MegaLab.it

Inviato: **lun gen 05, 2009 11:34 pm**

Salve raga dopo tante scansioni con tanti tool appositi per bagle, script e avenger e vari anti spyware e anti virus, sono riuscito ad eliminare bagle con avast (almeno spero) me l'ha rilevato e ho fatto "elimina file infetto" una cosa del genere...ho anche riattivato i servizi che prima erano bloccati con services.msc ma purtroppo niente da fare, zone alarm non va, il browser dopo un po nemmeno e in basso a destra non sono ricompare alcune icone...come faccio?? magari vi posto qualche log??? vi prego aiutatemi!!!

Inviato: **mar gen 06, 2009 12:30 pm**

Ma sei sicuro di averlo eliminato completamente? Prova a scaricare Malwarebytes, fagli fare una scansione e posta il log.

Inviato: **mar gen 06, 2009 1:41 pm**

riise90 ha scritto:Ma sei sicuro di averlo eliminato completamente? Prova a scaricare Malwarebytes, fagli fare una scansione e posta il log.

la faccio in mod. provvisoria la scansione con malwarebytes??

Inviato: **mar gen 06, 2009 5:20 pm**

Scarica FindyKill (by Chiquitine29)ed installalo (.
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt

Poi scarica ComboFix, salvandolo sul PC con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG.

Inviato: **mer gen 07, 2009 6:50 pm**

Allora raga in sequenza di come ho fatto le scansioni vi incollo i log:

MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.31
Versione del database: 1610
Windows 5.1.2600 Service Pack 3

06/01/2009 17.39.57
mbam-log-2009-01-06 (17-39-57).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 164894
Tempo trascorso: 3 hour(s), 22 minute(s), 43 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{E39EF947-5C95-447C-912C-BCFCA6A03F6C}\RP151\A0046365.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E39EF947-5C95-447C-912C-BCFCA6A03F6C}\RP151\A0046424.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E39EF947-5C95-447C-912C-BCFCA6A03F6C}\RP153\A0047153.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E39EF947-5C95-447C-912C-BCFCA6A03F6C}\RP153\A0047234.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E39EF947-5C95-447C-912C-BCFCA6A03F6C}\RP153\A0047316.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E39EF947-5C95-447C-912C-BCFCA6A03F6C}\RP153\A0047341.sys (Worm.Bagel) -> Quarantined and deleted successfully.

FINDYKILL LOG

----------------- FindyKill V4.711 ------------------

* User : PC - PC-45FC50A7EFE3
* executed from : C:\Programmi\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 18:25:56 the 07/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\logonui.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

»»»» Supression files in C:\WINDOWS\system32

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\PC\Dati applicazioni

»»»» Supression files in C:\DOCUME~1\PC\IMPOST~1\Temp

»»»» Supression files in C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\15GXN2MQ\ab64a5c032bddd847ecd7a2525294820_0[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\15GXN2MQ\b64[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\15GXN2MQ\c69ff9902bd2f18da24b6491dd43cc49_P[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\1JEIXHHD\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\1JEIXHHD\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\5MJ5Y6CJ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\5MJ5Y6CJ\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\AIA3NOLD\b64[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\AIA3NOLD\b64[2].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\AIA3NOLD\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\C0N534AG\5f2b6497b7e77c4588518f6d80003f[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\C0N534AG\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\DDSI546G\b64[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\DDSI546G\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\KZZ1CIO7\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\KZZ1CIO7\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\MIF7Z4ZS\b64[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\MIF7Z4ZS\b64[2].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\NMKHW1GJ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\TPXUE8SK\GQFCAJEQ5IICAOVAHA9CAY7KYSCCAPWLHSVCA7W24TJCA3YO5QRCA02F13XCA80GYGMCAA7BJ5JCACMPB1XCAJGE5V6CAO03O0SCA8SYVS6CAHXKYGSCAG8K9SCCAK7PEF2CAS34GX2CA1FE1W3CAB64RTL.jpg
Deleted ! - C:\Documents and Settings\PC\Impostazioni locali\Temporary Internet Files\Content.IE5\YO6GLSWM\b64_3[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\PC\Desktop\MP3\nuove belle\10 - Mark Brown Feat. Sarah Cracknell - The Journey Continues (Riley & Durrant Vocal.mp3
C:\Documents and Settings\PC\Desktop\MP3\nuove belle\mark brown feat. sarah cracknell-the journeys continues (thomas.mp3
C:\Documents and Settings\PC\Desktop\MP3\nuove belle\Mark Brown Feat.Sarah Cracknell - The Journey Continues ( Riley & Durrant Vocal Mix).mp3
C:\Documents and Settings\PC\Desktop\MP3\nuove belle\Mark Brown ft Sarah Cracknell - The Journey Continues (Rob da Bank and Chris Coco Remix).mp3
C:\Documents and Settings\PC\Desktop\MP3\nuove belle\Mark Brown ft Sarah Cracknell - The Journey Continues (Vocal Club Mix).mp3
C:\Documents and Settings\PC\Documenti\File ricevuti\FL Studio 8 Crack.zip

---------------- ! End of report ! ------------------

COMBOFIX LOG

ComboFix 09-01-07.01 - PC 2009-01-07 18.39.56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.510.208 [GMT 1:00]
Eseguito da: c:\documents and settings\PC\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC\ravmonlog
C:\Documents
c:\windows\emMON.exe
c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Creati Da 2008-12-07 al 2009-01-07 )))))))))))))))))))))))))))))))))))
.

2009-01-06 00:55 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\04790749.sys
2009-01-06 00:30 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\26577196.sys
2009-01-05 23:16 . 2009-01-05 23:16 <DIR> d-------- c:\programmi\Zone Labs
2009-01-05 22:58 . 2009-01-07 18:33 <DIR> d-------- c:\programmi\Crawler
2009-01-05 15:33 . 2009-01-05 15:47 <DIR> d-------- c:\programmi\Spyware Terminator
2009-01-05 15:33 . 2009-01-07 18:22 <DIR> d-------- c:\documents and settings\PC\Dati applicazioni\Spyware Terminator
2009-01-05 15:33 . 2009-01-05 18:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-01-05 15:33 . 2009-01-05 15:33 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-05 13:53 . 2009-01-05 15:24 <DIR> d-------- c:\documents and settings\PC\Dati applicazioni\Systweak
2009-01-05 13:53 . 2009-01-05 15:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Systweak
2009-01-05 03:20 . 2009-01-05 03:20 <DIR> d-------- c:\programmi\Java
2009-01-05 03:20 . 2009-01-05 03:20 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-05 03:20 . 2009-01-05 03:20 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-05 03:01 . 2009-01-05 17:04 <DIR> d-------- c:\programmi\Unlocker
2009-01-04 21:02 . 2009-01-05 15:35 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-01-04 21:02 . 2009-01-05 15:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-04 15:54 . 2009-01-04 15:54 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avg8
2009-01-03 15:19 . 2009-01-03 15:19 268 --ah----- C:\sqmdata00.sqm
2009-01-03 15:19 . 2009-01-03 15:19 244 --ah----- C:\sqmnoopt00.sqm
2009-01-02 16:31 . 2009-01-02 16:31 <DIR> d-------- c:\programmi\RegCleaner
2009-01-02 16:26 . 2009-01-02 16:26 <DIR> d-------- c:\documents and settings\LocalService\Dati applicazioni\Yahoo!
2009-01-02 15:55 . 2009-01-02 15:55 <DIR> d-------- c:\programmi\XP TCPIP Repair
2009-01-02 15:55 . 2005-04-15 18:58 1,351,392 --a------ c:\windows\system32\COMCTL32.OCX
2009-01-02 13:49 . 2009-01-02 13:50 <DIR> d-------- c:\programmi\CCleaner
2009-01-02 13:49 . 2009-01-02 13:49 <DIR> d-------- c:\documents and settings\PC\Dati applicazioni\Yahoo!
2009-01-02 01:14 . 2009-01-02 01:14 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-02 01:14 . 2009-01-02 01:14 <DIR> d-------- c:\documents and settings\PC\Dati applicazioni\Malwarebytes
2009-01-02 01:14 . 2009-01-02 01:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-02 01:14 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 01:14 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-02 00:48 . 2009-01-02 00:48 185,856 --a------ c:\windows\system32\framedyn.dll
2009-01-02 00:48 . 2009-01-02 00:48 5,415 --a------ c:\windows\system32\Choice.com
2009-01-02 00:28 . 2009-01-07 18:32 <DIR> d-------- c:\programmi\FindyKill
2009-01-01 23:36 . 2009-01-01 23:36 <DIR> d-------- C:\SOPHTEMP
2008-12-31 01:25 . 2008-12-31 01:25 <DIR> d-------- c:\documents and settings\PC\Nuova cartella
2008-12-31 00:22 . 2008-12-31 00:22 <DIR> d-------- c:\programmi\Allok 3GP PSP MP4 iPod Video Converter
2008-12-20 17:46 . 2008-12-20 17:46 <DIR> d-------- c:\programmi\danny_kay1710
2008-12-10 15:15 . 2004-01-11 08:02 258,048 --a------ c:\windows\system32\GplMpgDec.ax
2008-12-10 15:15 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll
2008-12-10 15:14 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll
2008-12-09 15:22 . 2008-12-09 15:22 <DIR> d-------- c:\programmi\Windows Sidebar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 01:37 372,284 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-06 01:37 31,676,448 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-05 23:54 --------- d-----w c:\programmi\a-squared Free
2009-01-05 12:39 --------- d-----w c:\programmi\DNA
2009-01-05 12:39 --------- d-----w c:\documents and settings\PC\Dati applicazioni\DNA
2009-01-04 01:18 --------- d-----w c:\programmi\SUPERAntiSpyware
2009-01-03 18:31 1,198 ----a-w c:\windows\Fonts\resetlog.txt
2009-01-03 14:20 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-02 15:37 --------- d-----w c:\programmi\Yahoo!
2009-01-02 12:57 --------- d-----w c:\programmi\ESET
2009-01-02 00:19 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\SACore
2009-01-01 22:24 --------- d-----w c:\documents and settings\PC\Dati applicazioni\BitTorrent
2008-12-30 23:54 --------- d-----w c:\programmi\File comuni\Nero
2008-12-30 23:54 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2008-12-30 23:48 --------- d-----w c:\programmi\CyberLink
2008-12-30 22:53 --------- d-----w c:\programmi\eMule
2008-12-19 12:36 --------- d-----w c:\programmi\McAfee
2008-12-17 13:05 --------- d-----w c:\programmi\BitTorrent
2008-12-14 12:48 1,555,968 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-12-13 11:06 1,550,336 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-12-12 15:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-09 15:05 --------- d-----w c:\documents and settings\PC\Dati applicazioni\Nero
2008-12-09 14:25 --------- d-----w c:\programmi\Nero
2008-12-07 12:31 --------- d-----w c:\documents and settings\PC\Dati applicazioni\Vso
2008-12-06 17:01 --------- d-----w c:\programmi\Total Video Converter
2008-12-06 14:29 --------- d-----w c:\programmi\AVS4YOU
2008-12-06 13:48 --------- d-----w c:\programmi\Red Kawa
2008-12-06 13:48 --------- d-----w c:\programmi\AviSynth 2.5
2008-12-02 20:28 --------- d-----w c:\programmi\VstPlugins
2008-11-30 11:49 --------- d-----w c:\programmi\Alcohol Soft
2008-11-30 10:32 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WinZip
2008-11-27 21:15 --------- d-----w c:\documents and settings\PC\Dati applicazioni\SUPERAntiSpyware.com
2008-11-27 21:15 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-11-27 09:55 1,060,864 ----a-w c:\windows\system32\MFC71.dll
2008-11-26 14:13 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-23 13:22 --------- d-----w c:\documents and settings\PC\Dati applicazioni\vlc
2008-11-23 12:47 --------- d-----w c:\programmi\MSXML 6.0
2008-11-23 12:37 --------- d-----w c:\programmi\MSXML 4.0
2008-11-22 17:15 --------- d-----w c:\programmi\hp deskjet 3320 series
2008-11-22 17:12 --------- d-----w c:\programmi\Hewlett-Packard
2008-11-22 14:24 1,355,264 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-11-20 12:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\MailFrontier
2008-11-19 21:38 --------- d-----w c:\programmi\VideoLAN
2008-11-19 21:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-11-19 21:34 --------- d-----w c:\programmi\ASIO4ALL v2
2008-11-19 21:33 --------- d-----w c:\programmi\Image-Line
2008-11-19 21:32 --------- d-----w c:\programmi\Outsim
2008-11-19 21:05 --------- d-----w c:\programmi\Messenger Plus! Live
2008-11-19 20:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SiteAdvisor
2008-11-19 20:56 --------- d-----w c:\programmi\File comuni\McAfee
2008-11-19 20:54 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\McAfee
2008-11-19 20:49 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-11-19 20:49 --------- d-----w c:\programmi\Windows Live
2008-11-19 20:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-11-19 18:16 --------- d-----w c:\programmi\VirtualDJ
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-05-30 08:12 87,608 -c--a-w c:\documents and settings\PC\Dati applicazioni\ezpinst.exe
2008-05-30 08:12 47,360 -c--a-w c:\documents and settings\PC\Dati applicazioni\pcouffin.sys
2004-05-06 11:14 755 ----a-w c:\programmi\setup.ini
2004-05-06 11:14 4,292,096 ----a-w c:\programmi\setup.msi
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-05 2267136]
"nwiz"="nwiz.exe" [2006-07-12 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-31 00:23 342848 c:\programmi\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-12-05 13:40 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2009-01-02 00:21 919016 c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Zone Labs\\ZoneAlarm\\zlclient.exe"=
"c:\\Programmi\\Spyware Terminator\\SpyWareTerminator.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\a-squared Free\\a2free.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17922:TCP"= 17922:TCP:NortonAV
"12195:TCP"= 12195:TCP:NortonAV
"15330:TCP"= 15330:TCP:NortonAV
"17222:TCP"= 17222:TCP:NortonAV
"14940:TCP"= 14940:TCP:NortonAV
"14777:TCP"= 14777:TCP:NortonAV
"16661:TCP"= 16661:TCP:NortonAV
"15127:TCP"= 15127:TCP:NortonAV
"14508:TCP"= 14508:TCP:NortonAV
"13623:TCP"= 13623:TCP:NortonAV
"17964:TCP"= 17964:TCP:NortonAV
"17867:TCP"= 17867:TCP:NortonAV
"14587:TCP"= 14587:TCP:NortonAV
"12761:TCP"= 12761:TCP:NortonAV
"16358:TCP"= 16358:TCP:NortonAV
"17623:TCP"= 17623:TCP:NortonAV
"17660:TCP"= 17660:TCP:NortonAV

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-04 111184]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-01-05 142592]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-04 20560]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [2008-11-19 206096]
R4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys -->

c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [?]

S3 MemStPCI;Controller Sony Memory Stick (PCI);c:\windows\system32\drivers\memstpci.sys [2008-11-26 26112]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-05-03 194304]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {897F3439-15FD-4F3C-8D6B-F2FBD027555E} = 85.37.17.49 85.38.28.91
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\PC\Dati applicazioni\Mozilla\Firefox\Profiles\tye3p1pu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Crawler\firefox\components\xcomm.dll
FF - component: c:\programmi\Crawler\firefox\components\xshared.dll
FF - component: c:\programmi\Crawler\firefox\components\xsupport.dll
FF - component: c:\programmi\Crawler\firefox\components\xwsg.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 18:41:31
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-01-07 18.43.16
ComboFix-quarantined-files.txt 2009-01-07 17:43:12

Pre-Run: 97.613.045.760 byte disponibili
Post-Run: 97,588,174,848 byte disponibili

242 --- E O F --- 2008-12-20 18:47:29

Inviato: **mer gen 07, 2009 7:06 pm**

peppe se tutti postassero i log cosi' servirebbe una pagina per post [bleh]

Inviato: **mer gen 07, 2009 8:09 pm**

Come ti ha già accennato enea83, dovresti correggere il tuo post ed inserire i tuoi log in mezzo ai tag LOG, in questo modo:

Codice: Seleziona tutto: [LOG]Qui va incollato il log[/LOG]

Questa cartella hai creato tu?

Codice: Seleziona tutto: C:\Documents

Inviato: **gio gen 08, 2009 5:49 pm**

no non l'ho creata io boh...comunque x il resto?

Inviato: **gio gen 08, 2009 6:00 pm**

Te l'ho chiesto perché è stata eliminata da Combofix e non volevo che fosse un falso positivo.

Per il resto il pc sembra essere apposto, a parte Avast come antivirus [devil]

Inviato: **gio gen 08, 2009 9:48 pm**

grazie amantide però avast me l'ha rilevato il bagle e me l'ha eliminato..tu che antivirus mi consigli??? comunque perché ho ancora problemi del tipo: le icone in basso a destra non si vedono tutte, dopo un po il browser non va piu, nonostante ho riattivato i servizi da services.msc...

Inviato: **gio gen 08, 2009 10:06 pm**

Comunque sia, dopo aver preso Bagle, l'antivirus va reinstallato. Se proprio ci tieni, reinstalla Avast, se vuoi provare qualcosa di nuovo ed efficace - prova Avira.

Dopo aver (re)installato antivirus esegui la scansione completa del sistema e vedi se i problemi spariscano dopo aver riavviato il pc.

MegaLab.it

eliminato il bagle, i problemi persistono...

eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...

Re: eliminato il bagle, i problemi persistono...