www.MegaLab.it

[sfarrito]

Ciao a tutti, innanzitutto complimentoni per il sito.
Ho riscontrato un grosso problema che spero con tutto il cuore voi riusciate a darmi una mano per risolverlo...

Ho preso un virus (di cui non conosco la natura), che mi ha totalmente disabilitato l'utilizzo della maggior parte degli antivirus, antispyware e firewall che ho sul mio pc o che ho provato ad installare...
In pratica non li fa avviare all'avvio di windows, e se provo ad avviarli io mi esce una finestra di errore che dice per esempio: "D:\Programmi\Trend Micro\HijackThis\HijackThis.exe non è un applicazione di Win32 valida". Tutto questo sul buon 70% di programmi che ho provato! Inoltre spesso mi accorgo che blocca anche l'explorer... faccio fatica a rinominare alcuni file o alcune cartelle che evidentemente vengono ritenute pericolose per l'incolumità del virus, e Internet Explorer mi crasha spessissimo impedendomi di tentare alcune scansioni online. Ho provato anche con firefox ma sembra che nessuna delle scansioni online riesca ad andare a buon fine.

Sapete da cosa posso essere infetto e come posso migliorare la situazione?
Vi ringrazio anticipatamente! Ciao!

[ste_95]

Scarica FindyKill (by Chiquitine29)ed installalo.
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt

Poi scarica ComboFix, salvandolo sul PC con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG.

[sfarrito]

Innanzitutto grazie per la disponibilità!
Ecco i due log:
FindyKill

----------------- FindyKill V4.711 ------------------

* User : sfarrito - SFARRITO
* executed from : D:\Programmi\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 14:44:27 the 13/01/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Java\jre6\bin\jqs.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in D:


»»»» Supression files in D:\WINDOWS


»»»» Supression files in D:\WINDOWS\Prefetch

Deleted ! - D:\WINDOWS\prefetch\162250.EXE-21CD2AA8.pf
Deleted ! - D:\WINDOWS\prefetch\201703.EXE-2E4F8565.pf
Deleted ! - D:\WINDOWS\prefetch\32343921.EXE-39028DD3.pf
Deleted ! - D:\WINDOWS\prefetch\CRACK.EXE-03B8C2FF.pf
Deleted ! - D:\WINDOWS\prefetch\CRACK.EXE-0C169178.pf
Deleted ! - D:\WINDOWS\prefetch\CRACK.EXE-15E6897D.pf
Deleted ! - D:\WINDOWS\prefetch\CRACK.EXE-196BCE4B.pf
Deleted ! - D:\WINDOWS\prefetch\CRACK.EXE-208BE5EE.pf
Deleted ! - D:\WINDOWS\prefetch\CRACK.EXE-2E7E1BD9.pf
Deleted ! - D:\WINDOWS\prefetch\FLEC006.EXE-177CCDAE.pf
Deleted ! - D:\WINDOWS\prefetch\KEYGEN.EXE-33D48048.pf
Deleted ! - D:\WINDOWS\prefetch\KEY_GENERATOR.EXE-07A0B5B5.pf
Deleted ! - D:\WINDOWS\prefetch\KEY_GENERATOR.EXE-2F5AAC13.pf
Deleted ! - D:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Deleted ! - D:\WINDOWS\prefetch\PROXYCAP 3.15 CRACK+KEYGEN.EX-3214A5AC.pf
Deleted ! - D:\WINDOWS\prefetch\PROXYCAP-PATCH.EXE-1F6EC600.pf
Deleted ! - D:\WINDOWS\prefetch\PROXYCAP-PATCH.EXE-248F9B45.pf
Deleted ! - D:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
Deleted ! - D:\WINDOWS\prefetch\WINUPGRO.EXE-2F40C237.pf

»»»» Supression files in D:\WINDOWS\system32

Deleted ! - D:\WINDOWS\system32\mdelk.exe
Deleted ! - D:\WINDOWS\system32\wintems.exe
Deleted ! - D:\WINDOWS\system32\ban_list.txt

»»»» Supression files in D:\WINDOWS\system32\drivers


»»»» Supression files in D:\Documents and Settings\sfarrito\Dati applicazioni

Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\m\flec006.exe"
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\m\list.oct"
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\m\data.oct"
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\m\srvlist.oct"
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\3D Cartoon Icons Pack III -.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\aaTTF 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Abetone Serienbrief 7.3.5.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Adriana Lima 16 Screensaver 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Agile WMV Video Splitter 2.1.3.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Air Force Bombers 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\AJet 3.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Aspell Checker 1.11.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\AVG.7.5.ANTIVIRUS+ANTISPYWARE+INTERNET.SECURITY.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\AVG.antispyware.v7.5.0.50.+.crack.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Big Calculator 1.1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Bob's Web Calendar 1.0.0.9.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Bonrix SMS Server 4 HTTP API 1.0.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Business Icons Collection 3.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\ByteWedge Professional 3.3 build 2356.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\CacheSmasher 1.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\CardFile Pegasus 5.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Cheque Maker 1.0.0.170.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\CISearch.NET 2.7.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Coffee Screensaver 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Computer_Associates_Practice_Tests_from_Boson_5.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Convert to Ringtone Wizard 1.16.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\CRACK.-.Norton.AntiVirus.Live.-.Update.Hack.Till.Year.2116.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Custom StartUp 3.01.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Day and night 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\DeltaCalendar 1.2.3.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Devolutions ToolBox 2.0.0.2.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\DiscoverOntario Webcams 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\DriverView 1.15.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\ekinx 2.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\EnergyKey 2.2.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Equation Illustrator 2.4.3.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\euPOD Pro 1.6 Build 593.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Exl-plan Ultra Plus 2.72.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\F-Recovery for CompactFlash 2.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Fast MP3 Recorder 1.60.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Fast Text to MP3 1.18.00.00.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\File Cabinets 2.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\FileAnnounce 1.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Firegraphic XP 9.0.900.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\FlashGet Plugin for Netscape 1.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Floke Integrity 0.01.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Folder Lock 6.0.5.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\foo uie queuemanager 0.2.3.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\FrameTools 1.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Framy Wenge wood 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Free icons pack 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\FRISK.F-Prot.Antivirus.for.Linux.x86.File.Servers.v4.6.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Fuse Bead Pattern Designer 3.01.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\GoNaomi Dictionary 1.75.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\GSKeepAlive 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Hide It ! 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\HTML Scripting Pages 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Image Sequencer 2.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\iOrgSoft iPod Video Converter 1.6.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\ispy).zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\iTunes Crystal 2.0.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\JAMon API 2.6.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Kaspersky.Anti-Virus.For.Linux.Workstation.v4.0.Retai.Crack.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Labman 3.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Libellus Personal Library 1.0.1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Loan Officer Subliminal Message Software 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\MasterList Professional 1.14.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\McAfee.AntiSpyware.v1.10.149_CRK-FFF.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\MedianSoft Batch Converter 1.3.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\MemOptimizer 3.10.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Mini-stream RM-MP3 Converter 2.7.3.700.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Miprice 2008101.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\MJ Desktop Theme 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Mobile Logo 123 1.1.3.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\MoreMotion Editor 2.0 Build 0.102.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\MP3Toys 2.5.4.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\MS Word High School Resume Template Software 7.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Name Munger 1.4.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Norton Anti-Virus 2006 + crack + keygen.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Notezilla Portable 7.0 Build 84.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\PAL Evidence Eliminator 1.01.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Panda.Antivirus.Internet.Security.2005.-.9.00.00.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Panda.Titanium.2006.Antivirus.+.Antispyware.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Pazuru Alfabet 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\PC Security 6.4.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Pepsky 3GP Converter 4.3.6.916.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\PermanentFileDelete 1.0.0.4.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\PhotoStage 1.12.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Pilot eLogbook 1.0.1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\PsmPlayer 3.80.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\QuickTime DirectShow Filter for WMP 1.0.15.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\QuitOutlook 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Real Beauty Screensaver 1.4.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Reflection Effect 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\RemotePC 1.0.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Report Genie 1.2.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Returnil Virtual System 2008 Personal Edition 2.0.0.5011.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\RevilloC MailServer 1.21.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\RIA-Media Clock Screensaver 2.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Robo Adder 1.0.2585.18971.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\RSS Bandit 1.8.0.870.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\RTSquare 1.31.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Scriptware 3.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\SecureMailer for Windows 1.01.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\ServiceMY 1.146.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Shutdown Widget 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\SignPoster 2004 Build 11.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Soft191 Panic Station 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Sophos.Antivirus.v3.76.Multilanguage.Retail.For.Win2K.Xp.Nt.2003-Fedex-Pleasuredome101.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\SpamAware 5.1.0.174.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\SQL Studio Query eXecutor 1.1.609.9686.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\St. Bernard Screensaver 1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Stellar Phoenix NTFS 2.2.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Stop-or-Reload Button 0.2.2.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\TDeint 1.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Teslain Encryption Pack 1.3.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Text 2 Speech 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Time Traveler 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Tinn-R 2.0.0.7.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\UFSread 0.91.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Univerter 3.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Verbix 7.3.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Virtual Volumes 0.5.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Visual Lint Standard Edition 1.5.4.67.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\VMC to Hyper-V Import Tool 1.0.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Voyage Distance 1.5 Build 3160.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Wapet 0.5.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Wild Parns 1.0.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\Window Sensor 1.0.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\wTimer 0.3.1.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\YapBib 0.99 r2.zip
Deleted ! - D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared\ZoomSaver 1.0.zip
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\m\shared"
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\m"
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\drivers\srosa.sys"
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\drivers\srosa2.sys"
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\drivers\winupgro.exe"
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\drivers\downld"
Deleted ! - "D:\Documents and Settings\sfarrito\Dati applicazioni\drivers"

»»»» Supression files in D:\DOCUME~1\sfarrito\IMPOST~1\Temp

Deleted ! - D:\DOCUME~1\sfarrito\IMPOST~1\Temp\Installer-Crack-Keygen.exe
Deleted ! - D:\DOCUME~1\sfarrito\IMPOST~1\Temp\Directory temporanea 2 per Sygate Personal Firewall Pro v5.6.zip\Sygate.Personal.Firewall.PRO.v5.6.[L1oNetwork.Net]\keygen.exe

»»»» Supression files in D:\Documents and Settings\sfarrito\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa

D: - Unit… fissa

E: - Unit… fissa

F: - Unit… CD-ROM

G: - Unit… CD-ROM


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------

ComboFix

ComboFix 09-01-11.04 - sfarrito 2009-01-13 15:14:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1662 [GMT 1:00]
Eseguito da: d:\documents and settings\sfarrito\Desktop\ciao.exe
AV: avast! antivirus 4.8.1296 [VPS 090111-1] *On-access scanning disabled* (Outdated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\All Users.WINDOWS\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users.WINDOWS\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
d:\documents and settings\sfarrito\Dati applicazioni\Microsoft\Windows\lsass.exe
d:\programmi\DAEMON Tools Lite\daemon.exe
d:\programmi\File comuni\{10C7D~1
d:\programmi\File comuni\{30C7D~1
d:\programmi\File comuni\sogou pxp
d:\programmi\iMeshBar
d:\programmi\iMeshBar\bar\Cache\000B38AE
d:\programmi\iMeshBar\bar\Cache\0044FE0C.bin
d:\programmi\iMeshBar\bar\Cache\0045001F.bmp
d:\programmi\iMeshBar\bar\Cache\004502BF.bmp
d:\programmi\iMeshBar\bar\Cache\files.ini
d:\programmi\iMeshBar\bar\History\search
d:\programmi\iMeshBar\bar\Settings\prevcfg.htm
d:\programmi\INSTALL.LOG
d:\windows\IE4 Error Log.txt
d:\windows\struct~.ini
d:\windows\system32\divx.dll
d:\windows\system32\NTSpool.exe
d:\windows\system32\WinSecure.exe

----- BITS: Sites possivelmente infetados -----

hxxp://updateserver.info
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XLASHSRV


((((((((((((((((((((((((( Files Creati Da 2008-12-13 al 2009-01-13 )))))))))))))))))))))))))))))))))))
.

2010-01-07 16:17 . 2010-01-07 16:18 <DIR> d-------- d:\documents and settings\sfarrito\Dati applicazioni\U3
2010-01-07 14:56 . 2010-01-07 14:56 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Dati applicazioni\Sony Ericsson
2010-01-07 14:56 . 2010-01-07 14:56 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Dati applicazioni\BVRP Software
2009-01-13 14:34 . 2009-01-13 15:00 <DIR> d-------- d:\programmi\FindyKill
2009-01-13 07:25 . 2009-01-13 14:35 <DIR> d-------- d:\programmi\Spyware Doctor
2009-01-13 07:25 . 2009-01-13 07:25 <DIR> d-------- d:\programmi\File comuni\PC Tools
2009-01-13 07:25 . 2009-01-13 07:25 <DIR> d-------- d:\documents and settings\sfarrito\Dati applicazioni\PC Tools
2009-01-13 07:25 . 2009-01-13 07:25 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Dati applicazioni\PC Tools
2009-01-13 07:25 . 2009-01-13 07:28 160,792 --a------ d:\windows\system32\drivers\pctfw2.sys
2009-01-13 07:25 . 2007-12-10 14:53 81,288 --a------ d:\windows\system32\drivers\iksyssec.sys
2009-01-13 07:25 . 2007-12-10 14:53 66,952 --a------ d:\windows\system32\drivers\iksysflt.sys
2009-01-13 07:25 . 2009-01-13 07:29 42,376 --a------ d:\windows\system32\drivers\ikfilesec.sys
2009-01-13 07:25 . 2007-12-10 14:53 29,576 --a------ d:\windows\system32\drivers\kcom.sys
2009-01-12 23:45 . 2009-01-12 23:44 66,048 --a------ D:\mbr.exe
2009-01-12 23:09 . 2009-01-12 23:09 250 --a------ d:\windows\gmer.ini
2009-01-12 23:06 . 2009-01-12 23:07 <DIR> d-------- d:\programmi\BHODemon 2
2009-01-12 22:56 . 2009-01-12 22:56 <DIR> d-------- d:\programmi\Gargaroz
2009-01-12 22:56 . 2004-12-06 12:22 178,889 --a------ d:\windows\system32\FraPlus1.ocx
2009-01-12 22:56 . 1998-06-13 22:53 44,544 --a------ d:\windows\system32\GIF89.DLL
2009-01-12 22:46 . 2009-01-12 22:46 <DIR> d-------- d:\programmi\Uniblue
2009-01-12 22:46 . 2009-01-12 22:46 <DIR> d-------- d:\documents and settings\sfarrito\Dati applicazioni\Uniblue
2009-01-12 22:45 . 2009-01-12 22:46 <DIR> d--h-c--- d:\documents and settings\All Users.WINDOWS\Dati applicazioni\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-12 22:25 . 2009-01-13 14:35 <DIR> d-a------ d:\documents and settings\All Users.WINDOWS\Dati applicazioni\TEMP
2009-01-12 22:25 . 2009-01-12 22:25 37,888 --a------ d:\windows\system32\rar.exe
2009-01-12 22:04 . 2009-01-12 22:04 <DIR> d-------- d:\programmi\AMUST
2009-01-12 22:04 . 2008-04-16 14:24 165,368 --a------ d:\windows\system32\RegCompact.dll
2009-01-12 21:31 . 2008-04-29 11:33 16,952 --a------ d:\windows\system32\drivers\RkPavproc1.sys
2009-01-12 21:10 . 2009-01-12 21:10 <DIR> d-------- d:\documents and settings\sfarrito\Dati applicazioni\AVGTOOLBAR
2009-01-12 21:05 . 2009-01-12 22:41 <DIR> d-------- D:\csscod
2009-01-12 16:22 . 2009-01-12 16:22 <DIR> d-------- d:\programmi\Panda Security
2009-01-12 16:20 . 2009-01-12 21:29 <DIR> d-------- d:\documents and settings\sfarrito\.housecall6.6
2009-01-12 16:18 . 2003-04-14 12:02 55,808 --a------ d:\windows\unSpySweeper.exe
2009-01-12 15:19 . 2009-01-12 15:19 <DIR> d-------- d:\programmi\Trend Micro
2009-01-12 14:37 . 2009-01-12 14:37 <DIR> d-------- d:\documents and settings\sfarrito\Dati applicazioni\ProxyCap
2009-01-11 21:51 . 2008-12-14 12:24 26,112 --ahs---- d:\windows\system32\mss.dll
2009-01-11 20:59 . 2009-01-11 20:59 <DIR> d-------- d:\programmi\Proxy Labs
2009-01-11 20:55 . 2009-01-11 20:55 <DIR> d-------- d:\programmi\Your Freedom
2009-01-11 14:21 . 2009-01-11 14:21 <DIR> d-------- D:\Nexon
2009-01-11 14:21 . 2009-01-12 15:37 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Dati applicazioni\NexonUS
2009-01-10 15:22 . 2009-01-10 15:22 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Dati applicazioni\NexonEU
2009-01-08 20:30 . 2009-01-08 20:30 <DIR> d-------- d:\programmi\recfree
2009-01-08 20:30 . 2009-01-08 20:30 <DIR> d-------- d:\programmi\EasySearch
2009-01-08 20:30 . 2009-01-08 20:30 <DIR> d-------- d:\programmi\Conduit
2009-01-08 14:10 . 2009-01-08 14:10 <DIR> d-------- d:\documents and settings\sfarrito\.Tiffy
2009-01-08 14:05 . 2009-01-08 14:05 <DIR> d-------- d:\windows\Sun
2009-01-08 14:04 . 2009-01-08 14:04 410,984 --a------ d:\windows\system32\deploytk.dll
2009-01-08 14:04 . 2009-01-08 14:04 73,728 --a------ d:\windows\system32\javacpl.cpl
2009-01-06 18:05 . 2009-01-06 18:05 <DIR> d-------- d:\documents and settings\sfarrito\Dati applicazioni\vlc
2009-01-06 14:47 . 2009-01-06 14:47 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Dati applicazioni\TVU Networks
2009-01-06 14:07 . 2009-01-06 15:45 <DIR> d-------- d:\programmi\uusee
2009-01-06 14:07 . 2009-01-06 15:43 <DIR> d-------- d:\programmi\File comuni\uusee
2009-01-06 14:05 . 2009-01-06 14:06 <DIR> d-------- d:\programmi\TVAnts
2009-01-06 14:03 . 2009-01-06 14:03 <DIR> d-------- d:\programmi\TVUPlayer
2009-01-06 14:03 . 2009-01-06 14:03 <DIR> d-------- d:\documents and settings\sfarrito\LocalLow
2009-01-02 15:09 . 2009-01-02 15:09 <DIR> d-------- d:\programmi\MP3 Player Utilities 4.17
2009-01-02 15:09 . 2009-01-02 15:09 <DIR> d-------- d:\documents and settings\sfarrito\WINDOWS
2009-01-02 15:09 . 1998-01-23 12:22 304,128 --a------ d:\windows\IsUninst.exe
2009-01-01 13:56 . 2009-01-13 14:35 664 --a------ d:\windows\system32\d3d9caps.dat
2009-01-01 13:19 . 2009-01-01 13:19 <DIR> d-------- d:\windows\system32\xlive
2009-01-01 13:19 . 2009-01-01 14:02 <DIR> d-------- d:\programmi\Microsoft Games for Windows - LIVE
2008-12-30 11:54 . 2008-12-30 11:54 <DIR> dr-h----- d:\documents and settings\sfarrito\Dati applicazioni\SecuROM
2008-12-30 11:51 . 2008-12-30 11:51 107,888 --a------ d:\windows\system32\CmdLineExt.dll
2008-12-30 11:49 . 2008-05-30 14:11 3,850,760 --a------ d:\windows\system32\D3DX9_38.dll
2008-12-30 11:49 . 2008-05-30 14:11 1,491,992 --a------ d:\windows\system32\D3DCompiler_38.dll
2008-12-30 11:49 . 2008-05-30 14:19 507,400 --a------ d:\windows\system32\XAudio2_1.dll
2008-12-30 11:49 . 2008-05-30 14:11 467,984 --a------ d:\windows\system32\d3dx10_38.dll
2008-12-30 11:49 . 2008-05-30 14:18 238,088 --a------ d:\windows\system32\xactengine3_1.dll
2008-12-30 11:49 . 2008-05-30 14:17 65,032 --a------ d:\windows\system32\XAPOFX1_0.dll
2008-12-30 11:49 . 2008-05-30 14:17 25,608 --a------ d:\windows\system32\X3DAudio1_4.dll
2008-12-30 11:48 . 2008-12-30 11:48 <DIR> d-------- d:\windows\system32\LogFiles
2008-12-30 11:48 . 2008-12-30 11:48 <DIR> d-------- d:\windows\system32\drivers\umdf
2008-12-30 11:48 . 2008-12-30 11:48 <DIR> d-------- d:\windows\Logs
2008-12-30 11:03 . 2008-04-13 18:52 2,973,696 -----c--- d:\windows\system32\dllcache\wmploc.dll
2008-12-30 11:02 . 2006-12-28 12:01 19,569 --a------ d:\windows\006300_.tmp
2008-12-30 11:02 . 2008-04-13 11:40 10,240 --------- d:\windows\system32\drivers\sffp_mmc.sys
2008-12-29 11:45 . 2004-09-03 00:00 124,688 --a------ d:\windows\system32\MSWINSCK.OCX
2008-12-29 11:24 . 2008-12-29 11:24 <DIR> d-------- d:\windows\system32\URTTEMP
2008-12-29 00:59 . 2009-01-13 15:21 <DIR> d-------- d:\programmi\DNA
2008-12-29 00:59 . 2008-12-29 00:59 <DIR> d-------- d:\programmi\AskSearch
2008-12-29 00:59 . 2009-01-13 15:21 <DIR> d-------- d:\documents and settings\sfarrito\Dati applicazioni\DNA
2008-12-29 00:59 . 2008-12-29 15:11 <DIR> d-------- d:\documents and settings\sfarrito\Dati applicazioni\BitTorrent
2008-12-28 12:26 . 2008-12-28 12:29 <DIR> d-------- d:\documents and settings\sfarrito\Dati applicazioni\Xfire
2008-12-28 12:24 . 2008-12-28 12:29 43,520 --a------ d:\windows\system32\CmdLineExt03.dll
2008-12-27 13:45 . 2005-05-03 11:43 69,632 -r------- d:\windows\Alcmtr.exe
2008-12-26 17:00 . 2010-01-07 16:17 69 --a------ d:\windows\NeroDigital.ini
2008-12-26 12:31 . 2007-12-17 12:30 269,824 --a------ d:\windows\system32\drivers\RTL8187.sys
2008-12-26 12:31 . 2008-12-26 12:31 21,035 --a------ d:\windows\system32\drivers\AegisP.sys
2008-12-26 12:30 . 2008-12-26 12:36 <DIR> d-------- d:\programmi\ASRock WiFi-802.11g
2008-12-26 12:30 . 2006-06-23 09:35 13,532 --a------ d:\windows\system32\drivers\SjyPkt.sys
2008-12-25 13:16 . 2008-12-25 13:16 <DIR> d-------- d:\programmi\FastWeb Login
2008-12-25 13:16 . 2008-12-25 13:16 286,720 --a------ d:\windows\iun507.exe
2008-12-25 11:37 . 2008-12-31 12:48 <DIR> d-------- d:\windows\system32\it-IT
2008-12-25 11:36 . 2008-12-29 11:36 <DIR> d-------- d:\windows\system32\XPSViewer
2008-12-25 11:35 . 2006-06-29 13:07 14,048 --------- d:\windows\system32\spmsg2.dll
2008-12-24 18:34 . 2008-08-14 14:22 2,192,896 -----c--- d:\windows\system32\dllcache\ntoskrnl.exe
2008-12-24 18:34 . 2008-08-14 14:22 2,148,864 -----c--- d:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-24 18:34 . 2008-08-14 14:22 2,069,760 -----c--- d:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-24 18:34 . 2008-08-14 14:22 2,027,520 -----c--- d:\windows\system32\dllcache\ntkrpamp.exe
2008-12-24 18:34 . 2008-04-11 20:04 691,712 -----c--- d:\windows\system32\dllcache\inetcomm.dll
2008-12-24 18:34 . 2008-10-15 17:36 337,408 -----c--- d:\windows\system32\dllcache\netapi32.dll
2008-12-24 18:34 . 2008-05-01 15:34 331,776 -----c--- d:\windows\system32\dllcache\msadce.dll
2008-12-24 18:33 . 2008-12-13 07:36 3,593,216 -----c--- d:\windows\system32\dllcache\mshtml.dll
2008-12-24 18:33 . 2008-09-15 16:24 1,846,400 -----c--- d:\windows\system32\dllcache\win32k.sys
2008-12-24 18:33 . 2008-10-16 02:00 1,499,648 -----c--- d:\windows\system32\dllcache\shdocvw.dll
2008-12-24 18:33 . 2008-10-16 21:04 1,160,192 -----c--- d:\windows\system32\dllcache\urlmon.dll
2008-12-24 18:33 . 2008-10-16 21:04 826,368 -----c--- d:\windows\system32\dllcache\wininet.dll
2008-12-24 18:33 . 2008-09-08 11:41 333,824 -----c--- d:\windows\system32\dllcache\srv.sys
2008-12-24 18:33 . 2008-06-14 18:32 272,768 -----c--- d:\windows\system32\dllcache\bthport.sys
2008-12-24 18:33 . 2008-08-14 11:04 138,496 -----c--- d:\windows\system32\dllcache\afd.sys
2008-12-24 18:32 . 2008-10-24 12:21 455,296 -----c--- d:\windows\system32\dllcache\mrxsmb.sys
2008-12-24 18:32 . 2008-05-08 15:02 203,136 -----c--- d:\windows\system32\dllcache\rmcast.sys
2008-12-24 16:57 . 2008-09-04 18:15 1,106,944 -----c--- d:\windows\system32\dllcache\msxml3.dll
2008-12-24 16:53 . 2007-04-25 15:18 465,408 --------- d:\windows\system32\imapi2fs.dll
2008-12-24 16:53 . 2007-04-25 15:18 465,408 -----c--- d:\windows\system32\dllcache\imapi2fs.dll
2008-12-24 16:53 . 2007-04-25 15:18 318,464 --------- d:\windows\system32\imapi2.dll
2008-12-24 16:53 . 2007-04-25 15:18 318,464 -----c--- d:\windows\system32\dllcache\imapi2.dll
2008-12-24 16:53 . 2008-04-13 19:13 7,168 --------- d:\windows\system32\bitsprx4.dll
2008-12-24 16:51 . 2008-12-24 16:51 <DIR> d-------- d:\programmi\MSECache
2008-12-24 16:51 . 2008-12-24 16:51 <DIR> d-------- d:\programmi\Microsoft CAPICOM 2.1.0.2
2008-12-24 16:48 . 2008-12-24 16:48 <DIR> d-------- d:\programmi\Microsoft
2008-12-24 16:42 . 2006-12-14 14:45 981,760 -----c--- d:\windows\system32\dllcache\mfc42u.dll
2008-12-24 16:40 . 2008-12-30 11:05 <DIR> d-------- d:\windows\l2schemas
2008-12-24 16:40 . 2008-04-13 19:13 69,120 --------- d:\windows\system32\wlanapi.dll
2008-12-24 16:39 . 2006-11-08 09:51 62,336 --------- d:\windows\system32\drivers\rspndr.sys
2008-12-24 16:39 . 2006-11-08 09:51 10,752 --------- d:\windows\system32\rspndr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 13:56 --------- d-----w d:\programmi\Avanquest update
2009-01-13 14:16 --------- d-----w d:\programmi\DAEMON Tools Lite
2009-01-12 20:14 --------- d-----w d:\programmi\Spfybhgfdotyt - Searfch & Desftroy
2009-01-08 13:04 --------- d-----w d:\programmi\Java
2009-01-06 13:08 --------- d-----w d:\programmi\SopCast
2009-01-06 13:07 --------- d-----w d:\programmi\MSN Messenger
2008-12-30 13:39 --------- d-----w d:\programmi\Steam
2008-12-30 10:26 --------- d--h--w d:\programmi\InstallShield Installation Information
2008-12-28 23:59 --------- d-----w d:\programmi\BitTorrent
2008-12-25 10:27 --------- d--h--w d:\programmi\eMule
2008-12-24 13:39 --------- d-----w d:\programmi\Nokia
2008-12-24 12:57 --------- d-----w d:\programmi\PC Connectivity Solution
2008-12-24 12:57 --------- d-----w d:\programmi\File comuni\Nokia
2008-12-20 14:50 --------- d-----w d:\programmi\Messenger Plus! Live
2008-12-20 12:31 --------- d-----w d:\programmi\Microsoft Works
2008-12-19 21:46 --------- d-----w d:\programmi\File comuni\Adobe
2008-12-19 21:45 --------- d-----w d:\programmi\AdunanzA
2008-12-18 19:28 --------- d-----w d:\programmi\ESET
2008-12-18 19:25 --------- d-----w d:\programmi\File comuni\Wise Installation Wizard
2008-12-02 22:11 6,209,536 ----a-w d:\windows\system32\drivers\nv4_mini.sys
2008-11-23 12:05 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Orbit
2008-11-08 12:19 326 ----a-w D:\sccfg.sys
2008-01-22 06:03 3,854,336 ----a-w d:\programmi\Registration Tool.exe
2008-01-22 06:03 24,543,232 ----a-w d:\programmi\GuitarRig 2.exe
2008-01-22 06:03 2,975 ----a-w d:\programmi\Readme.txt
2008-01-13 12:46 339,944 ----a-w d:\programmi\UNWISE.EXE
2007-12-17 15:20 4,879,313 ----a-w d:\programmi\Allok Video to FLV Converter.zip
2005-10-21 12:26 945,345 ----a-w d:\programmi\Rig Kontrol 2 Driver Setup.exe
2003-07-09 08:45 40 ----a-w d:\programmi\mtachat.txt
2002-11-19 14:01 28,672 ----a-w d:\programmi\opera\program\plugins\PlugDef.dll
2008-10-19 09:58 49,152 ----a-w d:\programmi\mozilla firefox\components\SiteVacuumXPCOM.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{15c93148-34fe-47e6-88e5-37607a3002f3}"= "d:\programmi\recfree\tbrecf.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{15c93148-34fe-47e6-88e5-37607a3002f3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15c93148-34fe-47e6-88e5-37607a3002f3}]
2008-09-15 06:47 1784856 --a------ d:\programmi\recfree\tbrecf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{15c93148-34fe-47e6-88e5-37607a3002f3}"= "d:\programmi\recfree\tbrecf.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{15c93148-34fe-47e6-88e5-37607a3002f3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{15C93148-34FE-47E6-88E5-37607A3002F3}"= "d:\programmi\recfree\tbrecf.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{15c93148-34fe-47e6-88e5-37607a3002f3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AlcoholAutomount"="d:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 221568]
"MsnMsgr"="d:\programmi\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PC Suite Tray"="d:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"BitTorrent DNA"="d:\programmi\DNA\btdna.exe" [2008-12-29 342848]
"RGSC"="c:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-30 306088]
"Sony Ericsson PC Suite"="d:\programmi\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"Uniblue RegistryBooster 2009"="d:\programmi\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-01-12 81000]
"SmcService"="d:\progra~1\Sygate\SPF\smc.exe" [2009-01-12 2532576]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PowerMenu"="d:\programmi\PowerMenu\PowerMenu.exe" [2002-12-20 57344]
"CoolSwitch"="d:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"SunJavaUpdateSched"="d:\programmi\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"nwiz"="nwiz.exe" [2008-12-02 d:\windows\system32\nwiz.exe]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 d:\windows\StartupMonitor.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-12 d:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

d:\documents and settings\sfarrito\Menu Avvio\Programmi\Esecuzione automatica\
BHODemon 2.0.lnk - d:\programmi\BHODemon 2\BHODemon.exe [2005-06-19 946176]

d:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
ASRock WiFi-802.11g.lnk - d:\programmi\ASRock WiFi-802.11g\RtWLan.exe [2008-12-26 978944]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\pes2009\\pes2009.exe"=
"d:\\Programmi\\DNA\\btdna.exe"=
"d:\\Programmi\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\GTAIVPC\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"d:\\Programmi\\MSN Messenger\\livecall.exe"=
"d:\\Programmi\\uusee\\UUSeePlayer.exe"=
"d:\\Documents and Settings\\All Users.WINDOWS\\Dati applicazioni\\NexonEU\\NGM\\NGM.exe"=
"d:\\Documents and Settings\\All Users.WINDOWS\\Dati applicazioni\\NexonUS\\NGM\\NGM.exe"=
"c:\combat arms\CombatArms.exe"= c:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\combat arms\Engine.exe"= c:\combat arms\Engine.exe:*Enabled:Engine.exe

R0 avgntmgr;avgntmgr;d:\windows\system32\drivers\avgntmgr.sys [2008-12-18 22336]
R1 avgntdd;avgntdd;d:\windows\system32\drivers\avgntdd.sys [2008-12-18 45376]
R1 pctfw2;pctfw2;d:\windows\system32\drivers\pctfw2.sys [2009-01-13 160792]
S1 aswSP;avast! Self Protection; [x]
S3 getPlus(R) Helper;getPlus(R) Helper;d:\programmi\NOS\bin\getPlus_HelperSvc.exe [2008-12-19 33752]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;d:\windows\system32\drivers\RTL8187.sys [2008-12-26 269824]
S3 sdAuxService;PC Tools Auxiliary Service;d:\programmi\Spyware Doctor\pctsAuxs.exe [2009-01-13 337800]
S3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [2008-12-26 13532]
S4 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys d:\windows\system32\DRIVERS\aswFsBlk.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-12 d:\windows\Tasks\sfarrito backup.job
- D:\ [2009-01-13 15:19]

2009-01-12 d:\windows\Tasks\sfarrito scan and fix.job
- D:\ [2009-01-13 15:19]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-DAEMON Tools Lite - d:\programmi\DAEMON Tools Lite\daemon.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
IE: Add to AMV Converter... - d:\programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: d:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll

d:\windows\Downloaded Program Files\CONFLICT.1\csswlng.dll - d:\windows\Downloaded Program Files\CONFLICT.1\cssweb.dll
O16 -: {6CCE3920-3183-4B3D-808A-B12EB769DE12}
hxxp://www.commandondemand.com/eval/cod/cabs/cssweb.cab
d:\windows\Downloaded Program Files\CONFLICT.1\cssweb.inf
FF - ProfilePath - d:\documents and settings\sfarrito\Dati applicazioni\Mozilla\Firefox\Profiles\dhwhgkff.default\
FF - component: d:\programmi\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - component: d:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: d:\documents and settings\All Users.WINDOWS\Dati applicazioni\NexonEU\NGM\npNxGameeu.dll
FF - plugin: d:\documents and settings\All Users.WINDOWS\Dati applicazioni\NexonUS\NGM\npNxGameUS.dll
FF - plugin: d:\documents and settings\sfarrito\Dati applicazioni\Mozilla\Firefox\Profiles\dhwhgkff.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npvideoegg-loader.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- Associazioni di file -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 15:21:48
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-57989841-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:cb,2a,c4,5e,bf,95,bd,e0,d9,08,8c,5c,10,da,d0,c7,c3,e1,d7,c7,60,
d0,0a,ad,dc,a8,72,e8,fe,be,90,fe,8f,4d,50,d5,bb,22,c7,aa,b4,4f,72,1a,ec,8f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
"LastWPAEventLogged"=hex:d5,07,05,00,06,00,07,00,0f,00,38,00,24,00,fd,02
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(920)
d:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
d:\programmi\Java\jre6\bin\jqs.exe
d:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
d:\windows\system32\nvsvc32.exe
d:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\windows\system32\rundll32.exe
d:\programmi\PC Connectivity Solution\ServiceLayer.exe
d:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
d:\windows\system32\wscntfy.exe
d:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-13 15:26:06 - macchina è stato riavviato [sfarrito]
ComboFix-quarantined-files.txt 2009-01-13 14:26:04

Pre-Run: 2,565,840,896 byte disponibili
Post-Run: 2,502,807,552 byte disponibili

364 --- E O F --- 2009-01-02 12:04:21

Ovviamente il problema ancora non è risolto... Spero davvero con tutto il cuore che con il vostro aiuto riesca a risolverlo perché non vorrei formattare...
attendo con ansia una risposta, grazie!

[ste_95]

Ora segui queste istruzioni:
http://www.MegaLab.it/2657/4/bagle-un-w ... -antivirus

[sfarrito]

Guarda, adesso faccio come si fa con i medici e ti invio una bottiglia di vino o qualcosa di simile!
Alla fine ce l'ho fatta, in parte anche grazie all'aiuto dell'articolo ma gli ultimi passi li ho fatti da solo! Tu però mi sei stato utilissimo davvero, mi hai dato un aiuto provvidenziale!
Complimenti per il sito, la community e la professionalità soprattutto...
Mi siete stati consigliati da un amico e devo dire che aveva ragione sul vostro conto!

Io sono un player e gioco in modo "quasi professionale" (anzi, meglio dire giocavo, ora sto pensando un po' di più alla mia chitarra :P), sono team leader di un multigaming molto famoso anche in campo internazionale e con molti awards, ma non faccio il nome perché non vorrei sembrare uno che gira a fare publicità... Perciò l'aiuto che mi hai dato è stato fondamentale altrimenti avrei dovuto formattare centinaia di configurazioni e settaggi che mi permettono di giocare al meglio!

Beh grazie ancora, alla prossima!

[ste_95]

Beh grazie ancora, alla prossima!

[andreosky]

Di sicurissimo è un Worm Bagle che riesce a disabilitarti l'antivirus e ti blocca qualsiasi possibilità di disinstallarlo, oltre a vari altri piccoli problemucci.... Quello che devi fare è scaricareFindyKill, segu le istruzioni a schermo e tutto andrà bene. Forse è l'unico programma di rimozione Bagle che funziona! Approposito, come hai fatto a beccarlo?!? Che antivirus usi???

[ste_95]

Di sicurissimo è un Worm Bagle che riesce a disabilitarti l'antivirus e ti blocca qualsiasi possibilità di disinstallarlo, oltre a vari altri piccoli problemucci.... Quello che devi fare è scaricareFindyKill, segu le istruzioni a schermo e tutto andrà bene. Forse è l'unico programma di rimozione Bagle che funziona! Approposito, come hai fatto a beccarlo?!? Che antivirus usi???

Forse non hai colto che il problema è stato risolto da un po'!