www.MegaLab.it

da **EliotNess** » sab mag 15, 2010 10:22 pm

ho usato il tuo primo link

adesso l'audio è tornato, ho provato a ri-installare avira ed è andata...ora faccio lo scan con il "rientrante" avira vediamo se trova dei problemi.

Come posso sapere se questo bagle c'è ancora? se è ancora radicato nel sistema?

grazie per ora, siete stati gentilissimi

da **stevens** » dom mag 16, 2010 9:50 am

disattiva l'antivirus

scarica combofix sul desktop ed eseguilo

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!

da **EliotNess** » dom mag 16, 2010 4:15 pm

ComboFix 10-05-15.03 - utente 16/05/2010 14.58.08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.255.151 [GMT 2:00]
Eseguito da: c:\documents and settings\utente\Documenti\Files setup\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.bak

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((( Files Creati Da 2010-04-16 al 2010-05-16 )))))))))))))))))))))))))))))))))))
.

2010-05-15 22:08 . 2010-05-15 22:08 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-05-15 22:08 . 2010-05-15 22:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-15 21:30 . 2010-05-15 21:30 -------- d-----w- c:\programmi\Trend Micro
2010-05-15 21:05 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-15 21:05 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-15 21:05 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-15 21:05 . 2010-05-15 21:05 -------- d-----w- c:\programmi\Avira
2010-05-15 21:05 . 2010-05-15 21:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-05-15 19:56 . 2010-05-15 19:56 398336 ----a-w- c:\windows\system32\CF3304.exe
2010-05-15 18:25 . 2010-05-15 22:26 -------- d-----w- C:\FyK
2010-05-15 17:45 . 2010-05-15 17:46 -------- d-----w- c:\programmi\CCleaner
2010-05-15 17:44 . 2010-05-15 17:43 398336 ----a-w- c:\windows\system32\CF10003.exe
2010-05-15 17:36 . 2010-05-15 17:36 398336 ----a-w- c:\windows\system32\CF8579.exe
2010-05-15 17:14 . 2010-05-15 17:14 398336 ----a-w- c:\windows\system32\CF4206.exe
2010-05-15 16:49 . 2010-05-15 16:49 398336 ----a-w- c:\windows\system32\CF32184.exe
2010-05-15 16:28 . 2010-05-15 16:28 398336 ----a-w- c:\windows\system32\CF27965.exe
2010-05-15 15:58 . 2010-05-15 15:58 398336 ----a-w- c:\windows\system32\CF22090.exe
2010-05-15 15:57 . 2010-05-15 15:56 398336 ----a-w- c:\windows\system32\CF21845.exe
2010-05-15 14:41 . 2010-05-15 14:41 398336 ----a-w- c:\windows\system32\CF7068.exe
2010-05-15 14:41 . 2010-05-15 14:40 398336 ----a-w- c:\windows\system32\CF6954.exe
2010-05-15 14:31 . 2010-05-15 14:31 398336 ----a-w- c:\windows\system32\CF5070.exe
2010-05-15 14:29 . 2010-05-15 14:25 398336 ----a-w- c:\windows\system32\CF4234.exe
2010-05-15 14:29 . 2010-05-15 14:25 398336 ----a-w- c:\windows\system32\CF4475.exe
2010-05-15 14:29 . 2010-05-15 14:25 398336 ----a-w- c:\windows\system32\CF4015.exe
2010-05-15 14:08 . 2010-05-15 14:07 398336 ----a-w- c:\windows\system32\CF495.exe
2010-05-15 14:06 . 2010-05-15 14:06 398336 ----a-w- c:\windows\system32\CF246.exe
2010-05-15 14:03 . 2010-05-15 14:03 398336 ----a-w- c:\windows\system32\CF32361.exe
2010-05-15 14:02 . 2010-05-15 14:02 398336 ----a-w- c:\windows\system32\CF32227.exe
2010-05-15 14:01 . 2010-05-15 14:01 398336 ----a-w- c:\windows\system32\CF31917.exe
2010-05-03 22:25 . 2010-05-03 22:25 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
2010-04-29 12:51 . 2010-04-29 12:51 -------- d-----w- C:\Poker
2010-04-22 18:39 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-19 00:25 . 2010-04-19 00:23 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 21:54 . 2010-01-09 19:10 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\vlc
2010-05-15 13:01 . 2010-01-23 17:49 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-05-15 12:58 . 2010-01-27 16:47 -------- d-----w- c:\programmi\Lame for Audacity
2010-05-14 17:22 . 2010-01-27 12:39 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\uTorrent
2010-05-14 15:02 . 2010-03-11 15:24 -------- d-----w- c:\programmi\Championship Manager 01-02
2010-05-09 18:34 . 2010-02-10 13:46 -------- d-----w- c:\programmi\Avidemux 2.5
2010-04-18 21:25 . 2010-01-22 17:55 63984 ----a-w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-13 18:00 . 2008-04-14 12:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2010-04-13 18:00 . 2008-04-14 12:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2010-04-11 13:16 . 2010-02-01 16:39 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-09 11:17 . 2010-01-27 21:57 -------- d-----w- c:\programmi\Google
2010-04-06 21:26 . 2010-01-27 12:40 -------- d-----w- c:\programmi\uTorrent
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 13:37 . 2010-02-28 22:54 34650264 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\NokiaSoftwareUpdaterSetup_2.4.5IT.exe
2010-02-28 22:52 . 2010-02-28 22:52 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\msxml6Exec.exe
2010-02-28 22:52 . 2010-02-28 22:52 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\Sleep.exe
2010-02-28 22:52 . 2010-02-28 22:52 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\vcredistExec.exe
2010-02-25 06:16 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-02-20 18:41 . 2010-02-20 18:41 300616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-02-20 18:41 . 2010-02-20 18:41 329312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-02-20 18:39 . 2010-02-01 16:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-20 18:39 . 2010-02-01 16:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-17 12:05 . 2008-04-14 12:00 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2008-04-13 18:55 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

------- Sigcheck -------

[-] 2009-12-07 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-20 18:39 202256 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-18 00:30 39424 ----a-w- c:\programmi\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [07/12/2009 17.14.01 814277]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [27/01/2010 17.19.40 120472]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/01/2010 23.57.33 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe" -->

c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe [?]

.
Contenuto della cartella 'Scheduled Tasks'

2010-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-27 21:57]

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-27 21:57]

2010-05-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1060284298-1202660629-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-05-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1060284298-1202660629-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-05-16 c:\windows\Tasks\User_Feed_Synchronization-{200012B6-ADDC-4176-A51D-6F1E43D07F65}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
TCP: {5C3BB392-EE83-46B5-A9BA-66B8B39E7831} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\mw6ydl07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Veetle\Player\npvlc.dll
FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-PC Suite Tray - c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
HKCU-Run-flec003.exe - c:\documents and settings\utente\Dati applicazioni\hidires\flec003.exe
MSConfigStartUp-flec003 - c:\documents and settings\utente\Dati applicazioni\hidires\flec003.exe
MSConfigStartUp-PC Suite Tray - c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
AddRemove-McAfee Security Scan - c:\programmi\McAfee Security Scan\uninstall.exe
AddRemove-SiS7012 - c:\programmi\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 15:57
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PEVSystemStart]
"ImagePath"="\"c:\combofix\PEV.cfxxe\" EXEC /i \"c:\combofix\REGT.cfxxe\" /S \"c:\combofix\erunt.dat\""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-05-16 16:08:16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-05-16 14:08

Pre-Run: 20.490.821.632 byte disponibili
Post-Run: 20.276.363.264 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 281CC953915D64145A2F9E9022CC54A7

ecco il log, ieri ho provato a fare una scansione con avira e ha rilevato 92 minacce, dopo la riparazione ho rifatto lo scan e zero rilevamenti...

fammi sapere!

da **stevens** » dom mag 16, 2010 4:35 pm

mentre faccio un controllo fai una scansione con malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

da **Berga95** » dom mag 16, 2010 6:39 pm

Beh, comunque se sei riuscito a reinstallare avira, si può dire che sei guarito, al massimo potresti trovare qualche traccia innocua... comunque una scansione con malware bytes anti malware (mbam) la consiglio sempre... [^]

da **EliotNess** » lun mag 17, 2010 1:47 pm

eccomi, penso che il problema sia ormai un ricordo...ho fatto la scansione con malwarebytes, zero rilevamenti, di nuovo con avira e anche qui zero rilevamenti...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4105

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/05/2010 14.42.49
mbam-log-2010-05-17 (14-42-49).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi esaminati: 161449
Tempo trascorso: 1 ore, 12 minuti, 9 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

come devo comportarmi con gli elementi in quarantena trovati nei precedenti scan? posso eliminarli?

Grazie ancora per il vostro prezioso aiuto [^]

da **stevens** » lun mag 17, 2010 2:15 pm

apri una pagina del blocco note e copia incolla quanto segue:

File::
c:\windows\system32\CF3304.exe
c:\windows\system32\CF10003.exe
c:\windows\system32\CF8579.exe
c:\windows\system32\CF4206.exe
c:\windows\system32\CF32184.exe
c:\windows\system32\CF27965.exe
c:\windows\system32\CF22090.exe
c:\windows\system32\CF21845.exe
c:\windows\system32\CF7068.exe
c:\windows\system32\CF6954.exe
c:\windows\system32\CF5070.exe
c:\windows\system32\CF4234.exe
c:\windows\system32\CF4475.exe
c:\windows\system32\CF4015.exe
c:\windows\system32\CF495.exe
c:\windows\system32\CF246.exe
c:\windows\system32\CF32361.exe
c:\windows\system32\CF32227.exe
c:\windows\system32\CF31917.exe

salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...

da **EliotNess** » lun mag 17, 2010 2:51 pm

eccolo

ComboFix 10-05-15.03 - utente 17/05/2010 15.29.37.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.255.133 [GMT 2:00]
Eseguito da: c:\documents and settings\utente\Desktop\Sicurezza\ComboFix.exe
Opzioni usate :: C:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}

FILE ::
"c:\windows\system32\CF10003.exe"
"c:\windows\system32\CF21845.exe"
"c:\windows\system32\CF22090.exe"
"c:\windows\system32\CF246.exe"
"c:\windows\system32\CF27965.exe"
"c:\windows\system32\CF31917.exe"
"c:\windows\system32\CF32184.exe"
"c:\windows\system32\CF32227.exe"
"c:\windows\system32\CF32361.exe"
"c:\windows\system32\CF3304.exe"
"c:\windows\system32\CF4015.exe"
"c:\windows\system32\CF4206.exe"
"c:\windows\system32\CF4234.exe"
"c:\windows\system32\CF4475.exe"
"c:\windows\system32\CF495.exe"
"c:\windows\system32\CF5070.exe"
"c:\windows\system32\CF6954.exe"
"c:\windows\system32\CF7068.exe"
"c:\windows\system32\CF8579.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CF10003.exe
c:\windows\system32\CF21845.exe
c:\windows\system32\CF22090.exe
c:\windows\system32\CF246.exe
c:\windows\system32\CF27965.exe
c:\windows\system32\CF31917.exe
c:\windows\system32\CF32184.exe
c:\windows\system32\CF32227.exe
c:\windows\system32\CF32361.exe
c:\windows\system32\CF3304.exe
c:\windows\system32\CF4015.exe
c:\windows\system32\CF4206.exe
c:\windows\system32\CF4234.exe
c:\windows\system32\CF4475.exe
c:\windows\system32\CF495.exe
c:\windows\system32\CF5070.exe
c:\windows\system32\CF6954.exe
c:\windows\system32\CF7068.exe
c:\windows\system32\CF8579.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-04-17 al 2010-05-17 )))))))))))))))))))))))))))))))))))
.

2010-05-16 15:41 . 2010-05-16 15:41 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Malwarebytes
2010-05-16 15:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 15:41 . 2010-05-16 15:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-05-16 15:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-16 15:41 . 2010-05-16 15:41 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-15 22:08 . 2010-05-15 22:08 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-05-15 22:08 . 2010-05-15 22:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-15 21:30 . 2010-05-15 21:30 -------- d-----w- c:\programmi\Trend Micro
2010-05-15 21:05 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-15 21:05 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-15 21:05 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-15 21:05 . 2010-05-15 21:05 -------- d-----w- c:\programmi\Avira
2010-05-15 21:05 . 2010-05-15 21:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-05-15 18:25 . 2010-05-15 22:26 -------- d-----w- C:\FyK
2010-05-15 17:45 . 2010-05-15 17:46 -------- d-----w- c:\programmi\CCleaner
2010-05-03 22:25 . 2010-05-03 22:25 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
2010-04-29 12:51 . 2010-04-29 12:51 -------- d-----w- C:\Poker
2010-04-22 18:39 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-19 00:25 . 2010-04-19 00:23 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 21:54 . 2010-01-09 19:10 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\vlc
2010-05-15 13:01 . 2010-01-23 17:49 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-05-15 12:58 . 2010-01-27 16:47 -------- d-----w- c:\programmi\Lame for Audacity
2010-05-14 17:22 . 2010-01-27 12:39 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\uTorrent
2010-05-14 15:02 . 2010-03-11 15:24 -------- d-----w- c:\programmi\Championship Manager 01-02
2010-05-09 18:34 . 2010-02-10 13:46 -------- d-----w- c:\programmi\Avidemux 2.5
2010-04-18 21:25 . 2010-01-22 17:55 63984 ----a-w- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-13 18:00 . 2008-04-14 12:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2010-04-13 18:00 . 2008-04-14 12:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2010-04-11 13:16 . 2010-02-01 16:39 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-09 11:17 . 2010-01-27 21:57 -------- d-----w- c:\programmi\Google
2010-04-06 21:26 . 2010-01-27 12:40 -------- d-----w- c:\programmi\uTorrent
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 13:37 . 2010-02-28 22:54 34650264 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\NokiaSoftwareUpdaterSetup_2.4.5IT.exe
2010-02-28 22:52 . 2010-02-28 22:52 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\msxml6Exec.exe
2010-02-28 22:52 . 2010-02-28 22:52 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\Sleep.exe
2010-02-28 22:52 . 2010-02-28 22:52 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\vcredistExec.exe
2010-02-25 06:16 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-02-20 18:41 . 2010-02-20 18:41 300616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-02-20 18:41 . 2010-02-20 18:41 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-02-20 18:41 . 2010-02-20 18:41 329312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-02-20 18:39 . 2010-02-01 16:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-20 18:39 . 2010-02-01 16:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-17 12:05 . 2008-04-14 12:00 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2008-04-13 18:55 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

------- Sigcheck -------

[-] 2009-12-07 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-20 18:39 202256 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-18 00:30 39424 ----a-w- c:\programmi\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [07/12/2009 17.14.01 814277]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [27/01/2010 17.19.40 120472]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/01/2010 23.57.33 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe" -->

c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe [?]

.
Contenuto della cartella 'Scheduled Tasks'

2010-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-27 21:57]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-27 21:57]

2010-05-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1060284298-1202660629-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-05-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1060284298-1202660629-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-05-17 c:\windows\Tasks\User_Feed_Synchronization-{200012B6-ADDC-4176-A51D-6F1E43D07F65}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
TCP: {5C3BB392-EE83-46B5-A9BA-66B8B39E7831} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\mw6ydl07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Veetle\Player\npvlc.dll
FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-bet365poker - c:\poker\Poker at bet365\_SetupPoker_3f8b.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 15:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2010-05-17 15:41:10
ComboFix-quarantined-files.txt 2010-05-17 13:41
ComboFix2.txt 2010-05-16 14:08

Pre-Run: 21.608.407.040 byte disponibili
Post-Run: 21.567.442.944 byte disponibili

- - End Of File - - 8B1C347BA8A4050EE26A64513AC8AF8E

da **stevens** » lun mag 17, 2010 3:02 pm

riesegui findykill da uno dei link che ti ha fornito Berga95 appure scaricalo da qui e posta il rapporto ottenuto

da **EliotNess** » lun mag 17, 2010 5:48 pm

############################## | FindyKill V5.043 |

# User : utente (Administrators) # UTENTE-F5ED1DD0
# Update on 12/05/2010 by El Desaparecido
# Start at: 18.47.02 | 17/05/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Pentium(R) 4 CPU 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 38,28 Go (19,57 Go free) # NTFS
# D:\ # Disco CD-ROM # 293,1 Mo (0 Mo free) [CM0102_REL] # CDFS
# F:\ # Disco rigido locale # 232,88 Go (6,1 Go free) [Volume] # NTFS

################## | Infected File |

D:\autorun.inf

################## | Registry |

[HKCR\ed2k]
[HKCU\Software\Classes\ed2k]
[HKCU\Software\Local AppWizard-Generated Applications\patch]
[HKCU\Software\Local AppWizard-Generated Applications\winupgro]
[HKU\S-1-5-21-789336058-1060284298-1202660629-1003\Software\Local AppWizard-Generated Applications\patch]
[HKU\S-1-5-21-789336058-1060284298-1202660629-1003\Software\Local AppWizard-Generated Applications\winupgro]

################## | State |

# Showing of hidden files : OK

# Safe boot mode : OK

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | End of Report # FindyKill V5.043 ! |

da **stevens** » lun mag 17, 2010 6:01 pm

hai inserito un dispositivo esterno durante la scansione? ha trovato l'autorun.inf in D:\

riesegui findykill usando solo l'opzione 2 (pulizia)

www.MegaLab.it

Problema Bagle, finora nessun provvedimento è stato utile

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Re: Problema Bagle, finora nessun provvedimento è stato util

Chi c’è in linea