Olimpo Informatico

[Templier]

Ciao a tutti e compliemnti per questo bellissimo forum
Veramente utile e ben fatto

Purtroppo l'ho scoperto perchè credo di avere lo stesso/simile problema di kefes

Potete aiutarmi amici?

Vi spiego il mio problema per esteso

Noto che il pc è estremamente lento e che improvisamente l'icona di spybot è cambiata come quella di un file .exe senza una determinata icona....
Mi insospettisco e decido di aggiornare l'AVG per fare una bella scansione....
Vado per aggiornare (da notare che l'aggiornamento era automatico ma misteriosamente da un pò di tempo a questa parte era diventato manuale) e non mi fa più aggiornare e mi dice che per risolvere il problema sarebbe meglio se lo ri-installassi....

Quindi disisntallo, scarico il 7.5 del 27/02/07 e installo quando si blocca è mi dice:
Local machine: installation failed
Installation:
Error: Action failed for file avgamsvr.exe: creating file....
No such file or directory

......

Come un disperato provo e riprovo e per non rimanere sguarnito riesco a mettere solo AD-Aware ma che cmq non è un ativirus......

HELP amici!!

Non lasciamo vincere il lato oscuro

EDIT
Confermo che non posso installare nessun antivirus Un amico mi ha portato il Norton a casa per provare e nada

[Orange]

Ciao Templier e benvenuto
se vuoi, passa al "Caffe" per presentarti alla comunità!

era meglio aprire un nuovo topic per non fare confusione..

Hai gia provato il TOOL segnalato sopra?

passa quello, dopo di che scarica GMER e posta il risultato della scheda ROOTKIT.

[Smjert]

Topic Splittato

[Orange]

ah dimenticavo: in quel tool spunta la casella "eliminare automaticamente"
mi serve anche il log da C:/InfoSat.txt a parte quello di GMER.

[Templier]

Messaggio di test, da cancellare

[Templier]

Grazie per il vostro supporto con tutto il cuore

Ho scaricato il tool e GMER ed i risultati sono questi:

Il tool EliBaglA mi ha segnala questo :

[Templier]

L'unico anti-Maware che mi fa installare/ utilizzare é:

Malware immunizer 1.3

I file che non mi fa immunizzare sono:

C:/WINDOWS\system32\aupdate.exe ISTbar
C:/WINDOWS\avguard.exe Netsky Worm
C:/WINDOWS\system32\update.exe Zotob Worm

Item infect

c:\windows\system32\appis32.exe

AIUTO

[Smjert]

Prova a farlo girare dalla Modalità Provvisoria.

Per andarci:

Riavvia il pc in Modalità Provvisoria (quando ti fa il calcolo della memoria, ti segna gli hd collegati ecc premi continuamente F8 finchè non appare un menu, da lì scegli con le freccie la modalità).

[Orange]

ciao..
la scansione con GMER, l'hai fatto prima o dopo aver utilizzato EliBagle?
al momento,pare che è l'unico che funziona veramente.

vedi se c'è bisogno di riattivare i servizi terminati da Bagle:
Apri la lista dei Servizi (Start --> Esegui --> digitate SERVICES.MSC --> Ok) ed abilita, dove necessario, questi servizi disabilitati:
Avvisi, Centro sicurezza PC, Aggiornamenti automatici, Connessioni di rete, Zero Configuration reti senza fili e Windows Firewall/ Condivisione connessione Internet (ICS).
(Per avviare un servizio, dovete cliccare con il tasto destro su Proprietà --> Automatico --> Ok --> Avvia --> Ok).

anche Netsky è un parente stretto...
scarica anche HiJack, scompattalo in una cartella permanente e NON sul desktop.
avvialo, scegli "do a system scan and save a logfile"
posta qui il contenuto .txt

[Templier]

Grande Orange 8)
Sei riuscito a farmi riavere almeno il Firewall 8)

Allora:

[Orange]

mi potresti postare anche il log di GMER aggiornato?

[Templier]

Eccolo 8) Freschissimo 8)

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-11 17:20:35
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\System32\Drivers\SPTD7005.SYS Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\System32\Drivers\dtscsi.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.

---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F250F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!LoadResource 7C809FB5 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F220F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!FindResourceW 7C80BBCE 6 Bytes JMP 5F130F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!SizeofResource 7C80BC69 6 Bytes JMP 5F190F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!FindResourceA 7C80BE89 6 Bytes JMP 5F160F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!DispatchMessageW 77D18A01 6 Bytes JMP 5F100F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!SetWindowLongW 77D1D62B 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!DestroyWindow 77D1DAEA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!DestroyWindow + 4 77D1DAEE 2 Bytes [ 0E, 5F ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] USER32.dll!CreateWindowExW 77D1FF50 6 Bytes JMP 5F040F5A
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] WS2_32.dll!send 71A3428A 5 Bytes JMP 033748E8 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] WS2_32.dll!recv 71A3615A 5 Bytes JMP 033748A6 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 03374408 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1592] SHELL32.dll!Shell_NotifyIcon 7CA30C79 5 Bytes JMP 03371163 C:\Programmi\MessengerPlus! 3\MsgPlusH.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86F96688
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86F96688
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 86F960E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 86F960E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 86FE0260
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 86FE0260
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86F685F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86F685F0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 85BFA7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 85BFA7B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_CREATE 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_CLOSE 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_DEVICE_CONTROL 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_INTERNAL_DEVICE_CONTROL 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_CLEANUP 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB} IRP_MJ_PNP 85C880E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86F685F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86F685F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86F685F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_CREATE 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_CLOSE 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_DEVICE_CONTROL 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_INTERNAL_DEVICE_CONTROL 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_CLEANUP 85C880E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD} IRP_MJ_PNP 85C880E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85C880E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 85C880E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 85C880E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 85C880E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 85C880E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 85C880E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85C880E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 85C880E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 85C880E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 85C880E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 85C880E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 85C880E8
Device \Driver\00000050 \Device\0000004e IRP_MJ_POWER [F739FA26] sptd.sys
Device \Driver\00000050 \Device\0000004e IRP_MJ_SYSTEM_CONTROL [F73B3BD8] sptd.sys
Device \Driver\00000050 \Device\0000004e IRP_MJ_PNP [F73AC54E] sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 86F968C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 86F968C0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85C818E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85C818E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 85C1E7F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 85C1E7F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 86FE0260
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 86FE0260
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 85C26EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 85C26EB0
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CREATE 86F96B78
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CLOSE 86F96B78
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_DEVICE_CONTROL 86F96B78
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F96B78
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_POWER 86F96B78
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_SYSTEM_CONTROL 86F96B78
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_PNP 86F96B78
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86FCEB30
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 86FCEB30
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85BB47B0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85BB47B0

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1390067357-2049760794-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xE8 0x1E 0x40 0xF2 ...
Reg \Registry\USER\S-1-5-21-1390067357-2049760794-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x3A 0xDC 0xDC 0x56 ...

---- EOF - GMER 1.0.12 ----

[Orange]

la buona notizia è che il Bagle è scomparso!

per Netsky usa questo TOOL di rimozione
quest'altro TOOL è per ISTbar
e giusto per rimanere su Symantec scarica QUESTO per rimuovere Zotob..


disattiva il ripristino di configurazione del sistema
disconnesso da internet e con tutte le applicazioni chiuse fai girare i tools. salva i logs
scarica installa e aggiorna VirIT
e fagli fare la scansione.

Da start/ esegui digita regedit
portati alle seguenti chiavi
HKLM/software/Microsoft/Windows/Current Version/Run
HKLM/software/Microsoft/Windows/Current Version/RunService
trova i valori
"Windows System"="botzor.exe"
"ICQ NET" = "%Windir%\winlogon.exe -stealth"
e se ci sono eliminali

cancella ( se esistono) anche questi sottochiavi
HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar
HKEY_CURRENT_USER\Software\ISTbar
HKEY_CURRENT_USER\Software\IST

dai una pulita generale con CCleaner
alla fine posta i risultati dei 3 tools, il log di virit e nuovo log di HiJack.

[Templier]

Premetto che ho eseguito il procedimento alla lettera 8)

TOOL Netsky

Symantec W32.Netsky FixTool 1.12.0


C:\System Volume Information: (not scanned)
W32.Netsky has not been found on your computer.

TOLL ISTbar

Symantec Adware.Istbar / Trojan.ISTsvc Removal Tool 1.1.0


registry: HKEY_USERS\S-1-5-21-1390067357-2049760794-682003330-1003\Software\Microsoft\Internet Explorer\Main: Search Bar (value deleted)
registry: HKEY_USERS\S-1-5-21-1390067357-2049760794-682003330-1003\Software\Microsoft\Internet Explorer\Search: SearchAssistant (value deleted)

C:\System Volume Information: (not scanned)
Adware.Istbar has not been found on your computer.

TOLL Zotob

Symantec W32.Zotob.[A-G,I,J] Removal Tool 1.8.0

W32.Zotob has not been found on your computer.

SCANSIONE VirIT (è una bomba questo anti-virus altro che AVG)

11/03/2007 - 23:54:03

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\All Users\Dati applicazioni\Dash Idle Flap Drv\Loud 2.exe Infetto da Trojan.Win32.Swizzor.AK
* * * RIMOSSO * * *
C:\Documents and Settings\User\Dati applicazioni\itchaxisnurb\vnffneqt.exe Infetto da Trojan.Win32.Swizzor.AK
* * * RIMOSSO * * *
C:\Documents and Settings\User\Dati applicazioni\ScaricaMP3[1].exe Infetto da Trojan.Win32.Dialer.HM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Dati applicazioni\ScaricaMP3[2].exe Infetto da Trojan.Win32.Dialer.HM
* * * RIMOSSO * * *
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.26 Infetto da Trojan.Win32.Mitglieder.AU
* * * RIMOSSO * * *
C:\PROGRAMMI\EMULE NEW\INCOMING\HANDY_FILE_TOOL_1.02(1).ZIP -> Handy_File_Tool_1.02.exe Infetto da Trojan.Win32.Mitglieder.AU
* * * RIMOSSO * * *
C:\PROGRAMMI\EMULE NEW\INCOMING\HANDY_FILE_TOOL_1.02(2).ZIP -> Handy_File_Tool_1.02.exe Infetto da Trojan.Win32.Mitglieder.AU
* * * RIMOSSO * * *
C:\PROGRAMMI\EMULE NEW\INCOMING\HANDY_FILE_TOOL_1.02.ZIP -> Handy_File_Tool_1.02.exe Infetto da Trojan.Win32.Mitglieder.AU
* * * RIMOSSO * * *
C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll Infetto da BHO.Softomate.D
* * * RIMOSSO * * *
C:\WINDOWS\system32\WINTEMS.EXE.VIR Infetto da I-WORM.Beagle.DH
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 10.
Files Sospetti: 0.
Files Analizzati: 157743.
Files Totali: 157743.
Chiavi Registro rimosse: 0.
Virus Rimossi: 10.

LOGFILE HijackThis fresco fresco

Logfile of HijackThis v1.99.1
Scan saved at 0.51.18, on 12/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\SEC\MagicTune 2.5\GammaTray.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\VEXPLITE\viritexp.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {61660267-0BB5-70A7-D8B7-656669EDCE6F} - C:\DOCUME~1\User\DATIAP~1\MIXONLINESOFTWARE\peakfunk.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Pocket USB ADSL Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\User\Desktop\sdie.htm
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Scarica con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CEE49E1-25CF-45CD-9CF8-8BA8E1F81ABB}: NameServer = 212.216.125.2,212.216.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{F55DC0D5-4265-4EFB-B272-5ACABE1A3BBD}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

[Templier]

Riguardo alle chiavi in regedit non ho trovato nada de nada

Che mi dici interpretando i vari report?

Da quanto ho capito io VirIT ha fatto un super lavoro trovando anche altre cose che non avevamo visto prima
Mi ha sorpreso la sua efficenza, meticolosità in scansione
Peccato che da quanto ho capito è un versione tria da 30 giorni
L'AVG che usavo più il Firewall di windows mi sa che mi davano troppa poca copertura
Dimmi tutto Orange e grazie ancora per tutto quello che stai facendo per me

[Orange]

ciao.
in effetti VirIT ha trovato parecchie altre cose...


riesci entrare adesso in modalità provvisoria?
lancia da mod. provvisoria HiJack
premi "do a system scan only"
metti la spunta alle voci seguenti e premi "fix checked"

O2 - BHO: (no name) - {61660267-0BB5-70A7-D8B7-656669EDCE6F} - C:\DOCUME~1\User\DATIAP~1\MIXONLINESOFTWARE\peakfunk.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)


sei riuscito a mettere gli antivirus?
che versione usi di AVG? se è una versione free ti consiglierei di cambiarlo con AntivirPE o Avast (rimanendo sempre sul free) cambia anche firewall, se usi quello di Windows.
per essere sicuri di non aver tralasciato piu nulla. fai la scansione on-line con Kaspersky e posta qui il risultato.