www.MegaLab.it

[disc_nr]

Ciao Amantide

karpesky mi ha trovato questi due file, naturalmente cancellati subito

deleted: Trojan program Trojan-Downloader.Win32.Bagle.acm File: C:\Programmi\Picasa2\PicasaMediaDetector.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.acm File: C:\RECYCLER\S-1-5-21-343818398-725345543-70411642-1006\Dc1.exe

per il resto mi ha rilevato dei file malevoli ma nn virus o meglio malevoli di nome

detected: riskware not-a-virus:Client-IRC.Win32.mIRC.621 File: e:\programmi\mirc\mirc.exe
detected: riskware not-a-virus:PSWTool.Win32.MPR.015 File: n:\programmi\multi password recovery\mpr_freader.sys
deleted: riskware not-a-virus:RemoteAdmin.Win32.WinVNC-based.c File: C:\Documents and Settings\my user\Documenti\My Completed Downloads\assistenza.exe//UPX//vnchooks.dll
deleted: riskware not-a-virus:Client-IRC.Win32.mIRC.621 File: C:\Documents and Settings\my user\Documenti\My Completed Downloads\mirc621.exe//stream//data0008
detected: riskware not-a-virus:RiskTool.Win32.WFPDisabler.a File: C:\Documents and Settings\my user\Documenti\Setup\FlyakiteOSX v3.5.exe//stream//data0023
detected: riskware not-a-virus:RiskTool.Win32.WFPDisabler.a File: C:\Documents and Settings\my user\Documenti\Setup\FlyakiteOSX v3.5.rar/FlyakiteOSX v3.5.exe

Alcuni cancellati altri mantenuti.

Ora mi servirebbo un restore per le chiavi di registro danneggiate, ossia per poter rivedere i file nascosti e per poter rifare il riavvio in modalità provvisoria, sulle vostre guide avevo visto qualcosa per ripristinare problemi di rete wi-fi e altro, per gli altri danni c'e' qualcosa?

Per sicurezza nel caso mi fosse sfuggito qualcosa vi posto 2 log:

Combofix log

ComboFix 08-10-02.04 - Giulio 2008-10-03 15.04.56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1435 [GMT 2:00]
Eseguito da: C:\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Giulio\Cookies\giulio@serving-sys[1].txt
C:\Documents and Settings\Giulio\Preferiti\Videos.url

.
((((((((((((((((((((((((( Files Creati Da 2008-09-03 al 2008-10-03 )))))))))))))))))))))))))))))))))))
.

2008-10-02 22:49 . 2008-10-02 22:49 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-02 22:49 . 2008-10-03 15:07 4,199,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-02 22:49 . 2008-10-02 22:49 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-02 22:04 . 2008-10-02 22:04 672,256 --a------ C:\abc.tmp
2008-10-02 22:04 . 2008-10-02 21:07 407,680 --a------ C:\abc.exe
2008-10-02 22:00 . 2004-08-13 18:30 45,056 --a------ C:\SDTrestore.exe
2008-10-02 22:00 . 2004-08-13 18:30 34,244 --a------ C:\SDTrestore.cpp
2008-10-02 22:00 . 2004-08-13 18:30 192 --a------ C:\compile.bat
2008-10-02 21:46 . 2008-04-20 10:04 401,720 --a------ C:\MegaLab.it_H_i_J_a_C_k_T_h_I_s.exe
2008-10-02 21:45 . 2008-04-20 10:08 731,136 --a------ C:\MegaLab.it_a_v_e_n_g_e_r.exe
2008-10-02 21:44 . 2008-04-20 10:02 761,856 --a------ C:\MegaLab.it_G_m_E_r.exe
2008-10-02 21:44 . 2008-10-02 21:44 277,504 --a------ C:\MegaLab.dll
2008-10-02 21:43 . 2008-04-17 21:13 811,008 --a------ C:\gmer.exe
2008-10-02 21:41 . 2008-10-03 14:45 250 --a------ C:\WINDOWS\gmer.ini
2008-09-28 22:55 . 2008-09-28 22:55 268 --ah----- C:\sqmdata19.sqm
2008-09-28 22:55 . 2008-09-28 22:55 244 --ah----- C:\sqmnoopt19.sqm
2008-09-24 19:40 . 2008-09-24 19:40 94,208 --a------ C:\WINDOWS\rtpmsi32.dll
2008-09-23 21:09 . 2008-09-23 23:00 <DIR> d-------- C:\Programmi\iTALC
2008-09-21 20:00 . 2008-09-21 20:00 <DIR> d-------- C:\Programmi\UltraISO
2008-09-21 20:00 . 2008-09-21 20:00 <DIR> d-------- C:\Programmi\File comuni\EZB Systems
2008-09-21 15:59 . 2008-09-21 16:00 <DIR> d-------- C:\Documents and Settings\Giulio\wareuopenbeta
2008-09-16 23:57 . 2008-09-16 23:57 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-09-16 23:33 . 2008-09-16 23:33 <DIR> d--hs---- C:\Documents and Settings\Giulio\Phone Browser
2008-09-16 18:56 . 2008-09-16 19:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-16 18:43 . 2008-09-16 23:26 <DIR> d-------- C:\nokia
2008-09-16 18:43 . 2008-09-16 18:43 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-09-16 18:42 . 2008-09-16 18:42 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-09-16 18:42 . 2008-09-16 23:47 <DIR> d-------- C:\Documents and Settings\Giulio\Dati applicazioni\Nokia
2008-09-16 18:42 . 2008-09-16 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-09-16 18:41 . 2008-09-16 18:41 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-09-16 18:41 . 2008-09-16 23:48 <DIR> d-------- C:\Documents and Settings\Giulio\Dati applicazioni\PC Suite
2008-09-16 18:41 . 2008-09-16 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-09-16 17:58 . 2008-07-12 11:33 79,346 --a------ C:\1000+ applicazioni.htm
2008-09-15 19:53 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-09-15 19:53 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-09-15 19:52 . 2008-09-15 19:52 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-15 19:52 . 2008-09-15 19:52 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-15 19:47 . 2008-09-15 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nokia
2008-09-15 19:46 . 2008-09-15 19:46 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-09-15 19:46 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-09-15 19:46 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-09-15 19:46 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-09-15 19:46 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-09-15 19:46 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-09-15 19:46 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-09-15 19:46 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-09-15 19:45 . 2008-09-15 19:46 <DIR> d-------- C:\Programmi\Nokia
2008-09-15 19:45 . 2008-09-16 18:42 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-09-15 19:45 . 2008-09-15 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-09-15 18:15 . 2008-09-15 18:15 <DIR> d-------- C:\Programmi\MediaInfo
2008-09-15 12:06 . 2008-09-15 12:06 <DIR> d-------- C:\digitalvideoconverter
2008-09-15 11:26 . 2008-09-15 11:26 <DIR> d-------- C:\Programmi\File comuni\SWF Studio
2008-09-03 23:26 . 2008-09-07 01:14 <DIR> d-------- C:\Documents and Settings\Giulio\Dati applicazioni\IMVUClient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 12:27 --------- d-----w C:\Programmi\Picasa2
2008-10-02 21:08 2,885,948 ----a-r C:\ComboFix.exe
2008-10-02 20:09 --------- d-----w C:\Documents and Settings\Giulio\Dati applicazioni\WTablet
2008-10-02 20:06 --------- d-----w C:\Documents and Settings\Giulio\Dati applicazioni\Hamachi
2008-10-02 16:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee.com Personal Firewall
2008-10-02 16:53 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\WTablet
2008-10-01 18:32 --------- d-----w C:\Programmi\DAP
2008-09-29 20:49 --------- d-----w C:\Documents and Settings\Giulio\Dati applicazioni\iTALC
2008-09-28 14:07 --------- d-----w C:\Documents and Settings\Giulio\Dati applicazioni\Canon
2008-09-27 23:21 --------- d-----w C:\Documents and Settings\Giulio\Dati applicazioni\Azureus
2008-09-27 13:14 --------- d-----w C:\Programmi\Polygon Cruncher
2008-09-25 18:22 --------- d-----w C:\Programmi\DaneaEasyfatt2006
2008-09-24 16:54 --------- d-----w C:\Documents and Settings\Giulio\Dati applicazioni\IMVU
2008-09-16 16:41 --------- d-----w C:\Programmi\DIFX
2008-09-02 22:45 --------- d-----w C:\Documents and Settings\Giulio\Dati applicazioni\DNA
2008-09-02 08:54 --------- d-----w C:\Programmi\DNA
2008-08-22 19:58 --------- d-----w C:\Documents and Settings\Giulio\Dati applicazioni\Skype
2008-08-04 21:30 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-04 21:30 --------- d-----w C:\Programmi\Telecom Italia
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 11:48 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-07-12 11:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-12 11:48 22,328 ----a-w C:\Documents and Settings\Giulio\Dati applicazioni\PnkBstrK.sys
2008-07-12 11:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-10 20:59 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2001-11-18 11:50 586,556 ----a-w C:\Documents and Settings\Giulio\cr2ed512 Update.zip
2001-11-18 09:23 3,429,764 ----a-w C:\Documents and Settings\Giulio\cr2ed5.zip
2007-11-03 18:22 13 -csh--r C:\WINDOWS\system32\Mediav_6_4.dll
.

------- Sigcheck -------

2007-06-13 15:22 977920 a740c454ab68580ab44e6b46e3a5321f C:\WINDOWS\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 14:00 1367552 c9432e6547262550b4f1396e3d57ccf3 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2008-04-14 04:14 1036288 70d7f99d95615c3c278367756287db71 C:\WINDOWS\SoftwareDistribution\Download\fc8deab818fa7e7ffabfc43e34347907\explorer.exe
2007-06-13 15:22 977920 a740c454ab68580ab44e6b46e3a5321f C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2006-06-15 17:48 442368 --a------ C:\Programmi\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2006-06-15 17:48 442368 --a------ C:\Programmi\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2006-06-15 17:48 442368 --a------ C:\Programmi\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2006-06-15 17:48 442368 --a------ C:\Programmi\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2006-06-15 17:48 442368 --a------ C:\Programmi\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2006-06-15 17:48 442368 --a------ C:\Programmi\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2006-06-15 17:48 442368 --a------ C:\Programmi\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 160256]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"PcSync"="N:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Programmi\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.WRPR"= aviwrap.dll
"vidc.WRPR"= aviwrap.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Giulio^Menu Avvio^Programmi^Esecuzione automatica^hamachi.lnk]
path=C:\Documents and Settings\Giulio\Menu Avvio\Programmi\Esecuzione automatica\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Giulio^Menu Avvio^Programmi^Esecuzione automatica^Registration Assassin's Creed.LNK]
path=C:\Documents and Settings\Giulio\Menu Avvio\Programmi\Esecuzione automatica\Registration Assassin's Creed.LNK
backup=C:\WINDOWS\pss\Registration Assassin's Creed.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Giulio^Menu Avvio^Programmi^Esecuzione automatica^RocketDock.lnk]
path=C:\Documents and Settings\Giulio\Menu Avvio\Programmi\Esecuzione automatica\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Giulio^Menu Avvio^Programmi^Esecuzione automatica^TransBar.lnk]
path=C:\Documents and Settings\Giulio\Menu Avvio\Programmi\Esecuzione automatica\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Giulio^Menu Avvio^Programmi^Esecuzione automatica^UberIcon.lnk]
path=C:\Documents and Settings\Giulio\Menu Avvio\Programmi\Esecuzione automatica\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Giulio^Menu Avvio^Programmi^Esecuzione automatica^Y'z Shadow.lnk]
path=C:\Documents and Settings\Giulio\Menu Avvio\Programmi\Esecuzione automatica\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 21:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-16 09:47 94208 C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2003-01-21 16:19 40960 C:\WINDOWS\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search 2]
--a------ 2008-03-03 22:45 1583624 C:\Programmi\Copernic Desktop Search 2\DesktopSearchService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 17:02 490952 C:\Programmi\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\PROGRA~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 17:00 1005096 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-11-28 14:12 222720 N:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2006-12-18 15:34 868352 C:\Programmi\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 17:46 1460560 n:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater]
--a------ 2006-02-26 01:41 118485 C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-21 11:59 180269 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 10:18 3660848 N:\Programmi\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
--a------ 2007-04-21 21:26 2343936 N:\Nuova cartella\Yod'm 3D\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\3dsmax7\\3dsmax.exe"=
"C:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Programmi\\xampp\\mysql\\bin\\mysqld.exe"=
"C:\\Programmi\\VoipStunt.com\\VoipStunt2\\VoipStunt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\backburner 2\\manager.exe"=
"C:\\Programmi\\backburner 2\\monitor.exe"=
"C:\\Programmi\\backburner 2\\server.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Outlook Express\\msimn.exe"=
"C:\\Programmi\\Curious Labs\\Poser 5\\poser.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Programmi\\DAP\\DAP.exe"=
"C:\\Programmi\\xampp\\apache\\bin\\apache.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\eMule2\\eMule.exe"=
"H:\\disco C\\Programmi\\eMule0.46c\\emule.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"E:\\Programmi\\eMule\\emule.exe"=
"E:\\winbox.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"E:\\Programmi\\mIRC\\mirc.exe"=
"E:\\Programmi\\DeepUV\\DeepUV.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Programmi\\FileZilla\\FileZilla.exe"=
"N:\\Programmi\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"N:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"N:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"N:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"N:\\emule extreme61\\emule.exe"=
"N:\\Programmi\\e frontier\\Poser 7\\Poser.exe"=
"n:\\Programmi\\iTALC\\ica.exe"= N:\\Programmi\\iTALC\\ica.exe
"N:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"n:\\Programmi\\BitTorrent\\bittorrent.exe"=
"N:\\Programmi\\Azureus\\Azureus.exe"=
"N:\\Programmi\\Santiago Orgaz\\xNormal\\3.14.5\\x86\\xNormal.exe"=
"N:\\Programmi\\Crazybump Beta Test\\CrazyBump.exe"=
"N:\\Programmi\\EuteliaVOIP\\EuteliaVOIP.exe"=
"N:\\Programmi\\WoW-2.3.0.7561-enUS-downloader.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"N:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"N:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"N:\\Programmi\\Hamachi\\hamachi.exe"=
"N:\\Programmi\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"N:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"N:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"N:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"E:\\Programmi\\SecondLife\\SLVoice.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\iTALC\\ica.exe"=
"C:\\program files\\Atari\\Dragonshard\\fpupdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"32895:TCP"= 32895:TCP:Emule
"12035:UDP"= 12035:UDP:sl2
"12036:UDP"= 12036:UDP:sl3
"12043:TCP"= 12043:TCP:sl4
"13000:UDP"= 13000:UDP:sl5
"13050:UDP"= 13050:UDP:sl7
"6901:TCP"= 6901:TCP:eMule
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
"12975:TCP"= 12975:TCP:5.0.0.0/255.255.255.255:Enabled:hamachi

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 123 Flash Chat Server 6.6;123 Flash Chat Server 6.6;e:\Programmi\123FlashChatServer6.6\server\123flashchat_setup.exe [2006-10-17 204800]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 icas;iTALC Client;C:\Programmi\iTALC\ica.exe [2007-11-25 895488]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-09-29 2560]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S3 Amspfigm;Amspfigm;C:\WINDOWS\system32\drivers\NABTSFEC.sys [2004-08-04 85376]
S3 mpr_freader;MPR FileReader Driver;N:\Programmi\Multi Password Recovery\mpr_freader.sys [2008-10-03 2816]
S3 PciCon;PciCon;D:\PciCon.sys [ ]
S3 Sptsgvcvnfqs;Sptsgvcvnfqs;C:\WINDOWS\system32\drivers\ipfltdrv.sys [2004-08-19 32896]
S3 Tmsennicces;Tmsennicces;C:\WINDOWS\system32\drivers\bridge.sys [2004-08-19 71552]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setup.exe

*Newly Created Service* - IS-VKMJVDRV
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-drvsyskit - C:\WINDOWS\system32\drivers\hldrrr.exe
MSConfigStartUp-Picasa Media Detector - C:\Programmi\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Giulio\Dati applicazioni\Mozilla\Firefox\Profiles\v8b3rl7g.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://it.start.mozilla.com/firefox?cli ... t:official
FF -: plugin - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmi\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Programmi\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Programmi\Yahoo!\Shared\npYState.dll
FF -: plugin - n:\Programmi\Mozilla Firefox\plugins\npdivx32.dll
FF -: plugin - n:\Programmi\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - N:\Programmi\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 15:07:20
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-10-03 15:11:28
ComboFix-quarantined-files.txt 2008-10-03 13:10:29

Pre-Run: 8.071.036.928 byte disponibili
Post-Run: 8,091,291,648 byte disponibili

378 --- E O F --- 2008-09-30 20:42:50

Ora provvedo con il riavvio e incrocio le dita.

Ciao

Disc

[ste_95]

Disabilita il ripristino configurazione di sistema.

Scarica la nuova versione di Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada. Se ti restituisce un errore di Applicazione WIN32 non valida o altri errori relativi a file mancanti usa questa versione.
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\RECYCLER\S-1-5-21-343818398-725345543-70411642-1006\Dc1.exe

Folders to delete:
C:\WINDOWS\system32\drivers\downld

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger ti dice che lo script non è valido (Invalid script), riscrivi manualmente il primo comando (Files to delete:) senza dimenticare i due punti finali.

Poi, procedi con l'applicazione di questo e questo.

[disc_nr]

Ciao ste_95

Ti metto il log di avenger, anche se è tutto negativo, infatti se guardi sopra ho già provveduto a cancellare quei file con karpesky remover

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\Programmi\Picasa2\PicasaMediaDetector.exe" not found!
Deletion of file "C:\Programmi\Picasa2\PicasaMediaDetector.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\RECYCLER\S-1-5-21-343818398-725345543-70411642-1006\Dc1.exe" not found!
Deletion of file "C:\RECYCLER\S-1-5-21-343818398-725345543-70411642-1006\Dc1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Inoltre avevo specificato nel primo post che ho notato alcune mancanze e differenze nella mia versione di bagle rispetto alle versioni della guida.

Nel tuo post copia incolla ci sono due link che direzionano a http://area51.MegaLab.it/3250 e nn ho i permessi per accederci, puoi darmi link alternativi?

Ciao

Disc

[ste_95]

Scusami, questi sono i link:

http://www.MegaLab.it/3250
http://www.MegaLab.it/3286