Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

credo un Bagle

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

credo un Bagle

Messaggioda Antonypax » dom apr 05, 2009 4:19 pm

IL pc è diventato lentissimo, l' antivirus nn mi funziona, nemmeno photoshop ecc. ogni volta che kerco d usare questi programmi mi scrive: non è un' applicazione win32 valida
nn so cosa fare mi date una mano?
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda Amantide » dom apr 05, 2009 4:30 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]


Se in precedenza hai già provato ad usare Combofix, prima di riscaricarlo vai su Start>> Esegui e digiti combofix /u
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: credo un Bagle

Messaggioda Antonypax » dom apr 05, 2009 5:12 pm

Amantide ha scritto:Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]


Se in precedenza hai già provato ad usare Combofix, prima di riscaricarlo vai su Start>> Esegui e digiti combofix /u

ComboFix 09-04-04.01 - Antonypax 2009-04-05 17:54:59.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1022.698 [GMT 2:00]
Eseguito da: c:\documents and settings\Antonypax\Desktop\ouaaa.exe
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Antonypax\Application Data\drivers\downld
c:\documents and settings\Antonypax\Application Data\drivers\downld\17959062.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17961281.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17961296.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17986921.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17991078.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\17991718.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18028109.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18029859.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18030437.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18071859.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18141546.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18141703.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18141718.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18145750.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18152343.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18154000.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18155640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18208984.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18209750.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18209953.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18212640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18214046.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18217078.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18218078.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18219171.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18225578.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18228281.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18229406.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18231515.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18390265.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18392546.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18394015.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18424359.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18425265.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18425281.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18428031.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18428687.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18497953.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18498828.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18499062.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18517000.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18522093.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18522640.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18522812.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18523218.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18523968.exe
c:\documents and settings\Antonypax\Application Data\drivers\downld\18523984.exe
c:\documents and settings\Antonypax\Application Data\drivers\srosa2.sys
c:\documents and settings\Antonypax\Application Data\drivers\wfsintwq.sys
c:\documents and settings\Antonypax\Application Data\drivers\winupgro.exe
c:\documents and settings\Antonypax\Application Data\m
c:\documents and settings\Antonypax\Application Data\m\data.oct
c:\documents and settings\Antonypax\Application Data\m\flec006.exe
c:\documents and settings\Antonypax\Application Data\m\list.oct
c:\documents and settings\Antonypax\Application Data\m\shared\12 TO THE MOON 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\2D Truss Analysis Static Edition 1.0 KeyGen.zip
c:\documents and settings\Antonypax\Application Data\m\shared\3D Space Asteroids 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Address Book Database Software 7.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Aimersoft iPod Converter Suite 1.0.22 (Serial).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Allok MOV Converter 4.1.1129.zip
c:\documents and settings\Antonypax\Application Data\m\shared\AquaSoft SlideShow Studio 5.7.01.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Async Flash Studio 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\AVTJet Impression Workshop 1.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Batch WinFax2PDF 2.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Battlefield 1942 - Citadel Isle map.zip
c:\documents and settings\Antonypax\Application Data\m\shared\BESchedule 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\BPS Spyware and Adware Remover 9.4.0.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\BrainBurst 1.4.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Brap FM 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Britney Spears Screen Saver 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Browzar 1.4.0.0 Beta.zip
c:\documents and settings\Antonypax\Application Data\m\shared\BugTimer Performance Test Manager 2.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\CD DVD catalog 2.4.0.0 Key+Serial.zip
c:\documents and settings\Antonypax\Application Data\m\shared\ChibiTracker 0.9a.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Clean & Clear 0.99.zip
c:\documents and settings\Antonypax\Application Data\m\shared\ClickOK 1.0 (With Crack).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Clients 1.3.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\ClockEveryWhere 2.05.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Clonedir 2.6.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Coupon Dude 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\D2GSaver 1.11 [Crack].zip
c:\documents and settings\Antonypax\Application Data\m\shared\DoMo Homepage 1.0.75.052307 Beta.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Dugged 0.4.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Eat My Dust demo, large version.zip
c:\documents and settings\Antonypax\Application Data\m\shared\eComm PRO 2.09.003.4361.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Elementec Backup & Compress 1.1.6.zip
c:\documents and settings\Antonypax\Application Data\m\shared\FileWorks 3.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\FreeShield 2.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\GE-Graph 2.2.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\GetData Graph Digitizer 2.22 [With Crack].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Google Complete Search 1.0.0.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\HandyFileSearch 1.1.0 [Key+Serial].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Heart of Midlothian FC RSS Feed 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Hidden Information Explorer 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\High Fiber Diet 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\HomeCost Estimator for Excel 5.00.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Html Java Swing Applet Creator 2.0.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Hue and cry 1.30.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Hummer SUT Screensaver.zip
c:\documents and settings\Antonypax\Application Data\m\shared\I, Robot Screensaver.zip
c:\documents and settings\Antonypax\Application Data\m\shared\iCopy - Simple Photocopier 1.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\IMMonitor Enterprise 2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\InfoLayout 1.2 With Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Intelore FileMaker Password Recovery 1.0c.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Islamic Miracle Screensaver 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Jack Nicklaus 1999 Online Golf Championship game client.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Java Sudoku 1.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\JavaScript Vertical Gallery Slider 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\JPEG Lossless Resave plug-in for Photoshop 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Keylogger Spy Monitor 6.2.3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Kurvaceous.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Liveswif 2.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Mail Checker 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Mail Shower 0.8.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Mail Them Pro 8.12 [Cracked].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Manchester Cams 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Meyoo Web Phone 0.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Mind4Math Advanced 1.1 (Serial).zip
c:\documents and settings\Antonypax\Application Data\m\shared\MX CSS Menus 2.0.1 Key+Serial.zip
c:\documents and settings\Antonypax\Application Data\m\shared\My Buddy Icons 4.90.70601 Key.zip
c:\documents and settings\Antonypax\Application Data\m\shared\My Command Button (formerly SMButton) 5.00.zip
c:\documents and settings\Antonypax\Application Data\m\shared\MYdbPAL for MySQL 3.0.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\MySpeed Server Professional 7.2a.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Norton Internet Security 2006 Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\OE Quick Tools 4.0.27 (Patch).zip
c:\documents and settings\Antonypax\Application Data\m\shared\Okoker Delete 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Onyx Arranger Lite Edition 2.1 build 117.zip
c:\documents and settings\Antonypax\Application Data\m\shared\OpusFlow CRM for Outlook 5.8.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Oxygen Phone Manager for Symbian phones 2.18.7.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Palm USAF Flight Log 1.9.zip
c:\documents and settings\Antonypax\Application Data\m\shared\PayPunch Lite 6.14.155.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Plato DVD Zune Ripper 7.85.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Point Of Sale Business Application 2.2.3.88.zip
c:\documents and settings\Antonypax\Application Data\m\shared\PostgreSQL Maestro 7.6 [Key+Serial].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Pro Tow XTR 7.43.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Quick Menu 1.3.5 With Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\QwikChange Folder Monitor 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\RAM Booster Pro 5.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\RecoverPlus Pro 2.6.6.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Registry Shower 2007 3.6 build 230507D [Cracked].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Rewind Volume 1.2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\RRs Unit Converter 3.0c Crack.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SD Capture 4.6 [Patch].zip
c:\documents and settings\Antonypax\Application Data\m\shared\SeaTTY 1.73.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Serial Activation Key(Keygen) For Norton Antivirus 2006.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SlideMarks 1.0.48.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SmartAssistant 2.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SnipeRight Professional 1.1.6 (Key+Serial).zip
c:\documents and settings\Antonypax\Application Data\m\shared\SocksChain 3.153.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Sony Playstation Portable DVD Converter 3.20.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Speedy Eggbert.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Spy Eraser 1.5 [Patch].zip
c:\documents and settings\Antonypax\Application Data\m\shared\StockSpy 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Stormpay Shopping Cart 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Streamcatbuilder 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\submissions 1.2 Build 20070423.zip
c:\documents and settings\Antonypax\Application Data\m\shared\SV2 Power Search 1.0b.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Symantec.Norton.GoBack.ita.zip
c:\documents and settings\Antonypax\Application Data\m\shared\TabTuner 1.0.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Tea Timer 1.5.3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Text Clock Plus 1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\The Apple Blog RSS 1.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\The Sims - Dallas Cowboys Cheerleaders skin.zip
c:\documents and settings\Antonypax\Application Data\m\shared\The Wireless Toolkit 2.5.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Titledrome 2.0.3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Total Privacy 5.30c.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Training Manager 2008 Enterprise 1.0.1065.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Unreal Tournament 2003 - Railgunner skin.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Unreal Tournament 2004 BR Thornsv2 2k4 Map.zip
c:\documents and settings\Antonypax\Application Data\m\shared\URL Gather 1.2.1 [Patch].zip
c:\documents and settings\Antonypax\Application Data\m\shared\Video MSU Cartoonizer VirtualDub plugin 3.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Video Pilot 1.21 Patch.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Volume Scroller 1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Wacky Animals Screensaver 3.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Wallpaper Cycler 3.1.0.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Win Mp3 Merge App 1.2 [KeyGen].zip
c:\documents and settings\Antonypax\Application Data\m\shared\WinSettings Pro 2.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\X-Map 1.0.0.1.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Xilisoft Download YouTube Video 1.0.38.0723.zip
c:\documents and settings\Antonypax\Application Data\m\shared\Zilch Professional - Debt Reduction 4.0.zip
c:\documents and settings\Antonypax\Application Data\m\srvlist.oct
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\down
c:\windows\system32\drivers\down\18225687.exe
c:\windows\system32\drivers\down\18245984.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA


((((((((((((((((((((((((( Files Creati Da 2009-03-05 al 2009-04-05 )))))))))))))))))))))))))))))))))))
.

2009-04-03 20:29 . 2009-04-03 20:29 268 --ah----- C:\sqmdata13.sqm
2009-04-03 20:29 . 2009-04-03 20:29 244 --ah----- C:\sqmnoopt13.sqm
2009-03-16 17:34 . 2009-03-16 20:03 172 --a------ c:\documents and settings\Antonypax\Application Data\wklnhst.dat
2009-03-10 16:50 . 2009-03-13 22:20 <DIR> d-------- C:\Temp
2009-03-09 20:37 . 2009-03-09 20:37 <DIR> d-------- C:\od
2009-03-08 22:09 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 22:09 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-06 21:10 . 2009-03-06 21:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-03-06 17:08 . 2004-12-16 17:32 176,128 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-06 17:07 . 2009-03-06 17:07 <DIR> d-------- c:\programmi\NVIDIA Corporation
2009-03-06 17:07 . 2009-03-06 17:07 <DIR> d-------- c:\programmi\File comuni\NVIDIA Shared
2009-03-06 17:07 . 2005-04-04 19:59 176,128 --a------ c:\windows\system32\nvumpu.exe
2009-03-06 17:07 . 2005-04-04 19:59 176,128 --a------ c:\windows\system32\nvuaudio.exe
2009-03-06 16:59 . 2009-03-06 16:59 <DIR> d-------- C:\NVIDIA
2009-03-05 21:54 . 2009-03-05 21:54 21,764 --a------ c:\windows\system32\CoreAAC-uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 15:57 --------- d--h--w c:\documents and settings\Antonypax\Application Data\drivers
2009-04-05 15:42 --------- d-----w c:\documents and settings\Antonypax\Application Data\Skype
2009-04-05 15:12 --------- d-----w c:\programmi\File comuni\Autodesk Shared
2009-04-05 15:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Autodesk
2009-04-05 14:43 --------- d-----w c:\documents and settings\Antonypax\Application Data\skypePM
2009-03-25 13:36 --------- d-----w c:\programmi\Messenger Plus! Live
2009-03-21 23:26 --------- d-----w c:\documents and settings\Antonypax\Application Data\Ulead Systems
2009-03-19 16:17 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-19 16:17 --------- d-----w c:\programmi\Java
2009-03-15 22:10 --------- d-----w c:\documents and settings\Antonypax\Application Data\LimeWire
2009-03-08 18:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-08 15:21 --------- d-----w c:\programmi\ESET
2009-03-06 22:28 --------- d-----w c:\programmi\Desktop XP
2009-03-06 21:14 --------- d-----w c:\programmi\Windows Live Safety Center
2009-03-06 15:07 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-27 13:30 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-25 21:34 --------- d-----w c:\documents and settings\Antonypax\Application Data\gtk-2.0
2009-02-24 17:45 --------- d-----w c:\documents and settings\Antonypax\Application Data\Autodesk
2009-02-24 17:44 --------- d-----w c:\programmi\Autodesk
2009-02-21 10:30 --------- d-----w c:\programmi\iHabbix V3
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:04 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 22:18 6,656 ----a-w c:\windows\system32\haspvdd.dll
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-25 21:50 31,334,932 -c--a-w c:\programmi\Windows Live.zip
2008-08-23 15:07 2,075 -c--a-w c:\documents and settings\Antonypax\Application Data\SAS7_000.DAT
2008-02-20 00:29 22 -csha-w c:\windows\SMINST\HPCD.sys
2008-08-25 12:25 88 -csh--r c:\windows\system32\E3BFE33ED7.sys
2008-08-25 12:42 3,452 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-10 19:24 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008091020080911\index.dat
.

------- Sigcheck -------

2008-04-14 04:14 978432 3d46c53ca961c49272037f98807537bd c:\windows\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-04-11 06:00 976896 cb74a931e8ea461edebabf8a91c9cc11 c:\windows\$NtServicePackUninstall$\explorer.exe
2006-04-11 06:00 1034752 d009e427de2e129ff87b03d87f349c73 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:14 978432 3d46c53ca961c49272037f98807537bd c:\windows\ServicePackFiles\i386\explorer.exe

2008-10-16 15:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 15:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 15:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-22_12.18.02,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB873333\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB873333\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB873339\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB873339\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB885250\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB885250\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB885836\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB885836\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB886185\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB886185\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB887472\update\update.exe
+ 2009-04-05 15:06:38 662,528 -c--a-w c:\windows\$hf_mig$\KB887472\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB888113\update\update.exe
+ 2009-04-05 15:06:39 662,528 -c--a-w c:\windows\$hf_mig$\KB888113\update\update.exe
- 2009-03-08 09:20:03 662,528 -c--a-w c:\windows\$hf_mig$\KB888302\update\update.exe
+ 2009-04-05 15:06:39 662,528 -c--a-w c:\windows\$hf_mig$\KB888302\update\update.exe
- 2009-03-08 09:20:03 726,240 -c--a-w c:\windows\$hf_mig$\KB890046\update\update.exe
+ 2009-04-05 15:06:39 726,240 -c--a-w c:\windows\$hf_mig$\KB890046\update\update.exe
- 2009-03-08 09:20:03 726,240 -c--a-w c:\windows\$hf_mig$\KB890859\update\update.exe
+ 2009-04-05 15:06:39 726,240 -c--a-w c:\windows\$hf_mig$\KB890859\update\update.exe
- 2009-03-08 09:20:04 662,528 -c--a-w c:\windows\$hf_mig$\KB891781\update\update.exe
+ 2009-04-05 15:06:39 662,528 -c--a-w c:\windows\$hf_mig$\KB891781\update\update.exe
- 2009-03-08 09:20:04 726,240 -c--a-w c:\windows\$hf_mig$\KB893066\update\update.exe
+ 2009-04-05 15:06:39 726,240 -c--a-w c:\windows\$hf_mig$\KB893066\update\update.exe
- 2009-03-08 09:20:04 726,240 -c--a-w c:\windows\$hf_mig$\KB893756\update\update.exe
+ 2009-04-05 15:06:39 726,240 -c--a-w c:\windows\$hf_mig$\KB893756\update\update.exe
- 2009-03-08 09:20:04 726,240 -c--a-w c:\windows\$hf_mig$\KB894391\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB894391\update\update.exe
- 2009-03-08 09:20:04 726,240 -c--a-w c:\windows\$hf_mig$\KB896358\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896358\update\update.exe
- 2009-03-08 09:20:05 726,240 -c--a-w c:\windows\$hf_mig$\KB896422\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896422\update\update.exe
- 2009-03-08 09:20:06 726,240 -c--a-w c:\windows\$hf_mig$\KB896423\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896423\update\update.exe
- 2009-03-07 09:26:28 726,240 -c--a-w c:\windows\$hf_mig$\KB896428\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896428\update\update.exe
- 2009-03-07 09:26:29 726,240 -c--a-w c:\windows\$hf_mig$\KB896727\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB896727\update\update.exe
- 2009-03-07 09:26:29 726,240 -c--a-w c:\windows\$hf_mig$\KB898461\update\update.exe
+ 2009-04-05 15:06:40 726,240 -c--a-w c:\windows\$hf_mig$\KB898461\update\update.exe
- 2009-03-07 09:26:29 726,240 -c--a-w c:\windows\$hf_mig$\KB899587\update\update.exe
+ 2009-04-05 15:06:41 726,240 -c--a-w c:\windows\$hf_mig$\KB899587\update\update.exe
- 2009-03-08 15:22:56 155,417 ----a-w c:\windows\BricoPacks\Vista Inspirat 2\Update.exe
+ 2009-04-05 14:43:46 155,417 ----a-w c:\windows\BricoPacks\Vista Inspirat 2\Update.exe
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2009-03-19 19:59:16 29,926 ----a-r c:\windows\Installer\{518B3E76-4C05-4F30-A802-D87FB2086B67}\MsblIco.Exe
+ 2009-03-31 18:43:23 29,926 ----a-r c:\windows\Installer\{518B3E76-4C05-4F30-A802-D87FB2086B67}\MsblIco.Exe
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2009-03-12 16:25:24 1,836,048 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-05 15:51:03 1,765,696 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-10-30 22:25:18 74,600 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-04 07:42:43 74,600 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-30 22:25:18 87,968 ----a-w c:\windows\system32\perfc010.dat
+ 2009-04-04 07:42:44 87,968 ----a-w c:\windows\system32\perfc010.dat
- 2008-10-30 22:25:18 452,678 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-04 07:42:44 452,678 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-30 22:25:18 501,424 ----a-w c:\windows\system32\perfh010.dat
+ 2009-04-04 07:42:44 501,424 ----a-w c:\windows\system32\perfh010.dat
+ 2009-04-05 15:53:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1c8.dat
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Dancer"="c:\programmi\Windows Plus\Dancer\Dancer.exe" [2004-08-10 188416]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ulead AutoDetector v2"="c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe" [2009-04-05 90112]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"NVMixerTray"="c:\programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Antonypax\Menu Avvio\Programmi\Esecuzione automatica\
CamTrack.lnk - g:\programmi\CamTrack\camtrack.exe [2008-08-29 376832]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.mjpg"= Pvmjpg21.dll
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.PIM1"= pclepim1.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-06-06 61952]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 CachemanXPService;CachemanXP;h:\programmi\CachemanXP\CachemanXP.exe --> h:\programmi\CachemanXP\CachemanXP.exe [?]
S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2006-07-03 242736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RMCDRWFV;RMCDRWFV;c:\docume~1\ANTONY~1\IMPOST~1\Temp\RMCDRWFV.exe --> c:\docume~1\ANTONY~1\IMPOST~1\Temp\RMCDRWFV.exe [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7940f16e-652b-11dd-af14-001636b39327}]
\Shell\AutoRun\command - G:\ClickMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b369733e-2144-11de-9a0a-001636b39327}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/webhp?rls=ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 18:02:11
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@?????????????`?@?????L?@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1387477-214851956-2962684071-1005\Software\SecuROM\License information*]
"datasecu"=hex:f5,3a,5a,0e,1c,8f,c0,59,96,9e,2a,05,9e,17,6f,9e,5e,22,e6,e2,02,
9d,d0,f7,00,e7,55,6c,95,e2,ab,62,e2,88,59,6f,f1,da,08,79,21,a7,96,fa,7f,4d,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5d,11,df,0d,10,
6f,84,29,c8,28,51,af,b0,29,a3,98,3a,7c,46,41,a5,62,bf,7d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,92,b7,2e,96,b0,
eb,9a,83,71,3b,04,66,8b,46,0d,96,47,95,f2,fa,18,43,93,b5,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,29,b6,85,2b,6f,
7e,99,b7,25,da,ec,7e,55,20,c9,26,9a,1f,06,e4,d7,f1,47,f3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,fe,69,70,06,
27,71,e8,3e,1e,9e,e0,57,5a,93,61,9b,f2,1a,f9,db,96,6e,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,1b,4e,94,52,7e,
63,9b,53,cd,44,cd,b9,a6,33,6c,cd,bb,e5,07,1f,5a,e2,d2,11,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2f,79,9e,d7,f1,
b1,79,1c,b0,18,ed,a7,3f,8d,37,a4,e5,f7,a0,7a,a4,b1,6c,88,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,61,48,68,35,09,
96,13,8c,31,77,e1,ba,b1,f8,68,02,d2,2e,df,c8,21,9a,2c,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,a3,60,da,1b,94,
73,a2,39,83,6c,56,8b,a0,85,96,ab,a3,40,fe,d8,c5,e1,36,d4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d3,ff,3b,8b,65,
61,5a,9b,51,fa,6e,91,28,9e,14,cc,cf,8b,1e,8f,c7,8d,c7,d4,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d9,03,ac,5b,27,
8f,af,88,b1,cd,45,5a,a8,c4,f8,b9,4a,aa,10,b0,2f,2e,d9,f6,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e2,d6,83,1e,97,
d3,8b,7b,e3,0e,66,d5,eb,bc,2f,6b,d9,f0,a5,56,1c,b7,81,ee,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,ac,31,73,e2,5b,
1b,f6,9c,fa,ea,66,7f,d4,3b,6b,70,08,1e,e0,38,d9,e1,a0,64,6c,43,2d,1e,aa,22,\
.
Ora fine scansione: 2009-04-05 18:05:46
ComboFix-quarantined-files.txt 2009-04-05 16:05:44
ComboFix2.txt 2009-03-22 11:19:40
ComboFix3.txt 2009-03-08 20:01:34

Pre-Run: 58,363,514,880 byte disponibili
Post-Run: 59,039,571,968 byte disponibili

518 --- E O F --- 2009-03-20 17:01:26
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am


Re: credo un Bagle

Messaggioda Amantide » dom apr 05, 2009 5:28 pm

Sembra che sia stato rimosso tutto, ma per sicurezza scarica anche FindyKill ed eseguilo scegliendo l'opzione 2.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: credo un Bagle

Messaggioda Antonypax » dom apr 05, 2009 6:34 pm

Amantide ha scritto:Sembra che sia stato rimosso tutto, ma per sicurezza scarica anche FindyKill ed eseguilo scegliendo l'opzione 2.

fatto
t metto il log:

############################## [ FindyKill V4.722 ]

# User : Antonypax (Administrators) # PC302014470238
# Update on 04/04/09 by Chiquitine29
# Start at: 19.12.56 | 05/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Genuine Intel(R) CPU T2250 @ 1.73GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090319-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disco rigido locale # 103,08 Go (54,94 Go free) [OS] # NTFS
# D:\ # Disco rigido locale # 7,69 Go (678,7 Mo free) [HP_RECOVERY] # FAT32
# E:\ # Disco CD-ROM # 592,53 Mo (0 Mo free) [Sims2EP1_1] # CDFS
# F:\ # Disco CD-ROM
# G:\ # Disco rigido locale # 186,26 Go (71,68 Go free) [TREKSTOR] # FAT32
# H:\ # Disco CD-ROM # 6,67 Mo (0 Mo free) [U3 System] # CDFS
# I:\ # Disco rimovibile
# J:\ # Disco rimovibile # 3,74 Go (3,67 Go free) [Cruzer] # FAT32

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]


################## [ C:\WINDOWS\System32... ]


################## [ C:\Users\...\AppData\Roaming ]

Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers"

################## [ Cleaning .. Temp Files... ]


################## [ Registry / Infected keys ]

Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro

################## [ Cleaning Removable drives ]

# Deleting Files :

Not deleted ! "E:\autorun.inf"
Not deleted ! "H:\autorun.inf"

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Qoobox\Quarantine\C\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe.vir
CRC32 .. : cadd41b0
MD5 .... : ef9930a4e419142ccae6335ebb87b98e

Suspect ! : C:\Qoobox\Quarantine\C\Documents and Settings\Antonypax\Application Data\drivers\downld\18145750.exe.vir
# Taille : 863748 # MD5 : 2EE1FAEBB127647063AAEF58A992519A
File was renamed : 18145750.exe.vir.REN

Deleted ! : C:\Qoobox\Quarantine\C\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe.vir
# Taille : 864256 # MD5 : EF9930A4E419142CCAE6335EBB87B98E

Deleted ! : C:\Qoobox\Quarantine\C\Documents and Settings\Antonypax\Application Data\m\data.oct.vir
# Taille : 864256 # MD5 : EF9930A4E419142CCAE6335EBB87B98E

Suspect ! : C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down\18225687.exe.vir
# Taille : 1015804 # MD5 : 3007C8275D60790148DF158DAFDF84F2
File was renamed : 18225687.exe.vir.REN


################## [ Corrupted files # Re-Installation required ]

C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
C:\Programmi\Spybot - Search & Destroy\blindman.exe
C:\Programmi\Spybot - Search & Destroy\Update.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\navapsvc.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\NavShcom.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\NAVStub.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\Navw32.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\Navwnt.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\SAVScan.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccApp.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccEvtMgr.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccSetMgr.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\NMain.exe
C:\SWSetup\InetSec06\IT\Support\Proxy\ccPxyCre\ccProxy.exe
C:\SWSetup\InetSec06\IT\Support\SPBBC\SPBBC\SYMSHARE\SPBBC\SPBBCSVC.EXE
C:\SWSetup\InetSec06\IT\Support\SymNet\SymNet\SYMSHARE\SNDSrvc.exe
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893066\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB896727\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911164\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\$NtUninstallKB898461$\update.exe
C:\WINDOWS\$NtUninstallKB904942$\update.exe
C:\WINDOWS\$NtUninstallKB915865$\update.exe
C:\WINDOWS\$NtUninstallKB932823-v3$\update.exe
C:\WINDOWS\$NtUninstallKB942763$\update.exe
C:\WINDOWS\$NtUninstallKB950749$\update.exe
C:\WINDOWS\$NtUninstallKB950760$\update.exe
C:\WINDOWS\$NtUninstallKB950762_0$\update.exe
C:\WINDOWS\$NtUninstallKB951376-v2$\update.exe
C:\WINDOWS\$NtUninstallKB951698$\update.exe
C:\WINDOWS\$NtUninstallKB951748$\update.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe
C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
C:\WINDOWS\ie7updates\KB950759-IE7\update.exe
C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe
C:\WINDOWS\SoftwareDistribution\Download\e727e3ae91da0ff4beef60db8a3bc368\update\update.exe
C:\WINDOWS\system32\dllcache\sysinfo.exe
G:\Programmi\File comuni\Sonic Shared\Sonic Central\Data\Launch.exe
G:\Programmi\File comuni\Sonic Shared\Sonic Central\Audio\Launch.exe
G:\Programmi\ESET\nod32.exe
G:\Programmi\ESET\nod32krn.exe
G:\Programmi\ESET\nod32kui.exe
G:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
G:\Programmi\Avast\ashAvast.exe
G:\Programmi\Avast\ashChest.exe
G:\Programmi\Avast\ashDisp.exe
G:\Programmi\Avast\ashLogV.exe
G:\Programmi\Avast\ashMaiSv.exe
G:\Programmi\Avast\ashPopWz.exe
G:\Programmi\Avast\ashQuick.exe
G:\Programmi\Avast\ashServ.exe
G:\Programmi\Avast\ashSimp2.exe
G:\Programmi\Avast\ashSimpl.exe
G:\Programmi\Avast\ashSkPcc.exe
G:\Programmi\Avast\ashSkPck.exe
G:\Programmi\Avast\ashUpd.exe
G:\Programmi\Avast\ashWebSv.exe
G:\Programmi\Avast\aswRegSvr.exe
G:\Programmi\Avast\aswUpdSv.exe
G:\Programmi\Avast\copyx64.exe
G:\Programmi\Avast\sched.exe
G:\Programmi\Avast\VisthLic.exe
G:\Programmi\Avast\VisthUpd.exe
G:\Programmi\Avast\ashEnhcd.exe

################## [ ! End of Report # FindyKill V4.722 ! ]
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda ste_95 » dom apr 05, 2009 7:40 pm

Cancella la cartella C:\Qoobox e prova a disinstallare e a reinstallare il tuo antivirus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: credo un Bagle

Messaggioda Antonypax » dom apr 05, 2009 7:58 pm

ste_95 ha scritto:Cancella la cartella C:\Qoobox e prova a disinstallare e a reinstallare il tuo antivirus.

fatto
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda ste_95 » dom apr 05, 2009 8:04 pm

Sei riuscito?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: credo un Bagle

Messaggioda Antonypax » lun apr 06, 2009 6:04 pm

ste_95 ha scritto:Sei riuscito?

lo disinstallato ma nn riesco a rimetterlo!
comunque cosa devo fare adesso?
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda ste_95 » lun apr 06, 2009 6:07 pm

Antonypax ha scritto:comunque cosa devo fare adesso?

Hai sempre l'errore di applicazione non valida?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: credo un Bagle

Messaggioda Antonypax » lun apr 06, 2009 6:20 pm

ste_95 ha scritto:
Antonypax ha scritto:comunque cosa devo fare adesso?

Hai sempre l'errore di applicazione non valida?

l' errore nn ce +
xò si manifesta in un altro modo
Quando uso esempio Photoshop, mi si blokka all' inizio , e nn riesco ad usarlo
SPORE neanke nn si avvia
The sims 2 mi si blokka
Ed è anche leento il PC
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda Antonypax » mar apr 07, 2009 7:23 pm

che faccio adesso?
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda ste_95 » mar apr 07, 2009 7:42 pm

Ma sei riuscito a reinstallare il tuo antivirus? Riesci ad aprire i software di sicurezza?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: credo un Bagle

Messaggioda Antonypax » mar apr 07, 2009 9:22 pm

ste_95 ha scritto:Ma sei riuscito a reinstallare il tuo antivirus? Riesci ad aprire i software di sicurezza?

no
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda ste_95 » mer apr 08, 2009 5:48 am

Riprova FindyKill.
Amantide ha scritto:Sembra che sia stato rimosso tutto, ma per sicurezza scarica anche FindyKill ed eseguilo scegliendo l'opzione 2.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: credo un Bagle

Messaggioda Antonypax » gio apr 09, 2009 7:26 pm

ste_95 ha scritto:Riprova FindyKill.
Amantide ha scritto:Sembra che sia stato rimosso tutto, ma per sicurezza scarica anche FindyKill ed eseguilo scegliendo l'opzione 2.

ho fatto con findykill, ho cercato le minacce:

############################## [ FindyKill V4.722 ]

# User : Antonypax (Administrators) # PC302014470238
# Update on 04/04/09 by Chiquitine29
# Start at: 20.24.22 | 09/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Genuine Intel(R) CPU T2250 @ 1.73GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090319-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disco rigido locale # 103,08 Go (54,6 Go free) [OS] # NTFS
# D:\ # Disco rigido locale # 7,69 Go (678,63 Mo free) [HP_RECOVERY] # FAT32
# E:\ # Disco CD-ROM # 592,53 Mo (0 Mo free) [Sims2EP1_1] # CDFS
# F:\ # Disco CD-ROM
# G:\ # Disco rigido locale # 186,26 Go (71,37 Go free) [TREKSTOR] # FAT32
# I:\ # Disco rimovibile

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Plus\Dancer\Dancer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wintems.exe
G:\Programmi\CamTrack\camtrack.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\fileco~1\instal~1\update~1\isuspm.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe
C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected processes stopped ]

"C:\WINDOWS\system32\wintems.exe" (1016)
"C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe" (2988)

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

Found ! C:\WINDOWS\Prefetch\1083343.EXE-29CADE9E.pf
Found ! C:\WINDOWS\Prefetch\1200937.EXE-038DF2F7.pf
Found ! C:\WINDOWS\Prefetch\1206125.EXE-237D0687.pf
Found ! C:\WINDOWS\Prefetch\1215625.EXE-02BBAF5B.pf
Found ! C:\WINDOWS\Prefetch\1466328.EXE-35D27B0B.pf
Found ! C:\WINDOWS\Prefetch\16013875.EXE-3B35C51F.pf
Found ! C:\WINDOWS\Prefetch\16143734.EXE-22698CEE.pf
Found ! C:\WINDOWS\Prefetch\16148421.EXE-19DA433C.pf
Found ! C:\WINDOWS\Prefetch\16152796.EXE-2E2E0BA5.pf
Found ! C:\WINDOWS\Prefetch\16384312.EXE-079A4344.pf
Found ! C:\WINDOWS\Prefetch\8844671.EXE-2C99A9BB.pf
Found ! C:\WINDOWS\Prefetch\8920812.EXE-0AD5715E.pf
Found ! C:\WINDOWS\Prefetch\8964812.EXE-2907D533.pf
Found ! C:\WINDOWS\Prefetch\8972750.EXE-33FD867F.pf
Found ! C:\WINDOWS\Prefetch\8982171.EXE-0337CD84.pf
Found ! C:\WINDOWS\Prefetch\9197187.EXE-1F42DE8A.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-35E96CB6.pf
Found ! C:\WINDOWS\Prefetch\KEY_GEN.EXE-102AC7B8.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Found ! C:\WINDOWS\Prefetch\PATCH.EXE-134653F7.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\System32... ]

Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\ban_list.txt

################## [ C:\Documents and Settings\Antonypax\Application Data ]

Found ! "C:\Documents and Settings\Antonypax\Application Data\m\shared"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m\srvlist.oct"
Found ! "C:\Documents and Settings\Antonypax\Application Data\m"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Antonypax\Application Data\drivers\downld"

################## [ C:\Documents and Settings\Antonypax...\Temp Files... ]


################## [ Registry / Infected keys ]

Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_gen
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

################## [ Searching in removable drives ]


# Contents of autorun : E:\autorun.inf


# Presence of files :

Found ! "E:\autorun.inf"

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ ! End of report # FindyKill V4.722 ! ]

adesso faccio: Pulisci
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda Antonypax » gio apr 09, 2009 8:21 pm

Findikill

############################## [ FindyKill V4.722 ]

# User : Antonypax (Administrators) # PC302014470238
# Update on 04/04/09 by Chiquitine29
# Start at: 20.43.50 | 09/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Genuine Intel(R) CPU T2250 @ 1.73GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090319-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disco rigido locale # 103,08 Go (54,61 Go free) [OS] # NTFS
# D:\ # Disco rigido locale # 7,69 Go (678,63 Mo free) [HP_RECOVERY] # FAT32
# E:\ # Disco CD-ROM # 592,53 Mo (0 Mo free) [Sims2EP1_1] # CDFS
# F:\ # Disco CD-ROM
# G:\ # Disco rigido locale # 186,26 Go (71,37 Go free) [TREKSTOR] # FAT32
# I:\ # Disco rimovibile

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

Deleted ! C:\WINDOWS\Prefetch\1083343.EXE-29CADE9E.pf
Deleted ! C:\WINDOWS\Prefetch\1200937.EXE-038DF2F7.pf
Deleted ! C:\WINDOWS\Prefetch\1206125.EXE-237D0687.pf
Deleted ! C:\WINDOWS\Prefetch\1215625.EXE-02BBAF5B.pf
Deleted ! C:\WINDOWS\Prefetch\1466328.EXE-35D27B0B.pf
Deleted ! C:\WINDOWS\Prefetch\16013875.EXE-3B35C51F.pf
Deleted ! C:\WINDOWS\Prefetch\16143734.EXE-22698CEE.pf
Deleted ! C:\WINDOWS\Prefetch\16148421.EXE-19DA433C.pf
Deleted ! C:\WINDOWS\Prefetch\16152796.EXE-2E2E0BA5.pf
Deleted ! C:\WINDOWS\Prefetch\16384312.EXE-079A4344.pf
Deleted ! C:\WINDOWS\Prefetch\8844671.EXE-2C99A9BB.pf
Deleted ! C:\WINDOWS\Prefetch\8920812.EXE-0AD5715E.pf
Deleted ! C:\WINDOWS\Prefetch\8964812.EXE-2907D533.pf
Deleted ! C:\WINDOWS\Prefetch\8972750.EXE-33FD867F.pf
Deleted ! C:\WINDOWS\Prefetch\8982171.EXE-0337CD84.pf
Deleted ! C:\WINDOWS\Prefetch\9197187.EXE-1F42DE8A.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-35E96CB6.pf
Deleted ! C:\WINDOWS\Prefetch\KEY_GEN.EXE-102AC7B8.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Deleted ! C:\WINDOWS\Prefetch\PATCH.EXE-134653F7.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-057FCA11.pf

################## [ C:\WINDOWS\System32... ]

Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! C:\WINDOWS\system32\ban_list.txt

################## [ C:\Users\...\AppData\Roaming ]

Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\list.oct"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\data.oct"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m\shared"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\m"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\Antonypax\Application Data\drivers"

################## [ Cleaning .. Temp Files... ]


################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\FirtR
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_gen
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]

# Deleting Files :

Not deleted ! "E:\autorun.inf"

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Antonypax\Application Data\drivers\winupgro.exe
CRC32 .. : 13aa1e4a
MD5 .... : b1a5a89500614b6883431fc5b1495783

Suspect ! : G:\Recycled\Dg4.16-03-2011\key_gen.exe
# Taille : 802816 # MD5 : 79D8A7FC37FF6AF5072F4D3B0120ECCA
File was renamed : key_gen.exe.REN

Suspect ! : G:\Recycled\Dg10.303\patch.exe
# Taille : 864256 # MD5 : 3B0299D2ED3587A62BD15341DE6396EF
File was renamed : patch.exe.REN

Suspect ! : G:\Recycled\Dg13.Edition+Seriale\setup.exe
# Taille : 864256 # MD5 : 3B0299D2ED3587A62BD15341DE6396EF
File was renamed : setup.exe.REN

Suspect ! : G:\Recycled\Dg14.(Jolpe)\setup.exe
# Taille : 802816 # MD5 : 79D8A7FC37FF6AF5072F4D3B0120ECCA
File was renamed : setup.exe.REN

Deleted ! : G:\Documenti\eMule AdunanzA\Incoming\Programmi-Ita-AntiVir.Personal.Edition.zip
Contain crac.exe [856064] with Bagle CRC32 : 13AA1E4A

Deleted ! : G:\Documenti\eMule AdunanzA\Incoming\Programmi-Ita-AntiVir.Personal.Edition\crac.exe
# Taille : 856064 # MD5 : B1A5A89500614B6883431FC5B1495783


################## [ Corrupted files # Re-Installation required ]

C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
C:\Programmi\Spybot - Search & Destroy\blindman.exe
C:\Programmi\Spybot - Search & Destroy\Update.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\navapsvc.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\NavShcom.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\NAVStub.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\Navw32.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\Navwnt.exe
C:\SWSetup\InetSec06\IT\NAV\External\NORTON\APP\SAVScan.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccApp.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccEvtMgr.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\ccSetMgr.exe
C:\SWSetup\InetSec06\IT\Support\ccCommon\ccCommon\NMain.exe
C:\SWSetup\InetSec06\IT\Support\Proxy\ccPxyCre\ccProxy.exe
C:\SWSetup\InetSec06\IT\Support\SPBBC\SPBBC\SYMSHARE\SPBBC\SPBBCSVC.EXE
C:\SWSetup\InetSec06\IT\Support\SymNet\SymNet\SYMSHARE\SNDSrvc.exe
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893066\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB896727\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911164\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\$NtUninstallKB898461$\update.exe
C:\WINDOWS\$NtUninstallKB904942$\update.exe
C:\WINDOWS\$NtUninstallKB915865$\update.exe
C:\WINDOWS\$NtUninstallKB932823-v3$\update.exe
C:\WINDOWS\$NtUninstallKB942763$\update.exe
C:\WINDOWS\$NtUninstallKB950749$\update.exe
C:\WINDOWS\$NtUninstallKB950760$\update.exe
C:\WINDOWS\$NtUninstallKB950762_0$\update.exe
C:\WINDOWS\$NtUninstallKB951376-v2$\update.exe
C:\WINDOWS\$NtUninstallKB951698$\update.exe
C:\WINDOWS\$NtUninstallKB951748$\update.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe
C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
C:\WINDOWS\ie7updates\KB950759-IE7\update.exe
C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe
C:\WINDOWS\SoftwareDistribution\Download\e727e3ae91da0ff4beef60db8a3bc368\update\update.exe
C:\WINDOWS\system32\dllcache\sysinfo.exe
G:\Programmi\File comuni\Sonic Shared\Sonic Central\Data\Launch.exe
G:\Programmi\File comuni\Sonic Shared\Sonic Central\Audio\Launch.exe
G:\Programmi\ESET\nod32.exe
G:\Programmi\ESET\nod32krn.exe
G:\Programmi\ESET\nod32kui.exe
G:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

################## [ ! End of Report # FindyKill V4.722 ! ]
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda ste_95 » gio apr 09, 2009 8:24 pm

Prova a riscaricare e reinstallare il tuo antivirus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: credo un Bagle

Messaggioda Antonypax » ven apr 10, 2009 10:46 pm

ste_95 ha scritto:Prova a riscaricare e reinstallare il tuo antivirus.

mi funziona d nuovo l' antivirus
Avatar utente
Antonypax
Aficionado
Aficionado
 
Messaggi: 40
Iscritto il: dom mar 08, 2009 11:15 am

Re: credo un Bagle

Messaggioda ste_95 » sab apr 11, 2009 5:54 am

Ottimo!
Ora usa questo per ripristinare i servizi e le funzioni disabilitate da Bagle. [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Bing [Bot] e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising