www.MegaLab.it

da **wolly76** » dom gen 07, 2007 10:53 pm

Ciao qualche giorno fa grazie all'aiuto di amantide (che ringrazio ancora) abbiamo tolto dal mio pc un virus di nome beagle.
Ora mi sono accorto che tra i processi di task manager c'è euna nuova voce che non avevo mai visto: 563495ED.DLL administrator
Mi aiutate a capire cos'è????
Aiutooooooo
grazie ragazzi

da **Amantide** » dom gen 07, 2007 11:16 pm

Ciao Wolly, mi spiace che ci rivediamo in queste circostanze.
Beh, la prassi è quella, si parte con il log di Hijackthis con poi magari proseguire con quelli di Gmer.

da **wolly76** » lun gen 08, 2007 12:55 am

amantide sei un angelo caduto dal cielo...
ti posto qui di seguito i log di hijackthis, gmer rootkit, gmer autostart, poi dimmi cos'altro ti occorre.
Nel frattempo provo ancke a fare una scansione on line con kaspersky.
grazie ciaoooo

Logfile of HijackThis v1.99.1
Scan saved at 23.34.37, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\system32\WgaTray.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
F:\WINDOWS\system32\GSICON.EXE
F:\WINDOWS\system32\dslagent.exe
F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\Microsoft ActiveSync\wcescomm.exe
F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
F:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
F:\Programmi\RedStrike\UltraWipe\Launcher.exe
F:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
F:\Programmi\BulletProofSoft.com\SpywareRemover\563495ED.DLL
F:\Programmi\Alice ti aiuta\bin\mpbtn.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\WinRAR\WinRAR.exe
F:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.953\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Programmi\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Smapp] F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] F:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [spywatch] F:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - HKCU\..\Run: [updateMgr] "F:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = F:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = F:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Ultra Wipe Launcher.lnk = F:\Programmi\RedStrike\UltraWipe\Launcher.exe
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Programmi\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Programmi\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Programmi\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - F:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-07 23:49:20
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT Vax347b.sys ZwClose
SSDT Vax347b.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT Vax347b.sys ZwEnumerateKey
SSDT Vax347b.sys ZwEnumerateValueKey
SSDT Vax347b.sys ZwOpenKey
SSDT Vax347b.sys ZwQueryKey
SSDT Vax347b.sys ZwQueryValueKey
SSDT Vax347b.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8677BB60
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8635C468
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 85402BF8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 85402BF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 865C01A8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 865C01A8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8662EFB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 865C01A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 865C01A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 864194C8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 864194C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 864194C8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT

da **wolly76** » lun gen 08, 2007 12:56 am

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-07 23:37:23
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = F:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
NavLogon@DLLName = F:\WINDOWS\system32\NavLogon.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "F:\Programmi\Alwil Software\Avast4\ashServ.exe"
CLTNetCnService /*Symantec Lic NetConnect service*/@ = "F:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon /*file not found*/
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "F:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@SmappF:\Programmi\Analog Devices\SoundMAX\SMTray.exe = F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@NeroFilterCheckF:\WINDOWS\system32\NeroCheck.exe = F:\WINDOWS\system32\NeroCheck.exe
@PinnacleDriverCheckF:\WINDOWS\system32\PSDrvCheck.exe -CheckReg = F:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
@PMCRemoteF:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe = F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
@NvCplDaemonRUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInit = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
@avast!F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@NWEReboot /*file not found*/ = /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@H/PC Connection Agent"F:\Programmi\Microsoft ActiveSync\wcescomm.exe" = "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@BitTorrent"F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized /*file not found*/ = "F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized /*file not found*/
@spywatchF:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP = F:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
@updateMgr"F:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 = "F:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/(null) =
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/F:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = F:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/F:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = F:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/F:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = F:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/F:\Programmi\Microsoft Office\OFFICE11\msohev.dll = F:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{BDA77241-42F6-11d0-85E2-00AA001FE28C} /*LDVP Shell Extensions*/(null) =
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/F:\PROGRA~1\Yahoo!\Common\ymmapi.dll = F:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/F:\PROGRA~1\MICROS~3\Wcesview.dll = F:\PROGRA~1\MICROS~3\Wcesview.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/F:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = F:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{00e72351-c3bd-48cd-b090-77ea0d87a10a} /*Uw Shell Extension*/F:\PROGRA~1\REDSTR~1\ULTRAW~1\uwshext.dll = F:\PROGRA~1\REDSTR~1\ULTRAW~1\uwshext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/F:\Programmi\WinRAR\rarext.dll = F:\Programmi\WinRAR\rarext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/F:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = F:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/F:\WINDOWS\system32\nvcpl.dll = F:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/F:\WINDOWS\system32\nvcpl.dll = F:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/F:\WINDOWS\system32\nvshell.dll = F:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/F:\WINDOWS\system32\nvshell.dll = F:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/F:\WINDOWS\system32\nvshell.dll = F:\WINDOWS\system32\nvshell.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/F:\Programmi\Alwil Software\Avast4\ashShell.dll = F:\Programmi\Alwil Software\Avast4\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = F:\Programmi\Alwil Software\Avast4\ashShell.dll
UltraWipe@{00e72351-c3bd-48cd-b090-77ea0d87a10a} = F:\PROGRA~1\REDSTR~1\ULTRAW~1\uwshext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Programmi\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = F:\PROGRA~1\Yahoo!\Common\ymmapi.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = F:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = F:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = F:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}F:\Programmi\Yahoo!\Common\yiesrvc.dll = F:\Programmi\Yahoo!\Common\yiesrvc.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageF:\WINDOWS\system32\blank.htm = F:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = F:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = F:\WINDOWS\system32\msvidctl.dll
its@CLSID = F:\WINDOWS\system32\itss.dll
livecall@CLSID = F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = F:\WINDOWS\system32\itss.dll
msnim@CLSID = F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = F:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = F:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = F:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = F:\WINDOWS\system32\wiascr.dll

F:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica = Utilità controllo supporti di Cyber-shot Viewer.lnk

F:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk
Alice ti aiuta.lnk = Alice ti aiuta.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
NaturalColorLoad.lnk = NaturalColorLoad.lnk
Ultra Wipe Launcher.lnk = Ultra Wipe Launcher.lnk

---- EOF - GMER 1.0.12 ----

da **wolly76** » lun gen 08, 2007 2:38 am

questo è lo scan di kaspersky ne ha trovati 5 virus e 35 ogetti contaminati cosa devo fare????

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 50638
Number of viruses found 5
Number of infected objects 39 / 0
Number of suspicious objects 0
Duration of the scan process 01:11:49

Infected Object Name Virus Name Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP209\change.log Object is locked skipped

F:\avenger\backup-04.01.2007-19.21.57,39.zip/avenger/m_hook.sys Infected: Email-Worm.Win32.Bagle.gz skipped

F:\avenger\backup-04.01.2007-19.21.57,39.zip ZIP: infected - 1 skipped

F:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

F:\Documents and Settings\Administrator\Dati applicazioni\$_hpcst$.hpc Object is locked skipped

F:\Documents and Settings\Administrator\Desktop\Film temporanei\[App ITA] Microsoft Office 2007 activation crack serial keygen.zip/Patch.exe Infected: Trojan-Clicker.Win32.Agent.ij skipped

F:\Documents and Settings\Administrator\Desktop\Film temporanei\[App ITA] Microsoft Office 2007 activation crack serial keygen.zip ZIP: infected - 1 skipped

F:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

F:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\MSHist012007010820070109\index.dat Object is locked skipped

F:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

F:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

F:\Documents and Settings\Administrator\Impostazioni locali\Temp\WCESLog.log Object is locked skipped

F:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF7399.tmp Object is locked skipped

F:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

F:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\V2HW9R3Z\index[1].htm Infected: Trojan-Downloader.JS.Psyme.cg skipped

F:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped

F:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped

F:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\2007-01-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

F:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

F:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

F:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

F:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

F:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

F:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

F:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

F:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

F:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

F:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

F:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-01-04.22-18-54.log Object is locked skipped

F:\Programmi\Alice ti aiuta\log\mpbtn.log Object is locked skipped

F:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

F:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

F:\Programmi\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

F:\Programmi\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

F:\Programmi\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

F:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

F:\Programmi\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP206\A0079645.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP206\A0080665.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP206\A0080777.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP206\A0080877.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP207\A0081038.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP207\A0081045.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081047.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081048.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081049.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081056.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081057.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081070.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081082.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081089.sys Infected: Email-Worm.Win32.Bagle.gz skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081178.sys Infected: Email-Worm.Win32.Bagle.gz skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081179.exe Infected: Email-Worm.Win32.Bagle.gx skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081199.exe Infected: Email-Worm.Win32.Bagle.gz skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081200.sys Infected: Email-Worm.Win32.Bagle.gz skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081238.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081239.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081240.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081241.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081242.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081243.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081244.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081245.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081246.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081247.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081248.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081249.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081250.exe Infected: Email-Worm.Win32.Bagle.gz skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081251.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081252.exe Infected: Email-Worm.Win32.Bagle.gz skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP208\A0081253.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

F:\System Volume Information\_restore{D8B64B81-11B7-4BFE-89B8-953A17A764D1}\RP209\change.log Object is locked skipped

F:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

F:\WINDOWS\SchedLgU.Txt Object is locked skipped

F:\WINDOWS\Sti_Trace.log Object is locked skipped

F:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

F:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

F:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

F:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

F:\WINDOWS\system32\config\default Object is locked skipped

F:\WINDOWS\system32\config\default.LOG Object is locked skipped

F:\WINDOWS\system32\config\SAM Object is locked skipped

F:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

F:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

F:\WINDOWS\system32\config\SECURITY Object is locked skipped

F:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

F:\WINDOWS\system32\config\software Object is locked skipped

F:\WINDOWS\system32\config\software.LOG Object is locked skipped

F:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

F:\WINDOWS\system32\config\system Object is locked skipped

F:\WINDOWS\system32\config\system.LOG Object is locked skipped

F:\WINDOWS\system32\h323log.txt Object is locked skipped

F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

F:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

F:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

F:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

F:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

F:\WINDOWS\Temp\Perflib_Perfdata_534.dat Object is locked skipped

F:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

F:\WINDOWS\wiadebug.log Object is locked skipped

F:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

da **wolly76** » lun gen 08, 2007 12:50 pm

Amantide plssss non mi abbandonare [V]

da **Amantide** » lun gen 08, 2007 12:55 pm

Un attimo di pazienza, che stavo scrivendo proprio ora... [;)]

Riguardo al log di Kaspersky...
Per prima cosa disabilita i punti di ripristino, sono tutti infetti dal virus di prima.
Come disattivare "Ripristino Configurazione di Sistema".
Poi scarica CCleaner, vai in Opzioni -->

Avanzate e deseleziona cancella i file in Windows temp solo se più vecchi di 48 ore e pulisci il pc da file temporanei (tasto Cleaner).
Un altra cosa che devi fare è eliminare il file di backup creato da Avenger, anche se è innocuo. Puoi farlo con aiuto di Unlocker oppure in questo modo:
Vai su Start -->

Esegui

CMD

scrivi del \\.\F:\Avenger -->

premi Invio

Ora controllo i log di Gmer e Hijackthis.....

da **Amantide** » lun gen 08, 2007 1:16 pm

Anche altri log sono puliti, evidentemente quel file si trovava nelle cartelle temporanei.
Per prevenire le sorprese del genere devi proteggere in computer in modo adeguato.
Avast come antivirus al giorno d'oggi non è dei migliori, però può andare, poi non vedo nemmeno un firewall (quello di windows non conta [;)]

), installa Comodo Firewall o Zone Alarm. Come antispyware ti consiglio AVG Anti-Spyware o A-squared e Spyware Terminator per la protezione in tempo reale. SpywareRemover di BulletProofSoft.com lo disinstallerei. Anche UltraWipe, CCleaner fa lo stesso lavoro ed è più sicuro.

Ti consiglio anche fixare queste voci con Hijackthis per velocizare l'avvio del SO, alcuni sono proprio inutili ed altri facilmente raggiungibili da Start -->

Programmi:
O4 - HKLM\..\Run: [Smapp] F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] F:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

da **wolly76** » lun gen 08, 2007 1:53 pm

Sei grande Amantide [applauso+]

farò tutto come dici!!!

Per quanto riguarda comodo firewall mi dici come settarlo in modo che emule mi dia un id alto???
Ciaoooo

da **Amantide** » lun gen 08, 2007 1:59 pm

Oltre all'articolo c'è anche la miniguida adattata alla nuova versione di Comodo.

www.MegaLab.it

Forse ho un altro virus

Forse ho un altro virus

Chi c’è in linea