Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
il mio primo BAGLE
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
clagmail
Mortale pio
Mortale pio


Registrato: 28/05/08 23:31
Messaggi: 28
MessaggioInviato: 29 Mag 2008 15:51    Oggetto: il mio primo BAGLE Rispondi citando
Ciao a tutti... Sono alle prese con un virus sul mio computer, presumibilmente, leggendo altri topics, un BAGLE.
Ho fatto una scansione online con Bit Defender ieri (di cui allego file log.) e ho cercato di farmi giustizia da solo cancellando tutto il contenuto delle cartelle indiziate.
Ovviamente questo non ha risolto il problema, e così ho rifatto la scansione con kaspersky limitando la ricerca alle sole cartelle "sospette" (allego sotto anche questo log.)
Sono sicuro che saprete suggerirmi qualcosa per riparare i casini che ho combinato,
a presto,
Claudio

BIT DEFENDER
Scanned File Status
C:\Documents and Settings\Casa\Dati applicazioni\m\data.oct Infected with: Trojan.Downloader.Bagle.IL
C:\Documents and Settings\Casa\Dati applicazioni\m\data.oct Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64[1].jpg Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64[1].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64[2].jpg Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64[2].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64_1[1].jpg Infected with: Trojan.Downloader.Bagle.IE
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64_1[1].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64_3[1].jpg Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64_3[1].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\BLP4HIAR\b64_3[1].jpg Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\BLP4HIAR\b64_3[1].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\HIK1QE95\b64_1[1].jpg Infected with: Trojan.Downloader.Bagle.IE
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\HIK1QE95\b64_1[1].jpg Deleted
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected with: Trojan.Downloader.Bagle.IL
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036701.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036701.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036710.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036710.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036736.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036736.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036748.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036748.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036753.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036753.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036776.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036776.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036782.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036782.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037771.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037771.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037772.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037772.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037783.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037783.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037786.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037786.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037797.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037797.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037817.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037817.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037832.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037832.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037834.exe Infected with: Trojan.Downloader.Bagle.IE
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037834.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037835.exe Infected with: Win32.Bagle.SVL@mm
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037835.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037842.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037842.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037843.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037843.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037844.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037844.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037969.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037969.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037970.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037970.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037979.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037979.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037980.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037980.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038104.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038104.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038105.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038105.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038106.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038106.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038115.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038115.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038116.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038116.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038120.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038120.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038172.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038172.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038173.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038173.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP351\A0038177.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP351\A0038177.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP351\A0038178.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP351\A0038178.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038193.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038193.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038194.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038194.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038204.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038204.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038205.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038205.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038209.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038209.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038210.exe Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038210.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038211.exe Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038211.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038212.exe Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038212.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038220.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038220.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038221.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038221.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038354.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038354.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038355.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038355.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038356.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038356.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038359.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038359.exe Deleted

KASPERSKY:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 1:19:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 811407
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\System Volume Information\
C:\SYSTEM.SAV\
C:\temp\
C:\WINDOWS\

Scan Statistics:
Total number of scanned objects: 17724
Number of viruses found: 5
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 00:59:02

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0038681.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039683.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039684.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039685.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039687.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039688.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039689.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039700.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039709.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039719.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\change.log Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\downld\1398265.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\148281.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\158531.exe Infected: Email-Worm.Win32.Bagle.vr skipped
C:\WINDOWS\system32\drivers\downld\161140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\downld\183421.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\downld\21909781.exe Infected: Email-Worm.Win32.Bagle.vr skipped
C:\WINDOWS\system32\drivers\downld\21915578.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\411453.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\446125.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\521203.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\6407703.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\813671.exe Infected: Email-Worm.Win32.Bagle.vr skipped
C:\WINDOWS\system32\drivers\downld\848171.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 29 Mag 2008 16:32    Oggetto: Rispondi citando
Ciao clagmail, Ciao

Segui queste indicazioni:

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
clagmail
Mortale pio
Mortale pio


Registrato: 28/05/08 23:31
Messaggi: 28
MessaggioInviato: 29 Mag 2008 22:38    Oggetto: scansione Rispondi citando
Ho capito bene? Devo fare tutte le scansioni: con elibagla, combofix e systemscan?
Spero che me li faccia fare in modalità normale perche m si spegne in continuazione dopo pochi minuti...
Top
Profilo Invia messaggio privato
clagmail
Mortale pio
Mortale pio


Registrato: 28/05/08 23:31
Messaggi: 28
MessaggioInviato: 29 Mag 2008 23:12    Oggetto: procede... Rispondi citando
Approfitto del tempo che impiega l'altro computer con la scansione per presentarmi sul link che mi hai segnalato...
Intanto sembra che tutto proceda per il meglio.
Quale antivirus mi consigliate di installare? finora ho utilizzato avast ma se ce ne sono di migliori (magari allo stesso prezzo Wink ) ditemelo...
Top
Profilo Invia messaggio privato
clagmail
Mortale pio
Mortale pio


Registrato: 28/05/08 23:31
Messaggi: 28
MessaggioInviato: 30 Mag 2008 00:18    Oggetto: PERFETTO Rispondi citando
Per questa volta me la sono cavata con il vostro "prezioso" aiuto...
D'ora in poi starò più attento alla monnezza che scarico col "mulo"
Grazie di cuore
Claudio Very Happy
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 30 Mag 2008 18:44    Oggetto: Re: procede... Rispondi citando
clagmail ha scritto:
Quale antivirus mi consigliate di installare? finora ho utilizzato avast ma se ce ne sono di migliori (magari allo stesso prezzo Wink ) ditemelo...

Allo stesso prezzo: AVG o Antivir. Wink

Posta i logs dei vari programmi che ti ho fatto usare, così possiamo verificare che non ci siano rimasugli.
Top
Profilo Invia messaggio privato
clagmail
Mortale pio
Mortale pio


Registrato: 28/05/08 23:31
Messaggi: 28
MessaggioInviato: 31 Mag 2008 00:09    Oggetto: wireless non si avvia più Rispondi citando
innanzitutto questo è il log di combofix
ComboFix 08-05-29.1 - Casa 2008-05-29 22.41.06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.540 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Casa\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Casa\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Programmi\3
C:\Programmi\3\FastMobileModem\configMMM.ini
C:\Programmi\3\FastMobileModem\DefaultMMM.ini
C:\Programmi\3\FastMobileModem\Driver.ini
C:\Programmi\3\FastMobileModem\eventMMM.log
C:\Programmi\3\FastMobileModem\MMMODEM.CNT
C:\Programmi\3\FastMobileModem\MMModem.exe
C:\Programmi\3\FastMobileModem\MMMODEM.HLP
C:\Programmi\3\FastMobileModem\MMModemcnt.0
C:\Programmi\3\FastMobileModem\MMModemcnt.1
C:\Programmi\3\FastMobileModem\MMModemhlp.0
C:\Programmi\3\FastMobileModem\MMModemhlp.1
C:\Programmi\3\FastMobileModem\traceMMM.log
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\images.zip
C:\WINDOWS\system32\drivers\downld

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-29 )))))))))))))))))))))))))))))))))))
.

2008-05-29 22:07 . 2007-07-06 19:24 <DIR> d--h----- C:\Documents and Settings\Administrator.CLAUDIO-LAPTOP\Risorse di stampa
2008-05-29 22:07 . 2007-07-06 19:24 <DIR> d--h----- C:\Documents and Settings\Administrator.CLAUDIO-LAPTOP\Risorse di rete
2008-05-29 22:07 . 2007-07-06 19:24 <DIR> d-------- C:\Documents and Settings\Administrator.CLAUDIO-LAPTOP\Preferiti
2008-05-29 22:07 . 2007-07-06 17:33 <DIR> d--h----- C:\Documents and Settings\Administrator.CLAUDIO-LAPTOP\Modelli
2008-05-29 22:07 . 2007-07-06 19:24 <DIR> dr------- C:\Documents and Settings\Administrator.CLAUDIO-LAPTOP\Menu Avvio
2008-05-29 22:07 . 2008-05-29 22:43 <DIR> d--h----- C:\Documents and Settings\Administrator.CLAUDIO-LAPTOP\Impostazioni locali
2008-05-29 22:07 . 2007-07-06 19:24 <DIR> d-------- C:\Documents and Settings\Administrator.CLAUDIO-LAPTOP\Documenti
2008-05-29 22:07 . 2007-07-06 19:24 <DIR> dr-h----- C:\Documents and Settings\Administrator.CLAUDIO-LAPTOP\Dati applicazioni
2008-05-29 22:07 . 2008-05-29 22:07 <DIR> d-------- C:\Documents and Settings\Administrator.CLAUDIO-LAPTOP
2008-05-29 21:02 . 2008-05-29 21:02 <DIR> d-------- C:\Programmi\Filseclab
2008-05-29 21:02 . 2008-05-29 21:02 <DIR> d-------- C:\Documents and Settings\Casa\Dati applicazioni\InstallShield
2008-05-29 21:01 . 2008-05-29 21:58 <DIR> d-------- C:\Programmi\File comuni\Filseclab
2008-05-29 18:38 . 2008-05-29 18:38 <DIR> d-------- C:\_OTMoveIt
2008-05-28 22:52 . 2008-05-28 22:52 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-28 22:52 . 2008-05-28 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-27 20:11 . 2008-05-27 22:33 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-05-27 17:25 . 2008-05-27 17:32 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-05-27 17:00 . 2008-05-27 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-05-26 20:27 . 2008-05-26 20:27 <DIR> d-------- C:\kav
2008-05-26 16:35 . 2008-05-26 16:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-26 16:35 . 2008-05-27 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-05-26 15:30 . 2008-05-26 15:30 0 --a------ C:\output.avi
2008-05-23 11:11 . 2008-05-23 11:28 <DIR> d-------- C:\Programmi\FotoClient
2008-05-23 11:11 . 2008-01-25 09:01 2,508,800 --a------ C:\WINDOWS\system32\iecore.dll
2008-05-19 23:21 . 2008-05-19 23:21 <DIR> d-------- C:\WINDOWS\system32\Rinera
2008-05-19 23:21 . 2008-05-19 23:21 <DIR> d-------- C:\Documents and Settings\Casa\Dati applicazioni\Rinera Networks
2008-05-07 18:22 . 2008-05-07 18:22 <DIR> d-------- C:\Programmi\PDF-Convert
2008-05-07 17:58 . 2008-05-07 17:58 <DIR> d-------- C:\Programmi\8848Soft
2008-05-07 17:58 . 2001-10-29 01:42 116,224 --a------ C:\WINDOWS\system32\pdfmonnt.dll
2008-05-07 17:58 . 2008-05-07 17:58 164 --a------ C:\WINDOWS\system32\psconv.ini
2008-05-07 17:57 . 2008-05-07 17:57 <DIR> d-------- C:\WINDOWS\system32\psconv
2008-05-07 17:57 . 2008-05-07 17:57 <DIR> d-------- C:\Programmi\psconvert
2008-05-01 00:39 . 2008-05-28 17:11 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\SolidDocuments
2008-05-01 00:09 . 2008-05-01 00:09 <DIR> d-------- C:\Programmi\DIGITAL GRAPH
2008-04-30 17:32 . 2008-05-21 11:06 167 --a------ C:\WINDOWS\ConverterCore.INI
2008-04-30 17:19 . 2008-04-30 17:19 <DIR> d-------- C:\Programmi\SolidDocuments
2008-04-30 17:19 . 2008-05-27 23:51 <DIR> d-------- C:\Documents and Settings\Casa\Dati applicazioni\SolidDocuments
2008-04-30 17:18 . 2008-04-30 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SolidDocuments

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 20:40 --------- d-----w C:\Documents and Settings\Casa\Dati applicazioni\OpenOffice.org2
2008-05-29 19:02 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-26 21:21 --------- d-----w C:\Documents and Settings\Casa\Dati applicazioni\Skype
2008-05-26 20:50 --------- d-----w C:\Programmi\eMule
2008-05-26 14:12 --------- d-----w C:\Programmi\Zylom Games
2008-05-26 14:12 --------- d-----w C:\Programmi\Gamenext
2008-05-22 12:49 --------- d-----w C:\Documents and Settings\Casa\Dati applicazioni\Azureus
2008-05-20 21:47 --------- d-----w C:\Documents and Settings\Casa\Dati applicazioni\CyberLink
2008-05-15 16:19 --------- d-----w C:\Documents and Settings\Casa\Dati applicazioni\uTorrent
2008-05-14 18:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-04-28 21:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\file joy proc deaf
2008-04-27 18:26 --------- d-----w C:\Documents and Settings\Casa\Dati applicazioni\dvdcss
2008-04-23 16:00 --------- d-----w C:\Programmi\OpenOffice.org 2.4
2008-04-23 15:59 --------- d-----w C:\Programmi\OpenOffice.org 2.3
2008-04-23 15:54 --------- d-----w C:\Programmi\Java
2008-04-22 20:10 --------- d-----w C:\Programmi\TVUPlayer
2008-04-22 20:10 --------- d-----w C:\Documents and Settings\Casa\Dati applicazioni\TVU networks
2008-04-22 20:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TVU networks
2008-04-19 22:29 --------- d-----w C:\Programmi\Azureus
2008-04-19 22:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-04-16 17:18 --------- d-----w C:\Programmi\Apple Software Update
2008-04-11 13:13 --------- d-----w C:\Documents and Settings\Casa\Dati applicazioni\Apple Computer
2008-04-11 03:29 --------- d-----w C:\Programmi\Safari
2008-04-11 02:17 --------- d-----w C:\Programmi\iTunes
2008-04-11 02:16 --------- d-----w C:\Programmi\iPod
2008-04-11 02:14 --------- d-----w C:\Programmi\QuickTime
2008-04-10 21:30 --------- d-----w C:\Programmi\DivX
2008-04-06 14:17 --------- d-----w C:\Documents and Settings\FREE\Dati applicazioni\dvdcss
2008-03-31 00:03 --------- d-----w C:\Programmi\Google
2008-03-30 23:41 --------- d-----w C:\Programmi\Apoint2K
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-05-28 22:52 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 14:00 455168]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 12:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2005-02-08 18:38 159744]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 21:15 344064]
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe" [2005-03-29 14:45 233534]
"HP Software Update"="C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"eabconfg.cpl"="C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 10:59 794624]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"RegistryMechanic"="" []
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"StxTrayMenu"="C:\Programmi\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 13:20 190008]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"EverioService"="C:\Programmi\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 22:10 151552]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"\\Fisso\EPSON Stylus CX3600 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"Automatico EPSON Stylus CX3600 Series (Copia 1) su Fisso"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"Automatico EPSON Stylus CX3600 Series su FISSO"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"twister"="C:\Programmi\Filseclab\Twister\twister.exe" [2008-01-01 17:49 565248]

C:\Documents and Settings\FREE\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\Casa\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-09 13:33:10 110592]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-09 13:33:10 110592]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-10-07 23:40:15 217088]
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-05-31 14:29:16 577597]
Filseclab Messenger.lnk - C:\Programmi\File comuni\Filseclab\FilMsg.exe [2008-05-29 21:02:57 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.dvacm"= C:\PROGRA~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= L3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\Casa\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Programmi\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 filar;Filseclab Dynamic Defense System Driver;C:\PROGRA~1\FILECO~1\FILSEC~1\filar.sys [2007-12-18 17:56]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 Seagate Sync Service;Seagate Sync Service;C:\Programmi\Seagate\Sync\SeaSyncServices.exe [2007-01-18 13:20]
S3 filpp;Filseclab Process Protection Driver;C:\PROGRA~1\FILECO~1\FILSEC~1\filpp.sys [2007-12-19 21:47]
S3 IMMDRV;Filseclab Twister Kernel Module;C:\PROGRA~1\FILSEC~1\Twister\immdrv.sys [2007-11-26 20:24]
S3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1db8e1b2-d767-11dc-a4e5-0010c6f8d470}]
\Shell\1\Command - autorun.pif
\Shell\2\Command - autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e0d5f98-0c86-11dd-a552-001500496dd6}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f9caee5-7afb-11dc-a43e-0010c6f8d470}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1097d0c-588c-11dc-a3ae-000000000000}]
\Shell\AutoRun\command - G:\Autorun.exe /run
\Shell\Shell00\Command - G:\Autorun.exe /run
\Shell\Shell01\Command - G:\Autorun.exe /action
\Shell\Shell02\Command - G:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc33f1a4-77fe-11dc-a409-0010c6f8d470}]
\Shell\Auto\command - E:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-24 19:11:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 22:46:29
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\HPQ\Default Settings\cpqset.exe????????????8?0?6?2??????? ???B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\Fisso\\EPSON Stylus CX3600 Series (Copia 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P44 \"\\\\Fisso\\EPSON Stylus CX3600 Series (Copia 1)\" /O6 \"USB001\" /M \"Stylus CX3600\""
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WGATray.exe
C:\Programmi\Apoint2K\ApntEx.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HPQ\shared\hpqwmi.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\OpenOffice.org 2.4\program\soffice.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.bin
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-29 22:54:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 20:54:02

16 Directory 14,000,635,904 byte disponibili
19 Directory 13,890,347,008 byte disponibili

254 --- E O F --- 2008-05-23 21:00:46
Top
Profilo Invia messaggio privato
clagmail
Mortale pio
Mortale pio


Registrato: 28/05/08 23:31
Messaggi: 28
MessaggioInviato: 31 Mag 2008 00:13    Oggetto: WIRELESS..... Rispondi citando
questo è quello di Systemscan:

SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

edit by bdoriano: log eliminato perché incompleto. I logs vanno caricati su WikiSend come indicato qui.
Top
Profilo Invia messaggio privato
clagmail
Mortale pio
Mortale pio


Registrato: 28/05/08 23:31
Messaggi: 28
MessaggioInviato: 31 Mag 2008 00:25    Oggetto: WiReLeSs!!!! Rispondi citando
non si avvia più la connessione reti senza fili... Mi dice:
"Impossibile configurare la rete senza fili
Se si è attivato un altro programma per la gestione della connessione rete senza fili, utilizzare quel programma.
Se si preferisce che sia Windows a configurare la connessione, avviare il servizio Zero Configuration reti senza fili. per informazioni sull'avvio del servizio, vedere l'articolo 871122 nella Microsoft Knowledge Base nel sito microsoft.com"
Io ho seguito le istruzioni per avviare il servizio Zero Configuration, ma mi sono trovato un mex di errore "Errore 1068: Avvio del gruppo o del servizio di dipendenza non riuscito"
Che può essere?
Grazie in anticipo
Top
Profilo Invia messaggio privato
clagmail
Mortale pio
Mortale pio


Registrato: 28/05/08 23:31
Messaggi: 28
MessaggioInviato: 31 Mag 2008 00:40    Oggetto: HijackThis Rispondi citando
Dimenticavo di postare il log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:34, on 31/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Programmi\Seagate\Sync\SeaSyncServices.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\CyberLink\PCM4Everio\EverioService.exe
C:\Programmi\QuickTime\QTTask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HPQ\shared\hpqwmi.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Programmi\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Programmi\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\\Fisso\EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P44 "\\Fisso\EPSON Stylus CX3600 Series (Copia 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Automatico EPSON Stylus CX3600 Series (Copia 1) su Fisso] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P56 "Automatico EPSON Stylus CX3600 Series (Copia 1) su Fisso" /O16 "\\FISSO\EPSONSty" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Automatico EPSON Stylus CX3600 Series su FISSO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P46 "Automatico EPSON Stylus CX3600 Series su FISSO" /O18 "\\FISSO\Stampante2" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Rinera Streaming Control) - http://portal3.rinera.com/download/RineraProxy-1.4.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183741656986
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://www.coolstreaming.us/consolle/plug-in/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\shared\hpqwmi.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Programmi\Seagate\Sync\SeaSyncServices.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 14811 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 31 Mag 2008 10:17    Oggetto: Re: WiReLeSs!!!! Rispondi citando
clagmail ha scritto:
non si avvia più la connessione reti senza fili... Mi dice:
"Impossibile configurare la rete senza fili
Se si è attivato un altro programma per la gestione della connessione rete senza fili, utilizzare quel programma.
Se si preferisce che sia Windows a configurare la connessione, avviare il servizio Zero Configuration reti senza fili. per informazioni sull'avvio del servizio, vedere l'articolo 871122 nella Microsoft Knowledge Base nel sito microsoft.com"
Io ho seguito le istruzioni per avviare il servizio Zero Configuration, ma mi sono trovato un mex di errore "Errore 1068: Avvio del gruppo o del servizio di dipendenza non riuscito"
Che può essere?

E' un effetto dell'infezione di Bagle.

Scarica il file SistemaDanniBagle.zip e scompattalo.
Al suo interno troverai 2 cartelle con 2 files da aggiungere al file di registro.

Inoltre, hai qualche periferica USB (HD o chiavetta) infetta.
  1. Crea un file di testo con le seguenti istruzioni:
    Codice:
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1db8e1b2-d767-11dc-a4e5-0010c6f8d470}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f9caee5-7afb-11dc-a43e-0010c6f8d470}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1097d0c-588c-11dc-a3ae-000000000000}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc33f1a4-77fe-11dc-a409-0010c6f8d470}]

    Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

    Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. Wink
    Posta i logs aggiornati di combofix e di hijackthis

  2. Scaricati il programma TweakUI da questa pagina e installalo.
    Una volta installato, eseguilo e procedi con questi passaggi:
    Citazione:
    Espandi la sezione My Computer
    Espandi la sottosezione Autoplay
    Spostati in Types
    Togli il segno di spunta a Enable Autoplay for removable drives
    Clicca su Apply
    Chiudi TweakUI

    PS: Con Espandi intendo: clicca sul simbolo [+] di fianco alle voci che ti ho indicato Wink

    Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
    Inserisci le tue chiavette e fai un check delle stesse con il tuo antivirus.
    Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.
Top
Profilo Invia messaggio privato
clagmail
Mortale pio
Mortale pio


Registrato: 28/05/08 23:31
Messaggi: 28
MessaggioInviato: 04 Giu 2008 23:35    Oggetto: tt OK Rispondi citando
Grazie ancora bdoriano per la preziosa assistenza...
Non credevo che si potessero risolvere problemi che a me sembravano insormontabili così in remoto senza nemmeno alzare il culo dalla sedia!
Great job Idea
Top
Profilo Invia messaggio privato
monsieur blues
Comune mortale
Comune mortale


Registrato: 07/01/09 14:54
Messaggi: 2
MessaggioInviato: 07 Gen 2009 15:01    Oggetto: Re: tt OK Rispondi
clagmail ha scritto:
Grazie ancora bdoriano per la preziosa assistenza...
Non credevo che si potessero risolvere problemi che a me sembravano insormontabili così in remoto senza nemmeno alzare il culo dalla sedia!
Great job Idea



ciao sono un nuovo utente credo e spero di aver risolto in parte il problema bagle
mi è rimasto solo da fare il procedimento che avete esposto nella pagina precedente
avrei bisogno di scaricare ilSistemadanniBagle.zip ma credo che il periodo di tempo per il download è esaurito

cortesemente, per favore vi prego potreste ripostare un link valido, ve lo dico per favore ho tante cosee importanti nel mio pc e non posso formattarlo

se qualcuno ha ancore questo file mi appello a voi affinche lo ripostiate
please!!! Rolling Eyes
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi