe
2010-06-22 16:05 . 2010-06-22 16:05 61440 ----a-w- c:\windows\system32\drivers\bzarjmlc.sys
2010-06-22 12:58 . 2005-07-18 06:05 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-06-22 12:58 . 2006-01-31 09:54 31744 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-22 12:58 . 2005-07-04 09:58 14848 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-22 12:58 . 2010-06-22 12:58 -------- d-----w- c:\programmi\AntiVir PersonalEdition Premium
2010-06-22 12:58 . 2010-06-22 12:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Premium
2010-06-22 11:48 . 2010-06-22 11:48 145 ----a-w- C:\fix.reg
2010-06-22 09:17 . 2010-06-22 15:55 7168 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\srosa2.sys
2010-06-22 08:22 . 2010-06-22 08:23 -------- d--h--w- c:\documents and settings\User\Dati applicazioni\m
2010-06-16 11:16 . 2010-06-16 11:16 -------- d-----w- c:\windows\Sun
2010-06-16 11:11 . 2010-06-16 11:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-06-16 11:08 . 2010-06-16 11:08 -------- d-----w- c:\programmi\Java
2010-06-16 11:07 . 2010-06-16 11:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-06-16 11:07 . 2010-06-16 11:07 152576 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2010-06-01 10:45 . 2010-06-01 10:45 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 16:07 . 2010-06-22 16:07 1354 ----a-w- c:\programmi\bgcs.txt
2010-06-22 12:58 . 2010-06-22 12:58 126264 ----a-w- c:\documents and settings\All Users\Dati applicazioni\firstlsp.reg.dat
2010-06-22 12:54 . 2009-02-03 15:41 -------- d-----w- c:\programmi\Alwil Software
2010-06-22 12:02 . 2009-02-03 16:16 -------- d-----w- c:\programmi\eMule
2010-06-22 09:17 . 2009-03-29 16:47 -------- d--h--w- c:\documents and settings\User\Dati applicazioni\drivers
2010-06-16 12:00 . 2010-04-23 11:49 3416 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-06-16 11:59 . 2010-04-04 12:10 -------- d-----w- c:\programmi\FindyKill
2010-06-01 15:54 . 2009-02-14 11:15 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Canon
2010-05-15 16:33 . 2010-05-15 16:30 -------- d-----w- c:\programmi\cdcover
2010-05-07 10:24 . 2010-05-07 10:24 -------- d-----w- c:\documents and settings\User\Dati applicazioni\dvdcss
2010-05-06 14:16 . 2009-01-31 11:43 -------- d-----w- c:\programmi\File comuni\Adobe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_4ae13d6c.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_294823.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_18be6784.exe
2010-04-23 12:00 . 2010-04-23 12:00 133 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_70347633.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_611d2f5f.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_468a2e62.exe
2010-04-15 12:51 . 2009-02-02 20:29 75688 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\D3DBF3RV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\8WU5ZBRV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\OHZ131FV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\O2GDV9N7.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\6QIBLBT3.DAT
2010-04-04 12:12 . 2009-03-29 16:22 106 ----a-w- c:\windows\system32\jpg.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-06-15_09.49.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-22 16:35 . 2010-06-22 16:35 16384 c:\windows\temp\Perflib_Perfdata_5b8.dat
- 2009-01-31 08:40 . 2009-01-31 08:40 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-31 08:40 . 2010-06-17 15:38 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\fltmc.exe
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\fltlib.dll
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\fltlib.dll
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\dllcache\fltmc.exe
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\dllcache\fltlib.dll
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\dllcache\fltlib.dll
+ 2010-06-22 12:58 . 2006-01-18 11:06 57344 c:\windows\system32\avsda.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 148888 c:\windows\system32\javaws.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\javaw.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\java.exe
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\drivers\fltmgr.sys
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\dllcache\fltmgr.sys
+ 2010-06-22 12:54 . 2010-06-22 12:54 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]
"AdobeUpdater"="c:\programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe" [2006-01-05 856064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-01-05 856064]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-06-16 148888]
"avgnt"="c:\programmi\AntiVir PersonalEdition Premium\avgnt.exe" [2010-06-22 229416]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-06-12 1495040]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-2-2 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

La chiave di registro SafeBoot ha bisogno di essere riparata. Questo pc non può avviarsi in Modalità Provvisoria.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2010-06-22 14848]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2010-06-22 31744]
S2 AntiVirMailService;AntiVir Mail Security Service;c:\programmi\AntiVir PersonalEdition Premium\avmailc.exe [2010-06-22 167936]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]
S4 AVEService;AntiVir Engine Service;c:\programmi\AntiVir PersonalEdition Premium\avesvc.exe [2010-06-22 45056]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - SROSA
*Deregistered* - srosa
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: avsda.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-22 18:36
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe [220] 0x81967B98
c:\documents and settings\User\Dati applicazioni\m\flec006.exe [748] 0x819AFB28
scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"drvsyskit"="c:\\Documents and Settings\\User\\Dati applicazioni\\drivers\\winupgro.exe"
"mule_st_key"="c:\\Documents and Settings\\User\\Dati applicazioni\\m\\flec006.exe"
"german.exe"="c:\\WINDOWS\\system32\\wintems.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]
"ImagePath"="\??\c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\avsda.dll

- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\rundll32.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-22 18:43 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-22 16:43
ComboFix2.txt 2010-06-21 17:02
ComboFix3.txt 2010-06-17 14:18
ComboFix4.txt 2010-04-29 11:18
ComboFix5.txt 2010-06-22 08:18

Pre-Run: 49,384,333,312 byte disponibili
Post-Run: 49,386,790,912 byte disponibili

206 --- E O F --- 2010-06-16 12:01

[Luke57]

Ciao, hai scaricato qualche crack? Adesso inserisci questo script nel file CFScript.txt

Codice: Seleziona tutto

Driver::
srosa
srosa2

File::
c:\windows\system32\drivers\byxnp.sys
c:\windows\system32\drivers\qnsjr.sys
c:\windows\system32\drivers\vrzzzdn.sys
c:\windows\system32\drivers\gaawqe.sys
C:\zip.exe
c:\windows\system32\drivers\bzarjmlc.sys
c:\documents and settings\User\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe
c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

Folder::
c:\documents and settings\User\Dati applicazioni\m
C:\windows\temp
c:\documents and settings\User\Impostazioni locali\temp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"drvsyskit"="-
"mule_st_key"=-
"german.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]

solito trascinamento e scansione, posta il nuovo report

[francois87]

ciao luke57,oggi accendendo il computer,sono andato nel programma di avenger e stranamente non mi si chiudeva più dopo circa2-3secondi;gli ho incollato lo script ma mi si bloccava ugualmente.Ecco di seguito l'ultimo report di combofix:

ComboFix 09-06-21.01 - User 2010-06-23 13:19.18 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.256.80 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\123.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -

FILE ::
"c:\documents and settings\User\Dati applicazioni\drivers\srosa2.sys"
"c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys"
"c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe"
"c:\windows\system32\drivers\byxnp.sys"
"c:\windows\system32\drivers\bzarjmlc.sys"
"c:\windows\system32\drivers\gaawqe.sys"
"c:\windows\system32\drivers\qnsjr.sys"
"c:\windows\system32\drivers\vrzzzdn.sys"
"c:\windows\system32\mdelk.exe"
"c:\windows\system32\wintems.exe"
"C:\zip.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys
c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe
c:\documents and settings\User\Dati applicazioni\m
c:\documents and settings\User\Dati applicazioni\m\data.oct
c:\documents and settings\User\Dati applicazioni\m\list.oct
c:\documents and settings\User\Dati applicazioni\m\srvlist.oct
c:\documents and settings\User\Impostazioni locali\temp
c:\documents and settings\User\Impostazioni locali\temp\Av-test.txt
c:\documents and settings\User\Impostazioni locali\temp\java_install_reg.log
c:\documents and settings\User\Impostazioni locali\temp\jusched.log
c:\windows\system32\drivers\byxnp.sys
c:\windows\system32\drivers\bzarjmlc.sys
c:\windows\system32\drivers\gaawqe.sys
c:\windows\system32\drivers\qnsjr.sys
c:\windows\system32\drivers\vrzzzdn.sys
c:\windows\temp\Perflib_Perfdata_5b4.dat
c:\windows\temp . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2010-05-23 al 2010-06-23 )))))))))))))))))))))))))))))))))))
.

2010-06-22 16:16 . 2010-06-22 16:16 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1357015.exe
2010-06-22 16:16 . 2010-06-22 16:16 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1356875.exe
2010-06-22 16:16 . 2010-06-22 16:16 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1355359.exe
2010-06-22 16:16 . 2010-06-22 16:16 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1354484.exe
2010-06-22 16:16 . 2010-06-22 16:16 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1354234.exe
2010-06-22 16:16 . 2010-06-22 16:16 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1353218.exe
2010-06-22 16:16 . 2010-06-22 16:16 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1342312.exe
2010-06-22 16:14 . 2010-06-22 16:14 10322 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1257765.exe
2010-06-22 16:14 . 2010-06-22 16:14 10322 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1257484.exe
2010-06-22 16:14 . 2010-06-22 16:14 10322 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1257015.exe
2010-06-22 16:12 . 2010-06-22 16:12 306 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1112093.exe
2010-06-22 16:12 . 2010-06-22 16:12 306 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1112046.exe
2010-06-22 16:12 . 2010-06-22 16:12 306 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1111812.exe
2010-06-22 16:12 . 2010-06-22 16:12 10313 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1105218.exe
2010-06-22 16:12 . 2010-06-22 16:12 10313 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1104984.exe
2010-06-22 16:12 . 2010-06-22 16:12 10313 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1104437.exe
2010-06-22 16:11 . 2010-06-22 16:11 1065988 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1064234.exe
2010-06-22 16:11 . 2010-06-22 16:11 10286 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1049218.exe
2010-06-22 16:11 . 2010-06-22 16:11 10286 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1045625.exe
2010-06-22 16:11 . 2010-06-22 16:11 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1043734.exe
2010-06-22 16:11 . 2010-06-22 16:11 766 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1040312.exe
2010-06-22 16:11 . 2010-06-22 16:11 766 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1039625.exe
2010-06-22 16:11 . 2010-06-22 16:11 766 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1037671.exe
2010-06-22 16:11 . 2010-06-22 16:11 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1030296.exe
2010-06-22 16:11 . 2010-06-22 16:11 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1030234.exe
2010-06-22 16:11 . 2010-06-22 16:11 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1029343.exe
2010-06-22 16:10 . 2010-06-22 16:10 10322 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1022125.exe
2010-06-22 16:10 . 2010-06-22 16:10 10322 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1014562.exe
2010-06-22 16:10 . 2010-06-22 16:10 3252 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\997703.exe
2010-06-22 16:10 . 2010-06-22 16:10 3252 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1006718.exe
2010-06-22 16:10 . 2010-06-22 16:10 3252 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\1006656.exe
2010-06-22 16:10 . 2010-06-22 16:10 10340 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\968125.exe
2010-06-22 16:10 . 2010-06-22 16:10 10340 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\963765.exe
2010-06-22 16:05 . 2010-06-22 16:05 61440 ----a-w- c:\windows\system32\drivers\ktvh.sys
2010-06-22 16:04 . 2010-06-22 16:04 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\654500.exe
2010-06-22 16:03 . 2010-06-22 16:03 10301 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\600078.exe
2010-06-22 16:03 . 2010-06-22 16:03 10301 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\595953.exe
2010-06-22 16:03 . 2010-06-22 16:03 10301 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\589921.exe
2010-06-22 16:02 . 2010-06-22 16:02 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\519984.exe
2010-06-22 16:02 . 2010-06-22 16:02 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\515390.exe
2010-06-22 16:01 . 2010-06-22 16:01 10349 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\464156.exe
2010-06-22 16:01 . 2010-06-22 16:01 10349 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\463093.exe
2010-06-22 16:01 . 2010-06-22 16:01 10349 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\458468.exe
2010-06-22 16:01 . 2010-06-22 16:01 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\456000.exe
2010-06-22 16:01 . 2010-06-22 16:01 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\454953.exe
2010-06-22 16:01 . 2010-06-22 16:01 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\452609.exe
2010-06-22 16:00 . 2010-06-22 16:00 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\355984.exe
2010-06-22 15:58 . 2010-06-22 15:58 67667 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\262781.exe
2010-06-22 15:57 . 2010-06-22 15:57 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\201359.exe
2010-06-22 15:57 . 2010-06-22 15:57 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\191406.exe
2010-06-22 15:51 . 2010-06-22 15:51 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\928953.exe
2010-06-22 15:49 . 2010-06-22 15:49 10340 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\834328.exe
2010-06-22 15:49 . 2010-06-22 15:49 10340 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\833062.exe
2010-06-22 15:49 . 2010-06-22 15:49 10340 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\830375.exe
2010-06-22 15:45 . 2010-06-22 15:45 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\569812.exe
2010-06-22 15:44 . 2010-06-22 15:44 10301 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\551250.exe
2010-06-22 15:44 . 2010-06-22 15:44 10301 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\551062.exe
2010-06-22 15:44 . 2010-06-22 15:44 10301 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\550328.exe
2010-06-22 15:43 . 2010-06-22 15:43 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\477671.exe
2010-06-22 15:43 . 2010-06-22 15:43 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\474421.exe
2010-06-22 15:42 . 2010-06-22 15:42 10349 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\420812.exe
2010-06-22 15:42 . 2010-06-22 15:42 10349 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\420671.exe
2010-06-22 15:42 . 2010-06-22 15:42 10349 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\420156.exe
2010-06-22 15:42 . 2010-06-22 15:42 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\417437.exe
2010-06-22 15:42 . 2010-06-22 15:42 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\416515.exe
2010-06-22 15:42 . 2010-06-22 15:42 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\414328.exe
2010-06-22 15:41 . 2010-06-22 15:41 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\371828.exe
2010-06-22 15:40 . 2010-06-22 15:40 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\288125.exe
2010-06-22 15:38 . 2010-06-22 15:38 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\194218.exe
2010-06-22 15:38 . 2010-06-22 15:38 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\185203.exe
2010-06-22 13:00 . 2010-06-22 13:01 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\301625.exe
2010-06-22 13:00 . 2010-06-22 13:00 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\289500.exe
2010-06-22 12:58 . 2005-07-18 06:05 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-06-22 12:58 . 2006-01-31 09:54 31744 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-22 12:58 . 2005-07-04 09:58 14848 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-22 12:58 . 2010-06-22 12:58 -------- d-----w- c:\programmi\AntiVir PersonalEdition Premium
2010-06-22 12:58 . 2010-06-22 12:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Premium
2010-06-22 12:51 . 2010-06-22 12:51 10349 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\356406.exe
2010-06-22 12:51 . 2010-06-22 12:51 10349 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\355937.exe
2010-06-22 12:51 . 2010-06-22 12:51 10349 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\354796.exe
2010-06-22 12:51 . 2010-06-22 12:51 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\351593.exe
2010-06-22 12:51 . 2010-06-22 12:51 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\350703.exe
2010-06-22 12:51 . 2010-06-22 12:51 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\347906.exe
2010-06-22 12:50 . 2010-06-22 12:50 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\265218.exe
2010-06-22 12:49 . 2010-06-22 12:49 67667 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\191234.exe
2010-06-22 12:47 . 2010-06-22 12:47 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\94671.exe
2010-06-22 12:47 . 2010-06-22 12:47 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\83046.exe
2010-06-22 11:48 . 2010-06-22 11:48 145 ----a-w- C:\fix.reg
2010-06-22 10:24 . 2010-06-22 10:24 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4091859.exe
2010-06-22 10:24 . 2010-06-22 10:24 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4091781.exe
2010-06-22 10:24 . 2010-06-22 10:24 488 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4090968.exe
2010-06-22 10:24 . 2010-06-22 10:24 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4084390.exe
2010-06-22 10:23 . 2010-06-22 10:23 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4027921.exe
2010-06-22 10:23 . 2010-06-22 10:23 3601 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4018453.exe
2010-06-22 10:22 . 2010-06-22 10:22 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\4012468.exe
2010-06-22 10:21 . 2010-06-22 10:21 10322 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3925421.exe
2010-06-22 10:21 . 2010-06-22 10:21 10322 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3925265.exe
2010-06-22 10:21 . 2010-06-22 10:21 10322 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3922218.exe
2010-06-22 10:17 . 2010-06-22 10:17 3252 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3724671.exe
2010-06-22 10:17 . 2010-06-22 10:17 3252 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3724484.exe
2010-06-22 10:17 . 2010-06-22 10:17 3252 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3723687.exe
2010-06-22 10:17 . 2010-06-22 10:17 10340 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3716156.exe
2010-06-22 10:17 . 2010-06-22 10:17 10340 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3715781.exe
2010-06-22 10:17 . 2010-06-22 10:17 10340 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3715312.exe
2010-06-22 10:14 . 2010-06-22 10:14 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3539640.exe
2010-06-22 10:14 . 2010-06-22 10:14 10301 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3520531.exe
2010-06-22 10:14 . 2010-06-22 10:14 10301 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3520375.exe
2010-06-22 10:14 . 2010-06-22 10:14 10301 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3517453.exe
2010-06-22 10:14 . 2010-06-22 10:14 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3487281.exe
2010-06-22 10:14 . 2010-06-22 10:14 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\3485781.exe
2010-06-22 09:21 . 2010-06-22 09:21 61699 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\317234.exe
2010-06-22 09:21 . 2010-06-22 09:21 61667 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\315937.exe
2010-06-22 09:21 . 2010-06-22 09:21 61618 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\307546.exe
2010-06-22 09:21 . 2010-06-22 09:21 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\306218.exe
2010-06-22 09:21 . 2010-06-22 09:21 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\305187.exe
2010-06-22 09:20 . 2010-06-22 09:20 24741 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\302062.exe
2010-06-22 09:20 . 2010-06-22 09:20 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\247406.exe
2010-06-22 09:19 . 2010-06-22 09:19 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\243859.exe
2010-06-22 09:19 . 2010-06-22 09:19 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\167796.exe
2010-06-22 09:18 . 2010-06-22 09:18 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\155328.exe
2010-06-22 08:24 . 2010-06-22 08:24 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\203453.exe
2010-06-22 08:23 . 2010-06-22 08:23 71684 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\163640.exe
2010-06-22 08:23 . 2010-06-22 08:23 10247 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\162156.exe
2010-06-22 08:22 . 2010-06-22 08:22 99332 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\97046.exe
2010-06-22 08:22 . 2010-06-22 08:22 610820 ----a-w- c:\documents and settings\User\Dati applicazioni\drivers\downld\83703.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 11:21 . 2009-03-29 16:47 -------- d--h--w- c:\documents and settings\User\Dati applicazioni\drivers
2010-06-22 16:07 . 2010-06-22 16:07 1354 ----a-w- c:\programmi\bgcs.txt
2010-06-22 12:58 . 2010-06-22 12:58 126264 ----a-w- c:\documents and settings\All Users\Dati applicazioni\firstlsp.reg.dat
2010-06-22 12:54 . 2009-02-03 15:41 -------- d-----w- c:\programmi\Alwil Software
2010-06-22 12:02 . 2009-02-03 16:16 -------- d-----w- c:\programmi\eMule
2010-06-16 12:00 . 2010-04-23 11:49 3416 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-06-16 11:59 . 2010-04-04 12:10 -------- d-----w- c:\programmi\FindyKill
2010-06-01 15:54 . 2009-02-14 11:15 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Canon
2010-05-15 16:33 . 2010-05-15 16:30 -------- d-----w- c:\programmi\cdcover
2010-05-07 10:24 . 2010-05-07 10:24 -------- d-----w- c:\documents and settings\User\Dati applicazioni\dvdcss
2010-05-06 14:16 . 2009-01-31 11:43 -------- d-----w- c:\programmi\File comuni\Adobe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_4ae13d6c.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_294823.exe
2010-04-23 13:18 . 2010-04-23 13:18 408522 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_18be6784.exe
2010-04-23 12:00 . 2010-04-23 12:00 133 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_70347633.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_611d2f5f.exe
2010-04-23 11:59 . 2010-04-23 11:59 5694 ----a-r- c:\documents and settings\User\Dati applicazioni\Microsoft\Installer\{A29B3A9E-250D-44D5-BC04-00B57CBE877A}\_468a2e62.exe
2010-04-15 12:51 . 2009-02-02 20:29 75688 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\D3DBF3RV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\8WU5ZBRV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\OHZ131FV.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\O2GDV9N7.DAT
2010-04-09 14:03 . 2010-04-09 14:03 2678 ----a-w- c:\windows\java\Packages\Data\6QIBLBT3.DAT
2010-04-04 12:12 . 2009-03-29 16:22 106 ----a-w- c:\windows\system32\jpg.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-06-15_09.49.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 11:21 . 2010-06-23 11:21 16384 c:\windows\temp\Perflib_Perfdata_5b0.dat
+ 2009-01-31 08:40 . 2010-06-17 15:38 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2009-01-31 08:40 . 2009-01-31 08:40 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\fltmc.exe
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\fltlib.dll
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\fltlib.dll
+ 2009-01-30 18:53 . 2006-08-21 09:14 23040 c:\windows\system32\dllcache\fltmc.exe
+ 2009-01-30 18:53 . 2006-08-21 12:26 16896 c:\windows\system32\dllcache\fltlib.dll
- 2009-01-30 18:53 . 2004-08-19 13:39 16896 c:\windows\system32\dllcache\fltlib.dll
+ 2010-06-22 12:58 . 2006-01-18 11:06 57344 c:\windows\system32\avsda.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 148888 c:\windows\system32\javaws.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\javaw.exe
+ 2010-06-16 11:11 . 2010-06-16 11:09 144792 c:\windows\system32\java.exe
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\drivers\fltmgr.sys
+ 2009-01-30 18:53 . 2006-08-21 09:14 128896 c:\windows\system32\dllcache\fltmgr.sys
+ 2010-06-16 11:11 . 2010-06-16 11:09 410984 c:\windows\system32\deploytk.dll
+ 2010-06-22 12:54 . 2010-06-22 12:54 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"EPSON Stylus Photo R360 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE" [2006-05-29 139264]
"AdobeUpdater"="c:\programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe" [2006-01-05 856064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-01-05 856064]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-06-16 148888]
"avgnt"="c:\programmi\AntiVir PersonalEdition Premium\avgnt.exe" [2010-06-23 229416]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-06-12 1495040]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-2-2 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2010-06-22 14848]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2010-06-22 31744]
S2 AntiVirMailService;AntiVir Mail Security Service;c:\programmi\AntiVir PersonalEdition Premium\avmailc.exe [2010-06-22 167936]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-01-31 182784]
S4 AVEService;AntiVir Engine Service;c:\programmi\AntiVir PersonalEdition Premium\avesvc.exe [2010-06-22 45056]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: avsda.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 13:22
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\avsda.dll

- - - - - - - > 'explorer.exe'(2392)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\rundll32.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-23 13:28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-23 11:28
ComboFix2.txt 2010-06-22 16:43
ComboFix3.txt 2010-06-21 17:02
ComboFix4.txt 2010-06-17 14:18
ComboFix5.txt 2010-06-23 11:17

Pre-Run: 49,353,515,008 byte disponibili
Post-Run: 49,469,272,064 byte disponibili

306 --- E O F --- 2010-06-16 12:01

[Luke57]

Ciao, niente da fare o si eliminano i file tutti insieme o sarà sempre la solita musica-
Seguiamo questa procedura by Duca Bianco su p2p forum

1)Elimina avenger e combofix dal tuo computer

2 Scaricare Bagle Remover sul desktop.
http://file.p2pforum.it/?d=37366D261

-Clic su Beagled.exe e seguire le istruzioni
attendere .....quando ha finito chiederà di riavviare: fatelo

Ora scarica the Avenger
http://swandog46.geekstogo.com/avenger.zip
salvarlo in una cartella e scompattare il file .zip.
N.B. Avenger va Scaricato e lanciato dopo aver fatto girare Bagle Remover,se avete già Avenger eliminatelo per poi riscaricarlo.

-Individuare Avenger.exe e avviarlo.
-Inserire questo script nel box bianco

Codice: Seleziona tutto

Drivers to disable:
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\winfilse.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa2.sys


Files to delete:
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\wintems.exe
%SystemDrive%\WINDOWS\system32\hldrrr.exe
%SystemDrive%\WINDOWS\system32\trusted.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\drivers\winfilse.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa2.sys
%UserProfile%\Dati applicazioni\hidires\hidr.exe
%UserProfile%\Dati applicazioni\hidires\rosa.sys
%UserProfile%\Dati applicazioni\m\list.oct
%UserProfile%\Dati applicazioni\m\data.oct
%UserProfile%\Dati applicazioni\m\flec006.exe
%UserProfile%\Dati applicazioni\m\svrlist.oct
%SystemDrive%\system32\re_file.exe
%SystemDrive%\elist.xpt
%UserProfile%\Dati applicazioni\hidires\m_hook.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.ex_
%SystemDrive%\WINDOWS\system32\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\edlm.exe
%SystemDrive%\WINDOWS\system32\edlm2.exe
%SystemDrive%\Windows\system32\ldR64.dll
%SystemDrive%\WINDOWS\system32\german.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys.XXX
%SystemDrive%\WINDOWS\system32\mdelk.exe.XXX
%SystemDrive%\WINDOWS\system32\wintems.exe.XXX
%SystemDrive%\WINDOWS\system32\1.exe
c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys
c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe


Folders to delete:
%SystemDrive%\WINDOWS\exefqd
%SystemDrive%\WINDOWS\exefnd
%SystemDrive%\WINDOWS\exefld
%UserProfile%\Dati applicazioni\hidires
%UserProfile%\Dati applicazioni\hidn
%UserProfile%\Dati applicazioni\m\shared
%UserProfile%\Dati applicazioni\m
%SystemDrive%\WINDOWS\System32\drivers\down
%SystemDrive%\WINDOWS\system32\drivers\downld
%SystemDrive%\WINDOWS\temp\
%UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5
%UserProfile%\Impostazioni locali\Temporary Internet Files
%UserProfile%\Impostazioni locali\Temp

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\CurrentControlSet\Services\rosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | german.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run |drv_st_key

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Cliccare su Execute
Il pc dovrebbe riavviarsi ( se così non fosse,fallo tu)

-Allegare il log che verrà creato in C:\Avenger

Al riavio, scarica di nuovo combofix e fai una scansione con le solite modalità

[francois87]

ciao luke57 ho scaricato beagleRemove,ma non ha fatto niente di chè: mi ha dato un report dei file,non mi ha eliminato niente e non mi ha fatto riavviare il computer(sto virus e troppo potente).ho dovuto scaricare avenger(quello a cui mi hai detto di rinominarlo)perchè l'ultimo citato non mi funzionava,ma la procedura non l'ha avviata.
a questo punto ti chiedo se avvio la formattazione del mio computer posso elimare il virus definitivamente????

[Luke57]

Ciao, vai qui:
http://rapidshare.com/files/248262015/234.zip.html

scarica il file, estrailo sul deskto. Copia lo script del mio post precedente, avvia il file estratto,
nella schermata seleziona Input Script manually, premi la lente di ingrandimento sulla destra, nello spazio bianco che si apre, incolla lo script, premi Done e due successivi sì alle domande che ti saranno poste. Al riavvio del computer, posta il report c:\avenger.txt

[francois87]

luke57 ecco il report di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rbafjwki

*******************

Script file located at: \??\C:\Documents and Settings\yjwjuwhg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034

File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\winfilse.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\winfilse.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\winfilse.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\srosa2.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa2.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa2.sys
Status: 0xc0000034



Could not open file C:\Documents and Settings\User\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C:\Documents and Settings\User\Dati applicazioni\hidires\hidr.exe failed!

Could not process line:
C:\Documents and Settings\User\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\User\Dati applicazioni\hidires\rosa.sys for deletion
Deletion of file C:\Documents and Settings\User\Dati applicazioni\hidires\rosa.sys failed!

Could not process line:
C:\Documents and Settings\User\Dati applicazioni\hidires\rosa.sys
Status: 0xc000003a

File C:\Documents and Settings\User\Dati applicazioni\m\list.oct deleted successfully.
File C:\Documents and Settings\User\Dati applicazioni\m\data.oct deleted successfully.
File C:\Documents and Settings\User\Dati applicazioni\m\flec006.exe deleted successfully.


File C:\Documents and Settings\User\Dati applicazioni\m\svrlist.oct not found!
Deletion of file C:\Documents and Settings\User\Dati applicazioni\m\svrlist.oct failed!

Could not process line:
C:\Documents and Settings\User\Dati applicazioni\m\svrlist.oct
Status: 0xc0000034



Could not open file C:\system32\re_file.exe for deletion
Deletion of file C:\system32\re_file.exe failed!

Could not process line:
C:\system32\re_file.exe
Status: 0xc000003a



File C:\elist.xpt not found!
Deletion of file C:\elist.xpt failed!

Could not process line:
C:\elist.xpt
Status: 0xc0000034



Could not open file C:\Documents and Settings\User\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C:\Documents and Settings\User\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C:\Documents and Settings\User\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a



File C:\WINDOWS\system32\drivers\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\WINDOWS\system32\mdelk.exe deleted successfully.


File C:\WINDOWS\system32\drivers\mdelk.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\mdelk.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\mdelk.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



File C:\WINDOWS\system32\edlm.exe not found!
Deletion of file C:\WINDOWS\system32\edlm.exe failed!

Could not process line:
C:\WINDOWS\system32\edlm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\edlm2.exe not found!
Deletion of file C:\WINDOWS\system32\edlm2.exe failed!

Could not process line:
C:\WINDOWS\system32\edlm2.exe
Status: 0xc0000034



File C:\Windows\system32\ldR64.dll not found!
Deletion of file C:\Windows\system32\ldR64.dll failed!

Could not process line:
C:\Windows\system32\ldR64.dll
Status: 0xc0000034



File C:\WINDOWS\system32\german.exe not found!
Deletion of file C:\WINDOWS\system32\german.exe failed!

Could not process line:
C:\WINDOWS\system32\german.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\srosa.sys.XXX not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys.XXX failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys.XXX
Status: 0xc0000034



File C:\WINDOWS\system32\mdelk.exe.XXX not found!
Deletion of file C:\WINDOWS\system32\mdelk.exe.XXX failed!

Could not process line:
C:\WINDOWS\system32\mdelk.exe.XXX
Status: 0xc0000034



File C:\WINDOWS\system32\wintems.exe.XXX not found!
Deletion of file C:\WINDOWS\system32\wintems.exe.XXX failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe.XXX
Status: 0xc0000034



File C:\WINDOWS\system32\1.exe not found!
Deletion of file C:\WINDOWS\system32\1.exe failed!

Could not process line:
C:\WINDOWS\system32\1.exe
Status: 0xc0000034

File c:\documents and settings\User\Dati applicazioni\drivers\wfsintwq.sys deleted successfully.
File c:\documents and settings\User\Dati applicazioni\drivers\winupgro.exe deleted successfully.


Folder C:\WINDOWS\exefqd not found!
Deletion of folder C:\WINDOWS\exefqd failed!

Could not process line:
C:\WINDOWS\exefqd
Status: 0xc0000034



Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034



Folder C:\Documents and Settings\User\Dati applicazioni\hidires not found!
Deletion of folder C:\Documents and Settings\User\Dati applicazioni\hidires failed!

Could not process line:
C:\Documents and Settings\User\Dati applicazioni\hidires
Status: 0xc0000034



Folder C:\Documents and Settings\User\Dati applicazioni\hidn not found!
Deletion of folder C:\Documents and Settings\User\Dati applicazioni\hidn failed!

Could not process line:
C:\Documents and Settings\User\Dati applicazioni\hidn
Status: 0xc0000034

Folder C:\Documents and Settings\User\Dati applicazioni\m\shared deleted successfully.
Folder C:\Documents and Settings\User\Dati applicazioni\m deleted successfully.
Folder C:\WINDOWS\System32\drivers\down deleted successfully.


Folder C:\WINDOWS\system32\drivers\downld not found!
Deletion of folder C:\WINDOWS\system32\drivers\downld failed!

Could not process line:
C:\WINDOWS\system32\drivers\downld
Status: 0xc0000034

Folder C:\WINDOWS\temp deleted successfully.
Folder C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5 deleted successfully.
Folder C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files deleted successfully.
Folder C:\Documents and Settings\User\Impostazioni locali\Temp deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\rosa
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
Status: 0xc0000034



Registry key HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA failed!

Could not process line:
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Status: 0xc0000034

Registry key HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64 not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64 failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key failed!
Status: 0xc0000034



Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[Luke57]

Ciao, tutto quello che ha trovato è stato eliminato. Adesso prova a installare malwarebytes, aggiornarlo e a fare una scansione completa. Posta poi il report.

[francois87]

luke57ho avviato il programma e mi ha trovato un bel pò di virus:ho cercato di rimuoverli ma non tutti me li ha eliminati.il mio antivirus comunque è ancora bloccato;ecco il report di malware:

Malwarebytes' Anti-Malware 1.38
Versione del database: 2333
Windows 5.1.2600 Service Pack 2

2010-06-25 13:53:54
mbam-log-2010-06-25 (13-53-54).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 130548
Tempo trascorso: 32 minute(s), 31 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 4
Elementi dato del registro infetti: 2
Cartelle infette: 2
File infetti: 25

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Cartelle infette:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
c:\documents and settings\User\Dati applicazioni\drivers\downld (Worm.Bagle) -> Files: 481 -> Quarantined and deleted successfully.

File infetti:
c:\documents and settings\User\dati applicazioni\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP101\A0010782.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP101\A0010892.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP101\A0010903.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP101\A0012902.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP101\A0012930.exe (Trojan.Packed) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014138.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014245.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014150.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014163.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014178.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014200.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014215.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014231.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014259.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP102\A0014281.exe (Trojan.Packed) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP95\A0007557.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP96\A0007803.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP96\A0007811.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP96\A0007827.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP96\A0007839.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c2652133-3ff6-4cea-bfc7-ac3dc662f6d4}\RP97\A0007869.exe (Trojan.Packed) -> Quarantined and deleted successfully.
c:\windows\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\windows\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.

[Luke57]

Ciao, ci credo, il bagle corrompe del tutto l'seguibile, lo devi obbligatoriamente reinstallare.

[francois87]

luke57 allora devo reinstallare l'antivirus?..ma il begla è stato eliminato?..

[Luke57]

luke57 allora devo reinstallare l'antivirus?..ma il begla è stato eliminato?..

E' la prova del nove

[francois87]

luke57 complimeti,mi hai risolto il problema...sei un grande!!
adesso devo cercare un buon antivirus da mettere nel mio computer perchè quello che ho adesso è la versione free di avira.grazie luke57....

[-> EleKtrA <-]

Fai attenzione a non infettarti nuovamente durante le tue ricerche se stai cercando un antivirus che ti protegga dal worm, non esiste purtroppo.

Io terrei Antivir, è un ottimo antivirus

[francois87]

ciao elektra..alla fine ho installato di nuovo il mio buon vecchio avast 4.8...oramai mi ci sono affezionato..e devo dire che lavora discretamente...grazie del consiglio..