www.MegaLab.it

[BeGa]

Ieri sera mi sono beccato il bagle...HO provato a rimuoverlo da me leggendo l'articolo usando FindyKILL ma non mi toglie nulla, ho fatto un casino di tentativi posto il log dell0ultimo

----------------- FindyKill V4.105 ------------------

* User : Casa - PC1-I7N8NX7URE
* Emplacement : C:\Programmi\FindyKill
* Outils Mis a jours le 10/11/08 par Chiquitine29
* Recherche effectuée à 18:11:54 le 2008-11-12
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmi\iolo\common\lib\ioloServiceManager.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\SOUNDGRAPH\iMON\iMON.exe
C:\Programmi\CyberLink\PowerCinema\PCMService.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmi\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\Programmi\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Programmi\AGEIA Technologies\TrayIcon.exe
C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmi\Vista Drive Icon\DrvIcon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Casa\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\Clip2Net\clip2net.exe
C:\Programmi\Ditto\Ditto.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Programmi\Softick\PPP\Bin\PPPGate.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmi\Microsoft Office 2007\Office12\OUTLOOK.EXE
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Présent ! [2008-11-12 15:56] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Présent ! [2008-11-12 16:12] - "C:\WINDOWS\system32\drivers\downld"

»»»» Presence des fichiers dans C:\Documents and Settings\Casa\Dati applicazioni


»»»» Presence des fichiers dans C:\DOCUME~1\Casa\IMPOST~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Casa\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
UnlockerAssistant REG_SZ "C:\Programmi\Unlocker\UnlockerAssistant.exe"
iMON REG_SZ C:\Programmi\SOUNDGRAPH\iMON\iMON.exe
PCMService REG_SZ "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
StartCCC REG_SZ "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Lexmark 5200 series REG_SZ "C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe"
LXBTCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
NeroFilterCheck REG_SZ C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
Collegamento alla pagina delle proprietà di High Definition Audio REG_SZ HDAudPropShortcut.exe
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair REG_SZ C:\Programmi\Logitech\Video\ISStart.exe
LogitechVideoTray REG_SZ C:\Programmi\Logitech\Video\LogiTray.exe
GrooveMonitor REG_SZ "C:\Programmi\Microsoft Office 2007\Office12\GrooveMonitor.exe"
NBKeyScan REG_SZ "C:\Programmi\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
AGEIA PhysX SysTray REG_SZ C:\Programmi\AGEIA Technologies\TrayIcon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Sony Ericsson PC Suite REG_SZ "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
DrvIcon REG_SZ C:\Programmi\Vista Drive Icon\DrvIcon.exe
QuickTime Task REG_SZ "C:\Programmi\QuickTime\qttask.exe" -atboottime
AppleSyncNotifier REG_SZ C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
iTunesHelper REG_SZ "C:\Programmi\iTunes\iTunesHelper.exe"
COMODO SafeSurf REG_SZ "C:\Programmi\COMODO\SafeSurf\cssurf.exe" -s

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Free Download Manager REG_SZ "C:\Programmi\Free Download Manager\fdm.exe" -autorun
LogitechSoftwareUpdate REG_SZ C:\Programmi\Logitech\Video\ManifestEngine.exe boot
Nokia.PCSync REG_SZ "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
PC Suite Tray REG_SZ "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Google Update REG_SZ "C:\Documents and Settings\Casa\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
Clip2Net REG_SZ C:\Programmi\Clip2Net\clip2net.exe
Ditto REG_SZ C:\Programmi\Ditto\Ditto.exe
eMuleAutoStart REG_SZ C:\Programmi\eMule\emule.exe -AutoStart

--------------- [ Registre / Clés infectieuses ] ----------------


Présent ! - HKEY_USERS\S-1-5-21-746137067-1960408961-725345543-1003\Software\bisoft
Présent ! - HKEY_CURRENT_USER\Software\bisoft

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Unit… fissa

Q: - Unit… fissa


+- presence des fichiers :



--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


------------------- ! Fin du rapport ! --------------------

Allora ho deciso di usare Elibagla e mi ha detto che ha rimosso almeno una trentina di file infetti...Vado a vedere il log ed è vuoto

Allora ho provato con COmbofix e ho cancellato qualcosa (

ComboFix 08-11-11.01 - Administrator 2008-11-12 14.52.45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.792 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\pincopallino.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Casa\Dati applicazioni\m
c:\documents and settings\Casa\Dati applicazioni\m\shared\[SOFTWARE].Panda.Antivirus.Titanium.2005.+.serials.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\AceIT Grapher 2.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\ACEMenu Creator 3.6.3.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\ActiveProperties 3.2.3.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\AiS Watermark Pictures Protector 3.7.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\AlphaChess_3.2.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Amor_Video_Converter_2.2.9.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Atomic MSN Password Recovery 1.10.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Atomic_Email_Hunter_3.50_Cracked.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Automatic Wallpaper Changer 1.2.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Avast.Professional.v4.6.763.GERMAN.Incl.KeyMaker-DVT.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Awesome_Aliens_of_the_Deep_Screen_Saver_1.0_(Key+Serial).zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Back_Rest_3.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Barcode.dll_1.0_Patch.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Batch Barcode Maker 3.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\bcTester_4.2.0.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Bersoft_WebConnection_1.07.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\BG.-.Kompilacija.(2006).-.Pajner.Hit.Bikini.2006.(by.Panda_1960).zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Binary_Boy_1.96.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\BLOB_Statistics_1.0_build_12.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Buzz_Softphone_1.2.2.8.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Cacidi_Batch_3.0_CS2.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Callback File System 1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Chrysanth_Mail_Manager_2.3_Patch.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Code Visualizer 3.4.1.0 [Key+Serial].zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Cookie_Crusher_3.2.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\d2J_Movie_Database_1.8e.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Database_Tour_Pro_5.6.3.1023_[With_Crack].zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\DFX_for_Winamp2_and_Winamp5_8.318.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\DLExpert_0.99.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\EasyCalc 1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Encode UNIX Password 1.2.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Error Fix 3.0.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Estate_Planing_Software_5.34.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Exl-plan_Ultra_Plus_2.72.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Extract Data & Text From Multiple PDF Files Software 7.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\EyeVA_1.5.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\FavSync_2.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Finance Explorer 3.1.3.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Fox_Password_Safe_2.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Free Teen Bible Browser 2.5.6.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\GameEx_7.09.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\GlobalSpellChecker_1.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\HelpBuilder 3.01 Serial.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\HMarqueeCaption_1.1.2.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\HTML Scripting Pages 1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\HTMLa v1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\ID AntiVirus 1.2.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Identity_Protection_1.5.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\IISxpress 2.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\IncrediZoom 1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Italy 2 Screensaver.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\iWellsoft Video to AMR MP3 AAC Converter 1.7.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\JeniuS 1.64.4.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Katakana 1.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Kingfishers and Kookaburras Screensaver 1.0 (Crack).zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\KISS_Player_1.6.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\LibMaster.com_Active_Bookmark_1.1_beta_[With_Crack].zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Lua_Lua_1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\MbrFix_1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\MDB to DBF Converter 1.01.01.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\MING Network Monitor Home 1.5.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\MistyChart_1.0_[With_Crack].zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Mountain 3D 3.1.8.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\MSN_Winks_Plus_5.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Multiple Form Filler 1.1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\My Checkbook 2.2.2 [Serial].zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Net Watch 1.4.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Network_Telescope_Control_0.2.0.22.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\New_England_Patriots_Winamp_Skin.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\nGeneration_1.1.3.18.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Nici_Picture_Downloader_2.10.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Okoker_All_to_Mp3_Converter_2.4.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\OutPosted 1.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\OverDisk 0.11 beta.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Oyco_Messenger_with_VoIP_Dialer_4.6_build_1854.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\PackRat 0.28.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Password Datasafe 3.2c.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Patent_Grabber_4.6_KeyGen.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\PC_Speaker_Music_1.21_beta.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\PDF_Conversion_Series_-_PDF2CHM_2.0_Build_0915_Serial.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\pdfEdit995_7.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Pinging_Host_1.0_[Crack].zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Play The Web 1.48.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\PoiZone 1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Print Pilot 1.41.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Q Length Converter 1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\RAD_Grid_3.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Reading_Comprehension_Booster_1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\RecoverTrasher_1.1.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\RemindU 1.0.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\RenameWiz 3.4.2.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Rescue_the_Russian_Leopard_1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\ScriptCad_1.02.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\ScriptSite 1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Second_Backup_2007.2.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Secure Endpoint USB 1.0.1.4.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\SharpTimer 1.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\SightReader Master 3.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\SmartDB_3.4_G.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Softany_Screensaver_Remover_1.0_(Serial).zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Sothink_SWF_Catcher_for_Firefox_1.2.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Sprika LiteMail 4.1.0.20.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\SSNFraud.Info_Toolbar_4.5.8.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\StampManage_Canada_Philatelic_Software_2007.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Swordfish_1.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Tampa Traffic Cams 2.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Tariff_Eye_1.5.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\teardrop screensaver 01.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\TextKeeper_5.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\The League System Pro 2.11 Crack.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\The Rapture 1.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Tudoo_3.0.4.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\VAC_(Voice_Activated_Commands)_1.8.5_[Serial].zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Virtual_Tree_3.5_[Key+Serial].zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\VNC Enterprise Edition Viewer 4.4.1 Build 12183.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\VNC Navigator 2.1.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\WallMaster Pro 4.0a.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Warcraft_III_-_Face_the_Dungeon_map.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\WaveDX7_2.2.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Wedding Album Maker Gold 2.92.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\WinStartup_1.00.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Xilisoft RM Converter 3.1.53.0425b.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\XpressRemote_1.3.1.20.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\XS_Finance_Professional_2.21.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\Yahoo Group and Files Downloader 2.8.4.0.zip
c:\documents and settings\Casa\Dati applicazioni\m\shared\YNAB_Pro_1.1_[Serial].zip
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\downld
c:\windows\system32\FTPx.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\MSINET.oca
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-10-12 al 2008-11-12 )))))))))))))))))))))))))))))))))))
.

2008-11-12 06:53 . 2008-11-12 06:53 236 --a------ C:\sqmdata02.sqm
2008-11-12 06:53 . 2008-11-12 06:53 200 --a------ C:\sqmnoopt02.sqm
2008-11-11 22:05 . 2008-11-11 22:05 200 --a------ C:\sqmnoopt01.sqm
2008-11-11 22:05 . 2008-11-11 22:05 200 --a------ C:\sqmdata01.sqm
2008-11-11 20:21 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\67815176.sys
2008-11-11 19:48 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\97856422.sys
2008-11-11 19:45 . 2008-11-11 19:46 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Notepad++
2008-11-11 19:36 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\37089480.sys
2008-11-11 19:03 . 2008-11-11 19:03 126,976 --a------ C:\zip.exe
2008-11-11 19:03 . 2008-11-11 19:03 60,416 --a------ c:\windows\system32\drivers\xwpwjni^.sys
2008-11-11 19:03 . 2008-11-11 19:03 1,080 --a------ C:\gcwkqkoj.bat
2008-11-11 19:03 . 2008-11-11 19:03 200 --a------ C:\avexport.bat
2008-11-11 18:52 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\87578172.sys
2008-11-11 18:39 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\13028856.sys
2008-11-11 18:38 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\18570830.sys
2008-11-11 18:35 . 2008-11-11 18:35 <DIR> d-------- c:\programmi\AskBarDis
2008-11-11 18:35 . 2008-11-11 18:35 249,592 --a------ c:\windows\system32\cssdll32.dll
2008-11-11 18:34 . 2008-11-11 18:35 <DIR> d-------- c:\programmi\COMODO
2008-11-11 18:34 . 2008-11-11 18:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\comodo
2008-11-11 18:34 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\11334209.sys
2008-11-11 18:14 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\23160293.sys
2008-11-11 18:13 . 2008-11-12 15:01 18,929,696 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-11 18:13 . 2008-11-12 15:01 202,808 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-11 18:12 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\16088638.sys
2008-11-11 17:48 . 2008-11-11 20:19 <DIR> d-------- c:\programmi\FindyKill
2008-11-11 16:37 . 2008-11-11 16:37 <DIR> d-------- c:\programmi\Nsasoft
2008-11-11 15:15 . 2008-11-11 15:16 <DIR> d-------- C:\GTK
2008-11-11 15:14 . 2008-11-11 15:16 <DIR> d-------- c:\programmi\AutoScanNetwork-1.32
2008-11-11 15:14 . 2008-11-11 15:15 <DIR> d-------- C:\AutoScan
2008-11-11 14:58 . 2008-11-11 14:58 <DIR> d-------- c:\programmi\SuperScan
2008-11-07 20:52 . 2008-11-10 14:21 444 --a------ c:\windows\Italia3DPlugin.INI
2008-11-07 20:51 . 2008-11-07 20:51 <DIR> d-------- c:\programmi\PCN
2008-11-07 19:45 . 2008-11-07 19:45 <DIR> d-------- c:\programmi\Netlog Photo Tool
2008-11-07 18:22 . 2008-11-07 18:22 <DIR> d-------- c:\documents and settings\Casa\Dati applicazioni\Wireshark
2008-11-07 18:04 . 2008-11-07 18:05 <DIR> d-------- c:\programmi\Wireshark
2008-11-07 17:28 . 2008-11-07 21:18 <DIR> d-------- c:\programmi\lynx
2008-11-06 20:27 . 2002-01-05 14:48 974,848 -r------- c:\windows\system32\mfc70.dll
2008-11-06 20:27 . 2002-01-05 13:37 344,064 -r------- c:\windows\system32\msvcr70.dll
2008-11-06 20:27 . 2002-01-05 14:10 61,440 -r------- c:\windows\system32\mfc70deu.dll
2008-11-06 20:24 . 2008-11-06 20:27 <DIR> d-------- c:\programmi\File comuni\Viessmann
2008-11-06 20:24 . 2008-11-06 20:24 <DIR> d-------- c:\programmi\File comuni\liNear GmbH
2008-11-06 20:23 . 2008-11-06 20:27 <DIR> d-------- c:\programmi\Vitodesk Software
2008-11-06 19:25 . 2008-11-06 19:25 1,840 --a------ c:\windows\system32\autoexec.nt
2008-11-06 14:59 . 2008-11-06 16:13 <DIR> d-------- c:\documents and settings\Casa\Dati applicazioni\NetSupport
2008-11-06 14:51 . 2008-11-06 15:54 <DIR> d-------- c:\programmi\NetSupport
2008-11-06 14:51 . 2008-11-06 15:55 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NetSupport
2008-11-06 14:51 . 2008-10-09 13:00 102,462 --a------ c:\windows\system32\pcimon.old
2008-11-06 14:51 . 2008-10-09 13:00 102,462 --a------ c:\windows\system32\pcimon.dll
2008-11-06 14:51 . 2008-10-09 13:00 84,576 --a------ c:\windows\system32\clhook4.old
2008-11-06 14:51 . 2008-10-09 13:00 84,576 --a------ c:\windows\system32\clhook4.dll
2008-11-06 14:51 . 2008-10-09 13:00 39,520 --a------ c:\windows\system32\drivers\pcisys.sys
2008-11-06 14:51 . 2008-10-09 13:00 39,520 --a------ c:\windows\system32\drivers\pcisys.old
2008-11-06 14:51 . 2008-10-09 13:00 32,831 --a------ c:\windows\system32\pcigina.dll
2008-11-06 14:51 . 2008-10-13 08:54 28,672 --a------ c:\windows\system32\pcimsg.old
2008-11-06 14:51 . 2008-10-13 08:54 28,672 --a------ c:\windows\system32\pcimsg.dll
2008-11-06 14:51 . 2008-10-09 13:00 20,542 --a------ c:\windows\system32\pcivdd.old
2008-11-06 14:51 . 2008-10-09 13:00 20,542 --a------ c:\windows\system32\pcivdd.dll
2008-11-06 14:51 . 2008-11-12 15:02 8 --a------ c:\windows\system32\pcisys.ntk
2008-11-05 15:18 . 2008-11-05 15:39 <DIR> d-------- c:\programmi\Ditto
2008-11-05 15:18 . 2008-11-11 18:54 <DIR> d-------- c:\documents and settings\Casa\Dati applicazioni\Ditto
2008-11-05 14:49 . 2008-11-05 14:49 <DIR> d-------- c:\programmi\Recuva
2008-11-04 15:17 . 2008-11-04 15:17 <DIR> d-------- c:\documents and settings\Casa\Tracing
2008-10-30 15:35 . 2008-10-31 14:13 <DIR> d-------- c:\programmi\MessengerTigo
2008-10-28 14:29 . 2008-10-28 14:29 <DIR> d-------- c:\documents and settings\Casa\Dati applicazioni\Songbird2
2008-10-28 14:29 . 2008-10-28 14:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SongbirdVLC
2008-10-27 17:43 . 2008-10-27 17:43 118,784 --a------ c:\windows\GREUninstall.exe
2008-10-27 17:43 . 2008-10-27 17:43 8,529 --a------ c:\windows\mozver.dat
2008-10-27 17:42 . 2008-10-27 17:42 <DIR> d-------- c:\programmi\mozilla.org
2008-10-26 12:01 . 2008-11-09 16:48 123,939 --a------ c:\windows\system32\drivers\kqemu.sys
2008-10-25 15:03 . 2008-10-25 15:03 <DIR> d-------- c:\programmi\Microsoft Office Outlook Connector
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\programmi\Microsoft
2008-10-25 14:30 . 2008-10-25 14:30 <DIR> d-------- c:\programmi\File comuni\Windows Live
2008-10-23 16:50 . 2008-10-23 16:50 <DIR> dr-h----- c:\documents and settings\Casa\Dati applicazioni\SecuROM
2008-10-22 19:26 . 2008-10-22 19:26 <DIR> d-------- c:\programmi\DIFX
2008-10-20 19:30 . 2008-10-20 19:30 146 --a------ c:\windows\fcp5.cfg
2008-10-20 16:21 . 2008-10-20 16:21 <DIR> d-------- c:\programmi\iolo
2008-10-20 16:21 . 2008-10-20 16:21 <DIR> d-------- c:\documents and settings\LocalService\Dati applicazioni\iolo
2008-10-20 16:21 . 2008-04-17 09:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2008-10-20 16:19 . 2008-10-20 16:19 74,703 --a------ c:\windows\system32\mfc45.dll
2008-10-20 16:18 . 2008-10-20 16:19 <DIR> d-------- c:\documents and settings\Casa\Dati applicazioni\iolo
2008-10-20 16:18 . 2008-10-20 16:18 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\iolo
2008-10-19 17:16 . 2008-10-19 17:16 <DIR> d-------- C:\Intel
2008-10-19 11:23 . 2008-10-19 11:27 <DIR> d-------- c:\windows\Symbols
2008-10-19 07:39 . 2008-10-19 11:29 <DIR> d-------- c:\programmi\Debugging Tools for Windows (x86)
2008-10-16 15:14 . 2008-10-16 15:14 110 --a------ c:\windows\GSdx9_SSE2.INI
2008-10-16 14:45 . 2008-10-16 14:45 <DIR> d-------- c:\documents and settings\Casa\Dati applicazioni\vlc
2008-10-16 14:42 . 2008-10-16 14:43 <DIR> d-------- c:\programmi\FileZilla FTP Client
2008-10-16 14:41 . 2008-05-01 15:35 53,248 --a------ c:\windows\system32\CSVer.dll
2008-10-15 20:22 . 2008-10-15 20:23 1,393 --a------ c:\windows\imsins.BAK
2008-10-15 19:42 . 2008-10-15 19:42 <DIR> d-------- c:\documents and settings\Casa\Dati applicazioni\OpenOffice.org
2008-10-15 19:39 . 2008-10-15 20:13 <DIR> d-------- c:\programmi\OpenOffice.org 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 14:06 --------- d-----w c:\programmi\eMule
2008-11-12 14:04 --------- d-----w c:\programmi\CrossLoop
2008-11-12 05:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-11 19:38 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-11 15:40 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\Free Download Manager
2008-11-11 14:20 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\FileZilla
2008-11-10 17:02 --------- d-----w c:\programmi\Cain
2008-11-10 15:27 --------- d-----w c:\programmi\Lx_cats
2008-11-06 14:22 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Apple Computer
2008-11-04 14:39 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\Windows Live Writer
2008-11-01 07:16 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\U3
2008-10-26 08:55 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-26 08:55 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\InstallShield
2008-10-25 14:03 --------- d-----w c:\programmi\Windows Live
2008-10-23 17:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-10-22 18:25 --------- d-----w c:\programmi\Free Download Manager
2008-10-22 18:24 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\Samsung
2008-10-22 17:31 --------- d-----w c:\programmi\EvilLyrics
2008-10-21 11:07 --------- d-----w c:\programmi\Microsoft Silverlight
2008-10-20 12:43 --------- d-----w c:\programmi\VS Revo Group
2008-10-19 10:19 --------- d-----w c:\programmi\Pcsx2_0.9.4
2008-10-18 12:46 --------- d-----w c:\programmi\BitTorrent
2008-10-17 17:05 --------- d-----w c:\programmi\Microsoft Games
2008-10-16 18:32 --------- d-----w c:\programmi\Lexmark 5200 Series
2008-10-12 10:40 --------- d-----w c:\programmi\EA GAMES
2008-10-09 14:35 --------- d-----w c:\programmi\iTunes
2008-10-09 14:35 --------- d-----w c:\programmi\iPod
2008-10-09 14:00 --------- d-----w c:\programmi\Red Chair Software
2008-10-09 12:00 31,328 ----a-w c:\windows\system32\drivers\gdihook5.sys
2008-10-08 18:41 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Free Download Manager
2008-10-08 17:02 --------- d-----w c:\programmi\Apple Software Update
2008-10-05 06:48 --------- d-----w c:\programmi\Notepad++
2008-10-04 17:21 --------- d-----w c:\programmi\Paragon Software
2008-10-04 14:27 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Teleca
2008-10-04 14:27 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Sony Ericsson
2008-10-04 14:27 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\ATI
2008-10-04 14:27 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Ahead
2008-09-28 16:52 --------- d-----w c:\programmi\SystemRequirementsLab
2008-09-28 14:56 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-09-28 10:58 22,328 ----a-w c:\documents and settings\Casa\Dati applicazioni\PnkBstrK.sys
2008-09-25 18:56 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\U3
2008-09-22 15:45 --------- d-----w c:\programmi\Clip2Net
2008-09-22 13:24 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\uTorrent
2008-09-19 19:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-09-18 13:57 65,536 ----a-w c:\windows\IFinst27.exe
2008-09-18 13:57 --------- d-----w c:\programmi\Shock Utility
2008-09-18 13:49 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\ViStart
2008-09-17 15:14 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\Skype
2008-09-17 15:08 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\skypePM
2008-09-17 14:54 --------- d-----w c:\programmi\Skype
2008-09-17 14:54 --------- d-----w c:\programmi\File comuni\Skype
2008-09-17 14:54 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2008-09-17 14:46 --------- d-----w c:\programmi\WinPcap
2008-09-16 12:02 --------- d-----w c:\programmi\CDBurnerXP
2008-09-16 12:02 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\Canneverbe_Limited
2008-09-16 10:47 --------- d-----w c:\programmi\Passware
2008-09-15 15:15 --------- d-----w c:\programmi\Eidos
2008-09-14 10:37 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\Microsoft Games
2008-09-13 18:43 --------- d-----w c:\programmi\Any Video Converter
2008-09-13 18:43 --------- d-----w c:\documents and settings\Casa\Dati applicazioni\Any Video Converter
2008-09-13 18:16 --------- d-----w c:\programmi\Zuma Deluxe
2008-09-12 11:06 --------- d-----w c:\programmi\Bonjour
2008-09-12 11:04 --------- d-----w c:\programmi\QuickTime
2008-09-12 11:04 --------- d-----w c:\programmi\File comuni\Apple
2008-09-12 10:54 --------- d-----w c:\programmi\Vista Drive Icon
2008-09-05 14:04 288,256 ----a-w c:\windows\WLXPGSS.SCR
1999-09-09 15:42 80,864 ----a-r c:\programmi\opera\program\plugins\ADVPACK.DLL
1999-09-09 15:42 2,272 ----a-r c:\programmi\opera\program\plugins\W95INF16.DLL
1999-09-09 15:42 4,608 ----a-r c:\programmi\opera\program\plugins\W95INF32.DLL
2008-07-29 08:59 80 --sh--r c:\windows\system32\1B410AEDF3.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\programmi\Free Download Manager\fdm.exe" [2008-11-11 856072]
"LogitechSoftwareUpdate"="c:\programmi\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Google Update"="c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"Clip2Net"="c:\programmi\Clip2Net\clip2net.exe" [2008-07-30 1590784]
"Ditto"="c:\programmi\Ditto\Ditto.exe" [2008-01-16 684032]
"eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-11-11 15872]
"iMON"="c:\programmi\SOUNDGRAPH\iMON\iMON.exe" [2004-10-04 1036288]
"PCMService"="c:\programmi\CyberLink\PowerCinema\PCMService.exe" [2004-10-05 81920]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Lexmark 5200 series"="c:\programmi\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"GrooveMonitor"="c:\programmi\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NBKeyScan"="c:\programmi\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-04-08 1647912]
"AGEIA PhysX SysTray"="c:\programmi\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\programmi\Avira\Avira Premium Security Suite\avgnt.exe" [2008-11-11 266497]
"Sony Ericsson PC Suite"="c:\programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"DrvIcon"="c:\programmi\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"COMODO SafeSurf"="c:\programmi\COMODO\SafeSurf\cssurf.exe" [2008-11-11 278264]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]

c:\documents and settings\Casa\Menu Avvio\Programmi\Esecuzione automatica\
Anapod Manager.lnk - c:\programmi\Red Chair Software\Anapod Explorer\anamgr.exe [2007-05-07 1076276]
DrvIcon.lnk - c:\programmi\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
iMON.lnk - c:\programmi\SOUNDGRAPH\iMON\iMon.exe [2007-07-24 1036288]
Launch Softick PPP.lnk - c:\programmi\Softick\PPP\Bin\PPPGate.exe [2004-10-20 160256]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office 2007\Office12\ONENOTEM.EXE [2007-12-07 101440]
Yahoo! Widgets.lnk - c:\programmi\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 1200128]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - c:\programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-09-08 23:05 3513344 c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-01-21 39472]
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-06-25 71592]
R1 is-3NBLAdrv;is-3NBLAdrv;c:\windows\system32\DRIVERS\97856422.sys [2008-07-08 148496]
R1 is-3SJRRdrv;is-3SJRRdrv;c:\windows\system32\DRIVERS\11334209.sys [2008-07-08 148496]
R1 is-9VQ9Pdrv;is-9VQ9Pdrv;c:\windows\system32\DRIVERS\18570830.sys [2008-07-08 148496]
R1 is-HRAKMdrv;is-HRAKMdrv;c:\windows\system32\DRIVERS\23160293.sys [2008-07-08 148496]
R1 is-OTP11drv;is-OTP11drv;c:\windows\system32\DRIVERS\67815176.sys [2008-07-08 148496]
R1 is-VLR06drv;is-VLR06drv;c:\windows\system32\DRIVERS\16088638.sys [2008-07-08 148496]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-04-30 55424]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-04-30 42048]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\programmi\iolo\common\lib\ioloServiceManager.exe [2008-05-13 566120]
R2 ioloSystemService;iolo System Service;c:\programmi\iolo\common\lib\ioloServiceManager.exe [2008-05-13 566120]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 Cap7134;LifeView WDM Video Capture;c:\windows\system32\DRIVERS\lvcap214.sys [2004-10-11 296192]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-10-01 1258432]
R3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\DRIVERS\Silicon.sys [2004-10-11 22656]
R3 usbscan;Driver scanner USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 WT6563F;Weltrend WT6563F;c:\windows\system32\Drivers\WT6563F.sys [2003-03-20 13120]
S1 is-27RORdrv;is-27RORdrv;c:\windows\system32\DRIVERS\13028856.sys [2008-07-08 148496]
S1 is-3GSHFdrv;is-3GSHFdrv;c:\windows\system32\DRIVERS\87578172.sys [2008-07-08 148496]
S1 is-V1HCTdrv;is-V1HCTdrv;c:\windows\system32\DRIVERS\37089480.sys [2008-07-08 148496]
S1 sK9Ou0s;sK9Ou0s;c:\windows\system32\drivers\srosa2.sys [ ]
S2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\programmi\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-11-11 344321]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\programmi\Avira\Avira Premium Security Suite\avmailc.exe [2008-11-11 164097]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-11-11 258305]
S3 atusba;NEC 313 Command Port Driver;c:\windows\system32\DRIVERS\atusba.sys [2003-09-07 25856]
S3 atusbc;NEC 313 CONTROL Driver;c:\windows\system32\DRIVERS\atusbc.sys [2003-09-07 43264]
S3 atusbe;NEC 313 ENUMERATION Driver;c:\windows\system32\DRIVERS\atusbe.sys [2003-09-07 12928]
S3 atusbm;NEC 313 Modem Driver;c:\windows\system32\DRIVERS\atusbm.sys [2003-09-07 36352]
S3 atusbo;NEC 313 OBEX Port Driver;c:\windows\system32\DRIVERS\atusbo.sys [2003-09-07 33920]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [ ]
S3 cpuz129;cpuz129;c:\programmi\PC Wizard 2008\pcwiz32.sys [2008-01-25 9600]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-07-21 13352]
S3 kqemu;KQEMU virtualisation module for QEMU;c:\windows\system32\DRIVERS\kqemu.sys [2008-11-09 123939]
S3 RET55;RET55 NDIS Protocol Driver;c:\progra~1\EEYEDI~1\RETINA~1\Scanner\RET55.SYS [ ]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2008-04-30 32128]
S4 AVEService;Avira Premium Security Suite MailGuard helper service;c:\programmi\Avira\Avira Premium Security Suite\avesvc.exe [2008-11-11 41217]
S4 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [ ]
S4 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a85195f-24c3-11dd-a7a5-00110979d795}]
\Shell\AutoRun\command - Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68cfce54-24bc-11dd-a7a5-00110979d795}]
\Shell\AutoRun\command - I:\umenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc9da5b-36d9-11dd-88c6-0011675c3ffb}]
\Shell\AutoRun\command - i:\.\Autorun\UBIAUTORUN.EXE .\cd2.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5cdff01-2661-11dd-91a0-00110979d795}]
\shell\Setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb69a100-a117-11dd-868d-0011675c3ffb}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\yubsoo]
c:\windows\system32\yubsoo.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-12 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-02 20:25]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{A057A204-BACC-4D26-9A9E-3AF287E2699B} - (no file)
HKLM-Run-CrossLoop - c:\progra~1\CrossLoop\CrossLoopConnect.exe -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-dimsntfy - (no file)
Notify-WgaLogon - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr


.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Casa\Dati applicazioni\Mozilla\Firefox\Profiles\no9vf6vv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - c:\documents and settings\Casa\Dati applicazioni\Mozilla\plugins\npoctoshape.dll
FF -: plugin - c:\documents and settings\Casa\Impostazioni locali\Dati applicazioni\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\programmi\DNA\plugins\npbtdna.dll
FF -: plugin - c:\programmi\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\programmi\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 15:03:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSO: c:\windows\explorer.exe
-> c:\programmi\Ditto\focus.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\rundll32.exe
c:\programmi\Lexmark 5200 Series\lxbtbmon.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\programmi\CrossLoop\CrossLoopConnect.exe
c:\programmi\Logitech\Video\FxSvr2.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Microsoft Office 2007\Office12\OUTLOOK.EXE
c:\programmi\File comuni\Teleca Shared\Generic.exe
c:\programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-12 15.17.43 - macchina è stato riavviato [Casa]
ComboFix-quarantined-files.txt 2008-11-12 14:17:29

Pre-Run: 27.554.148.352 byte disponibili
Post-Run: 28,147,998,720 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

557 --- E O F --- 2008-10-30 18:01:08

)

Ma ancora c'era qualcosa in quanto l'antivirus non si installava e se lo installavo (KIS 2009) mi si bloccava con un BSOD del file klif.sys

Ho provato a scaricare il Kaspersky Virus Removal Tool. Dopo l'installazione se cliccavo su SCAN mi si chiudeva all'istante..Cosi ho deciso di provare a fare lo scan online dal sito della Kaspersky ma non funzionava fino a che da Avenger non mettevo il solito script perché non mi facceva accettare l' "EULA".

Oltre al Bagle lo stupido problema del driver Kaspersky klif.sys. All'avvio mi viene un BSOD e se tento di eliminare il file da distro linux, mi ricompare all'avvio.Adesso provo a cancellare tutte le directory che centrano con KIS 2009 magari riesco a risolvere qualcosa

[Amantide]

Visto che Avenger ti funziona, esegui con lui anche questo script:

Codice: Seleziona tutto

Files to delete:
c:\windows\system32\drivers\67815176.sys
c:\windows\system32\drivers\97856422.sys
c:\windows\system32\drivers\37089480.sys
C:\zip.exe
c:\windows\system32\drivers\xwpwjni^.sys
C:\gcwkqkoj.bat
C:\avexport.bat
c:\windows\system32\drivers\87578172.sys
c:\windows\system32\drivers\13028856.sys
c:\windows\system32\drivers\18570830.sys
c:\windows\system32\drivers\11334209.sys
c:\windows\system32\drivers\23160293.sys
c:\windows\system32\drivers\16088638.sys
c:\windows\system32\1B410AEDF3.dll
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\yubsoo.exe

Drivers to unload:
 sK9Ou0s

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\yubsoo

Magari prima di eseguire lo script controlla su virustotal uno dei file .sys numerici (non credo siano proprio dannosi ma non vedo comunque una ragione per la loro esistenza ) ed anche questi C:\zip.exe e c:\windows\system32\1B410AEDF3.dll

[BeGa]

Se ne andato...

Ma c'è un altro problema...L'immagine dice tutto

[crazy.cat]

Hai disinstallato avira e riavviato il pc?
Magari usato ccleaner e poi reinstallato avira?

Qui c'è anche un registry cleaner fatto da avira
http://www.avira.com/en/support/faq/details.html?id=135

[BeGa]

Avira l'avevo appena installato..Avevo riavviato il pc ed è venuto questo

[BeGa]

Lo reinstallato e tutto è tornato ok.
Ora vorrei usare un software HIPS. Va bene Comodo Defense+ ?
Come Antivirus uso Avira PE e Firewall Comodo. Affianco altri programmi per la protezione?

[Amantide]

Ora vorrei usare un software HIPS. Va bene Comodo Defense+ ?
Come Antivirus uso Avira PE e Firewall Comodo.

Va benissimo così