Pagina 1 di 1

Ancora Bagle32

MessaggioInviato: dom apr 12, 2009 7:35 pm
da gabryc89
Ciao!La mia macchina è infetta da bagle 32 purtroppo seguendo le procedure indicate nel vostro sito non sono riuscito a rimuoverlo.
Il mio pc è hp con processore dual core 2,6Ghz con windows xp home edition.
Non funziona L'avenger neanche la 2° versione e non so come posso rimuoverlo.
Chiedo a voi esperti un aiuto al fine di liberarmi da sta bestia!"!!
Grazie gabry89

Re: Ancora Bagle32

MessaggioInviato: dom apr 12, 2009 7:52 pm
da stevens
ciao
quali programmi hi usato oltre avenger?

prova ad usare questo programma

http://dc108.4shared.com/download/75022 ... 1-de3379fb

Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
Usa solo il tasto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.

Re: Ancora Bagle32

MessaggioInviato: dom apr 12, 2009 9:07 pm
da gabryc89
ecco di seguito il file log di Findykill:


----------------- FindyKill V4.707 ------------------

* User : HP_Proprietario - NOME-80B5784770
* executed from : C:\Programmi\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 22:01:13 the 13/04/2009
* Windows XP - Internet Explorer 6.0.2900.5512


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\HP_Proprietario\Dati applicazioni


»»»» Supression files in C:\DOCUME~1\HP_PRO~1\IMPOST~1\Temp


»»»» Supression files in C:\Documents and Settings\HP_Proprietario\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\HP_Proprietario\Documenti\Musica\hip hop,ita ecc\AlbumArt_{12BB764B-C788-441F-838A-0B649E2AF714}_Large.jpg
Deleted ! - C:\Documents and Settings\HP_Proprietario\Documenti\Musica\hip hop,ita ecc\AlbumArt_{12BB764B-C788-441F-838A-0B649E2AF714}_Small.jpg
Deleted ! - C:\Documents and Settings\HP_Proprietario\Documenti\Musica\metal\simphony X\simphoni x2\Album sconosciuto (21-11-2005 18.24.07)\AlbumArt_{3CD0AF26-886E-4259-BCF5-9746CE9CB647}_Large.jpg
Deleted ! - C:\Documents and Settings\HP_Proprietario\Documenti\Musica\metal\simphony X\simphoni x2\Album sconosciuto (21-11-2005 18.24.07)\AlbumArt_{3CD0AF26-886E-4259-BCF5-9746CE9CB647}_Small.jpg
Deleted ! - C:\Documents and Settings\HP_Proprietario\Documenti\Musica\sigle\COLONNE SONORE FILM E PUBBLICITA' - VARIE -\AlbumArt_{48790A84-AC89-46B3-B648-18544200E380}_Large.jpg
Deleted ! - C:\Documents and Settings\HP_Proprietario\Documenti\Musica\sigle\COLONNE SONORE FILM E PUBBLICITA' - VARIE -\AlbumArt_{48790A84-AC89-46B3-B648-18544200E380}_Small.jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_USERS\S-1-5-21-3042224672-2563900748-1485817555-1008\Software\Ubisoft

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa

D: - Unit… fissa

H: - Unit… CD-ROM

I: - Unit… CD-ROM


+- deleting files :

Deleted ! - D:\info.exe
Not deleted !! - H:\autorun.inf
Not deleted !! - I:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------

Re: Ancora Bagle32

MessaggioInviato: dom apr 12, 2009 9:36 pm
da stevens
qualcosa ha tolto .....se non hai usato combofix e' il momento

scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....(non fare altre manovre duante lo scan, se spariscono le icone dal desktop è del tutto normale)
Un avviso ti segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo o incollalo a un post

Re: Ancora Bagle32

MessaggioInviato: lun apr 13, 2009 10:05 am
da gabryc89
ok ho effettuato la scansione con combofix.
ti allego il risultato:
ComboFix 09-04-13.03 - HP_Proprietario 2009-04-14 10.59.55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1023.573 [GMT 2:00]
Eseguito da: C:\Documents and Settings\HP_Proprietario\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090412-0] *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Creati Da 2009-03-14 al 2009-04-14 )))))))))))))))))))))))))))))))))))
.

2009-04-13 19:57:42 . 2009-04-13 20:03:40 0 d-----w C:\Programmi\FindyKill
2009-04-13 19:40:57 . 2009-04-13 19:40:57 5376 ----a-w C:\WINDOWS\system32\drivers\MS1000.sys
2009-04-13 19:40:22 . 2009-04-13 19:40:57 0 d-----w C:\Programmi\The Cleaner Free
2009-04-12 18:07:45 . 2009-04-12 18:07:45 0 d-----w C:\pippo
2009-04-12 15:35:30 . 2009-04-12 15:36:29 0 d-----w C:\Programmi\Enigma Software Group
2009-04-12 14:50:46 . 2009-04-12 17:23:00 0 d-----w C:\ed91300e6af79e50baa2d841428c
2009-04-11 13:38:41 . 2009-04-11 13:38:41 0 d-----w C:\WINDOWS\system32\drivers\NAV
2009-04-11 13:38:38 . 2009-04-11 13:38:52 0 d-----w C:\Programmi\Norton AntiVirus
2009-04-11 13:38:38 . 2009-04-11 13:38:38 0 d-----w C:\Programmi\Windows Sidebar
2009-04-11 13:15:01 . 2009-04-11 13:35:17 0 d-----w C:\Documents and Settings\All Users\Dati applicazioni\Norton
2009-04-11 13:14:20 . 2009-04-11 13:38:16 0 d-----w C:\Programmi\NortonInstaller
2009-04-11 13:14:20 . 2009-04-11 13:34:36 0 d-----w C:\Documents and Settings\All Users\Dati applicazioni\NortonInstaller
2009-04-11 12:40:19 . 2009-04-11 12:40:19 0 d-----w C:\Programmi\Alwil Software
2009-04-11 12:30:14 . 2009-04-11 12:30:06 737280 ----a-w C:\WINDOWS\iun6002.exe
2009-04-11 12:30:13 . 2009-04-11 12:35:43 0 d-----w C:\spywarebegone
2009-04-11 12:30:10 . 2009-04-11 12:30:10 170 ----a-w C:\WINDOWS\spywarebegone-fullversion-installed.html
2009-04-11 12:24:23 . 2009-04-11 14:03:30 0 d-----w C:\Programmi\Panda Security
2009-04-11 11:58:42 . 2009-04-11 12:34:01 0 d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2009-04-11 11:45:48 . 2009-04-11 12:36:17 0 d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2009-04-11 09:37:19 . 2005-05-03 16:43:28 69632 ----a-w C:\WINDOWS\Alcmtr.exe
2009-04-11 09:18:15 . 2009-04-13 19:08:06 0 d--h--w C:\Documents and Settings\HP_Proprietario\Dati applicazioni\drivers
2009-04-05 18:04:36 . 2009-04-05 18:04:36 0 d-----w C:\Programmi\THQ
2009-03-31 21:52:45 . 2009-04-11 14:52:34 0 d-----w C:\Documents and Settings\HP_Proprietario\Tracing
2009-03-31 21:50:11 . 2009-03-31 21:50:11 0 d-----w C:\Programmi\Microsoft
2009-03-31 21:49:53 . 2009-03-31 21:49:53 0 d-----w C:\Programmi\Windows Live SkyDrive
2009-03-31 21:45:02 . 2009-03-31 21:45:02 0 d-----w C:\Documents and Settings\All Users\Dati applicazioni\Babylon
2009-03-31 21:45:01 . 2009-03-31 21:45:01 0 d-----w C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Babylon
2009-03-31 21:40:51 . 2009-03-31 21:40:51 0 d-----w C:\MsgPlusDebug
2009-03-31 21:26:32 . 2009-03-31 21:26:32 0 d-----w C:\Programmi\File comuni\Windows Live
2009-03-31 21:15:11 . 2009-03-31 21:50:06 0 d-----w C:\Programmi\Windows Live
2009-03-29 17:46:58 . 2009-03-29 17:46:58 0 d-----w C:\Programmi\File comuni\xing shared
2009-03-28 17:50:29 . 2009-04-11 10:38:38 0 d-----w C:\Programmi\YouTube Downloader
2009-03-20 08:10:44 . 2009-03-20 08:10:44 0 d-----w C:\Programmi\LucasArts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 20:04:20 . 2004-12-10 14:24:02 75902 ----a-w C:\WINDOWS\system32\perfc010.dat
2009-04-13 20:04:20 . 2004-12-10 14:24:02 451608 ----a-w C:\WINDOWS\system32\perfh010.dat
2009-04-13 20:03:42 . 2009-04-13 20:01:13 3622 ----a-w C:\FindyKill.txt
2009-04-11 20:17:17 . 2006-06-26 21:14:40 0 d-----w C:\Programmi\File comuni\Symantec Shared
2009-04-11 13:34:01 . 2006-06-26 21:14:50 0 d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2009-04-11 12:34:51 . 2008-12-11 16:07:45 0 d-----w C:\Programmi\Alice ti aiuta
2009-04-11 11:56:48 . 2006-06-26 21:11:24 0 d-----w C:\Programmi\Google
2009-04-11 09:37:19 . 2008-01-28 13:43:40 0 d-----w C:\Programmi\Realtek
2009-03-31 21:15:37 . 2009-01-18 17:10:10 0 d-----w C:\Programmi\MSN Messenger
2009-03-29 17:46:49 . 2006-06-26 20:54:49 0 d-----w C:\Programmi\File comuni\Real
2009-03-29 10:18:36 . 2006-06-26 20:58:10 0 d--h--w C:\Programmi\InstallShield Installation Information
2009-03-16 19:29:30 . 2007-11-25 17:40:41 0 d-----w C:\Programmi\3DO
2009-03-14 14:10:57 . 2007-09-30 16:06:07 0 d-----w C:\Programmi\CachemanXP
2009-03-14 13:51:31 . 2009-03-14 13:51:30 0 d-----w C:\Programmi\DustBuster
2009-03-13 11:50:58 . 2009-02-16 15:02:27 0 d-----w C:\Programmi\Ubisoft
2009-03-04 18:19:52 . 2009-03-04 13:12:43 0 d-----w C:\Programmi\Anno 1701
2009-03-04 13:40:32 . 2009-03-04 13:23:26 0 d-----w C:\Programmi\Fantasy Wars
2009-03-04 13:40:32 . 2009-01-16 14:18:51 0 d-----w C:\Programmi\eMule
2009-03-04 13:38:18 . 2008-12-11 16:56:35 0 d--h--w C:\Programmi\FX Uninstall Information
2009-03-04 13:14:54 . 2009-03-04 13:14:54 271360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2009-03-04 13:14:54 . 2009-03-04 13:14:54 18048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2009-02-21 14:57:25 . 2009-02-21 14:57:25 0 d-----w C:\Documents and Settings\HP_Proprietario\Dati applicazioni\NetMedia Providers
2009-02-21 14:57:24 . 2009-02-21 14:57:24 0 d-----w C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Publish Providers
2009-02-21 14:57:16 . 2009-02-21 14:57:16 0 d-----w C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Sonic Foundry
2009-02-20 10:48:43 . 2007-09-27 14:17:48 21036 -c--atw C:\WINDOWS\system32\SIntfNT.dll
2009-02-20 10:48:43 . 2007-09-27 14:17:48 15132 -c--atw C:\WINDOWS\system32\SIntf32.dll
2009-02-20 10:48:43 . 2007-09-27 14:17:48 12067 -c--atw C:\WINDOWS\system32\SIntf16.dll
2009-02-17 20:54:53 . 2009-02-17 16:39:56 0 d-----w C:\Programmi\Sierra
2009-02-16 14:13:54 . 2009-02-16 14:13:54 268 ---ha-w C:\sqmdata00.sqm
2009-02-16 14:13:54 . 2009-02-16 14:13:54 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-15 19:00:44 . 2009-02-15 10:50:39 0 d-----w C:\Programmi\SIMPLE45J
2009-02-13 19:32:33 . 2009-02-12 20:51:35 0 d-----w C:\Programmi\roma
2009-02-13 13:19:43 . 2009-02-13 13:19:43 0 d-----w C:\Programmi\GameSpy Arcade
2009-02-09 19:22:49 . 2009-02-09 19:21:03 23510720 ----a-w C:\dotnetfx.exe
2009-02-09 14:04:21 . 2004-08-19 04:00:00 1846784 ----a-w C:\WINDOWS\system32\win32k.sys
2009-02-06 16:52:40 . 2009-02-06 16:52:40 49504 ----a-w C:\WINDOWS\system32\sirenacm.dll
2009-02-02 10:59:13 . 2007-09-30 15:27:55 107888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2009-01-18 17:45:18 . 2004-08-19 04:00:00 2864 -c--a-w C:\WINDOWS\system32\winsock.dll
2008-11-12 16:58:48 . 2008-11-12 17:20:09 2955128 ----a-w C:\Programmi\ccsetup213.exe
2008-09-22 21:41:50 . 2008-11-12 17:20:10 6290264 ----a-w C:\Programmi\magicspeedsetup.exe
2008-09-19 18:02:28 . 2008-11-12 17:20:10 603949878 ----a-w C:\Programmi\Microsoft Office 2007 Enterprise Edizione Finale CD (ITA).iso
2008-02-11 09:05:34 . 2008-09-20 17:28:01 388915 ----a-w C:\Programmi\dustbuster2.9.5.1.zip
2007-12-26 22:12:46 . 2007-12-26 22:12:46 0 -c--a-w C:\Documents and Settings\HP_Proprietario\Dati applicazioni\wklnhst.dat
2007-06-17 09:34:00 . 2008-09-20 17:28:00 5917912 ----a-w C:\Programmi\Nero 7 - Mp3Pro Plug-In Encoder Per Convertire Musica In Mp3 Con Nero 7 Premium.rar
2007-04-25 15:43:46 . 2008-09-20 17:27:46 195645 ----a-w C:\Programmi\unlocker1.8.5.exe
2004-12-31 12:51:16 . 2007-11-26 19:05:42 12697600 ----a-w C:\Programmi\Media Player 10.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-13_21.12.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 08:33:39 . 2009-04-14 08:33:39 16384 C:\WINDOWS\temp\Perflib_Perfdata_6dc.dat
- 2004-12-10 14:24:02 . 2009-03-29 10:01:46 75902 C:\WINDOWS\system32\perfc010.dat
+ 2004-12-10 14:24:02 . 2009-04-13 20:04:20 75902 C:\WINDOWS\system32\perfc010.dat
- 2004-12-10 14:24:02 . 2009-03-29 10:01:46 63860 C:\WINDOWS\system32\perfc009.dat
+ 2004-12-10 14:24:02 . 2009-04-13 20:04:20 63860 C:\WINDOWS\system32\perfc009.dat
+ 2009-04-13 19:28:12 . 2009-02-05 20:06:20 51376 C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2009-04-13 19:28:13 . 2009-02-05 20:06:10 23152 C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2009-04-13 19:28:11 . 2009-02-05 20:08:10 94032 C:\WINDOWS\system32\drivers\aswmon2.sys
- 2009-04-11 13:55:38 . 2009-02-05 20:08:19 93296 C:\WINDOWS\system32\drivers\aswmon.sys
+ 2009-04-13 19:28:11 . 2009-02-05 20:08:19 93296 C:\WINDOWS\system32\drivers\aswmon.sys
+ 2009-04-13 19:28:11 . 2009-02-05 20:07:12 20560 C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2009-04-13 19:28:12 . 2009-02-05 20:05:11 26944 C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2009-04-13 19:28:11 . 2009-02-05 20:04:45 97480 C:\WINDOWS\system32\AvastSS.scr
- 2009-04-11 13:55:38 . 2009-02-05 20:04:45 97480 C:\WINDOWS\system32\AvastSS.scr
+ 2009-04-13 19:40:57 . 2009-04-13 19:40:57 5376 C:\WINDOWS\system32\drivers\MS1000.sys
- 2004-12-10 14:24:02 . 2009-03-29 10:01:46 451608 C:\WINDOWS\system32\perfh010.dat
+ 2004-12-10 14:24:02 . 2009-04-13 20:04:20 451608 C:\WINDOWS\system32\perfh010.dat
+ 2004-12-10 14:24:02 . 2009-04-13 20:04:20 405310 C:\WINDOWS\system32\perfh009.dat
- 2004-12-10 14:24:02 . 2009-03-29 10:01:46 405310 C:\WINDOWS\system32\perfh009.dat
+ 2009-04-13 19:28:11 . 2009-02-05 20:07:23 114768 C:\WINDOWS\system32\drivers\aswSP.sys
+ 2009-04-13 19:27:49 . 2009-02-05 20:11:35 1256296 C:\WINDOWS\system32\aswBoot.exe
- 2009-04-11 13:55:13 . 2009-02-05 20:11:35 1256296 C:\WINDOWS\system32\aswBoot.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-19 22:10 7557120]
"NAV"="C:\Programmi\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.5.0.134\InstStub.exe" [2009-04-11 15:38 983344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 22:08 81000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf C:\Programmi\iolo\System Mechanic 5 Professional\

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kaspersky Anti-Hacker.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kaspersky Anti-Hacker.lnk
backup=C:\WINDOWS\pss\Kaspersky Anti-Hacker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 15:18 94208 C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-12-15 18:18 49152 C:\Programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a--c--- 2006-02-15 22:34 249856 C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a--c--- 2005-06-02 08:35 49152 c:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 23:50 221184 C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicSpeedBooster]
--a------ 2007-11-16 15:14 187392 C:\Programmi\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:14 1695232 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrSmartMonitor]
--a--c--- 2006-02-02 09:54 360448 C:\Programmi\PC-Doctor 5 for Windows\PcdSmartMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
-----c--- 2006-02-25 02:46 147456 C:\Programmi\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-12-19 20:05 155648 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-03-29 19:46 198160 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=

R0 pavboot;pavboot; [x]
R1 SASKUTIL;SASKUTIL; [x]
R2 gupdate1c99f4e4afc72f6;Servizio di Google Update (gupdate1c99f4e4afc72f6);C:\Programmi\Google\Update\GoogleUpdate.exe [2009-03-07 19:58 133104]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 22:07 20560]
S2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 19:06 8192]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11 224896]

.
Contenuto della cartella 'Scheduled Tasks'

2009-04-14 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2009-03-07 19:58]

2009-03-30 C:\WINDOWS\Tasks\Servizi Internet.job
- C:\Programmi\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 19:23]

2009-04-13 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?3cd4845a5e31480987250f98f4520a09
IE: Apri in nuova scheda in secondo piano - C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?3cd4845a5e31480987250f98f4520a09
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
FF - ProfilePath - C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\21vzdpqi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
.

Re: Ancora Bagle32

MessaggioInviato: lun apr 13, 2009 10:12 am
da stevens
pe caso hai tagliato la parte iniziale del log?

Re: Ancora Bagle32

MessaggioInviato: lun apr 13, 2009 11:35 am
da stevens
analizza qui ===> http://www.virustotal.com/it/ il file segnato in rosso- ci sono voci discordanti

C:\WINDOWS\iun6002.exe

http://www.threatexpert.com/files/iun6002.exe.html


http://www.prevx.com/filenames/X1548045 ... 2.EXE.html

Re: Ancora Bagle32

MessaggioInviato: lun apr 13, 2009 4:16 pm
da gabryc89
ciao ho eliminato il file iun6002.exe, secondo mcaffe era questo: Win32.LooksLike.Virut
x quanto riguarda il log file non l ho tagliato ho ricontrollato
comunque grazie 1000 x il momento sembra essere tornato tutto apposto
ciao grazie ancora

Re: Ancora Bagle32

MessaggioInviato: lun apr 13, 2009 4:54 pm
da stevens
ciao ho eliminato il file iun6002.exe, secondo mcaffe era questo: Win32.LooksLike.Virut


non ti avevo detto di eliminarlo ma solo di controllarlo, potrebbe essere un falso positivo e se solo mcaffe te lo ha segnalato non e' detto che era infetto........