www.MegaLab.it

da **Antonypax** » dom mar 08, 2009 11:35 am

Ho un virus che mi ha rallentato in computer, mi ha tolto abbastanza perikerike (casse, microfono e webcam) e nn mi lascia usare certi programmi: gli antivirus...
Mi potete aiutare, come lo tolgo, negli altri siti mi hanno detto d ripristinarlo, ma se lo ripristino sarebbe già la 4 volta, nn vorrei ripristinarlo, mi potete aiutare
perpiacere

da **stevens** » dom mar 08, 2009 11:56 am

ciao

esegui queste operazioni con la massima attenzione

scarica http://dc108.4shared.com/download/75022 ... 1-de3379fb

Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
Dovrai usare prima il tasto 1 (invio) per la ricerca e successivamente il tanto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.

Appena finito, vai in provvisoria

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^

scarica questo programmino... il download lo trovi in fondo alla pagina http://www.zonavirus.com/datos/descarga ... ibagla.asp

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione

quando avra' finito vai in C:\ e salva il log che posterai qui nel forum

da **Antonypax** » dom mar 08, 2009 12:03 pm

stevens ha scritto:ciao

esegui queste operazioni con la massima attenzione

scarica http://dc108.4shared.com/download/75022 ... 1-de3379fb

Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
Dovrai usare prima il tasto 1 (invio) per la ricerca e successivamente il tanto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.

Appena finito, vai in provvisoria

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^

scarica questo programmino... il download lo trovi in fondo alla pagina http://www.zonavirus.com/datos/descarga ... ibagla.asp

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione

quando avra' finito vai in C:\ e salva il log che posterai qui nel forum

ok lo sto facendo
FindyKill: Recerche de fichiers dossiers (sono arrivato qui)

da **stevens** » dom mar 08, 2009 12:09 pm

segui quello che ti ho scritto- devi prima usare 1 per la ricerca dei file infetti e poi il 2 per l'eliminazione

lascia lavorare il programma e massima tranquillita'

da **Antonypax** » dom mar 08, 2009 1:03 pm

mentre FindyKill lavorava mi è vnuto scritto questo messaggio d errore:
Expeption Processing Message c0000013 Prameters 75b1bf7c 4 75b1bf7c 75b1bf7c
annulla riprova continua
quale klikko?

da **stevens** » dom mar 08, 2009 1:12 pm

non so' cosa voglia dire

annulla e riprova- se lo fa' ancora, prosegui con elibagla

da **Amantide** » dom mar 08, 2009 2:58 pm

Non è detto che si tratta per forza di Bagle.

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto: [LOG]qui va inserito il log[/LOG]

da **[Claudio]** » dom mar 08, 2009 3:01 pm

Antonypax ha scritto:mentre FindyKill lavorava mi è vnuto scritto questo messaggio d errore: Expeption Processing Message c0000013 Prameters 75b1bf7c 4 75b1bf7c 75b1bf7c annulla riprova continuaquale klikko?

stevens ha scritto:non so' cosa voglia dire ....

Questo non pensi sia un pochino grave? o conosci i tool che fai girare oppure non ne suggerisci il ricorso.
Non ti sei neppure preoccupato chi accertarti circa il sistema operativo in uso sul computer di Antonypax.
@ Antony - a proposito dell'errore in esecuzione di Findkill, che antivirus è in uso sul tuo Computer? - prova ad eseguirlo dopo aver disattivato, momentaneamente, l'antivirus.

da **Antonypax** » dom mar 08, 2009 4:25 pm

[Claudio] ha scritto:
Antonypax ha scritto:mentre FindyKill lavorava mi è vnuto scritto questo messaggio d errore: Expeption Processing Message c0000013 Prameters 75b1bf7c 4 75b1bf7c 75b1bf7c annulla riprova continuaquale klikko?

stevens ha scritto:non so' cosa voglia dire ....

Questo non pensi sia un pochino grave? o conosci i tool che fai girare oppure non ne suggerisci il ricorso.
Non ti sei neppure preoccupato chi accertarti circa il sistema operativo in uso sul computer di Antonypax.
@ Antony - a proposito dell'errore in esecuzione di Findkill, che antivirus è in uso sul tuo Computer? - prova ad eseguirlo dopo aver disattivato, momentaneamente, l'antivirus.

IO ho XP
I miei antivirus sono: NOD32, avast, avira e spybot

da **Amantide** » dom mar 08, 2009 4:32 pm

Antonypax ha scritto:I miei antivirus sono: NOD32, avast, avira

Spero che gli altri 2 hai installato solo dopo aver scoperto che il tuo primo antivirus non funzionava più? [uhm]

Intanto prova ad eseguire Combofix e poi vediamo di risolvere altri problemi.

da **Antonypax** » dom mar 08, 2009 5:46 pm

Amantide ha scritto:
Antonypax ha scritto:I miei antivirus sono: NOD32, avast, avira

Spero che gli altri 2 hai installato solo dopo aver scoperto che il tuo primo antivirus non funzionava più?

Intanto prova ad eseguire Combofix e poi vediamo di risolvere altri problemi.

grazie tantissimo, adesso mi vanno le periferike, grazie a combofix!
Xò ho ancora qualche problema, gli antivirus nn mi vanno!

ComboFix 09-03-06.02 - Antonypax 2009-03-08 16:53:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1022.693 [GMT 1:00]
Eseguito da: c:\documents and settings\Antonypax\Desktop\od.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Antonypax\Application Data\drivers\downld
c:\documents and settings\Antonypax\Application Data\drivers\downld\14865812.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14865890.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14865906.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14875093.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14875625.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14875953.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14876531.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14877750.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14878140.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14913703.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14914500.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14914937.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\14934671.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15001671.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15001812.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15001906.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15004250.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15024468.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15024593.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15024687.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15027609.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15027640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15027656.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15033203.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15039609.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15040515.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15040937.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15041640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15042828.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15044015.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15061640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15062093.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15062468.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15107609.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15107718.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15187500.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15191578.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15191781.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\15191843.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\161203.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\170562.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\170656.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\180781.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\181484.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\182062.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\182890.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\184421.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\184953.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\196031.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\196843.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\197250.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\200156.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\204609.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\204781.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\214750.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\215406.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\216000.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\216781.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\218281.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\218671.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\222640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\226640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\228140.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\228593.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\243906.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\245343.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\290750.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\291062.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\291078.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\316187.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\319531.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\319640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\330828.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\334203.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\334234.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\336984.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\338343.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\338421.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\342671.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\343078.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\343453.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\343578.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\346453.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\347062.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\347218.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\348375.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\348859.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\349625.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\356187.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\357390.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\357859.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\358593.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\360718.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\362812.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\371390.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\372125.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\372578.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\382609.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\383156.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\383609.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\393000.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\393312.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\393437.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\398203.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\398375.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\398390.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\477171.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\478687.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\479500.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\479937.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\479984.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\480078.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\484703.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\485109.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\485171.exe
c:\documents and settings\Antonypax\Application Data\drivers\srosa2.sys
c:\documents and settings\Antonypax\Application Data\drivers\wfsintwq.sys
c:\documents and settings\Antonypax\Application Data\drivers\winupgro.exe
c:\documents and settings\Antonypax\Application Data\m
c:\documents and settings\Antonypax\Application Data\m\data.oct
c:\documents and settings\Antonypax\Application Data\m\flec006.exe
c:\documents and settings\Antonypax\Application Data\m\list.oct
c:\documents and settings\Antonypax\Application Data\m\shared\.zip
c:\documents and settings\Antonypax\Application Data\m\shared\[App-Ita].AVG.Antivirus.V.7.1.Italiano.Con.Seriale.zip
c:\documents and settings\Antonypax\Application Data\m\shared\3D Sound Tester 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\70-284 Microsoft MCSE Exchange Server 20 8.02.05.zip
c:\documents and settings\Antonypax\Application Data\m\shared\AA Mail Server 3.99.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Active Query Builder Free Edition 1.10.5.4.zip
c:\documents and settings\Antonypax\Application Data\m\shared\AEVITA Stop SPAM Email 1.01 (Key+Serial).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Aluminium Drop-Down Menu 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Astrosiege 1.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Avex DVD to iPod Video Suite 4.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Awesome Antique Autos Lite 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Awesome Antique Autos Screen Saver 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Bluefox iPhone Video Converter 2.10.08.1127.zip
c:\documents and settings\Antonypax\Application Data\m\shared\BMI-HealthMonitor Calculator 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\CalendarPro 2.43.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Colour Spy 1.5.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Convert XLS 3.44 (Crack).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Coolexon 1.2.0006 (Serial).zip
c:\documents and settings\Antonypax\Application Data\m\shared\copy2calendar 2.0.0.25.zip
c:\documents and settings\Antonypax\Application Data\m\shared\CoreProfessional 7.5.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Creative MediaSource DVD-Audio Player 2.00.77 Beta.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Date V6.zip
c:\documents and settings\Antonypax\Application Data\m\shared\DeepTrawl 1.1 (KeyGen).zip
c:\documents and settings\Antonypax\Application Data\m\shared\DiamondCS Port Explorer 2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Dominions II The Ascension Wars 2.08.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Drive tray Manipulator 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Dungeon Master II demo.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Ease DVD Ripper 1.10 Key+Serial.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Easy calculator 1.23.zip
c:\documents and settings\Antonypax\Application Data\m\shared\EditURLs 2.02.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Encopy 4.52.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Event Manager 2.1.0.247.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Export Query to XML for SQL server 1.02.00 (Patch).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Fast Shutdown Gadget 1.0.0.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\FastYub! 2.1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\FileInfo 2.9.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Fishing Expert 4.0a.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Flash Horizontal Menu Wizard 2.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Framing Station 4.22.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Grumpy Badger's Nine Men's Morris 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\HCM Toolbar 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\HTML Protect 2.0 With Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Imp's Recycle Bin 1.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Integrated Business Decisions 3.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\JRS Service Manager 0.1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Kaspersky.Anti-Virus.6.0.0.299.(espaÃ±ol.-.spanish).+.key.zip
c:\documents and settings\Antonypax\Application Data\m\shared\LanHunter 1.50 Patch.zip
c:\documents and settings\Antonypax\Application Data\m\shared\LEC Translate DotNet 3.0r18.zip
c:\documents and settings\Antonypax\Application Data\m\shared\LED-Bar 1.0 Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Los Padres Bank Mortgage Rates 1.6.zip
c:\documents and settings\Antonypax\Application Data\m\shared\M2ScreenMag 1.5.zip
c:\documents and settings\Antonypax\Application Data\m\shared\MacPing 3.0.4.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Magic Desktop Max 11.9.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Marspc Remote Desktop Computing 3.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\mdf2iso 0.3.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Message Sniffer 2.3.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\MiniCinema! 2.0.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Monitor On-Off 2.0.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\MyMoody Widget 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Neomesh Image Converter 2.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\NS-Batch 0.6e.zip
c:\documents and settings\Antonypax\Application Data\m\shared\OfficePopup 1.23.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Offline Page validator 0.3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\OggCarton for Windows 1.0 Beta.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Omega Messenger 3.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Open Video Joiner 3.2.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Operation Flashpoint Cold War Crisis - Tour of War map (episode 9).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Operation Flashpoint Resistance - Air Base Raid 1.05 map.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Optidraft 2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\ParaIrc 0.2.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\PassWallet 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Paste From Console Plugin for Windows Live Writer 1.0.0.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\PCMark Vantage Basic 1.0.0.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\PDF Watermarks 1.0.0.0 [Key].zip
c:\documents and settings\Antonypax\Application Data\m\shared\PhpbbXtra 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Pixel Pick 1.5.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Plato DVD to PSP + Video to PSP Package 4.84.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Ploing2 1.22.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Portable GIMP 2.2.17.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Portable Splitter Light 4.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Power Siphon 1.9.6.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\PowerTCP Emulation Tool 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\QCD AudioTracker 1.1.0.109.zip
c:\documents and settings\Antonypax\Application Data\m\shared\QualSoft Toshiba TEC BX Windows NT 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Quotator 1.2.0.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Recipes Galore 4.8.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Registry Genius 3.14.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Remote Desktop Enabler 2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Remover for I-Worm.Sobig 1.3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\RudPad 0.5.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\S.M.A.R.T. Explorer 1.0.0.551.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SayTunes 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SendTo 1.6 build 1016.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Server Watch 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\ShadowKeys 1.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Shell Jigsaw Puzzle 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Sirius Player 0.5.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Skater .NET Obfuscator 3.01.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SlickRun 3.9.4.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Soldier of Fortune II Double Helix - Avanti map.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Space Classic 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Splash Screen Component 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Split Video from CAM or Video FILE 3.16.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Spodradio 1.0.6.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Sri Bhajana Rahasya 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SubTool 2.6.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Super Puzzle Bobble 240x320 Nokia n92 n93 n73 e61 n71 e50 Adapted.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SwitchBlade 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\TeoSoft AntiSpyware Pro 1.0.0.26.zip
c:\documents and settings\Antonypax\Application Data\m\shared\TimeCard for Outlook 4.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Tinysoar DVD to PSP Converter 1.6.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Top Secret 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Transparent Menus 1.0.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\TreeBase Generator 1.0.42d.zip
c:\documents and settings\Antonypax\Application Data\m\shared\UltraISO PE 8.6.3.2056 Cracked.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Unreal Tournament 2004 Jailbreak mod UMOD Version.zip
c:\documents and settings\Antonypax\Application Data\m\shared\ValueMaker 1.7.3b.zip
c:\documents and settings\Antonypax\Application Data\m\shared\vbMysqlBrowse 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Video to Apple TV Converter 2.9.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Web Alerts 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\What's In My Piggybank (WIMP) 1.23.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Windows Server 2008 Developer Training Kit 1.0 Beta 3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\WISCO Word Power 2.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Wolga 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Zebra Screen Savers 5 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\srvlist.oct
c:\documents and settings\Default\Application Data\FunWebProducts
c:\documents and settings\Default\Menu Avvio\Programmi\Videos.url
c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\windows\setup.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\down
c:\windows\system32\drivers\down\304281.exe
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\lctryeff.ini
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S

((((((((((((((((((((((((( Files Creati Da 2009-02-08 al 2009-03-08 )))))))))))))))))))))))))))))))))))
.

2009-03-06 20:10 . 2009-03-06 20:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-03-06 16:08 . 2004-12-16 16:32 176,128 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-06 16:07 . 2009-03-06 16:07 <DIR> d-------- c:\programmi\NVIDIA Corporation
2009-03-06 16:07 . 2009-03-06 16:07 <DIR> d-------- c:\programmi\File comuni\NVIDIA Shared
2009-03-06 16:07 . 2005-04-04 18:59 176,128 --a------ c:\windows\system32\nvumpu.exe
2009-03-06 16:07 . 2005-04-04 18:59 176,128 --a------ c:\windows\system32\nvuaudio.exe
2009-03-06 15:59 . 2009-03-06 15:59 <DIR> d-------- C:\NVIDIA
2009-03-05 20:54 . 2009-03-05 20:54 21,764 --a------ c:\windows\system32\CoreAAC-uninstall.exe
2009-03-04 16:45 . 2009-03-08 16:57 <DIR> d--h----- c:\documents and settings\Antonypax\Application Data\drivers
2009-02-24 18:45 . 2009-02-24 18:48 <DIR> d-------- c:\programmi\AutoCAD 2008
2009-02-24 18:45 . 2009-02-24 18:45 <DIR> d-------- c:\documents and settings\Antonypax\Application Data\Autodesk
2009-02-24 18:45 . 2009-02-24 18:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 16:03 --------- d-----w c:\documents and settings\Antonypax\Application Data\Skype
2009-03-08 16:02 --------- d-----w c:\documents and settings\Antonypax\Application Data\skypePM
2009-03-08 15:21 --------- d-----w c:\programmi\ESET
2009-03-08 08:55 --------- d-----w c:\programmi\File comuni\Autodesk Shared
2009-03-06 22:28 --------- d-----w c:\programmi\Desktop XP
2009-03-06 21:14 --------- d-----w c:\programmi\Windows Live Safety Center
2009-03-06 15:07 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-27 13:30 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-25 21:34 --------- d-----w c:\documents and settings\Antonypax\Application Data\gtk-2.0
2009-02-24 17:44 --------- d-----w c:\programmi\Autodesk
2009-02-22 22:26 --------- d-----w c:\documents and settings\Antonypax\Application Data\LimeWire
2009-02-21 10:30 --------- d-----w c:\programmi\iHabbix V3
2009-02-11 11:38 --------- d-----w c:\programmi\Messenger Plus! Live
2009-01-17 22:21 --------- d-----w c:\programmi\File comuni\Alias Shared
2009-01-17 22:18 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2009-01-10 23:30 --------- d-----w c:\programmi\File comuni\DAZ
2009-01-10 23:17 --------- d-----w c:\programmi\DAZ
2009-01-09 17:00 --------- d-----w c:\programmi\Google
2008-12-25 21:50 31,334,932 -c--a-w c:\programmi\Windows Live.zip
2008-10-23 17:23 22,368 ----a-w c:\documents and settings\Antonypax\eltnhiqo.exe
2008-10-23 17:21 22,368 ----a-w c:\documents and settings\Antonypax\vhnifcjd.exe
2008-10-22 16:28 22,368 ----a-w c:\documents and settings\Antonypax\xqfnfokf.exe
2008-10-22 16:27 22,368 ----a-w c:\documents and settings\Antonypax\vjyshqqu.exe
2008-10-22 16:26 22,368 ----a-w c:\documents and settings\Antonypax\hlwuwpdf.exe
2008-10-22 16:24 22,368 ----a-w c:\documents and settings\Antonypax\zzdhxzvw.exe
2008-10-22 16:21 22,368 ----a-w c:\documents and settings\Antonypax\tfyqzuah.exe
2008-10-22 16:19 22,368 ----a-w c:\documents and settings\Antonypax\dtmzkrrz.exe
2008-10-22 13:56 22,368 ----a-w c:\documents and settings\Antonypax\fdetmdap.exe
2008-10-22 13:31 22,368 ----a-w c:\documents and settings\Antonypax\xwlthquy.exe
2008-10-22 13:30 22,368 ----a-w c:\documents and settings\Antonypax\ekheodud.exe
2008-10-22 13:28 22,368 ----a-w c:\documents and settings\Antonypax\lobkqfpr.exe
2008-10-21 16:04 22,368 ----a-w c:\documents and settings\Antonypax\ywtukgrw.exe
2008-10-21 16:03 22,368 ----a-w c:\documents and settings\Antonypax\ppoxrnfb.exe
2008-10-21 15:17 22,368 ----a-w c:\documents and settings\Antonypax\xfajvpgj.exe
2008-10-20 18:57 22,368 ----a-w c:\documents and settings\Antonypax\olecuzak.exe
2008-10-20 18:54 22,368 ----a-w c:\documents and settings\Antonypax\smtqyzvs.exe
2008-10-20 18:52 22,368 ----a-w c:\documents and settings\Antonypax\pgrduvwy.exe
2008-10-20 18:49 22,368 ----a-w c:\documents and settings\Antonypax\rslxkbnu.exe
2008-10-20 18:46 22,368 ----a-w c:\documents and settings\Antonypax\hgjuaefu.exe
2008-10-20 18:46 22,368 ----a-w c:\documents and settings\Antonypax\dzswyzlw.exe
2008-10-20 18:42 22,368 ----a-w c:\documents and settings\Antonypax\pwsimtiy.exe
2008-10-20 18:39 22,368 ----a-w c:\documents and settings\Antonypax\uhqkxngl.exe
2008-10-20 16:51 0 -c--a-w c:\documents and settings\Antonypax\apczvrpo.exe
2008-10-20 16:50 22,368 ----a-w c:\documents and settings\Antonypax\gbbghcfe.exe
2008-10-20 16:49 22,368 ----a-w c:\documents and settings\Antonypax\xtjikdhe.exe
2008-10-20 16:46 22,368 ----a-w c:\documents and settings\Antonypax\gdsnusmu.exe
2008-10-20 16:45 22,368 ----a-w c:\documents and settings\Antonypax\vmaiqlme.exe
2008-10-20 16:44 22,368 ----a-w c:\documents and settings\Antonypax\sexgwzwt.exe
2008-10-20 16:41 22,368 ----a-w c:\documents and settings\Antonypax\yqvxexen.exe
2008-10-20 16:40 22,368 ----a-w c:\documents and settings\Antonypax\zbeloqnk.exe
2008-10-19 17:20 22,368 ----a-w c:\documents and settings\Antonypax\ppmnuquv.exe
2008-10-19 17:15 22,368 ----a-w c:\documents and settings\Antonypax\uahgvpnw.exe
2008-10-19 17:11 22,368 ----a-w c:\documents and settings\Antonypax\wwrxbvgn.exe
2008-10-19 17:10 22,368 ----a-w c:\documents and settings\Antonypax\kcgxngjn.exe
2008-10-19 16:22 0 -c--a-w c:\documents and settings\Antonypax\fcbupqrh.exe
2008-10-19 12:49 0 -c--a-w c:\documents and settings\Antonypax\rjyemahs.exe
2008-10-19 12:46 22,368 ----a-w c:\documents and settings\Antonypax\nkgaxbwy.exe
2008-10-19 12:33 22,368 ----a-w c:\documents and settings\Antonypax\rkozfzud.exe
2008-10-18 17:48 0 -c--a-w c:\documents and settings\Antonypax\hcpltqle.exe
2008-10-17 19:18 0 -c--a-w c:\documents and settings\Antonypax\ctnkvjxp.exe
2008-10-17 19:17 22,368 ----a-w c:\documents and settings\Antonypax\ynphplof.exe
2008-10-17 19:17 22,368 ----a-w c:\documents and settings\Antonypax\mubkejjv.exe
2008-10-17 17:34 22,368 ----a-w c:\documents and settings\Antonypax\zqmgkrbf.exe
2008-10-17 17:33 22,368 ----a-w c:\documents and settings\Antonypax\ndclskij.exe
2008-10-17 17:30 22,368 ----a-w c:\documents and settings\Antonypax\wbgciwfs.exe
2008-10-17 17:29 22,368 ----a-w c:\documents and settings\Antonypax\whrbpwoq.exe
2008-10-17 17:29 22,368 ----a-w c:\documents and settings\Antonypax\prxsxcih.exe
2008-10-17 17:28 22,368 ----a-w c:\documents and settings\Antonypax\tptjyjem.exe
2008-10-17 16:46 22,368 ----a-w c:\documents and settings\Antonypax\xvgudavv.exe
2008-10-17 16:44 22,368 ----a-w c:\documents and settings\Antonypax\zjawtfwr.exe
2008-10-17 16:40 22,368 ----a-w c:\documents and settings\Antonypax\eltgnfai.exe
2008-10-17 16:30 22,368 ----a-w c:\documents and settings\Antonypax\tperlkrd.exe
2008-10-17 16:29 22,368 ----a-w c:\documents and settings\Antonypax\xbfqzwpz.exe
2008-10-17 16:14 22,368 ----a-w c:\documents and settings\Antonypax\jiminsnq.exe
2008-10-17 13:29 22,368 ----a-w c:\documents and settings\Antonypax\dgzrmost.exe
2008-10-17 13:22 22,368 ----a-w c:\documents and settings\Antonypax\falziijw.exe
2008-10-17 13:18 22,368 ----a-w c:\documents and settings\Antonypax\pvtfpcgi.exe
2008-10-16 20:32 22,368 ----a-w c:\documents and settings\Antonypax\nglnvjiv.exe
2008-10-16 19:46 8,013 ----a-w c:\documents and settings\Antonypax\ptjqyzgy.exe
2008-10-16 15:10 22,368 ----a-w c:\documents and settings\Antonypax\zvmviwka.exe
2008-10-15 20:29 22,368 ----a-w c:\documents and settings\Antonypax\qpdltuqv.exe
2008-10-15 20:28 22,368 ----a-w c:\documents and settings\Antonypax\oehgchol.exe
2008-10-15 20:05 22,368 ----a-w c:\documents and settings\Antonypax\tfogevqe.exe
2008-10-14 19:01 22,368 ----a-w c:\documents and settings\Antonypax\uuugkfdw.exe
2008-10-14 18:59 22,368 ----a-w c:\documents and settings\Antonypax\vuzztzov.exe
2008-10-14 18:58 22,368 ----a-w c:\documents and settings\Antonypax\yzlnansu.exe
2008-10-14 16:39 22,368 ----a-w c:\documents and settings\Antonypax\uskresbw.exe
2008-10-14 16:33 22,368 ----a-w c:\documents and settings\Antonypax\swvcfuom.exe
2008-10-14 12:32 0 -c--a-w c:\documents and settings\Antonypax\Application Data\wklnhst.dat
2008-08-23 15:07 2,075 -c--a-w c:\documents and settings\Antonypax\Application Data\SAS7_000.DAT
2008-05-07 14:50 13,533 -c--a-w c:\documents and settings\Default\cesqmvln.exe
2008-03-08 19:54 0 -c--a-w c:\documents and settings\Default\Application Data\wklnhst.dat
2008-02-20 00:29 22 -csha-w c:\windows\SMINST\HPCD.sys
2008-08-25 12:25 88 -csh--r c:\windows\system32\E3BFE33ED7.sys
2008-08-25 12:42 3,452 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-10 19:24 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008091020080911\index.dat
.

------- Sigcheck -------

2008-04-14 03:14 978432 3d46c53ca961c49272037f98807537bd c:\windows\explorer.exe
2007-06-13 14:10 1035776 b4e85805be6d23de697f7b3ba7492d0b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-04-11 05:00 976896 cb74a931e8ea461edebabf8a91c9cc11 c:\windows\$NtServicePackUninstall$\explorer.exe
2006-04-11 05:00 1034752 d009e427de2e129ff87b03d87f349c73 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:14 978432 3d46c53ca961c49272037f98807537bd c:\windows\ServicePackFiles\i386\explorer.exe

2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-18 5724184]
"SpybotSD TeaTimer"="h:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"Dancer"="c:\programmi\Windows Plus\Dancer\Dancer.exe" [2004-08-10 188416]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"ManyCam"="h:\programmi\ManyCam 2.3\ManyCam.exe" [2008-08-19 1725736]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-03-08 266497]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WebcamMaxMoniter"="h:\programmi\WebcamMax\CAMTHINS.exe" [2006-07-20 73728]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ulead AutoDetector v2"="c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe" [2009-03-08 90112]
"UVS10 Preload"="h:\programmi\File comuni\uvPL.exe" [2006-03-07 36864]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"avast!"="h:\progra~1\Avast\ashDisp.exe" [2009-03-08 79224]
"NVMixerTray"="c:\programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Antonypax\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - h:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - h:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]

c:\documents and settings\CODY\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - h:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]

c:\documents and settings\PATTY\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - h:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tbjqft.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.mjpg"= Pvmjpg21.dll
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.PIM1"= pclepim1.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"h:\\Programmi\\Programs\\RM.exe"=
"h:\\Programmi\\Programs\\PMSRegisterFile.exe"=
"h:\\Programmi\\Programs\\umi.exe"=
"h:\\Programmi\\Programs\\VideoSpin.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"h:\\Programmi\\Programs\\Studio.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R2 CachemanXPService;CachemanXP;h:\programmi\CachemanXP\CachemanXP.exe [2009-01-17 244736]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-06-06 61952]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys -->

c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2006-07-03 242736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RMCDRWFV;RMCDRWFV;c:\docume~1\ANTONY~1\IMPOST~1\Temp\RMCDRWFV.exe -->

c:\docume~1\ANTONY~1\IMPOST~1\Temp\RMCDRWFV.exe [?]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys -->

c:\windows\system32\drivers\ScreamingBAudio.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7940f16e-652b-11dd-af14-001636b39327}]
\Shell\AutoRun\command - G:\ClickMe.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{20D23232-AED6-490D-A3C2-F08BA539A1FE} - (no file)
BHO-{5A591F99-C0AF-4F19-B908-7426EF6D7355} - (no file)
BHO-{7bcf824f-eb31-493d-86ca-9c90eaf2de50} - c:\windows\system32\tbjqft.dll
BHO-{8555BE5E-457E-4DC4-A76E-D007AECACEE3} - (no file)
BHO-{98B48BCC-2F5E-4954-8643-1A2C25795271} - (no file)
BHO-{BFD6CF8D-1EF2-4A70-B714-69E8C92F1A31} - (no file)
BHO-{F68A626C-26F4-41B7-8D03-ED773A0E52D1} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-DesktopIconToy - h:\programmi\Desktop Icon Toy\DesktopIconToy.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET
HKLM-Run-FileBackup - c:\program files\Optimark\OTB\OTB.exe
HKLM-Run-NWEReboot - (no file)
Notify-mlJBTnmm - (no file)

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/webhp?rls=ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 17:06:01
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@?????????????`?@?????L?@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1387477-214851956-2962684071-1005\Software\SecuROM\License information*]
"datasecu"=hex:b0,2c,b0,04,cb,c7,93,98,f9,de,9e,79,99,16,20,bb,eb,a5,f5,d8,22,
ca,17,a7,28,48,cf,ac,4a,0b,3f,6a,b0,68,de,fb,30,4c,53,51,b5,db,c6,15,b0,e9,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5d,11,df,0d,10,
6f,84,29,c8,28,51,af,b0,29,a3,98,3a,7c,46,41,a5,62,bf,7d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,92,b7,2e,96,b0,
eb,9a,83,71,3b,04,66,8b,46,0d,96,47,95,f2,fa,18,43,93,b5,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,29,b6,85,2b,6f,
7e,99,b7,25,da,ec,7e,55,20,c9,26,9a,1f,06,e4,d7,f1,47,f3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,fe,69,70,06,
27,71,e8,3e,1e,9e,e0,57,5a,93,61,9b,f2,1a,f9,db,96,6e,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,1b,4e,94,52,7e,
63,9b,53,cd,44,cd,b9,a6,33,6c,cd,bb,e5,07,1f,5a,e2,d2,11,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2f,79,9e,d7,f1,
b1,79,1c,b0,18,ed,a7,3f,8d,37,a4,e5,f7,a0,7a,a4,b1,6c,88,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,61,48,68,35,09,
96,13,8c,31,77,e1,ba,b1,f8,68,02,d2,2e,df,c8,21,9a,2c,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,a3,60,da,1b,94,
73,a2,39,83,6c,56,8b,a0,85,96,ab,a3,40,fe,d8,c5,e1,36,d4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d3,ff,3b,8b,65,
61,5a,9b,51,fa,6e,91,28,9e,14,cc,cf,8b,1e,8f,c7,8d,c7,d4,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d9,03,ac,5b,27,
8f,af,88,b1,cd,45,5a,a8,c4,f8,b9,4a,aa,10,b0,2f,2e,d9,f6,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e2,d6,83,1e,97,
d3,8b,7b,e3,0e,66,d5,eb,bc,2f,6b,d9,f0,a5,56,1c,b7,81,ee,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,ac,31,73,e2,5b,
1b,f6,9c,fa,ea,66,7f,d4,3b,6b,70,08,1e,e0,38,d9,e1,a0,64,6c,43,2d,1e,aa,22,\
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\msdtc.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Windows Media Player\wmpnetwk.exe
c:\programmi\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\HP\Digital Imaging\bin\hpqste08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
c:\programmi\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-08 17:19:15 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-08 16:19:11

Pre-Run: 48,696,180,736 byte disponibili
Post-Run: 51,082,842,112 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

647 --- E O F --- 2009-02-26 22:10:51

da **[Claudio]** » dom mar 08, 2009 5:59 pm

Antonypax ha scritto:IO ho XP I miei antivirus sono: NOD32, avast, avira e spybot

Andiamo bene [V]

.
Disinstalla tutti gli Antivirus possibilmente dal loro uninstall.
Prima di disinstallarli cessa l'esecuzione di ognuno di essi dalla icona presente sulla traybar.
ripeti una una scansione con Combofix ma questa volta eseguilo accedendo al sistema in modalità provvisoria ed utlizzando l'account Amministratore.
Allega il log che verrà rilasciato.
Poi riavvia il sistema e:

Disattiva il Ripristino configurazione di sistema:
Start
tasto destro del mouse sull'icona Risorse del Computer
seleziona la voce Proprietà
apri la scheda Ripristino configurazione di sistema
spunta la voce Disattiva Ripristino configurazione di sistema
conferma, la modifica, con Applica e, poi OK

Svuota del suo contenuto la cartella Prefetch:
Start
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno

scarica ed installa CCleaner: clicca qui per il download
Una volta installato configuralo in questo modo:
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi clicca su:
Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
alla voce Pulizia, nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori aggiornamenti di WinUpdate
nel menu a sinistra, clicca sulla voce Pulizia
clicca su tasto Avvia pulizia per eseguire la scansione
finita la scansione, sempre nel menu a sinistra, clicca sulla voce Registro e spunta tutte le voci comprese nella sezione meno la voce estensioni file non usate
clicca sul tasto Trova problemi ed avvia una scansione
al termine della scansione clicca sulla voce Ripara selezionati e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)

Scarica ed installa Hijackthis: clicca qui per il download
lancia Hthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Rilancia Hijackthis:
clicca su Do a system scan and save a logfile
finita la scansione verrà rilasciato un il log
salva il log sul desktop ed allegalo.

da **stevens** » dom mar 08, 2009 6:30 pm

@ claudio

Questo non pensi sia un pochino grave? o conosci i tool che fai girare oppure non ne suggerisci il ricorso

ti avrei risposto anche prima e avrei dato subito assistenza all'utente se non avessi avuto un black-out

il fatto che sia uscito un errore su un programma come quello che e' uscito a Antonypax(non era mai successo prima) non vuol dire che e' necessaria la tua presenza nel ricordarlo- se hai letto bene, ho dato a Antonypax la soluzone su due programmi simili per eliminare il bagle- ricorda Claudio che il forum e' fatto per dare assistenza, non per fare delle stupide polemiche

a proposito dell'errore in esecuzione di Findkill, che antivirus è in uso sul tuo Computer? - prova ad eseguirlo dopo aver disattivato, momentaneamente, l'antivirus.

se leggi bene la discussione, Antonypax ha subito riferito che l'antivirus non gli funzionava- la prima cosa che fa il bagle, e' quella di disattivare l'antivirus

@ Antonypax

se vuoi continuare, puoi usare elibagla come ti ho suggerito all'inizio della discussione

da **Amantide** » dom mar 08, 2009 6:56 pm

stevens ha scritto:@ Antonypax

se vuoi continuare, puoi usare elibagla come ti ho suggerito all'inizio della discussione-

Non ce ne più bisogno, visto che i file relativi al Bagle sono stati già rimossi.

@ Antonypax

Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.

Codice: Seleziona tutto: File:: c:\documents and settings\Antonypax\eltnhiqo.exe c:\documents and settings\Antonypax\vhnifcjd.exe c:\documents and settings\Antonypax\xqfnfokf.exe c:\documents and settings\Antonypax\vjyshqqu.exe c:\documents and settings\Antonypax\hlwuwpdf.exe c:\documents and settings\Antonypax\zzdhxzvw.exe c:\documents and settings\Antonypax\tfyqzuah.exe c:\documents and settings\Antonypax\dtmzkrrz.exe c:\documents and settings\Antonypax\fdetmdap.exe c:\documents and settings\Antonypax\xwlthquy.exe c:\documents and settings\Antonypax\ekheodud.exe c:\documents and settings\Antonypax\lobkqfpr.exe c:\documents and settings\Antonypax\ywtukgrw.exe c:\documents and settings\Antonypax\ppoxrnfb.exe c:\documents and settings\Antonypax\xfajvpgj.exe c:\documents and settings\Antonypax\olecuzak.exe c:\documents and settings\Antonypax\smtqyzvs.exe c:\documents and settings\Antonypax\pgrduvwy.exe c:\documents and settings\Antonypax\rslxkbnu.exe c:\documents and settings\Antonypax\hgjuaefu.exe c:\documents and settings\Antonypax\dzswyzlw.exe c:\documents and settings\Antonypax\pwsimtiy.exe c:\documents and settings\Antonypax\uhqkxngl.exe c:\documents and settings\Antonypax\apczvrpo.exe c:\documents and settings\Antonypax\gbbghcfe.exe c:\documents and settings\Antonypax\xtjikdhe.exe c:\documents and settings\Antonypax\gdsnusmu.exe c:\documents and settings\Antonypax\vmaiqlme.exe c:\documents and settings\Antonypax\sexgwzwt.exe c:\documents and settings\Antonypax\yqvxexen.exe c:\documents and settings\Antonypax\zbeloqnk.exe c:\documents and settings\Antonypax\ppmnuquv.exe c:\documents and settings\Antonypax\uahgvpnw.exe c:\documents and settings\Antonypax\wwrxbvgn.exe c:\documents and settings\Antonypax\kcgxngjn.exe c:\documents and settings\Antonypax\fcbupqrh.exe c:\documents and settings\Antonypax\rjyemahs.exe c:\documents and settings\Antonypax\nkgaxbwy.exe c:\documents and settings\Antonypax\rkozfzud.exe c:\documents and settings\Antonypax\hcpltqle.exe c:\documents and settings\Antonypax\ctnkvjxp.exe c:\documents and settings\Antonypax\ynphplof.exe c:\documents and settings\Antonypax\mubkejjv.exe c:\documents and settings\Antonypax\zqmgkrbf.exe c:\documents and settings\Antonypax\ndclskij.exe c:\documents and settings\Antonypax\wbgciwfs.exe c:\documents and settings\Antonypax\whrbpwoq.exe c:\documents and settings\Antonypax\prxsxcih.exe c:\documents and settings\Antonypax\tptjyjem.exe c:\documents and settings\Antonypax\xvgudavv.exe c:\documents and settings\Antonypax\zjawtfwr.exe c:\documents and settings\Antonypax\eltgnfai.exe c:\documents and settings\Antonypax\tperlkrd.exe c:\documents and settings\Antonypax\xbfqzwpz.exe c:\documents and settings\Antonypax\jiminsnq.exe c:\documents and settings\Antonypax\dgzrmost.exe c:\documents and settings\Antonypax\falziijw.exe c:\documents and settings\Antonypax\pvtfpcgi.exe c:\documents and settings\Antonypax\nglnvjiv.exe c:\documents and settings\Antonypax\ptjqyzgy.exe c:\documents and settings\Antonypax\zvmviwka.exe c:\documents and settings\Antonypax\qpdltuqv.exe c:\documents and settings\Antonypax\oehgchol.exe c:\documents and settings\Antonypax\tfogevqe.exe c:\documents and settings\Antonypax\uuugkfdw.exe c:\documents and settings\Antonypax\vuzztzov.exe c:\documents and settings\Antonypax\yzlnansu.exe c:\documents and settings\Antonypax\uskresbw.exe c:\documents and settings\Antonypax\swvcfuom.exe c:\documents and settings\Antonypax\Application Data\wklnhst.dat c:\documents and settings\Default\cesqmvln.exe c:\documents and settings\Default\Application Data\wklnhst.dat c:\windows\system32\tbjqft.dll Folder:: C:\Documents and Settings\Antonypax\Impostazioni locali\temp

Ora trascina il file CFScript.txt sull'icona di ComboFix (possibilmente dalla modalità provvisoria). Aspetta il termine della scansione e posta il nuovo log di Combofix.

Fai anche la scansione completa con Malwarebytes' Anti-Malware e posta qui il report della scansione.

da **stevens** » dom mar 08, 2009 7:01 pm

Non ce ne più bisogno, visto che i file relativi al Bagle sono stati già rimossi.

bene Amantide, lo lascio nelle tue mani (beato lui) ;)

da **Antonypax** » dom mar 08, 2009 8:37 pm

Amantide ha scritto:
stevens ha scritto:@ Antonypax

se vuoi continuare, puoi usare elibagla come ti ho suggerito all'inizio della discussione-

Non ce ne più bisogno, visto che i file relativi al Bagle sono stati già rimossi.

@ Antonypax

Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.
Codice: Seleziona tutto
File:: c:\documents and settings\Antonypax\eltnhiqo.exe c:\documents and settings\Antonypax\vhnifcjd.exe c:\documents and settings\Antonypax\xqfnfokf.exe c:\documents and settings\Antonypax\vjyshqqu.exe c:\documents and settings\Antonypax\hlwuwpdf.exe c:\documents and settings\Antonypax\zzdhxzvw.exe c:\documents and settings\Antonypax\tfyqzuah.exe c:\documents and settings\Antonypax\dtmzkrrz.exe c:\documents and settings\Antonypax\fdetmdap.exe c:\documents and settings\Antonypax\xwlthquy.exe c:\documents and settings\Antonypax\ekheodud.exe c:\documents and settings\Antonypax\lobkqfpr.exe c:\documents and settings\Antonypax\ywtukgrw.exe c:\documents and settings\Antonypax\ppoxrnfb.exe c:\documents and settings\Antonypax\xfajvpgj.exe c:\documents and settings\Antonypax\olecuzak.exe c:\documents and settings\Antonypax\smtqyzvs.exe c:\documents and settings\Antonypax\pgrduvwy.exe c:\documents and settings\Antonypax\rslxkbnu.exe c:\documents and settings\Antonypax\hgjuaefu.exe c:\documents and settings\Antonypax\dzswyzlw.exe c:\documents and settings\Antonypax\pwsimtiy.exe c:\documents and settings\Antonypax\uhqkxngl.exe c:\documents and settings\Antonypax\apczvrpo.exe c:\documents and settings\Antonypax\gbbghcfe.exe c:\documents and settings\Antonypax\xtjikdhe.exe c:\documents and settings\Antonypax\gdsnusmu.exe c:\documents and settings\Antonypax\vmaiqlme.exe c:\documents and settings\Antonypax\sexgwzwt.exe c:\documents and settings\Antonypax\yqvxexen.exe c:\documents and settings\Antonypax\zbeloqnk.exe c:\documents and settings\Antonypax\ppmnuquv.exe c:\documents and settings\Antonypax\uahgvpnw.exe c:\documents and settings\Antonypax\wwrxbvgn.exe c:\documents and settings\Antonypax\kcgxngjn.exe c:\documents and settings\Antonypax\fcbupqrh.exe c:\documents and settings\Antonypax\rjyemahs.exe c:\documents and settings\Antonypax\nkgaxbwy.exe c:\documents and settings\Antonypax\rkozfzud.exe c:\documents and settings\Antonypax\hcpltqle.exe c:\documents and settings\Antonypax\ctnkvjxp.exe c:\documents and settings\Antonypax\ynphplof.exe c:\documents and settings\Antonypax\mubkejjv.exe c:\documents and settings\Antonypax\zqmgkrbf.exe c:\documents and settings\Antonypax\ndclskij.exe c:\documents and settings\Antonypax\wbgciwfs.exe c:\documents and settings\Antonypax\whrbpwoq.exe c:\documents and settings\Antonypax\prxsxcih.exe c:\documents and settings\Antonypax\tptjyjem.exe c:\documents and settings\Antonypax\xvgudavv.exe c:\documents and settings\Antonypax\zjawtfwr.exe c:\documents and settings\Antonypax\eltgnfai.exe c:\documents and settings\Antonypax\tperlkrd.exe c:\documents and settings\Antonypax\xbfqzwpz.exe c:\documents and settings\Antonypax\jiminsnq.exe c:\documents and settings\Antonypax\dgzrmost.exe c:\documents and settings\Antonypax\falziijw.exe c:\documents and settings\Antonypax\pvtfpcgi.exe c:\documents and settings\Antonypax\nglnvjiv.exe c:\documents and settings\Antonypax\ptjqyzgy.exe c:\documents and settings\Antonypax\zvmviwka.exe c:\documents and settings\Antonypax\qpdltuqv.exe c:\documents and settings\Antonypax\oehgchol.exe c:\documents and settings\Antonypax\tfogevqe.exe c:\documents and settings\Antonypax\uuugkfdw.exe c:\documents and settings\Antonypax\vuzztzov.exe c:\documents and settings\Antonypax\yzlnansu.exe c:\documents and settings\Antonypax\uskresbw.exe c:\documents and settings\Antonypax\swvcfuom.exe c:\documents and settings\Antonypax\Application Data\wklnhst.dat c:\documents and settings\Default\cesqmvln.exe c:\documents and settings\Default\Application Data\wklnhst.dat c:\windows\system32\tbjqft.dll Folder:: C:\Documents and Settings\Antonypax\Impostazioni locali\temp

Ora trascina il file CFScript.txt sull'icona di ComboFix (possibilmente dalla modalità provvisoria). Aspetta il termine della scansione e posta il nuovo log di Combofix.

Fai anche la scansione completa con Malwarebytes' Anti-Malware e posta qui il report della scansione.

IO lo faccio in modalità provvisoria, ma quando finisce, dice che non trova il percorso, e quindi nn mi da il log!
Adesso provo a farlo in modalità normale

da **Antonypax** » dom mar 08, 2009 9:00 pm

Amantide ha scritto:
stevens ha scritto:@ Antonypax

se vuoi continuare, puoi usare elibagla come ti ho suggerito all'inizio della discussione-

Non ce ne più bisogno, visto che i file relativi al Bagle sono stati già rimossi.

@ Antonypax

Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.
Codice: Seleziona tutto
File:: c:\documents and settings\Antonypax\eltnhiqo.exe c:\documents and settings\Antonypax\vhnifcjd.exe c:\documents and settings\Antonypax\xqfnfokf.exe c:\documents and settings\Antonypax\vjyshqqu.exe c:\documents and settings\Antonypax\hlwuwpdf.exe c:\documents and settings\Antonypax\zzdhxzvw.exe c:\documents and settings\Antonypax\tfyqzuah.exe c:\documents and settings\Antonypax\dtmzkrrz.exe c:\documents and settings\Antonypax\fdetmdap.exe c:\documents and settings\Antonypax\xwlthquy.exe c:\documents and settings\Antonypax\ekheodud.exe c:\documents and settings\Antonypax\lobkqfpr.exe c:\documents and settings\Antonypax\ywtukgrw.exe c:\documents and settings\Antonypax\ppoxrnfb.exe c:\documents and settings\Antonypax\xfajvpgj.exe c:\documents and settings\Antonypax\olecuzak.exe c:\documents and settings\Antonypax\smtqyzvs.exe c:\documents and settings\Antonypax\pgrduvwy.exe c:\documents and settings\Antonypax\rslxkbnu.exe c:\documents and settings\Antonypax\hgjuaefu.exe c:\documents and settings\Antonypax\dzswyzlw.exe c:\documents and settings\Antonypax\pwsimtiy.exe c:\documents and settings\Antonypax\uhqkxngl.exe c:\documents and settings\Antonypax\apczvrpo.exe c:\documents and settings\Antonypax\gbbghcfe.exe c:\documents and settings\Antonypax\xtjikdhe.exe c:\documents and settings\Antonypax\gdsnusmu.exe c:\documents and settings\Antonypax\vmaiqlme.exe c:\documents and settings\Antonypax\sexgwzwt.exe c:\documents and settings\Antonypax\yqvxexen.exe c:\documents and settings\Antonypax\zbeloqnk.exe c:\documents and settings\Antonypax\ppmnuquv.exe c:\documents and settings\Antonypax\uahgvpnw.exe c:\documents and settings\Antonypax\wwrxbvgn.exe c:\documents and settings\Antonypax\kcgxngjn.exe c:\documents and settings\Antonypax\fcbupqrh.exe c:\documents and settings\Antonypax\rjyemahs.exe c:\documents and settings\Antonypax\nkgaxbwy.exe c:\documents and settings\Antonypax\rkozfzud.exe c:\documents and settings\Antonypax\hcpltqle.exe c:\documents and settings\Antonypax\ctnkvjxp.exe c:\documents and settings\Antonypax\ynphplof.exe c:\documents and settings\Antonypax\mubkejjv.exe c:\documents and settings\Antonypax\zqmgkrbf.exe c:\documents and settings\Antonypax\ndclskij.exe c:\documents and settings\Antonypax\wbgciwfs.exe c:\documents and settings\Antonypax\whrbpwoq.exe c:\documents and settings\Antonypax\prxsxcih.exe c:\documents and settings\Antonypax\tptjyjem.exe c:\documents and settings\Antonypax\xvgudavv.exe c:\documents and settings\Antonypax\zjawtfwr.exe c:\documents and settings\Antonypax\eltgnfai.exe c:\documents and settings\Antonypax\tperlkrd.exe c:\documents and settings\Antonypax\xbfqzwpz.exe c:\documents and settings\Antonypax\jiminsnq.exe c:\documents and settings\Antonypax\dgzrmost.exe c:\documents and settings\Antonypax\falziijw.exe c:\documents and settings\Antonypax\pvtfpcgi.exe c:\documents and settings\Antonypax\nglnvjiv.exe c:\documents and settings\Antonypax\ptjqyzgy.exe c:\documents and settings\Antonypax\zvmviwka.exe c:\documents and settings\Antonypax\qpdltuqv.exe c:\documents and settings\Antonypax\oehgchol.exe c:\documents and settings\Antonypax\tfogevqe.exe c:\documents and settings\Antonypax\uuugkfdw.exe c:\documents and settings\Antonypax\vuzztzov.exe c:\documents and settings\Antonypax\yzlnansu.exe c:\documents and settings\Antonypax\uskresbw.exe c:\documents and settings\Antonypax\swvcfuom.exe c:\documents and settings\Antonypax\Application Data\wklnhst.dat c:\documents and settings\Default\cesqmvln.exe c:\documents and settings\Default\Application Data\wklnhst.dat c:\windows\system32\tbjqft.dll Folder:: C:\Documents and Settings\Antonypax\Impostazioni locali\temp

Ora trascina il file CFScript.txt sull'icona di ComboFix (possibilmente dalla modalità provvisoria). Aspetta il termine della scansione e posta il nuovo log di Combofix.

Fai anche la scansione completa con Malwarebytes' Anti-Malware e posta qui il report della scansione.

combofix

ComboFix 09-03-06.02 - Antonypax 2009-03-08 20.46.46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1022.503 [GMT 1:00]
Eseguito da: c:\documents and settings\Antonypax\Desktop\od.exe
Opzioni usate :: c:\documents and settings\Antonypax\Desktop\CFScript.txt..txt
* Creato nuovo punto di ripristino

FILE ::
c:\documents and settings\Antonypax\apczvrpo.exe
c:\documents and settings\Antonypax\Application Data\wklnhst.dat
c:\documents and settings\Antonypax\ctnkvjxp.exe
c:\documents and settings\Antonypax\dgzrmost.exe
c:\documents and settings\Antonypax\dtmzkrrz.exe
c:\documents and settings\Antonypax\dzswyzlw.exe
c:\documents and settings\Antonypax\ekheodud.exe
c:\documents and settings\Antonypax\eltgnfai.exe
c:\documents and settings\Antonypax\eltnhiqo.exe
c:\documents and settings\Antonypax\falziijw.exe
c:\documents and settings\Antonypax\fcbupqrh.exe
c:\documents and settings\Antonypax\fdetmdap.exe
c:\documents and settings\Antonypax\gbbghcfe.exe
c:\documents and settings\Antonypax\gdsnusmu.exe
c:\documents and settings\Antonypax\hcpltqle.exe
c:\documents and settings\Antonypax\hgjuaefu.exe
c:\documents and settings\Antonypax\hlwuwpdf.exe
c:\documents and settings\Antonypax\jiminsnq.exe
c:\documents and settings\Antonypax\kcgxngjn.exe
c:\documents and settings\Antonypax\lobkqfpr.exe
c:\documents and settings\Antonypax\mubkejjv.exe
c:\documents and settings\Antonypax\ndclskij.exe
c:\documents and settings\Antonypax\nglnvjiv.exe
c:\documents and settings\Antonypax\nkgaxbwy.exe
c:\documents and settings\Antonypax\oehgchol.exe
c:\documents and settings\Antonypax\olecuzak.exe
c:\documents and settings\Antonypax\pgrduvwy.exe
c:\documents and settings\Antonypax\ppmnuquv.exe
c:\documents and settings\Antonypax\ppoxrnfb.exe
c:\documents and settings\Antonypax\prxsxcih.exe
c:\documents and settings\Antonypax\ptjqyzgy.exe
c:\documents and settings\Antonypax\pvtfpcgi.exe
c:\documents and settings\Antonypax\pwsimtiy.exe
c:\documents and settings\Antonypax\qpdltuqv.exe
c:\documents and settings\Antonypax\rjyemahs.exe
c:\documents and settings\Antonypax\rkozfzud.exe
c:\documents and settings\Antonypax\rslxkbnu.exe
c:\documents and settings\Antonypax\sexgwzwt.exe
c:\documents and settings\Antonypax\smtqyzvs.exe
c:\documents and settings\Antonypax\swvcfuom.exe
c:\documents and settings\Antonypax\tfogevqe.exe
c:\documents and settings\Antonypax\tfyqzuah.exe
c:\documents and settings\Antonypax\tperlkrd.exe
c:\documents and settings\Antonypax\tptjyjem.exe
c:\documents and settings\Antonypax\uahgvpnw.exe
c:\documents and settings\Antonypax\uhqkxngl.exe
c:\documents and settings\Antonypax\uskresbw.exe
c:\documents and settings\Antonypax\uuugkfdw.exe
c:\documents and settings\Antonypax\vhnifcjd.exe
c:\documents and settings\Antonypax\vjyshqqu.exe
c:\documents and settings\Antonypax\vmaiqlme.exe
c:\documents and settings\Antonypax\vuzztzov.exe
c:\documents and settings\Antonypax\wbgciwfs.exe
c:\documents and settings\Antonypax\whrbpwoq.exe
c:\documents and settings\Antonypax\wwrxbvgn.exe
c:\documents and settings\Antonypax\xbfqzwpz.exe
c:\documents and settings\Antonypax\xfajvpgj.exe
c:\documents and settings\Antonypax\xqfnfokf.exe
c:\documents and settings\Antonypax\xtjikdhe.exe
c:\documents and settings\Antonypax\xvgudavv.exe
c:\documents and settings\Antonypax\xwlthquy.exe
c:\documents and settings\Antonypax\ynphplof.exe
c:\documents and settings\Antonypax\yqvxexen.exe
c:\documents and settings\Antonypax\ywtukgrw.exe
c:\documents and settings\Antonypax\yzlnansu.exe
c:\documents and settings\Antonypax\zbeloqnk.exe
c:\documents and settings\Antonypax\zjawtfwr.exe
c:\documents and settings\Antonypax\zqmgkrbf.exe
c:\documents and settings\Antonypax\zvmviwka.exe
c:\documents and settings\Antonypax\zzdhxzvw.exe
c:\documents and settings\Default\Application Data\wklnhst.dat
c:\documents and settings\Default\cesqmvln.exe
c:\windows\system32\tbjqft.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Antonypax\Impostazioni locali\temp
c:\documents and settings\Antonypax\Impostazioni locali\temp\~DF3AE9.tmp
c:\documents and settings\Antonypax\Impostazioni locali\temp\Av-test.txt
c:\documents and settings\Antonypax\Impostazioni locali\temp\DIO4.tmp
c:\documents and settings\Antonypax\Impostazioni locali\temp\DIO5.tmp
c:\documents and settings\Antonypax\Impostazioni locali\temp\dn21.tmp
c:\documents and settings\Antonypax\Impostazioni locali\temp\hpqddusr.log
c:\documents and settings\Antonypax\Impostazioni locali\temp\jusched.log
c:\documents and settings\Antonypax\Impostazioni locali\temp\MAR2.tmp
c:\documents and settings\Antonypax\Impostazioni locali\temp\MAR3.tmp

.
((((((((((((((((((((((((( Files Creati Da 2009-02-08 al 2009-03-08 )))))))))))))))))))))))))))))))))))
.

2009-03-06 20:10 . 2009-03-06 20:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-03-06 16:08 . 2004-12-16 16:32 176,128 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-06 16:07 . 2009-03-06 16:07 <DIR> d-------- c:\programmi\NVIDIA Corporation
2009-03-06 16:07 . 2009-03-06 16:07 <DIR> d-------- c:\programmi\File comuni\NVIDIA Shared
2009-03-06 16:07 . 2005-04-04 18:59 176,128 --a------ c:\windows\system32\nvumpu.exe
2009-03-06 16:07 . 2005-04-04 18:59 176,128 --a------ c:\windows\system32\nvuaudio.exe
2009-03-06 15:59 . 2009-03-06 15:59 <DIR> d-------- C:\NVIDIA
2009-03-05 20:54 . 2009-03-05 20:54 21,764 --a------ c:\windows\system32\CoreAAC-uninstall.exe
2009-03-04 16:45 . 2009-03-08 16:57 <DIR> d--h----- c:\documents and settings\Antonypax\Application Data\drivers
2009-02-24 18:45 . 2009-02-24 18:48 <DIR> d-------- c:\programmi\AutoCAD 2008
2009-02-24 18:45 . 2009-02-24 18:45 <DIR> d-------- c:\documents and settings\Antonypax\Application Data\Autodesk
2009-02-24 18:45 . 2009-02-24 18:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 19:22 --------- d-----w c:\documents and settings\Antonypax\Application Data\Skype
2009-03-08 18:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-08 16:02 --------- d-----w c:\documents and settings\Antonypax\Application Data\skypePM
2009-03-08 15:21 --------- d-----w c:\programmi\ESET
2009-03-08 08:55 --------- d-----w c:\programmi\File comuni\Autodesk Shared
2009-03-06 22:28 --------- d-----w c:\programmi\Desktop XP
2009-03-06 21:14 --------- d-----w c:\programmi\Windows Live Safety Center
2009-03-06 15:07 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-27 13:30 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-25 21:34 --------- d-----w c:\documents and settings\Antonypax\Application Data\gtk-2.0
2009-02-24 17:44 --------- d-----w c:\programmi\Autodesk
2009-02-22 22:26 --------- d-----w c:\documents and settings\Antonypax\Application Data\LimeWire
2009-02-21 10:30 --------- d-----w c:\programmi\iHabbix V3
2009-02-11 11:38 --------- d-----w c:\programmi\Messenger Plus! Live
2009-01-17 22:21 --------- d-----w c:\programmi\File comuni\Alias Shared
2009-01-17 22:18 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2009-01-10 23:30 --------- d-----w c:\programmi\File comuni\DAZ
2009-01-10 23:17 --------- d-----w c:\programmi\DAZ
2009-01-09 17:00 --------- d-----w c:\programmi\Google
2008-12-25 21:50 31,334,932 -c--a-w c:\programmi\Windows Live.zip
2008-08-23 15:07 2,075 -c--a-w c:\documents and settings\Antonypax\Application Data\SAS7_000.DAT
2008-02-20 00:29 22 -csha-w c:\windows\SMINST\HPCD.sys
2008-08-25 12:25 88 -csh--r c:\windows\system32\E3BFE33ED7.sys
2008-08-25 12:42 3,452 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-10 19:24 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008091020080911\index.dat
.

------- Sigcheck -------

2008-04-14 03:14 978432 3d46c53ca961c49272037f98807537bd c:\windows\explorer.exe
2007-06-13 14:10 1035776 b4e85805be6d23de697f7b3ba7492d0b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-04-11 05:00 976896 cb74a931e8ea461edebabf8a91c9cc11 c:\windows\$NtServicePackUninstall$\explorer.exe
2006-04-11 05:00 1034752 d009e427de2e129ff87b03d87f349c73 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:14 978432 3d46c53ca961c49272037f98807537bd c:\windows\ServicePackFiles\i386\explorer.exe

2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-08_17.10.23.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-08 19:54:01 16,384 ----atw c:\windows\temp\Perflib_Perfdata_21c.dat
+ 2009-03-08 19:54:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_43c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-18 5724184]
"Dancer"="c:\programmi\Windows Plus\Dancer\Dancer.exe" [2004-08-10 188416]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"ManyCam"="h:\programmi\ManyCam 2.3\ManyCam.exe" [2008-08-19 1725736]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WebcamMaxMoniter"="h:\programmi\WebcamMax\CAMTHINS.exe" [2006-07-20 73728]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ulead AutoDetector v2"="c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe" [2009-03-08 90112]
"UVS10 Preload"="h:\programmi\File comuni\uvPL.exe" [2006-03-07 36864]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"NVMixerTray"="c:\programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Antonypax\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - h:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - h:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]

c:\documents and settings\CODY\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - h:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]

c:\documents and settings\PATTY\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - h:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tbjqft.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.mjpg"= Pvmjpg21.dll
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.PIM1"= pclepim1.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"h:\\Programmi\\Programs\\RM.exe"=
"h:\\Programmi\\Programs\\PMSRegisterFile.exe"=
"h:\\Programmi\\Programs\\umi.exe"=
"h:\\Programmi\\Programs\\VideoSpin.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"h:\\Programmi\\Programs\\Studio.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R2 CachemanXPService;CachemanXP;h:\programmi\CachemanXP\CachemanXP.exe [2009-01-17 244736]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-06-06 61952]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2006-07-03 242736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RMCDRWFV;RMCDRWFV;c:\docume~1\ANTONY~1\IMPOST~1\Temp\RMCDRWFV.exe -->

c:\docume~1\ANTONY~1\IMPOST~1\Temp\RMCDRWFV.exe [?]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys -->

c:\windows\system32\drivers\ScreamingBAudio.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7940f16e-652b-11dd-af14-001636b39327}]
\Shell\AutoRun\command - G:\ClickMe.exe
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/webhp?rls=ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 20:55:43
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@?????????????`?@?????L?@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1387477-214851956-2962684071-1005\Software\SecuROM\License information*]
"datasecu"=hex:2b,38,11,c6,d2,4e,8f,be,f0,b2,2d,4f,e7,d2,cd,ff,a7,88,dc,d6,60,
52,e6,6d,09,89,98,2b,ef,8f,99,55,e6,f9,17,51,79,90,9f,75,8e,d0,b5,62,4c,5f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5d,11,df,0d,10,
6f,84,29,c8,28,51,af,b0,29,a3,98,3a,7c,46,41,a5,62,bf,7d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,92,b7,2e,96,b0,
eb,9a,83,71,3b,04,66,8b,46,0d,96,47,95,f2,fa,18,43,93,b5,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,29,b6,85,2b,6f,
7e,99,b7,25,da,ec,7e,55,20,c9,26,9a,1f,06,e4,d7,f1,47,f3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,fe,69,70,06,
27,71,e8,3e,1e,9e,e0,57,5a,93,61,9b,f2,1a,f9,db,96,6e,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,1b,4e,94,52,7e,
63,9b,53,cd,44,cd,b9,a6,33,6c,cd,bb,e5,07,1f,5a,e2,d2,11,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2f,79,9e,d7,f1,
b1,79,1c,b0,18,ed,a7,3f,8d,37,a4,e5,f7,a0,7a,a4,b1,6c,88,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,61,48,68,35,09,
96,13,8c,31,77,e1,ba,b1,f8,68,02,d2,2e,df,c8,21,9a,2c,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,a3,60,da,1b,94,
73,a2,39,83,6c,56,8b,a0,85,96,ab,a3,40,fe,d8,c5,e1,36,d4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d3,ff,3b,8b,65,
61,5a,9b,51,fa,6e,91,28,9e,14,cc,cf,8b,1e,8f,c7,8d,c7,d4,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d9,03,ac,5b,27,
8f,af,88,b1,cd,45,5a,a8,c4,f8,b9,4a,aa,10,b0,2f,2e,d9,f6,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e2,d6,83,1e,97,
d3,8b,7b,e3,0e,66,d5,eb,bc,2f,6b,d9,f0,a5,56,1c,b7,81,ee,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,ac,31,73,e2,5b,
1b,f6,9c,fa,ea,66,7f,d4,3b,6b,70,08,1e,e0,38,d9,e1,a0,64,6c,43,2d,1e,aa,22,\
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\msdtc.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Windows Media Player\wmpnetwk.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\rundll32.exe
c:\programmi\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\HP\Digital Imaging\bin\hpqste08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
c:\programmi\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-08 21:01:32 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-08 20:01:30
ComboFix2.txt 2009-03-08 16:19:16

Pre-Run: 54.750.990.336 byte disponibili
Post-Run: 54,728,740,864 byte disponibili

372 --- E O F --- 2009-02-26 22:10:51

da **Antonypax** » dom mar 08, 2009 11:06 pm

Amantide ha scritto:
stevens ha scritto:@ Antonypax

se vuoi continuare, puoi usare elibagla come ti ho suggerito all'inizio della discussione-

Non ce ne più bisogno, visto che i file relativi al Bagle sono stati già rimossi.

@ Antonypax

Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.
Codice: Seleziona tutto
File:: c:\documents and settings\Antonypax\eltnhiqo.exe c:\documents and settings\Antonypax\vhnifcjd.exe c:\documents and settings\Antonypax\xqfnfokf.exe c:\documents and settings\Antonypax\vjyshqqu.exe c:\documents and settings\Antonypax\hlwuwpdf.exe c:\documents and settings\Antonypax\zzdhxzvw.exe c:\documents and settings\Antonypax\tfyqzuah.exe c:\documents and settings\Antonypax\dtmzkrrz.exe c:\documents and settings\Antonypax\fdetmdap.exe c:\documents and settings\Antonypax\xwlthquy.exe c:\documents and settings\Antonypax\ekheodud.exe c:\documents and settings\Antonypax\lobkqfpr.exe c:\documents and settings\Antonypax\ywtukgrw.exe c:\documents and settings\Antonypax\ppoxrnfb.exe c:\documents and settings\Antonypax\xfajvpgj.exe c:\documents and settings\Antonypax\olecuzak.exe c:\documents and settings\Antonypax\smtqyzvs.exe c:\documents and settings\Antonypax\pgrduvwy.exe c:\documents and settings\Antonypax\rslxkbnu.exe c:\documents and settings\Antonypax\hgjuaefu.exe c:\documents and settings\Antonypax\dzswyzlw.exe c:\documents and settings\Antonypax\pwsimtiy.exe c:\documents and settings\Antonypax\uhqkxngl.exe c:\documents and settings\Antonypax\apczvrpo.exe c:\documents and settings\Antonypax\gbbghcfe.exe c:\documents and settings\Antonypax\xtjikdhe.exe c:\documents and settings\Antonypax\gdsnusmu.exe c:\documents and settings\Antonypax\vmaiqlme.exe c:\documents and settings\Antonypax\sexgwzwt.exe c:\documents and settings\Antonypax\yqvxexen.exe c:\documents and settings\Antonypax\zbeloqnk.exe c:\documents and settings\Antonypax\ppmnuquv.exe c:\documents and settings\Antonypax\uahgvpnw.exe c:\documents and settings\Antonypax\wwrxbvgn.exe c:\documents and settings\Antonypax\kcgxngjn.exe c:\documents and settings\Antonypax\fcbupqrh.exe c:\documents and settings\Antonypax\rjyemahs.exe c:\documents and settings\Antonypax\nkgaxbwy.exe c:\documents and settings\Antonypax\rkozfzud.exe c:\documents and settings\Antonypax\hcpltqle.exe c:\documents and settings\Antonypax\ctnkvjxp.exe c:\documents and settings\Antonypax\ynphplof.exe c:\documents and settings\Antonypax\mubkejjv.exe c:\documents and settings\Antonypax\zqmgkrbf.exe c:\documents and settings\Antonypax\ndclskij.exe c:\documents and settings\Antonypax\wbgciwfs.exe c:\documents and settings\Antonypax\whrbpwoq.exe c:\documents and settings\Antonypax\prxsxcih.exe c:\documents and settings\Antonypax\tptjyjem.exe c:\documents and settings\Antonypax\xvgudavv.exe c:\documents and settings\Antonypax\zjawtfwr.exe c:\documents and settings\Antonypax\eltgnfai.exe c:\documents and settings\Antonypax\tperlkrd.exe c:\documents and settings\Antonypax\xbfqzwpz.exe c:\documents and settings\Antonypax\jiminsnq.exe c:\documents and settings\Antonypax\dgzrmost.exe c:\documents and settings\Antonypax\falziijw.exe c:\documents and settings\Antonypax\pvtfpcgi.exe c:\documents and settings\Antonypax\nglnvjiv.exe c:\documents and settings\Antonypax\ptjqyzgy.exe c:\documents and settings\Antonypax\zvmviwka.exe c:\documents and settings\Antonypax\qpdltuqv.exe c:\documents and settings\Antonypax\oehgchol.exe c:\documents and settings\Antonypax\tfogevqe.exe c:\documents and settings\Antonypax\uuugkfdw.exe c:\documents and settings\Antonypax\vuzztzov.exe c:\documents and settings\Antonypax\yzlnansu.exe c:\documents and settings\Antonypax\uskresbw.exe c:\documents and settings\Antonypax\swvcfuom.exe c:\documents and settings\Antonypax\Application Data\wklnhst.dat c:\documents and settings\Default\cesqmvln.exe c:\documents and settings\Default\Application Data\wklnhst.dat c:\windows\system32\tbjqft.dll Folder:: C:\Documents and Settings\Antonypax\Impostazioni locali\temp

Ora trascina il file CFScript.txt sull'icona di ComboFix (possibilmente dalla modalità provvisoria). Aspetta il termine della scansione e posta il nuovo log di Combofix.

Fai anche la scansione completa con Malwarebytes' Anti-Malware e posta qui il report della scansione.

Malwarebytes' Anti-Malware 1.34
Versione del database: 1827
Windows 5.1.2600 Service Pack 3

08/03/2009 23.08.37
mbam-log-2009-03-08 (23-08-16).txt

Tipo di scansione: Scansione completa (C:\|H:\|)
Elementi scansionati: 368542
Tempo trascorso: 1 hour(s), 55 minute(s), 58 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 20

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP233\A0060086.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP233\A0060125.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP234\A0060181.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP234\A0060233.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP234\A0060264.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP234\A0060323.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP234\A0060292.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP236\A0060634.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP236\A0060880.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP236\A0060970.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP237\A0061053.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP237\A0064438.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP237\A0064552.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP238\A0064587.exe (Rootkit.Dropper) -> No action taken.
C:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP238\A0064708.sys (Rootkit.Bagle) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\Antonypax\Application Data\drivers\srosa2.sys.vir (Rootkit.Bagle) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down\304281.exe.vir (Rootkit.Dropper) -> No action taken.
H:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP237\A0061707.exe (Trojan.Dropper) -> No action taken.
H:\System Volume Information\_restore{24E79716-F0B0-4755-B863-29B97FEC1C3C}\RP237\A0061708.dll (Adware.PlayMp3z) -> No action taken.
C:\WINDOWS\Fonts\bleeding_cowboys.zip (Worm.Archive) -> No action taken.

Malwarebytes
Li elimino?

da **lorenaino** » lun mar 09, 2009 7:59 am

ciao,scusa le domande: hai disattivato il ripristino configurazione di sistema?
Hai rimosso quello che ti ha trovato Malwarebytes'?
[:)]

da **[Claudio]** » lun mar 09, 2009 10:38 am

@ Antony, se continui cosi non riusciamo a venirne fuori.
In un mio post precedente ti avevo suggerito, tra le diverse cose, di disabilitare il Ripristino Configiurazione di Sistema (cosa che non hai fatto).
Torna un attimo indietro e ripeti i tutti i passaggi che ti avevo suggerito.
Dopo aver eseguito quella parte, riesegui una scansione con Combofix accedendo al sistema in modalità provvisoria con l'account Amministratore ed allega il nuovo log che verrà rilasciato.
Ripeti anche una nuova scansione con Malwarebytes dopo averlo aggiornato [allega il log che verrà rilasciato] ed allega il log di Hijackthis [che devi eseguire dopo le scansioni].

www.MegaLab.it

ho un bagle (credo) come faccio a toglierlo?

ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Re: ho un bagle (credo) come faccio a toglierlo?

Chi c’è in linea