www.MegaLab.it

da **cosimo86** » gio apr 16, 2009 7:56 am

[LOG]Ai me cari tutti, ho beccato questo maledetto virus !
Le sintomatiche sono classiche ovvero:
-ogni antivirus e bloccato
-la modalità provvisoria manco a pagarla
-file nascosti ma chè
-lentezza diffusa del browser
-avenger non parte
e il tutto dopo un maledetto doppio clic su un file .exe con due spade!!!

dopo ore e ore di scansione su pandasecuryty l'unico che sono riuscito a far partire dal web (vi allego il file) sono qui disperato a chiedere il vostro aiuto!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

VI PREGO NON ABBANDONATEMI!!!!!!!!!!!!!!!

GRAZIE 10000000000 A CHI SONO CERTO MI AIUTERA'

da **crazy.cat** » gio apr 16, 2009 8:23 am

Prova ad utilizzare Findykill e poi Combofix
http://www.MegaLab.it/3724/3/il-worm-ba ... -rimozione
Di findykill scegli l'opzione 2 per rimuovere i problemi trovati.

Di combofix allega il log che ne risulta seguendo però queste regole
sicurezza/importante-come-allegare-i-log-alle-discussioni-t45943.html
il file doc che hai allegato mi segnala un errore in apertura e poi si legge malissimo.

da **cosimo86** » gio apr 16, 2009 8:26 am

Ho avviato malwerbytes
leggendo su i vostri forum che faccio proseguo con lui? e posto il log??

GRAZIE

da **lorenaino** » gio apr 16, 2009 9:17 am

cosimo86 ha scritto:Ho avviato malwerbytes
leggendo su i vostri forum che faccio proseguo con lui? e posto il log??

GRAZIE

ciao,scusate l'intrusione,io seguirei i consigli di crazy.cat
[^]

da **crazy.cat** » gio apr 16, 2009 9:22 am

Malwarebytes andrebbe fatto dopo, comunque ormai finisci con quello.
Interessa più il log di combofix.

da **cosimo86** » gio apr 16, 2009 9:24 am

eCCO IL FILE LOG DI mALWERBYTES
lo allego in log vediamo se ci riesco:

Malwarebytes' Anti-Malware 1.36
Versione del database: 1989
Windows 5.1.2600 Service Pack 2

16/04/2009 10.23.58
mbam-log-2009-04-16 (10-23-53).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 286772
Tempo trascorso: 1 hour(s), 13 minute(s), 5 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 20
Valori di registro infetti: 3
Elementi dato del registro infetti: 0
Cartelle infette: 6
File infetti: 148

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqponoo (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{569fe242-569f-e242-569f-e242569fe242} (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000d0e00-0000-0000-c000-000000000046} (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{550d0110-8dcd-11d1-8524-00a02495e316} (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6c92b806-b900-4392-89f7-2ed4b4c23211} (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Rootkit.Bagle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\WebMediaPlayer (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\resources (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\skins (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\updates (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared (Trojan.Agent) -> No action taken.

File infetti:
C:\WINDOWS\system32\urqponoo.dll (Trojan.Vundo.H) -> No action taken.
C:\Programmi\Microsoft Office\Visio11\DLL\DWGDP.DLL (Adware.EnrgyPlus) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\drivers\srosa2.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000012.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000026.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000318.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000449.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000458.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000496.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0001495.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000441.sys (Rootkit.Bagle) -> No action taken.
C:\Programmi\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\data.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\list.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\srvlist.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\10 Foot World MCE Portal 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\12Ghosts SaveLayout 9.50.132.5502.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\4JLeak 1.0.3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\646-102 - Wireless LAN for Account Managers Exam (WLANAM) Practice Test Questions 1.0 (Patch).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\ABF Screen Saver (OpenGL) 2.0.0.79 [With Crack].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Abstract-Pictures ScreenSaver 1.5.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Adblock 0.5.3.043.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Age of Mythology The Titans The Maze Map.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Agogo DVD To PSP Video Converter 6.70.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Aigo DVD Ripper Pro 2.0.13.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\AL Clocks 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\American Idol Underground 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Ap TIFF To PDF Convert 3.0 Key+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Apache HTTP Server for Windows 2.2.4.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Atrise Stealth 1.0.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Attachment Finder for Outlook Express 2.29.15.45.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\AxEval Expression Evaluator ActiveX Control 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Aya Video Splitter 1.0.4.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\BASIC-256 0.9.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\BeCyLinkEd 1.00.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Best Selling Toys 1.0.0.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Blosxom 2.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\BlueJ 2.1.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Bookmark Buddy 3.5.3U.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Carl the Caveman Christmas Adventures 1.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Casper RAM Cleaner 2.3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\CCPlayer multimedia 2.5.1 [Serial].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Championship Five Hundred, Cribbage, and Gin Classic.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\ChordBook 3.4 Key.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Cinemati 1.0 Key+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Coalesys Internet NewsWire 1.2.92 [Key].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DD Game Launcher 0.9.8.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Desert Vision Clock Screensaver 1.0 (Serial).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Desktop Atomic Clock 2.22.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DeskTunes 1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DeviceShield 1.4.0 (Serial).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Diagram Designer 1.18.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Digg Frontpage News Viewer 1.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DopStudio 1.3.23.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DSRAZOR 4.3c [Serial].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DVW Search 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\e-motional Images Screen Saver 6.00.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Easy CD Creator Update (Platinum) 5.02d.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Easy2Sync for Files 1.26.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\EditEx 4.2.0 Alpha.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Excel Generator API 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Excellence Hot Key 2.1 Key.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Express Delegate 3.00.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\EZ AVI TO RM Converter 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\File Pulverizer 5.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Find in Frame Hack 0.2.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\FlashFolder 1.7.76 Beta.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\FlickrCrawler 1.0.0.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Free Internet TV 7.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Free Spam Fix 2.1.0.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\GENOM 2005 3.26.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Goofy Soccer 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\GrandBackup Ultimate 1.2 build 418.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\HCmdButtonAttachment 1.2.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\HeadingsMap 1.05.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Hotmail Plus Reader for Media Center.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\iArtwork 1.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\iHateSpam 4.0.632 Key+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Image to PDF Command Line Tool 2.00 Key+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Internet Streaming TV & Radio 1.10a.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\InvoiceCustomiser For Tally 1.11 build 237 Patch.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\IP subnet wildcard calculator 2.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Kernel for SQL Database 7.08.01.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\LingvoSoft Picture Dictionary 2007 German - Chinese Mandarin Traditional 1.1.20 [KeyGen].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Lomsel Backup 1.20.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\MD5Mate 1.1.0.12.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\mini Calendar 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Moments of Nature Screensaver 1.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\MP3 Workshop 1.98 [Cracked].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\MpegWare CD Ripper 2.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\NCTDialogicVoice ActiveX DLL 2.5.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Net Meter 3.6 Build 437.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\NOD32.Anti-Virus.v2.51.30.Spanish+Crack.Fix.v2.1.AutistasInformaticos.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Oculus 3.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\OneScan 1.1.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\OracleView 1.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Panda.Platinum.2006.Internet.Security.v10.02.01.GERMAN.WinALL.RETAIL.NFO.DIZ.FIX-ARN.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\PC Accelerator 2007 1.2.17 (Cracked).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\PC Recent 1.1.0 Key.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\PHPMaker 4.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Picture of the Day 1.3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Picture Patrol Officer XP 1.5.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Postman Professional 8.7.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Pro Template Maker 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\QuickTFTP Desktop Pro 3.8.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\RahmanImager Basic Edition 2.0 Patch.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\RealtyWare 2.0.1.3 [KeyGen].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Return on Investment Solver 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Ringtone Media Studio 2.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\RoX 1.2.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Sandra Bullock Sex-E Screensaver 3.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Saturn7 screensaver 4.1 (Crack).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Shadow Analyzer 1.1.4.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\SHTTPD 1.31.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\SoccerScores.PC 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Sophos.Antivirus.v3.84.Retail.For.Linux.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Sophos.Antivirus.v5.2.0.Win2KXP2k3.Multilingual.3000th.Release-DVT.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Souptoys 1.3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\StandardWriter 2.2.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Star Wars Battlefront II Battle of Heroes mod.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\STOIK Imagic Free Browser 4.0.3.4.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Symantec.Norton.Systemworks.Premier.2006-Keygen+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\TopoFusion Basic 2.97.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Total Validator Tool 3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\TrayIcon Standard 1.4.6.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\TweakIE 3.1.38.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\TypeItIn 2.8.1 (Key).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Ultra DVD Audio Ripper 3.0.1203.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Ultra WMV Converter 4.1.0725.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Unreal Tournament 2003 - Borg deathmatch map.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Unreal Tournament 2003 - Thermal Core deathmatch map.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Update Now! ActiveX Control 2.0 (With Crack).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\VistaCodecs x64Components 1.4.5.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Visual Zip Password Recovery Processor 5.54.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Voice Tracker 1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Vorboils Screensaver 2.06 Crack.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Wainmans Toolbar 4.5.88.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\WinGate 6.2.2 Build 1137 (KeyGen).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\XCircuit 3.4.10.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\xml2doc 1.00.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Xwap 3.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\drivers\winupgro.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Desktop\WebMediaPlayer.lnk (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.
C:\WINDOWS\Explorer.dbg (Heuristics.Reserved.Word.Exploit) -> No action taken.

vi prego help mi sono in un mega casotto!!!

da **cosimo86** » gio apr 16, 2009 9:59 am

Allora che faccio??
sono in trepidante attesa !!!

grazie in anticipo

da **crazy.cat** » gio apr 16, 2009 10:21 am

Non è che tutti i minuti sono davanti al pc.
Rimuovi tutto quello che ha trovato malwarebytes, alla fine della scansione giù in basso a sinistra c'è il pulsante per la rimozione. Se avevi già chiuso malwarebytes, usa gli altri due programmi che ti avevo detto e fai la scansione con loro che sono più veloci.
Disattiva anche il ripristino della configurazione prima di procedere con le pulizie
http://www.MegaLab.it/2330/come-disatti ... di-sistema

da **cosimo86** » gio apr 16, 2009 10:33 am

ecco i due file log il primo dopo eliminazione con Malwerbytes

Malwarebytes' Anti-Malware 1.36
Versione del database: 1989
Windows 5.1.2600 Service Pack 2

16/04/2009 10.23.58
mbam-log-2009-04-16 (10-23-53).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 286772
Tempo trascorso: 1 hour(s), 13 minute(s), 5 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 20
Valori di registro infetti: 3
Elementi dato del registro infetti: 0
Cartelle infette: 6
File infetti: 148

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqponoo (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{569fe242-569f-e242-569f-e242569fe242} (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000d0e00-0000-0000-c000-000000000046} (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{550d0110-8dcd-11d1-8524-00a02495e316} (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6c92b806-b900-4392-89f7-2ed4b4c23211} (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Rootkit.Bagle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\WebMediaPlayer (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\resources (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\skins (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\updates (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared (Trojan.Agent) -> No action taken.

File infetti:
C:\WINDOWS\system32\urqponoo.dll (Trojan.Vundo.H) -> No action taken.
C:\Programmi\Microsoft Office\Visio11\DLL\DWGDP.DLL (Adware.EnrgyPlus) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\drivers\srosa2.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000012.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000026.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000318.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000449.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000458.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000496.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0001495.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{25A6C916-B10B-48E0-9808-F813E32B4E76}\RP1\A0000441.sys (Rootkit.Bagle) -> No action taken.
C:\Programmi\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> No action taken.
C:\Programmi\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\data.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\list.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\srvlist.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\10 Foot World MCE Portal 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\12Ghosts SaveLayout 9.50.132.5502.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\4JLeak 1.0.3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\646-102 - Wireless LAN for Account Managers Exam (WLANAM) Practice Test Questions 1.0 (Patch).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\ABF Screen Saver (OpenGL) 2.0.0.79 [With Crack].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Abstract-Pictures ScreenSaver 1.5.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Adblock 0.5.3.043.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Age of Mythology The Titans The Maze Map.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Agogo DVD To PSP Video Converter 6.70.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Aigo DVD Ripper Pro 2.0.13.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\AL Clocks 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\American Idol Underground 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Ap TIFF To PDF Convert 3.0 Key+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Apache HTTP Server for Windows 2.2.4.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Atrise Stealth 1.0.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Attachment Finder for Outlook Express 2.29.15.45.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\AxEval Expression Evaluator ActiveX Control 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Aya Video Splitter 1.0.4.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\BASIC-256 0.9.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\BeCyLinkEd 1.00.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Best Selling Toys 1.0.0.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Blosxom 2.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\BlueJ 2.1.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Bookmark Buddy 3.5.3U.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Carl the Caveman Christmas Adventures 1.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Casper RAM Cleaner 2.3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\CCPlayer multimedia 2.5.1 [Serial].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Championship Five Hundred, Cribbage, and Gin Classic.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\ChordBook 3.4 Key.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Cinemati 1.0 Key+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Coalesys Internet NewsWire 1.2.92 [Key].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DD Game Launcher 0.9.8.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Desert Vision Clock Screensaver 1.0 (Serial).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Desktop Atomic Clock 2.22.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DeskTunes 1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DeviceShield 1.4.0 (Serial).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Diagram Designer 1.18.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Digg Frontpage News Viewer 1.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DopStudio 1.3.23.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DSRAZOR 4.3c [Serial].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\DVW Search 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\e-motional Images Screen Saver 6.00.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Easy CD Creator Update (Platinum) 5.02d.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Easy2Sync for Files 1.26.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\EditEx 4.2.0 Alpha.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Excel Generator API 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Excellence Hot Key 2.1 Key.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Express Delegate 3.00.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\EZ AVI TO RM Converter 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\File Pulverizer 5.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Find in Frame Hack 0.2.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\FlashFolder 1.7.76 Beta.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\FlickrCrawler 1.0.0.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Free Internet TV 7.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Free Spam Fix 2.1.0.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\GENOM 2005 3.26.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Goofy Soccer 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\GrandBackup Ultimate 1.2 build 418.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\HCmdButtonAttachment 1.2.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\HeadingsMap 1.05.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Hotmail Plus Reader for Media Center.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\iArtwork 1.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\iHateSpam 4.0.632 Key+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Image to PDF Command Line Tool 2.00 Key+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Internet Streaming TV & Radio 1.10a.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\InvoiceCustomiser For Tally 1.11 build 237 Patch.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\IP subnet wildcard calculator 2.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Kernel for SQL Database 7.08.01.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\LingvoSoft Picture Dictionary 2007 German - Chinese Mandarin Traditional 1.1.20 [KeyGen].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Lomsel Backup 1.20.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\MD5Mate 1.1.0.12.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\mini Calendar 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Moments of Nature Screensaver 1.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\MP3 Workshop 1.98 [Cracked].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\MpegWare CD Ripper 2.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\NCTDialogicVoice ActiveX DLL 2.5.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Net Meter 3.6 Build 437.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\NOD32.Anti-Virus.v2.51.30.Spanish+Crack.Fix.v2.1.AutistasInformaticos.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Oculus 3.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\OneScan 1.1.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\OracleView 1.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Panda.Platinum.2006.Internet.Security.v10.02.01.GERMAN.WinALL.RETAIL.NFO.DIZ.FIX-ARN.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\PC Accelerator 2007 1.2.17 (Cracked).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\PC Recent 1.1.0 Key.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\PHPMaker 4.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Picture of the Day 1.3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Picture Patrol Officer XP 1.5.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Postman Professional 8.7.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Pro Template Maker 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\QuickTFTP Desktop Pro 3.8.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\RahmanImager Basic Edition 2.0 Patch.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\RealtyWare 2.0.1.3 [KeyGen].zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Return on Investment Solver 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Ringtone Media Studio 2.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\RoX 1.2.2.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Sandra Bullock Sex-E Screensaver 3.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Saturn7 screensaver 4.1 (Crack).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Shadow Analyzer 1.1.4.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\SHTTPD 1.31.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\SoccerScores.PC 1.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Sophos.Antivirus.v3.84.Retail.For.Linux.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Sophos.Antivirus.v5.2.0.Win2KXP2k3.Multilingual.3000th.Release-DVT.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Souptoys 1.3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\StandardWriter 2.2.0.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Star Wars Battlefront II Battle of Heroes mod.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\STOIK Imagic Free Browser 4.0.3.4.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Symantec.Norton.Systemworks.Premier.2006-Keygen+Serial.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\TopoFusion Basic 2.97.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Total Validator Tool 3.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\TrayIcon Standard 1.4.6.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\TweakIE 3.1.38.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\TypeItIn 2.8.1 (Key).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Ultra DVD Audio Ripper 3.0.1203.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Ultra WMV Converter 4.1.0725.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Unreal Tournament 2003 - Borg deathmatch map.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Unreal Tournament 2003 - Thermal Core deathmatch map.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Update Now! ActiveX Control 2.0 (With Crack).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\VistaCodecs x64Components 1.4.5.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Visual Zip Password Recovery Processor 5.54.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Voice Tracker 1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Vorboils Screensaver 2.06 Crack.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Wainmans Toolbar 4.5.88.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\WinGate 6.2.2 Build 1137 (KeyGen).zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\XCircuit 3.4.10.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\xml2doc 1.00.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\m\shared\Xwap 3.1.zip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LISI\Dati applicazioni\drivers\winupgro.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Desktop\WebMediaPlayer.lnk (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.
C:\WINDOWS\Explorer.dbg (Heuristics.Reserved.Word.Exploit) -> No action taken.

il secondo dopo lo scan con findkill

############################## [ FindyKill V4.718 ]

# User : LISI (Administrators) # COSIMO
# Update on 01/03/09
# Start at: 17.13.30 | 10/04/2009

# Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090408-0] 4.8.1335 [ Enabled | Updated ]

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 94.95 Go (4.06 Go free) # NTFS
# D:\ # Disco rigido locale # 94.95 Go (7.79 Go free) # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco CD-ROM
# G:\ # Disco CD-ROM
# H:\ # Disco rigido locale # 233.76 Go (67.18 Go free) [COSIMO HD ESTERNO] # NTFS

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\LISI\Dati applicazioni\drivers\winupgro.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Documents and Settings\LISI\Dati applicazioni\m\flec006.exe
C:\Documents and Settings\LISI\Dati applicazioni\drivers\downld\1086656.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

################## [ Infected processes stopped ]

"C:\Documents and Settings\LISI\Dati applicazioni\drivers\winupgro.exe" (2592)
"C:\Documents and Settings\LISI\Dati applicazioni\m\flec006.exe" (4000)
"C:\Documents and Settings\LISI\Dati applicazioni\drivers\downld\1086656.exe" (2472)
"C:\WINDOWS\system32\wintems.exe" (740)

################## [ Infected Files / Folders C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\system32 ]

Found ! - C:\WINDOWS\system32\mdelk.exe
Found ! - C:\WINDOWS\system32\wintems.exe
Found ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Found ! - "C:\WINDOWS\system32\drivers\down"

################## [ C:\.. Application Data ... ]

Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\m\flec006.exe"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\m\list.oct"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\m\data.oct"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\m\srvlist.oct"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\m\shared"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\m"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\drivers"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\drivers\srosa2.sys"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\drivers\wfsintwq.sys"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\drivers\winupgro.exe"
Found ! - "C:\Documents and Settings\LISI\Dati applicazioni\drivers\downld"

################## [ Registry / Infected keys ]

Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\Ubisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! - HKEY_USERS\S-1-5-21-746137067-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

################## [ Searching in removable drives ]

# Contents of autorun : C:\autorun.inf

[AutoRun]
;OSA4lp3ZkSLjLacs
open=pook.com
;jaXSdjkqrl4da0k7I2k18slrKDis
shell\open\Command=pook.com

# Contents of autorun : D:\autorun.inf

[AutoRun]
;OSA4lp3ZkSLjLacs
open=pook.com
;jaXSdjkqrl4da0k7I2k18slrKDis
shell\open\Command=pook.com

# Contents of autorun : H:\autorun.inf

[AutoRun]
;0SlkOdlkmo55al1r9D7wKak2Kq3we9aI4d32K3weDq37FkpLKZDoA3210sA2LJlrslKsDw5Lc0aladro2Soosfa3qAjeLjAo
open=8.bat
;koaal3JKsK
shell\open\Command=8.bat

# Presence of files :

Found ! [06/02/2009 10.22][-r-hs----] - C:\autorun.inf
Found ! [06/02/2009 10.22][-r-hs----] - D:\autorun.inf
Found ! [02/02/2009 17.37][-r-hs----] - H:\autorun.inf

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ ! End of report # FindyKill V4.718 ! ]

grazie e scusa per la fretta ma sai come è il mio pc è "nu pizz e cor"

da **crazy.cat** » gio apr 16, 2009 10:38 am

Con malwarebytes mi sembra tu non abbia rimosso niente "No action taken".
Con findykill hai scelto l'opzione 2 per eliminare i problemi trovati?

da **cosimo86** » gio apr 16, 2009 10:49 am

no salvato il file txt si è chiuso ora riprovo!!!
grazie

da **cosimo86** » gio apr 16, 2009 11:01 am

gli antivirus hanno ripareso ha funzionare MITICOOOOOOOOOOOOOOOOOO

comunque NON HO FATTO LA FASE DUE DI findkill!!
che dici devo farlo ho meglio evitare ora con avast e avir attivi???

GRAZIE INFINITAMENTE!!!!!!!
ATTENDO ULTERIORE RISPOSTA!!!

da **lorenaino** » gio apr 16, 2009 12:19 pm

cosimo86 ha scritto:gli antivirus hanno ripareso ha funzionare MITICOOOOOOOOOOOOOOOOOO

comunque NON HO FATTO LA FASE DUE DI findkill!!
che dici devo farlo ho meglio evitare ora con avast e avir attivi???

GRAZIE INFINITAMENTE!!!!!!!
ATTENDO ULTERIORE RISPOSTA!!!

Scusa la domanda: hai attivi 2 antivirus?
[uhm]

da **crazy.cat** » gio apr 16, 2009 12:23 pm

Butta via quella schifezza di avast e abituati ad usare il sito www.virustotal.com per provare i file dubbi prima di utilizzarli sul tuo pc.
Un giretto con findykill e combofix lo farei lo stesso, findykill ripristina anche alcune funzioni di windows che vengono danneggiate da bagle.

da **desperatos** » ven apr 17, 2009 12:35 am

Ciao ho bisogno di aiuto!!!! Ho beccato bagle però fortunatamente sono riuscito a far rifunzionare l'antivirus ma mi ha bloccato anche la connessione internet che non riesco a ripristinare. Le ho provate tutte avete qualche altro sistema da indicarmi? Sto provando con findykill ma l'opzione 2 di cleaning non me la fa avviare. Cosa devo fare????? Aiutooooo....... Grazie

da **desperatos** » ven apr 17, 2009 12:51 am

Woooowwwww sembra che sia andatooooooo!!!! Speriamo bene..... Grazie lo stesso. Nel caso vi faccio sapere..... Ciao a tutti

www.MegaLab.it

Bagle 2009

Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Re: Bagle 2009

Chi c’è in linea