Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
antivirus e firewall sparito
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
marione
Mortale devoto
Mortale devoto


Registrato: 24/08/07 18:47
Messaggi: 9
MessaggioInviato: 24 Ago 2007 19:11    Oggetto: antivirus e firewall sparito Rispondi citando
salve a tutti, ho bisogno di aiuto.

utilizzo xp sp2, avg 7.5 free edition e il firewall di Windows XP, ma mi debbo essere beccata qualche "bestia" strana visto che mi ha disinstallato avg e disabilitato il firewall. ho guardato nel forum e da quanto visto ho dissinstallato il ripristino della configurazione, riavviato, fatto uno scan online con panda ( che a trovato e rimosso 4 virus ), ripulito gli spyware con AVG anti-spyware, fatto girare elibagla senza risultati, fatto girare atf cleaner. ho riavviato e installato AVG con successo. ho installato OutPost. alla richiesta di riavvio di OutPost AVG non c'è più e nemmeno outpost, sebbene ce ne sia traccia in HiJackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.05.53, on 24/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\pulizia\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160572592687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B1C4696-4D84-4B6F-A8D4-37B6B26EA62F}: NameServer = 195.130.224.18,195.130.225.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B1C4696-4D84-4B6F-A8D4-37B6B26EA62F}: NameServer = 195.130.224.18,195.130.225.129
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe (file missing)

--
End of file - 6465 bytes


Qualcuno mi può aiutare? non mi sembra che sia bagle....

Grazie
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 24 Ago 2007 20:54    Oggetto: Rispondi citando
Ciao marione, Ciao
Il log di hijackthis non evidenzia cose strane.

Fai questi passaggi:
Scansione con FindAWF

Scansione con GMER
Top
Profilo Invia messaggio privato
marione
Mortale devoto
Mortale devoto


Registrato: 24/08/07 18:47
Messaggi: 9
MessaggioInviato: 24 Ago 2007 21:22    Oggetto: Rispondi citando
bdoriano ha scritto:
Ciao marione, Ciao
Il log di hijackthis non evidenzia cose strane.

Fai questi passaggi:
Scansione con FindAWF

Scansione con GMER


hp scaricato e lanciato FindAWF ( no bak folders found ) ma non riesco a scaricare GMER nè dal sito principale nè dal sito alternativo (ovviamente lo sto facendo da un altro PC). hai un altro link?

che altro posso fare? è due giorni che provo a eliminarlo....

Grazie
Top
Profilo Invia messaggio privato
marione
Mortale devoto
Mortale devoto


Registrato: 24/08/07 18:47
Messaggi: 9
MessaggioInviato: 25 Ago 2007 13:22    Oggetto: Rispondi citando
i link ai risultati di Gmer sono:

http://www.freefilehosting.net/download/MTUyOTk=

e

http://www.freefilehosting.net/download/MTUzMDA=

Ciao e grazie
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 25 Ago 2007 15:10    Oggetto: Rispondi citando
Prima volta che vedo il log del rootkit da 1MB! Shocked
Sembrerebbero tracce di Bagle... Think

Scarica il programma EliBagle da http://www.zonavirus.com/datos/descargas/95/elibagla.asp
Lo trovi in fondo alla pagina, clicca sulla voce Descarga ElibaglA
Avvia il programma, dovrebbe crearti un log. Al termine posta qui il log creato insieme a un log aggiornato di hijackthis.
Top
Profilo Invia messaggio privato
marione
Mortale devoto
Mortale devoto


Registrato: 24/08/07 18:47
Messaggi: 9
MessaggioInviato: 25 Ago 2007 19:05    Oggetto: Rispondi citando
ok , il log di Elibagla ( come vedi l'avevo gia' fatto ieri, ma stavolta su tutti i dischi ):


Fri Aug 24 17:20:28 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%WinDir%\exefld"

Fri Aug 24 17:20:39 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sat Aug 25 17:50:45 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Aug 25 17:51:12 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sat Aug 25 18:09:24 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Aug 25 18:09:32 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Sat Aug 25 18:25:59 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad G:\

e quello di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.05.53, on 24/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\pulizia\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160572592687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B1C4696-4D84-4B6F-A8D4-37B6B26EA62F}: NameServer = 195.130.224.18,195.130.225.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B1C4696-4D84-4B6F-A8D4-37B6B26EA62F}: NameServer = 195.130.224.18,195.130.225.129
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe (file missing)

--
End of file - 6465 bytes

Grazie di quello che fate e ciao
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 25 Ago 2007 20:44    Oggetto: Rispondi citando
ciao.

a quanto pare sta infuriando una nuova versione di Bagle, dove il tool di rimozione è pressocche inutile... Sad

proviamo con Avenger:
scaricalo da qui e decomprimilo sul desktop.
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente d'ingrandimento
nella finestra "View/edit script" copia e incolla il seguente:
Citazione:
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys

Clicca Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo (altrimenti fallo tu)

al riavvio, Avenger ti rilascia un logfile (altrimenti lo trovi in C:\Avenger). copialo ed incollalo nel tuo post.

scarica anche questo e decomprimilo sul desktop (IMPORTANTE!)
Chiudi tutte le applicazioni
Clicca su Start->Esegui, digita (o copia e incolla)
"%userprofile%\desktop\combofix.exe" /wow
Clicca su OK
Segui le istruzioni della finestra prompt e posta il log (lo trovi in C:\Combofix.txt)
Top
Profilo Invia messaggio privato
marione
Mortale devoto
Mortale devoto


Registrato: 24/08/07 18:47
Messaggi: 9
MessaggioInviato: 25 Ago 2007 21:24    Oggetto: Rispondi citando
Bene, il log di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tqdbeksy

*******************

Script file located at: \??\C:\WINDOWS\egpatsoa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

E quello di combofix:

ComboFix 07-08-25.3 - "Administrator" 2007-08-25 21:10:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.159 [GMT 2:00]
Command switches used :: /wow
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
G:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))


2007-08-25 21:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 17:58 <DIR> d-------- C:\Programmi\File comuni\Agnitum Shared
2007-08-24 17:58 <DIR> d-------- C:\Programmi\Agnitum
2007-08-23 21:50 <DIR> d-------- C:\!KillBox
2007-08-23 14:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-23 14:32 <DIR> d-------- C:\pulizia
2007-08-22 17:08 <DIR> d-------- C:\WINDOWS\msapps
2007-08-22 15:39 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-22 15:23 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-08-22 15:23 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-08-22 15:19 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-08-22 15:19 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-08-22 14:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-22 14:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kaspersky Lab
2007-08-22 10:19 <DIR> d-------- C:\WINDOWS\setup.pss
2007-08-22 09:43 62,976 --a------ C:\Antibagle-fr.exe
2007-08-21 15:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-21 12:59 140,288 --a------ C:\vcleaner.exe
2007-08-03 10:37 <DIR> d-------- C:\Programmi\GIF Movie Gear
2007-08-03 10:37 <DIR> d-------- C:\GIFEDIT


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 08:56 --------- d-------- C:\Programmi\Google
2007-08-22 15:31 --------- d-------- C:\Programmi\Servizi in linea
2007-08-22 13:04 --------- d-------- C:\Programmi\Messenger
2007-08-22 12:57 --------- d-------- C:\Programmi\iTunes
2007-08-03 10:37 286720 --a------ C:\WINDOWS\iun506.exe
2007-08-02 14:19 --------- d-------- C:\DOCUME~1\ADMINI~1\DATIAP~1\CopyToDvd
2007-08-02 14:19 --------- d-------- C:\DOCUME~1\ADMINI~1\DATIAP~1\CopyToDvd
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 09:01 --------- d-------- C:\DOCUME~1\ADMINI~1\DATIAP~1\Help
2007-07-30 09:01 --------- d-------- C:\DOCUME~1\ADMINI~1\DATIAP~1\Help
2007-07-22 09:14 --------- d-------- C:\Programmi\iPod
2007-07-22 09:10 --------- d-------- C:\Programmi\File comuni\Apple
2007-07-22 09:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple
2007-07-22 09:07 --------- d-------- C:\Programmi\QuickTime
2007-06-24 13:29 37375 --a------ C:\WINDOWS\system32\uninstall.exe
2007-06-24 13:09 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2007-06-24 12:15 414272 --a------ C:\WINDOWS\system32\DivXc32f.dll
2007-06-24 12:15 414272 --a------ C:\WINDOWS\system32\DivXc32.dll
2007-06-24 12:15 33280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
2007-06-18 16:54 86016 --a------ C:\WINDOWS\system32\pxwma.dll
2007-06-18 16:54 105472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-18 16:54 103936 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-18 11:35 87608 --a------ C:\DOCUME~1\ADMINI~1\DATIAP~1\inst.exe
2007-06-18 11:35 47360 --a------ C:\DOCUME~1\ADMINI~1\DATIAP~1\pcouffin.sys
2007-05-31 19:30 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-05-31 19:29 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 21:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 22:15 C:\WINDOWS\system32\VTTrayp.exe]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-10-25 08:30]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 12:39 C:\WINDOWS\SOUNDMAN.EXE]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"Outpost Firewall"="C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24]

R1 VFILT;Outpost Firewall Kernel Driver;\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS
S3 Linux.DLL;Outpost Firewall PlugIn (Linux.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\Linux.DLL
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL


Contents of the 'Scheduled Tasks' folder
2007-07-29 07:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programmi\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 21:17:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 21:19:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-25 21:19

--- E O F ---

Attendo fiducioso.
Fra l'altro avevo precedentemente provato a reinstallare Windows ( perche' mi veniva richiesto il CD di Xp pro ) e ora non mi installa piu' gli aggiornamenti automatici ( "impossibile installare alcuni aggiornamenti: windows xp installer 3.1" )

Ciao e grazie
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 26 Ago 2007 12:43    Oggetto: Rispondi citando
ciao.

non vorrei avermi perso qualcosa..
prova a rifare lo scan con Elibagla in mod. provvisoria. (posta il log), riavvia e fai la scansione con Gmer (entrambi: Autostart e Rootkit).

ah, un'altra cosa: C:\ComboFix-quarantined-files.txt è vuoto?
Top
Profilo Invia messaggio privato
marione
Mortale devoto
Mortale devoto


Registrato: 24/08/07 18:47
Messaggi: 9
MessaggioInviato: 26 Ago 2007 19:33    Oggetto: Rispondi citando
ok ,intanto segnalo che ho reinstallato AVG 7.5 e che funziona, ho gia' riavviato piu' volte e non mi viene piu eliminato, quindi sembra risolto questo problema.

Comunque, C:\ComboFix-quarantined-files.txt è vuoto, e il risultato di Elibagla in modalità provvisoria:

Sun Aug 26 17:36:28 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Aug 26 17:36:31 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

il link all'autostart di Gmer:
http://www.freefilehosting.net/download/MTU3MzU=

e il rootkit ( te lo posto , freefilehosting non sta funzionando ora ):

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-26 19:24:44
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7B5A404] avg7rsw.sys

Device \Driver\VFILT \Device\FILTNT IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BDA85A] avgtdi.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F5C67210] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BDA85A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F5C67210] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BDA85A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F5C67210] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BDA85A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F5C67210] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BDA85A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F5C672D0] FILTNT.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F5C672D0] FILTNT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7B5A404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7B5A404] avg7rsw.sys

---- EOF - GMER 1.0.13 ----

Grazie
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 30 Ago 2007 22:34    Oggetto: Rispondi
confermo. non ci sono altre tracce di Bagle. Wink
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi