www.MegaLab.it

[ste_95]

Puoi riabilitare il ripristino configurazione di sistema.
Utilizza pure eMule, ma fallo con cautela.
Cancella la cartella C:\Avenger.

[rayman17]

Grazie DAVVERO di tutto.........

[rayman17]

raga salve a tutti...mi sa che il virus è tornato grrr Ccleaner non si apre e se tento di aprire AntiVir mi da il seguente errore

avcenter.exe non è un applicazione Win32 valida

ps: sto effettuando una scansione online con Kaspersky

[ste_95]

Prova con FindyKill e Combofix.
http://www.MegaLab.it/3724/3

[Cavaliere]

Scusate se mi intrometto in questa discussione, ma due giorni fa ho contratto pure io questo virus tramite emule, ho gli stessi problemi che sono stati elencati in prima pagina, ma sono comunque riuscito ad installare spywarefighter ma non credo serva a molto....

Gentilmente potresti dirmi con cosa posso iniziare, per cominciare a rimuovere il virus Bagle???

Premetto che sono stato mandato qui da gente che mi ha detto, che qui c'e' molta gente in gamba!! Attendo vostre risposte....sono senza antivirus al momento!

[Amantide]

Scusate se mi intrometto in questa discussione, ma due giorni fa ho contratto pure io questo virus tramite emule, ho gli stessi problemi che sono stati elencati in prima pagina, ma sono comunque riuscito ad installare spywarefighter ma non credo serva a molto....

Gentilmente potresti dirmi con cosa posso iniziare, per cominciare a rimuovere il virus Bagle???

Premetto che sono stato mandato qui da gente che mi ha detto, che qui c'e' molta gente in gamba!! Attendo vostre risposte....sono senza antivirus al momento!

Ciao e Benvenuto

Inizia con Findykill e Combofix e posta qui il log di quest'ultimo.

Scarica FindyKill (by Chiquitine29)ed installalo (è in francese però è di facile comprensione).
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio.

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

[Cavaliere]

Il virus ha infettato anche il portatile, ho eseguito sia findkilly che combofix sul portatile e questi sono i log! l'antivirus il nod 32 sono riuscito a reinstallarlo ! adesso e' tutto ok? posso stare tranquillo o Bagle vaga ancora all'interno del pc?
Log di FindKIll

############################## [ FindyKill V4.728 ]

# User : Utente (Administrators) # FLUID
# Update on 03/05/09 by Chiquitine29
# Start at: 17.32.16 | 03/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# AMD Athlon(tm) 64 Processor 3200+
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Rising Antivirus [ Enabled | (!) Outdated ]
# AV : ESET NOD32 Antivirus 3.0 3.0 [ (!) Disabled | Updated ]

# C:\ # Disco rigido locale # 74,52 Go (22,43 Go free) # NTFS
# D:\ # Disco CD-ROM
# I:\ # Disco CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Rising\Rav\CCENTER.EXE
C:\Programmi\Rising\Rav\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Rising\Rav\RavMonD.exe
C:\Programmi\Rising\Rav\RavMonD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Rising\Rav\rsnetsvr.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Fighters\configservice.exe
C:\Programmi\Rising\Rav\RavTask.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Rising\Rav\ScanFrm.exe
C:\Programmi\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Fighters\licenseservice.exe
C:\Programmi\Fighters\updateservice.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Fighters\ScannerService.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\770140.EXE-1911AF5E.pf
Deleted ! C:\WINDOWS\Prefetch\866703.EXE-1FBFBF59.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-194E3FFA.pf
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\data.oct"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\list.oct"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\drivers\downld"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\drivers"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\shared"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m"

################## [ Infected Temp Files ]


################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-2609839188-1925581873-1495616707-1006\Software\FFC
Deleted ! HKEY_USERS\S-1-5-21-2609839188-1925581873-1495616707-1006\Software\MuleAppData
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Utente\Dati applicazioni\drivers\winupgro.exe
CRC32 .. : 871fa737
MD5 .... : 2813df8df02f1ec16d191e82164cd968

Deleted ! : C:\Programmi\eMule\Incoming\key_generator.exe
# Taille : 847872 # MD5 : 2813DF8DF02F1EC16D191E82164CD968

Deleted ! : C:\Programmi\Windows Live\Messenger\msnmsgr.exe
# Taille : 847872 # MD5 : 2813DF8DF02F1EC16D191E82164CD968


################## [ Corrupted files # Re-Installation required ]

C:\Programmi\ESET\ESET NOD32 Antivirus\ecmd.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\File comuni\Sonic Shared\Sonic Central\Audio\Launch.exe
C:\Programmi\File comuni\Sonic Shared\Sonic Central\Data\Launch.exe
C:\Programmi\Mozilla Firefox\uninstall\helper.exe
C:\Programmi\Registry Mechanic\Update.exe
C:\Programmi\Samsung\Samsung PC Studio 3\LiveUpdate.exe
C:\Programmi\Spybot - Search & Destroy\blindman.exe
C:\Programmi\Spybot - Search & Destroy\Update.exe
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB887742\update\update.exe
C:\WINDOWS\$hf_mig$\KB887797\update\update.exe
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890047\update\update.exe
C:\WINDOWS\$hf_mig$\KB890175\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893066\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896424\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB896688\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB900930\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB905915\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911567\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB912812\update\update.exe
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
C:\WINDOWS\$hf_mig$\KB912945\update\update.exe
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916281\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917159\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB917422\update\update.exe
C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB918899\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
C:\WINDOWS\$hf_mig$\KB920214\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB921398\update\update.exe
C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922616\update\update.exe
C:\WINDOWS\$hf_mig$\KB922760\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923561\update\update.exe
C:\WINDOWS\$hf_mig$\KB923694\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924191\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
C:\WINDOWS\$hf_mig$\KB925454\update\update.exe
C:\WINDOWS\$hf_mig$\KB925486\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB929338\update\update.exe
C:\WINDOWS\$hf_mig$\KB929969\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
C:\WINDOWS\$hf_mig$\KB931836\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952004\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB953155\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956572\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB958690\update\update.exe
C:\WINDOWS\$hf_mig$\KB959426\update\update.exe
C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB960803\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB961373\update\update.exe
C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\014daa43525429d2b605d442811dfa4c\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\0d07e0cdbff4709645248c151176b53e\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\1625ff8b7438d61d92f359dc5ceb594a\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\3b14e0c2bf10d20b15732384bb6b41d9\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\3de0c26c72d2b7698916a50ad7e8ebe3\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\b3d1f234bd66db36eba3602f0e2bcbc9\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\e774480d6b5f128fa6bdaceb7b79373d\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\293f0930ff544aa40a7efa6792536007\update\update.exe

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of Report # FindyKill V4.728 ! ]

Log di Combo fix!

ComboFix 09-05-02.4 - Utente 03/05/2009 18.28.14.1 - NTFSx86
Eseguito da: c:\documents and settings\Utente\Desktop\bruciatutto.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Rising Antivirus *On-access scanning disabled* (Outdated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Dati applicazioni\QUAD Backups
c:\documents and settings\Utente\Desktop\QUAD Registry Cleaner.lnk
c:\documents and settings\Utente\Menu Avvio\Programmi\QUAD Utilities
c:\documents and settings\Utente\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
c:\documents and settings\Utente\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
c:\documents and settings\Utente\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
C:\Documents
c:\programmi\QUAD Utilities
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\programmi\ShoppingReport
c:\windows\regedit.com
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Creati Da 2009-04-03 al 2009-05-03 )))))))))))))))))))))))))))))))))))
.

2009-05-03 15:41 . 2009-05-03 15:41 -------- d-----w c:\windows\repair
2009-05-03 15:25 . 2009-05-03 15:59 -------- d-----w C:\FindyKill
2009-05-03 14:42 . 2009-05-03 15:38 -------- d-----w c:\windows\LastGood
2009-05-03 14:33 . 2004-08-19 12:00 31360 -c--a-w c:\windows\system32\dllcache\weitekp9.sys
2009-05-03 14:33 . 2004-08-19 12:00 41600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll
2009-05-03 14:33 . 2004-08-19 12:00 48256 -c--a-w c:\windows\system32\dllcache\w32.dll
2009-05-03 14:33 . 2004-08-19 12:00 14336 -c--a-w c:\windows\system32\dllcache\tsprof.exe
2009-05-03 14:33 . 2004-08-19 12:00 19464 -c--a-w c:\windows\system32\dllcache\tdspx.sys
2009-05-03 14:33 . 2004-08-19 12:00 21896 -c--a-w c:\windows\system32\dllcache\tdipx.sys
2009-05-03 14:33 . 2004-08-19 12:00 13192 -c--a-w c:\windows\system32\dllcache\tdasync.sys
2009-05-03 14:33 . 2004-08-19 12:00 101888 -c--a-w c:\windows\system32\dllcache\srusbusd.dll
2009-05-03 14:31 . 2004-08-19 12:00 111104 -c--a-w c:\windows\system32\dllcache\mtstocom.exe
2009-05-03 14:31 . 2004-08-19 12:00 7680 -c--a-w c:\windows\system32\dllcache\migregdb.exe
2009-05-03 14:31 . 2004-08-19 12:00 92416 -c--a-w c:\windows\system32\dllcache\mga.sys
2009-05-03 14:31 . 2004-08-19 12:00 92032 -c--a-w c:\windows\system32\dllcache\mga.dll
2009-05-03 14:31 . 2004-08-19 12:00 19456 -c--a-w c:\windows\system32\dllcache\lprmon.dll
2009-05-03 14:31 . 2004-08-19 12:00 23040 -c--a-w c:\windows\system32\dllcache\lpdsvc.dll
2009-05-03 14:31 . 2004-08-19 12:00 33792 -c--a-w c:\windows\system32\dllcache\lmmib2.dll
2009-05-03 14:31 . 2004-08-19 12:00 18432 -c--a-w c:\windows\system32\dllcache\jupiw.dll
2009-05-03 14:31 . 2004-08-19 12:00 36352 -c--a-w c:\windows\system32\dllcache\iprip.dll
2009-05-03 14:29 . 2004-08-19 12:00 19456 -c--a-w c:\windows\system32\dllcache\cprofile.exe
2009-05-03 14:29 . 2004-08-19 12:00 14848 -c--a-w c:\windows\system32\dllcache\chgusr.exe
2009-05-03 14:29 . 2004-08-19 12:00 16384 -c--a-w c:\windows\system32\dllcache\chgport.exe
2009-05-03 14:29 . 2004-08-19 12:00 13824 -c--a-w c:\windows\system32\dllcache\chglogon.exe
2009-05-03 14:29 . 2004-08-19 12:00 9728 -c--a-w c:\windows\system32\dllcache\change.exe
2009-05-03 14:29 . 2004-08-19 12:00 54528 -c--a-w c:\windows\system32\dllcache\cap7146.sys
2009-05-03 14:29 . 2004-08-19 12:00 333824 -c--a-w c:\windows\system32\dllcache\aqueue.dll
2009-05-03 14:23 . 2004-08-19 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-03 14:22 . 2004-08-19 12:00 32768 -c--a-w c:\windows\system32\dllcache\icwdl.dll
2009-05-03 14:22 . 2004-08-19 12:00 20480 -c--a-w c:\windows\system32\dllcache\inetwiz.exe
2009-05-03 14:22 . 2004-08-19 12:00 86016 -c--a-w c:\windows\system32\dllcache\icwconn2.exe
2009-05-03 14:22 . 2004-08-19 12:00 216576 -c--a-w c:\windows\system32\dllcache\icwconn1.exe
2009-05-03 14:03 . 2004-08-19 12:00 480256 -c--a-w c:\windows\system32\dllcache\cintsetp.exe
2009-05-03 14:03 . 2004-08-19 12:00 198656 -c--a-w c:\windows\system32\dllcache\cintime.dll
2009-05-03 14:03 . 2004-08-19 12:00 173568 -c--a-w c:\windows\system32\dllcache\chtskf.dll
2009-05-03 14:03 . 2004-08-19 12:00 56320 -c--a-w c:\windows\system32\dllcache\chtskdic.dll
2009-05-03 14:03 . 2004-08-19 12:00 97792 -c--a-w c:\windows\system32\dllcache\chtmbx.dll
2009-05-03 14:03 . 2004-08-19 12:00 10240 -c--a-w c:\windows\system32\dllcache\tmigrate.dll
2009-05-03 14:03 . 2004-08-19 12:00 455168 -c--a-w c:\windows\system32\dllcache\tintsetp.exe
2009-05-03 14:03 . 2004-08-19 12:00 44032 -c--a-w c:\windows\system32\dllcache\tintlphr.exe
2009-05-03 14:03 . 2004-08-19 12:00 59392 -c--a-w c:\windows\system32\dllcache\imscinst.exe
2009-05-03 14:03 . 2004-08-19 12:00 67584 -c--a-w c:\windows\system32\dllcache\pmigrate.dll
2009-05-03 14:03 . 2004-08-19 12:00 70144 -c--a-w c:\windows\system32\dllcache\pintlphr.exe
2009-05-03 14:01 . 2004-08-19 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-03 14:01 . 2004-08-19 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-03 14:01 . 2004-08-19 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-03 14:01 . 2004-08-19 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-03 10:18 . 2009-05-03 15:33 -------- d-----r C:\RavBin
2009-05-03 10:12 . 2009-05-03 09:47 15216 ----a-w c:\windows\system32\drivers\HookCont.sys
2009-05-03 10:12 . 2009-05-03 09:46 138864 ----a-w c:\windows\system32\drivers\HookSys.sys
2009-05-03 10:12 . 2009-05-03 09:46 33904 ----a-w c:\windows\system32\drivers\HookHelp.sys
2009-05-03 10:10 . 2009-05-03 09:45 146032 ----a-w c:\windows\system32\RavExt.dll
2009-05-03 10:09 . 2009-05-03 09:46 10832 ----a-w c:\windows\system32\drivers\RsNTGdi.sys
2009-05-03 10:09 . 2009-05-03 09:46 238704 ----a-w c:\windows\system32\bsmain.exe
2009-05-03 09:57 . 2009-05-03 09:57 -------- d-----w c:\programmi\Rising
2009-05-03 09:48 . 2009-05-03 10:17 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Rising
2009-05-03 01:18 . 2009-05-03 01:18 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-05-03 01:18 . 2009-05-03 01:18 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-05-03 01:18 . 2009-05-03 01:18 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-03 01:17 . 2008-04-14 02:14 139264 ----a-w c:\windows\system32\T.COM
2009-05-03 01:17 . 2008-04-14 02:14 151552 ----a-w c:\windows\R.COM
2009-05-03 01:17 . 2009-05-03 01:17 -------- d-----w c:\programmi\File comuni\MicroWorld
2009-05-03 01:17 . 2009-05-03 01:17 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\MicroWorld
2009-05-02 23:33 . 2009-05-02 23:33 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-05-02 23:33 . 2009-05-02 23:35 -------- d-----w c:\programmi\Fighters
2009-04-29 17:32 . 2009-04-29 17:33 -------- d--h--w c:\windows\ShellNew

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 16:48 . 2005-10-15 07:23 350 ----a-w c:\windows\Tasks\Symantec NetDetect.job
2009-05-03 16:44 . 2009-02-15 21:14 1046 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-03 16:43 . 2009-02-15 21:16 874 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-03 16:43 . 2004-08-30 11:26 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 16:03 . 2006-11-16 21:54 248 ----a-w c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
2009-05-03 15:36 . 2004-08-30 11:20 78902 ----a-w c:\windows\system32\perfc010.dat
2009-05-03 15:36 . 2004-08-30 11:20 458826 ----a-w c:\windows\system32\perfh010.dat
2009-05-03 14:25 . 2004-08-30 11:07 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-03 14:21 . 2004-08-30 11:04 23668 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-03 14:21 . 2009-05-03 14:21 1799 ----a-w c:\windows\inf\COM2FF.tmp
2009-05-03 10:40 . 2005-10-15 09:45 -------- d-----w c:\programmi\Easy CD-DA Extractor 7.0
2009-05-01 12:18 . 2005-10-15 10:02 96880 ----a-w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-30 18:29 . 2005-10-17 19:10 -------- d-----w c:\programmi\WinMX
2009-04-30 16:35 . 2006-12-12 20:58 96880 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-23 18:17 . 2006-06-29 09:00 -------- d-----w c:\programmi\Messenger Plus! Live
2009-04-16 19:05 . 2008-10-16 18:01 -------- d-----w c:\programmi\Hamachi
2009-04-16 19:05 . 2006-06-13 16:04 -------- d-----w c:\programmi\eMule
2009-04-16 18:47 . 2006-09-22 19:55 -------- d-----w c:\programmi\Winamp
2009-03-22 17:23 . 2007-09-20 16:34 -------- d-----w c:\programmi\Windows Live
2009-03-22 16:47 . 2009-03-22 16:47 -------- d-----w c:\programmi\File comuni\Windows Live
2009-03-15 17:49 . 2006-12-13 21:56 -------- d-----w c:\programmi\File comuni\Adobe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-09-04 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-03 1451264]
"TrialReset"="c:\windows\regx32.exe" [2008-07-03 285327]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"spywarefighterguard"="c:\programmi\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"RavTray"="c:\programmi\Rising\Rav\RsTray.exe" [2009-05-03 141936]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
WKCALREM.LNK - c:\programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe [2004-7-11 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2007-2-10 25214]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - c:\programmi\File comuni\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain\0\0sprestrt

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Programmi\\WebEye\\WebEye.exe"=
"c:\\Documents and Settings\\Utente\\Desktop\\neoscript\\NeOScript[NG]\\NeOScrIpt.exe"=
"c:\\Documents and Settings\\Utente\\Desktop\\neoscript\\LOVE DEATH\\LoveDeath4\\LOVE and DEATH Script 4.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\The All-Seeing Eye\\eye.exe"=
"c:\\Programmi\\Xfire\\xfire.exe"=
"c:\\Programmi\\Vsk5\\Vsk5.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir; [x]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-03 468224]
R2 gupdate1c98fb2a187c4f0;Servizio di Google Update (gupdate1c98fb2a187c4f0);c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
R2 RavCCenter;Rav Process Communication Center;c:\programmi\Rising\Rav\CCENTER.EXE [2009-05-03 113264]
R2 RsRavMon;Rising RealTime Monitor;c:\programmi\Rising\Rav\RavMonD.exe [2009-05-03 133744]
R2 RsScanSrv;Rising Scan Service;c:\programmi\Rising\Rav\ScanFrm.exe [2009-05-03 51824]
R3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2003-05-14 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2003-05-14 633344]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2003-05-14 108387]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2007-10-29 100480]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys [2007-10-29 87552]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2007-10-29 100480]
R3 TUSB1150;802.11g WLAN USB Adapter;c:\windows\system32\DRIVERS\tusb1150.sys [2005-03-14 450688]
S0 RsNTGDI;RsNTGDI;c:\windows\system32\Drivers\RsNTGdi.sys [2009-05-03 10832]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S0 xmasbus;xmasbus;c:\windows\system32\DRIVERS\xmasbus.sys [2003-12-21 140800]
S0 xmasscsi;xmasscsi;c:\windows\System32\Drivers\xmasscsi.sys [2003-12-20 5504]
S1 hookcont;hookcont;c:\windows\system32\drivers\HookCont.sys [2009-05-03 15216]
S1 hooksys;hooksys;c:\windows\system32\drivers\HookSys.sys [2009-05-03 138864]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2008-01-16 81920]
S2 PTK License-FIGHTERS-18665827;PTK License-FIGHTERS-18665827;c:\programmi\Fighters\licenseservice.exe [2008-11-18 283272]
S2 PTK Live Update-FIGHTERS-18665827;PTK Live Update-FIGHTERS-18665827;c:\programmi\Fighters\updateservice.exe [2008-11-18 307848]
S2 PTK Scanner-FIGHTERS-18665827;PTK Scanner-FIGHTERS-18665827;c:\programmi\Fighters\ScannerService.exe [2008-11-18 311944]
S2 PTK SharedAccess-FIGHTERS-18665827;PTK SharedAccess-FIGHTERS-18665827;c:\programmi\Fighters\configservice.exe [2008-11-18 139912]
S2 RavTask;Rising RavTask Manager; [x]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\DRIVERS\snpp106.sys [2002-11-08 238080]
S3 Vfscan;Vfscan;c:\windows\system32\DRIVERS\vffilter.sys [2008-11-18 15496]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03589e7a-5b1b-11dc-bd68-0014a515c91e}]
\Shell\Auto\command - G:\sal.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bec77284-2f33-11dd-be9f-000fb075b19d}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d69d4cf0-a4f8-11dc-bde2-000fb075b19d}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbc988e5-51ed-11dd-bf21-00a0c6000000}]
\Shell\Auto\command - G:\sal.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 17:01]

2009-05-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-15 21:16]

2009-05-03 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-msnmsgr - c:\programmi\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-QUAD Windows service - c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
HKCU-Run-QUAD Scheduler - c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe


.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.it/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\viutgfqu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt ... =MICI05&q=
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\programmi\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 18:46
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????5?8?1?8??p???? ???B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2609839188-1925581873-1495616707-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:77,22,99,e8,b6,34,7b,97,f1,94,8d,09,a2,cf,71,d6,28,6f,a4,25,40,45,b5,
55,39,bf,61,5e,bc,93,e7,0b,e5,59,90,96,b3,f9,9f,31,20,ee,90,a5,f2,5d,e4,df,\
"??"=hex:4a,18,01,fb,dd,f5,e5,19,61,0b,fa,1b,de,57,13,13

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3536)
c:\programmi\Online_TV\tbOnl1.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Rising\Rav\rsnetsvr.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmi\Rising\Rav\RavTask.exe
c:\windows\system32\wwSecure.exe
c:\windows\system32\wscntfy.exe
c:\programmi\HPQ\Shared\hpqwmi.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\Fighters\Spywarefighter\SpywarefighterTray.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-03 19.06.06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-03 17:05

Pre-Run: 24.149.643.264 byte disponibili
Post-Run: 24.178.081.792 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
324 --- E O F --- 2009-05-03 09:31

[Amantide]

Ora il pc dovrebbe essere pulito

[Cavaliere]

Ora il pc dovrebbe essere pulito

Quale altro programma potrei usare per controllare la presenza del virus oltre il nod 32 gia' installato nel portatile???

Comunque per la modalita' provvisoria disattivata come faccio a farla funzionare o gia' funziona???

[Amantide]

Ora il pc dovrebbe essere pulito

Quale altro programma potrei usare per controllare la presenza del virus oltre il nod 32 gia' installato nel portatile???

Malwarebytes' Anti-Malware

Comunque per la modalita' provvisoria disattivata come faccio a farla funzionare o gia' funziona???

Dovrebbe averlo già fatto il Findykill

[Cavaliere]

Ok domani vedro' di fare un ennesima scansione con L'antimalware che mi ha segnalato, e domani invece faro' la scansione con combofix nel fisso dove ho solo fatto findkill e kaspersky remove tool!!! Sperando non si ripristini questo Bagle!

Grazie ancora!

[Cavaliere]

Salve a tutti oggi e' stata la volta del pc fisso ad essere pulito ecco i log di: FindyKill, Combofix, Malwareyte's Anti-Malware quest'ultimo ha individuato altre 19 infezioni, devo eliminarle tutte?? comunque ecco i log fatemi sapere se sono riuscito a eliminare il Bagle!

FinndyKill

############################## [ FindyKill V4.728 ]

# User : Utente (Users) # OEMPC2
# Update on 03/05/09 by Chiquitine29
# Start at: 16.14.28 | 03/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 136,71 Go (16,8 Go free) # NTFS
# D:\ # Disco rigido locale # 152,66 Go (67,66 Go free) # NTFS
# E:\ # Disco rigido locale # 142,75 Go (78,29 Go free) # NTFS
# F:\ # Disco CD-ROM
# G:\ # Disco CD-ROM
# H:\ # Disco rigido locale # 465,75 Go (48,81 Go free) [ELEMENTS] # NTFS

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Fighters\configservice.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Wireless LAN Utility\tiwlnsvc.exe
C:\Programmi\Fighters\licenseservice.exe
C:\Programmi\Fighters\updateservice.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Fighters\ScannerService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\Explorer.EXE

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\system32\ban_list.txt
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\data.oct"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\list.oct"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\drivers\downld"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\drivers"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m\shared"
Deleted ! "C:\Documents and Settings\Utente\Dati applicazioni\m"

################## [ Infected Temp Files ]


################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1960408961-651377827-682003330-1003\Software\FFC
Deleted ! HKEY_USERS\S-1-5-21-1960408961-651377827-682003330-1003\Software\MuleAppData
Deleted ! HKEY_USERS\S-1-5-21-1960408961-651377827-682003330-1003\Software\Ubisoft
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Utente\Dati applicazioni\drivers\winupgro.exe
CRC32 .. : b9b74a84
MD5 .... : dc56a64624a1169cdd25d62dae2aaf35

Deleted ! : C:\Programmi\DAEMON Tools Lite\daemon.exe
# Taille : 847872 # MD5 : DC56A64624A1169CDD25D62DAE2AAF35


################## [ Corrupted files # Re-Installation required ]

C:\Documents and Settings\Utente\Desktop\ComboFix.exe
C:\Documents and Settings\Utente\Desktop\MaRkUs89\[PULITORI]\SUPERAntiSpyware Professional 3.7.0.1018\Fixed exe\SUPERAntiSpyware.exe
C:\Documents and Settings\Utente\Desktop\MaRkUs89\[TUTTI GLI SCRIPT DI MIRC]\hackeroom\hackroom script By Capt\hackroom script By Capt\hackroom script By Capt\mmm\SuperScan\SCANNER.EXE
C:\Documents and Settings\Utente\Desktop\MaRkUs89\[TUTTI GLI SCRIPT DI MIRC]\piazzascript\pizza\Utilities\cleaner\cleaner.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
C:\Programmi\Mozilla Firefox\uninstall\helper.exe
C:\Programmi\PULITORI\Ad-Aware2007\aawservice.exe
C:\Programmi\PULITORI\hijackthis\HijackThis.exe
C:\Programmi\PULITORI\SuperAntispyware\SUPERANTISPYWARE.EXE
C:\Programmi\PULITORI\Unlocker\UnlockerAssistant.exe
C:\Programmi\Spybot - Search & Destroy\blindman.exe
C:\Programmi\Spybot - Search & Destroy\Update.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Spyware Terminator\update\SpywareTerminatorShield.Exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\UpsPilot\monitor.exe
C:\VIRUSfighter\Bin\Zanda.exe
C:\VIRUSfighter\Bin\Zlh.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB923561\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952004\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956572\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB958690\update\update.exe
C:\WINDOWS\$hf_mig$\KB959426\update\update.exe
C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB960803\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB961373\update\update.exe
C:\WINDOWS\$hf_mig$\KB961503\update\update.exe
C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\294a3e3db66dd5ffaced894be1419e2b\update\update.exe
C:\WINDOWS\system32\Adobe\uninstaller.exe
D:\MaRkUs89\[PULITORI]\SUPERAntiSpyware Professional 3.7.0.1018\Fixed exe\SUPERAntiSpyware.exe
D:\MaRkUs89\[TUTTI GLI SCRIPT DI MIRC]\hackeroom\hackroom script By Capt\hackroom script By Capt\hackroom script By Capt\mmm\SuperScan\SCANNER.EXE
D:\MaRkUs89\[TUTTI GLI SCRIPT DI MIRC]\piazzascript\pizza\Utilities\cleaner\cleaner.exe
E:\Milan alert\AC Milan Alerts\update.exe
E:\WEATHER PULSE\Weather Pulse\update.EXE
H:\cba22829016bd5e9f4782a01\update\update.exe
H:\COPIA DI D\MaRkUs89\[PULITORI]\SUPERAntiSpyware Professional 3.7.0.1018\Fixed exe\SUPERAntiSpyware.exe
H:\COPIA DI D\MaRkUs89\[TUTTI GLI SCRIPT DI MIRC]\hackeroom\hackroom script By Capt\hackroom script By Capt\hackroom script By Capt\mmm\SuperScan\SCANNER.EXE
H:\COPIA DI D\MaRkUs89\[TUTTI GLI SCRIPT DI MIRC]\piazzascript\pizza\Utilities\cleaner\cleaner.exe
H:\e1ce82a066417ebe1548\update\update.exe
H:\[probass fishing 2003]\Register.exe

################################### [ Cracks / Keygens / Serials ]

H:\Digital_Atmosphere_Equinox_v1.40d_Incl_Keygen-DIGERATI.rar
H:\COPIA DI D\MaRkUs89\[PROGRAMMI E ALTRO]\AUDIO4FUN - AV Voice Changer Software Diamond 4.0.51 + Keygen.rar
H:\COPIA DI D\MaRkUs89\[PROGRAMMI E ALTRO]\Text-Osterone 1.119 + Keygen.rar
H:\COPIA DI D\MaRkUs89\[PROGRAMMI E ALTRO]\super mp3 recorder\mp3 recorder\Super Mp3 Recorder Pro 6.2+keygen\Keygen.rar
H:\COPIA DI D\MaRkUs89\[PULITORI]\SUPERAntiSpyware.Pro.v4.21.1004.Final.Incl.Keygen.and.Patch-NGEN.rar
H:\PROGRAMMA\Digital_Atmosphere_Equinox_v1.40d_Incl_Keygen-DIGERATI.rar
H:\[Medal Of Honor Airborne]\[PC GAME - ITA] Medal of Honor Airborne HATRED cura+Keygen by===GIOKITALIA===.rar

################## [ ! End of Report # FindyKill V4.728 ! ]

Combofix

ComboFix 09-05-02.4 - Utente 04/05/2009 14.10.47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1378 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\bruciatutto.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\wgpybktd.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\wgpybktd_nav.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\wgpybktd_navps.dat
c:\programmi\QUAD Utilities
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-04-04 al 2009-05-04 )))))))))))))))))))))))))))))))))))
.

2009-05-03 21:23 . 2009-05-03 21:23 159578 ----a-w c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2009-05-03 21:22 . 2009-05-03 21:22 -------- d-----w c:\programmi\ESET
2009-05-03 21:22 . 2009-05-03 21:22 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ESET
2009-05-03 21:16 . 2009-05-03 21:16 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Rising
2009-05-03 14:34 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\38714801.sys
2009-05-03 14:08 . 2009-05-03 14:29 -------- d-----w C:\FindyKill
2009-05-03 13:22 . 2009-05-03 13:18 146032 ----a-w c:\windows\system32\RavExt.dll
2009-05-03 13:21 . 2009-05-03 13:18 10832 ----a-w c:\windows\system32\drivers\RsNTGdi.sys
2009-05-03 13:21 . 2009-05-03 13:18 238704 ----a-w c:\windows\system32\bsmain.exe
2009-05-03 13:20 . 2009-05-03 21:15 -------- d-----w c:\programmi\Rising
2009-05-03 11:56 . 2009-05-03 11:56 -------- d-----w C:\ciao
2009-05-03 10:57 . 2009-05-04 12:15 289155104 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-03 09:12 . 2009-05-03 09:12 -------- d-----w c:\programmi\Trend Micro
2009-05-03 08:53 . 2009-05-03 08:53 -------- d-----w c:\windows\BDOSCAN8
2009-05-03 00:52 . 2009-05-03 00:52 -------- d---a-w c:\windows\system32\runouce.exe
2009-05-02 23:37 . 2009-05-02 23:37 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-05-02 23:37 . 2009-05-02 23:38 -------- d-----w c:\programmi\Fighters
2009-05-02 22:29 . 2009-05-02 22:29 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-02 22:29 . 2008-04-13 19:14 139264 ----a-w c:\windows\system32\T.COM
2009-05-02 22:29 . 2008-04-13 19:14 151552 ----a-w c:\windows\R.COM
2009-05-02 22:29 . 2009-05-02 22:29 -------- d-----w c:\programmi\File comuni\MicroWorld
2009-05-02 22:29 . 2009-05-02 22:29 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\MicroWorld
2009-05-02 21:59 . 2009-05-02 21:59 -------- d-----w C:\VIRUSfighter
2009-05-02 12:15 . 2009-05-02 12:15 -------- d-----w c:\programmi\Panda Security
2009-05-01 18:39 . 2009-05-01 18:48 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-05-01 08:18 . 2002-10-21 13:02 30208 ----a-w c:\windows\system32\lfbmp13n.dll
2009-05-01 08:18 . 2002-10-22 11:53 393216 ----a-w c:\windows\system32\LFCMP13n.DLL
2009-05-01 08:18 . 2002-10-21 13:03 35328 ----a-w c:\windows\system32\lfgif13n.dll
2009-05-01 08:18 . 2002-10-21 13:39 181248 ----a-w c:\windows\system32\Lfpng13n.dll
2009-05-01 08:18 . 2002-10-21 12:53 265728 ----a-w c:\windows\system32\LTDIS13n.dll
2009-05-01 08:18 . 2002-10-21 13:01 205824 ----a-w c:\windows\system32\ltefx13n.dll
2009-05-01 08:18 . 2002-10-21 13:00 139776 ----a-w c:\windows\system32\ltfil13n.DLL
2009-05-01 08:18 . 2002-10-21 13:01 446464 ----a-w c:\windows\system32\ltimg13n.dll
2009-05-01 08:18 . 2002-10-24 15:08 443392 ----a-w c:\windows\system32\ltkrn13n.dll
2009-05-01 08:18 . 2002-10-21 13:31 1013760 ----a-w c:\windows\system32\Ltwvc13n.dll
2009-05-01 08:18 . 2005-02-21 09:34 2011136 ----a-w c:\windows\system32\XTP9510Lib.dll
2009-05-01 08:11 . 2007-09-14 07:06 139264 ------w c:\windows\system32\uniflexsup.dll
2009-05-01 08:10 . 2009-05-02 22:10 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Tarma Installer
2009-04-19 07:55 . 2009-04-19 07:55 -------- d-----w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\EA Games
2009-04-15 16:47 . 2009-04-15 16:47 -------- d-----w c:\programmi\iPod
2009-04-15 16:47 . 2009-04-15 16:47 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-15 16:47 . 2009-04-15 16:47 -------- d-----w c:\programmi\iTunes
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\windows\system32\KB905474
2009-04-08 21:32 . 2009-03-10 20:26 1437568 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-08 21:32 . 2009-03-10 20:18 454016 ----a-w c:\windows\system32\KB905474\wgasetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 12:05 . 2001-08-31 14:00 85528 ----a-w c:\windows\system32\perfc010.dat
2009-05-04 12:05 . 2001-08-31 14:00 492826 ----a-w c:\windows\system32\perfh010.dat
2009-05-04 12:04 . 2008-05-27 18:33 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 12:02 . 2009-04-08 21:32 260 ----a-w c:\windows\Tasks\WGASetup.job
2009-05-04 12:00 . 2009-02-13 23:32 264 ----a-w c:\windows\Tasks\OGALogon.job
2009-05-04 12:00 . 2008-09-14 20:40 512 ----a-w c:\windows\Tasks\Verifica e correzione automatica.job
2009-05-03 22:00 . 2009-05-03 10:57 3358160 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-03 14:21 . 2008-09-20 06:22 -------- d-----w c:\programmi\DAEMON Tools Lite
2009-05-02 22:32 . 2009-02-13 23:32 264 ----a-w c:\windows\Tasks\OGADaily.job
2009-05-02 21:59 . 2008-05-27 18:51 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-30 21:40 . 2008-09-25 18:02 -------- d-----w c:\programmi\UpsPilot
2009-04-29 14:26 . 2008-09-14 07:08 276 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-28 10:23 . 2008-09-13 05:33 -------- d-----w c:\programmi\LimeWire
2009-04-24 17:48 . 2008-09-14 19:51 370 ----a-w c:\windows\Tasks\1-Click Maintenance.job
2009-04-23 20:46 . 2009-01-15 19:27 -------- d-----w c:\programmi\Messenger Plus! Live
2009-04-15 16:47 . 2008-09-14 07:07 -------- d-----w c:\programmi\File comuni\Apple
2009-04-07 05:15 . 2008-05-28 10:05 106288 ----a-w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-01 12:28 . 2008-05-27 18:53 -------- d-----w c:\programmi\Java
2009-03-25 17:53 . 2008-05-27 18:50 -------- d-----w c:\programmi\Bonjour
2009-03-25 17:52 . 2008-05-27 18:34 -------- d-----w c:\programmi\QuickTime Alternative
2009-03-24 06:34 . 2008-05-28 21:34 -------- d-----w c:\programmi\MessengerDiscovery
2009-03-23 09:52 . 2008-12-18 22:43 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLdw.DAT
2009-03-23 09:51 . 2008-12-18 22:42 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2009-03-20 22:25 . 2009-03-20 22:25 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-03-19 14:32 . 2008-09-14 07:10 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 18:14 . 2009-03-16 18:14 -------- d-----w c:\programmi\Unity
2009-03-14 15:23 . 2008-10-12 12:52 -------- d-----w c:\programmi\Spyware Terminator
2009-03-14 09:22 . 2008-10-13 22:00 -------- d-----w c:\programmi\WinClamAVShield
2009-03-10 15:16 . 2008-05-29 11:00 -------- d-----w c:\programmi\eMule
2009-03-09 18:16 . 2009-03-09 18:16 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-09 03:19 . 2008-11-02 00:11 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:19 . 2008-04-13 19:13 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2008-04-13 19:13 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 10:13 . 2008-12-18 23:00 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2009-02-20 17:08 . 2008-04-13 19:13 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2008-04-13 18:50 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2008-04-13 18:55 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2008-04-13 18:54 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2008-04-13 19:14 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-13 19:13 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-13 19:13 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-13 19:13 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-13 19:13 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2001-08-31 14:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2008-04-13 19:13 56832 ----a-w c:\windows\system32\secur32.dll
2008-05-27 18:57 . 2008-05-27 18:57 24 --sh--w c:\windows\S3AA97D86.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 14:26 1966080 ----a-w c:\programmi\vmntoolbar\vmntoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\programmi\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\programmi\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TuneUp MemOptimizer"="c:\programmi\PULITORI\Tune up 2008\MemOptimizer.exe" [2008-06-20 154368]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"CnxDslTaskBar"="c:\programmi\I-Storm USB ADSL Modem\CnxDslTb.exe" [2003-05-14 454656]
"Launch LCDMon"="c:\programmi\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\programmi\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Winpower"="c:\programmi\UpsPilot\Winpower.exe" [2009-01-31 114688]
"TrayServer"="e:\magix video deluxe 2008 plus italiano\TrayServer.exe" [2007-07-27 90112]
"TI WLAN"="c:\programmi\Wireless LAN Utility\TIWLANCu.exe" [2005-07-20 1159168]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"QuickTime Task"="c:\programmi\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 1451264]
"TrialReset"="c:\windows\regx32.exe" [2008-07-03 285327]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
is-A76N0.lnk - c:\documents and settings\Utente\Desktop\Virus Removal Tool\is-A76N0\startup.exe [2009-5-3 65536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\PULITORI\SuperAntispyware\SASSEH.DLL" [2008-10-11 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-10-11 15:41 352256 ----a-w c:\programmi\PULITORI\SuperAntispyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\h:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVD.exe"
"SkinClock"=e:\atomic clock\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"Ulead AutoDetector v2"=c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
"UCam_Menu"="e:\you cam 2\YouCam\MUITransfer\MUIStartMenu.exe" "e:\you cam 2\YouCam" update "Software\CyberLink\YouCam\2.0"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Trackmania Forever\\TmNationsForever\\TmForever.exe"=
"c:\\Programmi\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"e:\\Xfire\\xfire.exe"=
"e:\\Call of duty 2\\CoD2MP_s.exe"=
"c:\\Programmi\\Octoshape Streaming Services\\Utente\\OctoshapeClient.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Utente\\Desktop\\MaRkUs89\\[TUTTI GLI SCRIPT DI MIRC]\\mIRC angelcity\\mirc.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"e:\\Pechino 2008\\Beijing.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\WebCamXP\\webcamXP.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Rfactor\\rFactor.exe"=
"e:\\Sam broadcaster\\SAMBC.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"e:\\Prince of persia\\Prince of Persia.exe"=
"e:\\Prince of persia\\PrinceOfPersia_Launcher.exe"=
"e:\\Civilitazion IV\\Colonization.exe"=
"e:\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"e:\\Programmi meteo\\F5\\f5.exe"=
"c:\\Programmi\\SecondLife\\SLVoice.exe"=
"e:\\Programmi meteo\\macis-v\\McIDAS-V\\adde\\bin\\mcservl.exe"=
"e:\\Programmi meteo\\macis-v\\McIDAS-V\\jre\\bin\\javaw.exe"=
"e:\\Programmi meteo\\F5\\F5\\f5.exe"=
"e:\\Programmi meteo\\VirtualStorm\\Virtual Storm\\osgNavRelease.exe"=
"e:\\Programmi meteo\\VirtualStorm\\Virtual Storm\\omniNames.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Utente\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\UpsPilot\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 pavboot;pavboot; [x]
R3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2003-05-14 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2003-05-14 633344]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2003-05-14 108387]
R3 EverestDriver;Lavalys EVEREST Kernel Driver; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 SASENUM;SASENUM;c:\programmi\PULITORI\SuperAntispyware\SASENUM.SYS [2008-09-03 7408]
R3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S0 xmasbus;xmasbus;c:\windows\system32\DRIVERS\xmasbus.sys [2003-12-21 140800]
S0 xmasscsi;xmasscsi;c:\windows\System32\Drivers\xmasscsi.sys [2003-12-20 5504]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-10-08 34312]
S1 is-A76N0drv;is-A76N0drv;c:\windows\system32\DRIVERS\38714801.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\programmi\PULITORI\SuperAntispyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\programmi\PULITORI\SuperAntispyware\SASKUTIL.sys [2008-09-03 55024]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-12 141312]
S2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-08 468224]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programmi\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
S2 PTK License-FIGHTERS-18665827;PTK License-FIGHTERS-18665827;c:\programmi\Fighters\licenseservice.exe [2008-11-18 283272]
S2 PTK Live Update-FIGHTERS-18665827;PTK Live Update-FIGHTERS-18665827;c:\programmi\Fighters\updateservice.exe [2008-11-18 307848]
S2 PTK Scanner-FIGHTERS-18665827;PTK Scanner-FIGHTERS-18665827;c:\programmi\Fighters\ScannerService.exe [2008-11-18 311944]
S2 PTK SharedAccess-FIGHTERS-18665827;PTK SharedAccess-FIGHTERS-18665827;c:\programmi\Fighters\configservice.exe [2008-11-18 139912]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-10-22 33792]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2006-12-21 1294336]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\DRIVERS\pcam800.sys [2003-01-03 210792]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programmi\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S3 TUSB1150;802.11g WLAN USB Adapter;c:\windows\system32\DRIVERS\tusb1150.sys [2005-06-03 494848]
S3 Vfscan;Vfscan;c:\windows\system32\DRIVERS\vffilter.sys [2008-11-18 15496]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\PULITORI\Tune up 2008\OneClick.exe [2008-06-20 07:27]

2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-05-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-05-04 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\PULITORI\Tune up 2008\OneClickStarter.exe [2008-06-20 07:27]

2009-05-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-DAEMON Tools Lite - c:\programmi\DAEMON Tools Lite\daemon.exe
HKLM-Run-nod32kui - c:\programmi\Eset\nod32kui.exe
Notify-WgaLogon - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it
uInternet Connection Wizard,ShellNext = hxxp://support.asus.com/download/downlo ... uage=en-us
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\programmi\Opanda\IExif 2.3\IExifMap.htm
IE: Sothink SWF Catcher - c:\programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
IE: View Exif/GPS/IPTC with IExif - c:\programmi\Opanda\IExif 2.3\IExifCom.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\u62u8kl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Utente\Dati applicazioni\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Octoshape Streaming Services\Utente\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll
FF - plugin: c:\programmi\Octoshape Streaming Services\Utente\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 14:15
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1960408961-651377827-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:58,88,68,c4,56,2b,d9,ed,02,97,1a,78,f8,b5,b7,c2,65,d0,06,21,ab,
0f,42,a2,80,00,ac,bf,30,9f,23,e5,4f,7d,74,23,28,c7,58,10,66,3b,5f,ee,c2,f5,\
"rkeysecu"=hex:2e,6e,1a,ff,02,95,f5,bd,1e,7c,d1,b2,df,98,a1,19

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\programmi\PULITORI\SuperAntispyware\SASWINLO.dll
.
Ora fine scansione: 2009-05-04 14.17.53
ComboFix-quarantined-files.txt 2009-05-04 12:17

Pre-Run: 17.578.590.208 byte disponibili
Post-Run: 17.815.900.160 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

363 --- E O F --- 2009-04-29 22:18

Malwarebyte's Anti-Malware

Malwarebytes' Anti-Malware 1.36
Versione del database: 2072
Windows 5.1.2600 Service Pack 3

04/05/2009 19.53.31
mbam-log-2009-05-04 (19-53-31).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|H:\|)
Elementi scansionati: 352225
Tempo trascorso: 1 hour(s), 36 minute(s), 7 second(s)

Processi delle memoria infetti: 1
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 4
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 20

Processi delle memoria infetti:
C:\WINDOWS\regx32.exe (Hacktool.Agent) -> Unloaded process successfully.

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trialreset (Hacktool.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP226\A0077248.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP226\A0077288.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP227\A0079316.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP227\A0079399.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP227\A0079420.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP231\A0081449.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP231\A0082443.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP234\A0082472.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP235\A0082495.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP237\A0086283.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP239\A0087294.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP239\A0087319.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP241\A0088428.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP243\A0089465.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP243\A0089502.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP243\A0090516.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP191\A0036803.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1D98FD0D-F19B-4582-8372-C619BF88B6B9}\RP211\A0057054.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Programmi\Opanda\PowerExif 1.2\dfs.dll (Adware.WinButler) -> Quarantined and deleted successfully.
C:\WINDOWS\regx32.exe (Hacktool.Agent) -> Quarantined and deleted successfully.

[lorenaino]

ciao,certo che devi elininare tutte le voci.....o vuoi ternerti bagle?!

[Cavaliere]

ciao,certo che devi elininare tutte le voci.....o vuoi ternerti bagle?!

L'ho eliminate le voci e messo il log di fine eliminazione dei file e' tutto ok??

[lorenaino]

adesso aspetta gli esperti.

[Amantide]

Anche questo pc ora sembra essere pulito, devi solo reinstallare i programmi di sicurezza che sono stati corrotti.

[Cavaliere]

Anche questo pc ora sembra essere pulito, devi solo reinstallare i programmi di sicurezza che sono stati corrotti.

Ho reinstallato il nod 32 e' va ok....quali altri programmi di sicurezza?....gli altri ,messi nel pc..

[Amantide]

quali altri programmi di sicurezza?....gli altri ,messi nel pc..

Sono quelli segnalati nel log di Findykill sotto la riga

################## [ Corrupted files # Re-Installation required ]

[Cavaliere]

Bene reinstallati tutti tranne superantispyware che nn me la fa installare come mai? mi da l'errore applicazione di win32 non valida!!!!

[Amantide]

Bene reinstallati tutti tranne superantispyware che nn me la fa installare come mai? mi da l'errore applicazione di win32 non valida!!!!

Sicuro di non aver eseguito qualche file sospetto nel frattempo?

Prova a rieseguire Findykill con l'opzione 1 e controlla che il Bagle non si sia rappresentato di nuovo.