Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Credo avere BAGLE

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Credo avere BAGLE

Messaggioda raffius » mer ago 05, 2009 11:01 am

Non mi funzionano più l'antivirus e vari programmi di rimozione virus.
Qualcuno mi può aiutare?
Questo è il log di combofix

ComboFix 09-08-04.01 - Raffaele 04/08/2009 19.04.05.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3067.2189 [GMT 2:00]
Eseguito da: c:\virus\ComboFix.exe
AV: F-Secure Client Security 8.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Muestras
c:\programmi\Hewlett-Packard\IAM\bin\brand.dll
c:\windows\Installer\00193120.msi
c:\windows\system32\ftx32.dll
c:\windows\system32\system_euroe.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_111111S1RO1S1A
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Creati Da 2009-07-04 al 2009-08-04 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 17:30 . 2009-07-17 14:30 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\Desktop Sidebar
2009-08-04 17:28 . 2009-04-24 16:47 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\stickies
2009-08-04 17:22 . 2009-04-24 16:48 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\Skype
2009-08-04 17:18 . 2009-04-29 11:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\VMware
2009-08-04 16:52 . 2009-08-04 08:45 -------- d-----w- c:\programmi\Stellar Phoenix File Recovery
2009-08-04 15:23 . 2009-08-04 10:16 80660 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-04 15:23 . 2009-08-04 10:16 6613024 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-04 14:38 . 2009-08-04 14:36 -------- d-----w- c:\programmi\EsetOnlineScanner
2009-08-04 14:14 . 2009-04-24 16:48 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\skypePM
2009-08-04 09:17 . 2009-08-04 09:17 -------- d-----w- c:\programmi\Trend Micro
2009-08-04 08:46 . 2009-08-04 08:46 4 ----a-w- c:\windows\vx86036.dat
2009-08-04 07:19 . 2009-04-27 09:15 -------- d-----w- c:\programmi\F-Secure
2009-08-03 18:12 . 2009-08-03 18:12 -------- d-----w- c:\programmi\FinalData
2009-08-03 17:30 . 2009-04-27 08:57 -------- d-----w- c:\programmi\UltraVNC
2009-08-03 07:13 . 2009-04-26 14:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-07-31 08:42 . 2009-04-24 12:40 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\ntr
2009-07-29 17:31 . 2009-05-20 12:43 -------- d-----w- c:\programmi\vanBasco's Karaoke Player
2009-07-27 21:20 . 2009-07-27 21:20 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\InterVideo
2009-07-25 01:36 . 2009-07-25 01:29 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\Any Video Converter
2009-07-25 01:29 . 2009-07-25 01:29 -------- d-----w- c:\programmi\Any Video Converter
2009-07-21 12:41 . 2009-04-29 12:45 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\VMware
2009-07-21 12:37 . 2006-03-02 11:00 580930 ----a-w- c:\windows\system32\perfh010.dat
2009-07-21 12:37 . 2006-03-02 11:00 120346 ----a-w- c:\windows\system32\perfc010.dat
2009-07-20 21:07 . 2009-04-23 08:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-07-20 12:31 . 2009-04-24 17:09 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\FileZilla
2009-07-17 14:30 . 2009-07-17 14:30 -------- d-----w- c:\programmi\Desktop Sidebar
2009-07-17 14:29 . 2009-04-28 13:29 -------- d-----w- c:\programmi\Windows Sidebar
2009-07-15 10:30 . 2009-07-15 10:30 -------- d-----w- c:\programmi\Merge eFilm
2009-07-09 06:21 . 2009-04-27 09:16 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-07-03 13:29 . 2009-04-24 16:25 -------- d-----w- c:\programmi\JobControl
2009-06-29 15:55 . 2006-03-02 11:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2006-03-02 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2006-03-02 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-26 13:38 . 2009-04-23 07:43 98008 ----a-w- c:\documents and settings\Raffaele\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-22 16:49 . 2009-05-01 16:20 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\Nero
2009-06-22 13:22 . 2009-06-22 13:22 -------- d-----w- c:\programmi\HiT Software
2009-06-22 07:41 . 2009-06-08 08:14 -------- d-----w- c:\programmi\Sistemi
2009-06-22 07:27 . 2009-06-22 07:27 -------- d-----w- c:\programmi\Fortinet
2009-06-18 13:26 . 2009-06-18 13:23 -------- d-----w- c:\documents and settings\Raffaele\Dati applicazioni\U3
2009-06-16 14:36 . 2006-03-02 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-03-02 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 16:01 . 2009-04-27 07:31 -------- d-----w- c:\programmi\Windows Desktop Search
2009-06-08 14:24 . 2009-06-08 08:28 243195 ----a-w- C:\DS_RAFFAELE-HP.ZIP
2009-06-08 08:11 . 2009-06-08 08:10 -------- d-----w- c:\programmi\File comuni\Pervasive Software Shared
2009-06-06 09:12 . 2009-06-06 09:12 -------- d-----w- c:\programmi\Replay Converter 3
2009-06-03 19:09 . 2006-03-02 11:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 15:30 . 2009-06-02 15:30 137 ----a-w- c:\documents and settings\Raffaele\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-05-26 09:07 . 2009-05-26 09:07 84952 ----a-w- c:\windows\system32\OnlineScannerUninstaller.exe
2009-05-26 09:07 . 2009-05-26 09:07 117912 ----a-w- c:\windows\system32\OnlineScannerLang.dll
2009-05-26 09:07 . 2009-05-26 09:07 262112 ----a-w- c:\windows\system32\OnlineScannerDLLA.dll
2009-05-26 09:07 . 2009-05-26 09:07 245632 ----a-w- c:\windows\system32\OnlineScannerDLLW.dll
2009-05-26 09:07 . 2009-05-26 09:07 146752 ----a-w- c:\windows\system32\lnod32umc.dll
2009-05-26 09:07 . 2009-05-26 09:07 113792 ----a-w- c:\windows\system32\lnod32upd.dll
2009-05-26 09:07 . 2009-05-26 09:07 233352 ----a-w- c:\windows\system32\lnod32apiW.dll
2009-05-26 09:07 . 2009-05-26 09:07 204512 ----a-w- c:\windows\system32\lnod32apiA.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-12 13:12 . 2009-04-22 09:57 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2006-03-02 11:00 347648 ----a-w- c:\windows\system32\localspl.dll
2008-04-13 17:14 . 2006-03-02 11:00 362625 --sh--r- c:\windows\system32\jvjrvt.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"MoneyAgent"="c:\programmi\Microsoft Money\System\Money Express.exe" [1999-08-03 122944]
"Google Update"="c:\documents and settings\Raffaele\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-04-26 133104]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-26 39408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"SIDEBAR"="c:\programmi\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\programmi\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"picon"="c:\programmi\File comuni\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-02 367128]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-18 82224]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2008-10-09 27176]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"accrdsub"="c:\programmi\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-07-08 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-18 24848]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2008-06-03 65536]
"hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"WatchDog"="c:\programmi\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-23 148888]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2008-10-16 1044480]
"Client Access Service"="c:\programmi\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"F-Secure Manager"="c:\programmi\F-Secure\Common\FSM32.EXE" [2009-08-04 182936]
"F-Secure TNB"="c:\programmi\F-Secure\FSGUI\TNBUtil.exe" [2009-08-04 1182304]
"VMware hqtray"="c:\programmi\VMware\VMware Player\hqtray.exe" [2009-03-26 64048]
"EpsonAPD4SV"="c:\programmi\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE" [2008-09-16 210304]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Raffaele\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Stickies.lnk - c:\programmi\Stickies\stickies.exe [2008-8-28 765952]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
DVD Check.lnk - c:\programmi\InterVideo\DVD Check\DVDCheck.exe [2009-4-22 197904]
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\w3dbsmgr.exe [2009-6-8 106546]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 14:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 14:08 281088 ----a-w- c:\programmi\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-06-18 12:05 126736 ----a-w- c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-04-21 09:48 69632 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\File comuni\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\ZyXEL\\ZyWALL VPN Client\\IreIKE.exe"=
"c:\programmi\ZyXEL\ZyWALL VPN Client\ViewLog.exe"= c:\programmi\ZyXEL\ZyWALL VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\programmi\ZyXEL\ZyWALL VPN Client\CmonApp.exe"= c:\programmi\ZyXEL\ZyWALL VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\programmi\ZyXEL\ZyWALL VPN Client\vpn.exe"= c:\programmi\ZyXEL\ZyWALL VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [27/04/2009 11.16.42 33920]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [11/07/2008 14.50.18 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [11/07/2008 14.50.26 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [11/07/2008 14.50.22 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [22/04/2009 11.57.58 24064]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmi\F-Secure\HIPS\drivers\fshs.sys [27/04/2009 11.16.26 67808]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [22/05/2009 10.36.21 136760]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [11/07/2008 14.50.20 12496]
R2 accoca;ActivClient Middleware Service;c:\programmi\ActivIdentity\ActivClient\accoca.exe [15/05/2007 16.08.40 182576]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [02/03/2006 13.00.00 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\programmi\Fingerprint Sensor\AtService.exe [12/06/2008 12.21.06 1164536]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [22/05/2009 10.36.19 536634]
R2 EpsonPOSLog;Epson Point of Service Log Service;c:\programmi\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe [24/01/2009 1.23.50 290816]
R2 EpsonPOSPort;Epson Point of Service Port Handler;c:\programmi\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe [07/05/2009 16.17.17 376832]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [09/03/2009 16.07.18 518688]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [08/07/2008 18.18.32 19968]
R2 HpFkCryptService;Drive Encryption Service;c:\programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [11/07/2008 14.49.40 256512]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [01/08/2007 18.04.34 203843]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programmi\File comuni\Intel\Privacy Icon\UNS\UNS.EXE [22/04/2009 12.03.40 2058776]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26/03/2009 22.58.38 54960]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [22/04/2009 12.01.03 93696]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [12/06/2008 14.40.50 477696]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [22/04/2009 12.19.25 193840]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [22/05/2009 10.14.42 36188]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [22/04/2009 12.14.47 243856]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [01/08/2007 18.02.22 25240]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [01/08/2007 18.03.40 76440]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [03/02/2009 12.43.38 36384]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [22/04/2009 12.14.10 47616]
S0 nxemkdvo;nxemkdvo;c:\windows\system32\drivers\dcpwgm.sys --> c:\windows\system32\drivers\dcpwgm.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [02/03/2006 13.00.00 14336]
S2 gupdate1c9c67c6e3d6432;Servizio di Google Update (gupdate1c9c67c6e3d6432);c:\programmi\Google\Update\GoogleUpdate.exe [26/04/2009 16.36.47 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmi\File comuni\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 5.46.20 284016]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [22/04/2009 13.58.38 32256]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmi\F-Secure\Anti-Virus\minifilter\fsgk.sys [27/04/2009 11.16.18 99960]
S3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [21/04/2008 13.27.58 349432]
S3 FSORSPClient;F-Secure ORSP Client;c:\programmi\F-Secure\ORSP Client\fsorsp.exe [27/04/2009 11.16.26 55904]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [01/08/2007 18.03.46 20632]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [01/08/2007 18.03.52 21656]
S3 RoxMediaDB10;RoxMediaDB10;c:\programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 14.12.50 1112560]
S3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\drivers\TMUSBXP.sys [07/05/2009 16.17.32 48384]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmi\F-Secure\Anti-Virus\win2k\fsfilter.sys [27/04/2009 11.16.18 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmi\F-Secure\Anti-Virus\win2k\fsrec.sys [27/04/2009 11.16.18 25184]
S4 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [27/04/2009 11.16.35 79936]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - WUDFPF
*NewlyCreated* - WUDFSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-04 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 14:32]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = socks=169.0.0.19:1080
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\programmi\F-Secure\FSPS\program\FSLSP.DLL
LSP: c:\programmi\VMware\VMware Player\vsocklib.dll
Trusted Zone: oggisposifelici.it\www
Trusted Zone: profisaz.it
Trusted Zone: profisweb.it
Trusted Zone: sistemi.com
Trusted Zone: sistemi.net
TCP: {6C40F3EA-D297-40D5-A2C2-C58F891E6EED} = 10.99.99.118,10.99.99.111,10.0.0.123
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 19:19
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe? ?????????????????????????|?M?|?????M?|??@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,7e,20,1a,e5,0f,
20,8d,98,2e,e8,e1,00,eb,16,2b,de,89,d0,e5,4e,1a,52,94,02,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,54,79,54,8a,c0,
e3,08,f5,46,47,15,b0,92,4b,c7,ef,2b,10,43,57,f9,41,53,67,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c9,75,91,61,8f,
2e,cb,62,7a,45,05,fd,91,e8,6f,31,b2,bc,0f,63,5e,a9,19,62,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,aa,4a,f7,48,39,
97,57,d7,6b,65,49,6a,7e,99,74,f7,08,81,17,66,76,b6,45,32,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c3,6a,47,67,6d,
1e,81,24,e9,02,6c,fa,fb,1d,47,57,6c,d8,c6,b1,a1,40,2e,2f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,90,c3,bc,fe,a0,
97,65,6d,50,93,e5,ab,ec,6a,4e,ab,8e,1b,c6,48,b7,da,94,bb,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f3,f1,5b,87,48,
26,94,35,97,20,4e,9a,c7,f1,35,ee,a7,b5,a5,1e,4b,5f,93,43,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,2f,b1,8e,7f,fa,
3a,68,74,aa,52,c6,00,84,3c,26,64,68,db,8e,e7,35,a0,2d,10,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,d3,8d,05,a9,c9,
bd,86,14,b2,46,9a,e2,1b,fe,1b,94,2d,61,0c,9d,b1,80,4c,78,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,63,5a,0f,9c,1d,
9f,1a,17,37,a4,aa,c3,a6,15,56,0a,63,65,ea,b6,dd,93,ee,e4,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e0,a7,e9,1d,63,
9f,e6,40,f8,31,0f,a9,5f,a0,ec,fb,2c,b9,7f,cf,02,78,26,5e,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,64,62,81,47,46,
c0,0f,f1,05,73,21,dd,54,d8,4a,c5,ba,b8,03,c6,1e,b5,b4,8c,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(380)
c:\programmi\Hewlett-Packard\IAM\bin\ocgina.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ocgina.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ItMsg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\HPPlugIn.dll
c:\windows\system32\sxs.dll
c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
c:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_it_b77a5c561934e089\System.Xml.resources.dll
c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
c:\windows\system32\msi.dll
c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll
c:\programmi\F-Secure\FSPS\program\FSLSP.DLL
c:\programmi\Hewlett-Packard\Drive Encryption\Languages\0010\SbHpFve.lng
c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll
c:\windows\system32\acomx.dll
c:\windows\system32\aclog.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\aspcom.dll
c:\programmi\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\programmi\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\acbsi21.dll
c:\programmi\Hewlett-Packard\DeviceAccessManager\0010\PTDMLiteResource.dll
c:\windows\system32\flcdlmsg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\AsChnl.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\programmi\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\NetAdmin.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItTal.dll
c:\windows\system32\Ati2evxx.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItDac.DLL
c:\programmi\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\programmi\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\BioAuth.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ASBioATFSS.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ittalsnap.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ittalsnap.dll
c:\programmi\Bonjour\mdnsNSP.dll
c:\programmi\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\AuthWiz.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\TpmAuth.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\TokenAuth.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItAuth.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\WININET.dll
c:\programmi\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\programmi\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\programmi\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\programmi\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItAPS.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ItAPS.dll
c:\windows\system32\APSHook.dll

- - - - - - - > 'lsass.exe'(436)
c:\programmi\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\programmi\F-Secure\FSPS\program\FSLSP.DLL
c:\programmi\Bonjour\mdnsNSP.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.exe'(2108)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programmi\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\WIDCOMM\Bluetooth Software\btkeyind.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\ZyXEL\ZyWALL VPN Client\IPSecMon.exe
c:\programmi\ZyXEL\ZyWALL VPN Client\IreIKE.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\ActiveXperts\Network Monitor\AxsNmSvc.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\programmi\F-Secure\common\FSMA32.EXE
c:\programmi\F-Secure\common\FSMB32.EXE
c:\programmi\F-Secure\common\FCH32.EXE
c:\programmi\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\F-Secure\Anti-Virus\fsqh.exe
c:\programmi\F-Secure\common\FAMEH32.EXE
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\programmi\Intel\AMT\LMS.EXE
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\vmnetdhcp.exe
c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\programmi\F-Secure\common\FNRB32.exe
c:\programmi\F-Secure\common\FIH32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\ActivIdentity\ActivClient\acevents.exe
c:\programmi\Hewlett-Packard\IAM\Bin\asghost.exe
c:\programmi\ActivIdentity\ActivClient\acevents.exe
c:\programmi\Hewlett-Packard\Shared\HpqToaster.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\WudfHost.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-04 19.32.31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-04 17:32

Pre-Run: 19.766.722.560 byte disponibili
Post-Run: 19.585.880.064 byte disponibili

475 --- E O F --- 2009-07-31 09:25
Avatar utente
raffius
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: mer ago 05, 2009 10:47 am
Top

Re: Credo avere BAGLE

Messaggioda ste_95 » mer ago 05, 2009 11:45 am

C'è una bella quantità di file dubbi. Fai la scansione online con Kaspersky e posta il log, così sfatiamo ogni dubbio. [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Re: Credo avere BAGLE

Messaggioda raffius » gio ago 06, 2009 4:46 pm

questo è il log di Kaspersky
http://www.megaupload.com/?d=8Z22HGRC
Avatar utente
raffius
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: mer ago 05, 2009 10:47 am
Top
Top

Re: Credo avere BAGLE

Messaggioda Amantide » gio ago 06, 2009 5:03 pm

Questi devi eliminare per evitare di riprendere il Bagle, e cerca in futuro di fare la scansione dei file sospetti sul www.virustotal.com prima di eseguirli.

C:\Documents and Settings\Raffaele\Documenti\Documenti_Vecchia Installazione\eMule Downloads\Incoming\Advanced_Access_Repair_1.2.zip Infected: Trojan-Downloader.Win32.Bagle.afn 1

C:\Documents and Settings\Raffaele\Documenti\Documenti_Vecchia Installazione\eMule Downloads\Incoming\Advanced_Access_Repair_1.2_(Patch).zip Infected: Trojan-Downloader.Win32.Bagle.afn 1

C:\Documents and Settings\Raffaele\Documenti\Documenti_Vecchia Installazione\eMule Downloads\Incoming\SCGrid_6.07\SCGrid_6.07.0xe Infected: Trojan-Downloader.Win32.Bagle.abo 1

C:\Documents and Settings\Raffaele\Documenti\Documenti_Vecchia Installazione\eMule Downloads\Incoming\SCGrid_6.07.zip Infected: Trojan-Downloader.Win32.Bagle.abo 1

C:\Programmi\eMule\Incoming\AccessFIX Data Recovery 5.57.zip Infected: Trojan-Downloader.Win32.Bagle.bai 1

C:\Programmi\eMule\Incoming\Stellar Phoenix Deleted File Recovery 3.0.zip Infected: Trojan-Downloader.Win32.Bagle.bai 1

C:\Programmi\eMule\Incoming\ZD Soft Video Recorder 1.0 Crack.zip


Elimina anche questo allegato email:

C:\Documents and Settings\Raffaele\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\archivio raffaele.pst Infected: Trojan-Downloader.Win32.VB.ft 1


Questo programma invece dovrai reinstallare, perché il suo eseguibile è infetto (che è ovviamente da eliminare):

C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe


Nel log di Hijackthis si vede comunque un po' di roba strana.
Intanto per i residui di Bagle scarica FindyKill (by Chiquitine29)ed installalo (è in francese però è di facile comprensione).
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt

Poi reinstalla un decente antivirus, per esempio Avira, ed esegui la scansione completa dalla modalità provvisoria.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: Credo avere BAGLE

Messaggioda raffius » ven ago 07, 2009 9:30 am

Fatto come detto.
Questo è il log di FindyKill.

############################## | FindyKill V5.005 |

# User : Raffaele (Administrators) # RAFFAELE-HP
# Update on 27/07/09 by Chiquitine29
# Start at: 18.45.14 | 06/08/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Processore Intel Pentium III Xeon
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : F-Secure Client Security 8.01 8.01 [ Enabled | Updated ]
# FW : F-Secure Client Security 8.01[ Enabled ]8.01

# C:\ # Disco rigido locale # 78,13 Go (18,58 Go free) # NTFS
# D:\ # Disco rigido locale # 97,65 Go (1,29 Go free) # NTFS
# E:\ # Disco rigido locale # 57,09 Go (36,76 Go free) [Volume] # NTFS
# F:\ # Disco CD-ROM
# H:\ # Disco CD-ROM
# S:\ # Connessione di rete
# T:\ # Connessione di rete
# V:\ # Connessione di rete

############################## | Active Processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ZyXEL\ZyWALL VPN Client\IPSecMon.exe
C:\Programmi\ZyXEL\ZyWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\ActiveXperts\Network Monitor\AxsNmSvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmi\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
C:\Programmi\F-Secure\Common\FSMA32.EXE
C:\Programmi\F-Secure\Common\FSMB32.EXE
C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Programmi\F-Secure\Common\FCH32.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\F-Secure\Common\FAMEH32.EXE
C:\Programmi\F-Secure\Anti-Virus\fsqh.exe
C:\Programmi\Intel\AMT\LMS.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Intel\Privacy Icon\UNS\UNS.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Programmi\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\F-Secure\Common\FIH32.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hewlett-Packard\IAM\Bin\AsGHost.exe

################## | C: |


################## | C:\WINDOWS |


################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\Raffaele\Dati applicazioni |


################## | C:\Documents and Settings\Administrator\Application Data |


################## | C:\Documents and Settings\Administrator.DATAPROGET\Application Data |


################## | Other ... |


################## | Temporary Internet Files |


################## | Registry / Infected keys |

Deleted ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]

################## | State / Service / Information |

# Safe boot mode : OK


# Showing of hidden files : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | PEH ... |

Corrupted : C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
[Offset = 0000012C - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
[Offset = 000000EC - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\common\FSM32.EXE
[Offset = 000000EC - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\FSAUA\program\VirusNews.exe
[Offset = 000000FC - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\FSGUI\fsavgui.exe
[Offset = 0000010C - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\FSGUI\FsDiagUi.exe
[Offset = 000000F4 - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\FSGUI\fsguidll.exe
[Offset = 000000FC - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\FSGUI\tnbutil.exe
[Offset = 000000F4 - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\FSMSI\ILAUNCHR.exe
[Offset = 0000010C - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\FSMSI\RunSetup.exe
[Offset = 000000E4 - Value = 0x0001]

Corrupted : C:\Programmi\F-Secure\ORSP Client\fsorsp.exe
[Offset = 000000EC - Value = 0x0001]

Corrupted : C:\Programmi\PowerQuest\PartitionMagic 8.0\DOCS\PM8Flash.exe
[Offset = 000000EC - Value = 0x0001]

Corrupted : C:\Programmi\PowerQuest\PartitionMagic 8.0\DrvMap.exe
[Offset = 00000204 - Value = 0x0001]

Corrupted : C:\Programmi\PowerQuest\PartitionMagic 8.0\pqbw.exe
[Offset = 00000114 - Value = 0x0001]

Corrupted : C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
[Offset = 000000C4 - Value = 0x0001]

Corrupted : C:\Virus\avenger.exe
[Offset = 00000084 - Value = 0x0001]


################## | Cracks / Keygens / Serials |


################## | End of Report # FindyKill V5.005 ! |
Avatar utente
raffius
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: mer ago 05, 2009 10:47 am
Top

Re: Credo avere BAGLE

Messaggioda Amantide » ven ago 07, 2009 3:59 pm

I programmi indicati con la voce Corrupted sono quelli danneggiati da Bagle e devono essere reinstallati. Per il resto la situazione sembra essere Ok.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: Credo avere BAGLE

Messaggioda raffius » ven ago 07, 2009 4:09 pm

Grazie 1000
Avatar utente
raffius
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: mer ago 05, 2009 10:47 am
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising