Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
tante, taaante finestrelle
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 28 Mar 2007 16:56    Oggetto: tante, taaante finestrelle Rispondi citando
salve!ho un problemino con il pc, ogni volta che lo avvio mi escono delle finestre di internet explorer alcune volte vuote altre no, cosi faccio lo scan con ad-ware ed elimino gli oggetti critici, ma quando riavvio poi le finestre tornano, e se faccio lo scan gli oggetti critici ci sono di nuovo..
inoltre non mi è piu permesso installare antivirus o antispyware e ho dovuto disinstallare quelli che avevo prima di questo problemone perchè non li potevo aprire...
il tutto ovviamente rallenta il mio utilizzo del computer.. non ne sono molto pratica,dunque chiedo aiuto a voi! vi ringrazio anticipatamente Wink
Top
Profilo Invia messaggio privato
niklair
Dio maturo
Dio maturo


Registrato: 31/10/03 11:38
Messaggi: 2289
Residenza: Piu' a nord della dea della grafica
MessaggioInviato: 28 Mar 2007 17:34    Oggetto: Rispondi citando
Citazione:
Scarica HijackThis, decomprimilo in una cartella tutta sua non temporanea (ad esempio mettilo in C:\HijackThis).
Avvialo e premi Do a system scan and save a log file, ti si aprirà una finestra di notepad con il risultato della scansione, copia e incolla qua il suo contenuto.


... il programma lo trovi qui: http://www.merijn.org/files/hijackthis.zip
Top
Profilo Invia messaggio privato
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 29 Mar 2007 11:52    Oggetto: Rispondi citando
Logfile of HijackThis v1.99.1
Scan saved at 11.34.47, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\TUO\Impostazioni locali\Temp\hijackthis\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?9d9aab7f36bb4a12a09da434aee854c9
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?9d9aab7f36bb4a12a09da434aee854c9
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {EBD7F2F3-23FE-4D1F-A955-0118861CB5AF} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kurtina89.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28527918-00B9-4994-ABC5-52E13E1A15A1}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS2\Services\Tcpip\..\{28527918-00B9-4994-ABC5-52E13E1A15A1}: NameServer = 85.37.17.58 85.38.28.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe

ecco qua! Smile
Top
Profilo Invia messaggio privato
niklair
Dio maturo
Dio maturo


Registrato: 31/10/03 11:38
Messaggi: 2289
Residenza: Piu' a nord della dea della grafica
MessaggioInviato: 29 Mar 2007 18:30    Oggetto: Rispondi citando
... ad occhio non sembra che tu abbia niente di grave ....

fixa questo:

Citazione:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


(per fixare basta spuntare questa voce nel programma e schiacciare "fix checked") ... poi prova a vedere se continua a darti problemi perchè mi sembra l'unica cosa strana .... ti passo a Orange .... Wink

intanto se vuoi passa a presentarti qui: http://forum.zeusnews.com/viewtopic.php?t=20689

e qui: http://forum.zeusnews.com/viewtopic.php?t=21084
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 29 Mar 2007 19:33    Oggetto: Rispondi citando
ciao, benvenuta anche dalla parte mia Ciao

potresti aver preso una variante del Bagle.
scarica GMER da qui--> http://www.gmer.net/gmer.zip
fai il log dal tab Rootkit
quando ha finito lo scan seleziona Copy
apri il blocco note di windows, mediante i tasti ctrl+V incolla dentro il log e salvalo.

posta il risultato.
Top
Profilo Invia messaggio privato
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 29 Mar 2007 23:05    Oggetto: Rispondi citando
un pò lunghetto devo ammettere...comunque ecco qui!

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-29 22:46:29
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Documents and Settings\TUO\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\TUO\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\TUO\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\TUO\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\TUO\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\TUO\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation

---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001B70 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 27001AE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001A60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001C20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CD0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 27001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 27001050 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, AF, CC, CC ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003760 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003270 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004AB0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004E30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 270049D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 27004B50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004F90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003F30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] WS2_32.dll!send 71A3428A 5 Bytes JMP 270095A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 27009390 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] WS2_32.dll!recv 71A3615A 5 Bytes JMP 27009200 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 27009720 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 27009930 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 5 Bytes JMP 27002BA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] ole32.dll!CoInitializeEx 774CEF6B 5 Bytes JMP 27001D30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] ole32.dll!CoRegisterClassObject 774E8720 5 Bytes JMP 27001E30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] WININET.dll!HttpOpenRequestA 771936AD 5 Bytes JMP 27008180 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 27008460 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 270083B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2428] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 270082E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\SYSTEM32\HLDRRR.EXE (*** hidden *** ) 1468
Process C:\WINDOWS\SYSTEM32\HLDRRR.EXE (*** hidden *** ) 1616

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global@Microsoft.MSXML2R,publicKeyToken="6bd6b9abf345378f",version="4.1.0.0",type="win32",processorArchitecture="x86" grjNLln*a9jep!hbk@K`MSXMLSXS>ITzaC}zyQ@Zq3QlMCb0e?
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Encarta Reference Library\L03IDXRC\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Encarta Reference Library\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\VS Runtime\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\AccessWeb\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\Libreria\Analysis\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\Libreria\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\Libreria\SOLVER\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\QUERIES\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\XLSTART\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\DATA\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\1040\011\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\1040\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\utent\Impostazioni locali\Dati applicazioni\Microsoft\OFFICE\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\Templates\Presentation Designs\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\Templates\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\STARTUP\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Smart Tag\LISTS\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Smart Tag\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\PCHEALTH\ERRORREP\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\BITMAPS\DBWIZ\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\BITMAPS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\Templates\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Snapshot Viewer\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Database Replication\Resources\1033\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Database Replication\Resources\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Database Replication\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Database Replication\Resources\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\SAMPLES\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\SHELLNEW\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\1033\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\SYSTEM\MSMAPI\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\SYSTEM\MSMAPI\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\ADDINS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\FORMS\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\FORMS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\CONVERT\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\CONVERT\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\Stationery\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\Stationery\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Web Folders\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\MODI\11.0\DRIVERS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\MODI\11.0\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\MODI\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\OFFICE11\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\OFFICE11\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\EQUATION\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\EQUATION\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Visual Studio\COMMON\IDE\IDE98\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Visual Studio\COMMON\IDE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Visual Studio\COMMON\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Visual Studio\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\OFFICE11\VS Runtime\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Smart Tag\LISTS\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\Smart Tag\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\MEDIA\CAGCAT10\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\MEDIA\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\MEDIA\CAGCAT10\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\MEDIA\OFFICE11\AUTOSHAP\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\MEDIA\OFFICE11\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\MEDIA\OFFICE11\BULLETS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\MEDIA\OFFICE11\LINES\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Office\MEDIA\OFFICE11\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\AFTRNOON\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\ARCTIC\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\AXIS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\BLENDS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\BLUECALM\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\BLUEPRNT\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\BOLDSTRI\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\BREEZE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\CANYON\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\CAPSULES\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\CASCADE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\COMPASS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\CONCRETE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\DEEPBLUE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\ECHO\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\ECLIPSE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\EDGE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\EVRGREEN\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\EXPEDITN\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\ICE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\INDUST\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\IRIS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\JOURNAL\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\LAYERS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\LEVEL\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\NETWORK\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\PAPYRUS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\PIXEL\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\PROFILE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\QUAD\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\RADIAL\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\REFINED\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\RICEPAPR\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\RIPPLE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\RMNSQUE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\SATIN\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\SKY\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\SLATE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\SONORA\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\SPRING\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\STRTEDGE\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\STUDIO\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\SUMIPNTG\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\WATER\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\THEMES11\WATERMAR\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\MODI\11.0\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Works\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Microsoft Works\1033\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\VBA\VBA6\1040\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\VBA\VBA6\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Microsoft Shared\VBA\
Top
Profilo Invia messaggio privato
niklair
Dio maturo
Dio maturo


Registrato: 31/10/03 11:38
Messaggi: 2289
Residenza: Piu' a nord della dea della grafica
MessaggioInviato: 29 Mar 2007 23:13    Oggetto: Rispondi citando
Citazione:
Process C:\WINDOWS\SYSTEM32\HLDRRR.EXE (*** hidden *** ) 1468


... se non erro è proprio Beagle o una variante .... aspettiamo Orange Wink
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 30 Mar 2007 09:02    Oggetto: Rispondi citando
niklair ha scritto:
Citazione:
Process C:\WINDOWS\SYSTEM32\HLDRRR.EXE (*** hidden *** ) 1468


... se non erro è proprio Beagle o una variante ..


Già, proprio lui..

scarica questo
avvialo, spunta la casella "eliminare automaticamente" (non proprio così, ma "eliminados ficheros automaticamente" non ricordo bene), lasciagli fare la scansione e riavvia.
posta il log da C:/InfoSat.txt, quello di GMER fatto DOPO la passata con il tool( scheda rootkit) e un nuovo log di HiJack
Top
Profilo Invia messaggio privato
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 30 Mar 2007 17:55    Oggetto: Rispondi citando
questo è il primo!
Fri Mar 30 16:10:15 2007
EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\TUO\DATI APPLICAZIONI\HIDIRES\HIDR.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\TUO\DATI APPLICAZIONI\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.33
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Bagle Renombrado a .VIR
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Fri Mar 30 16:10:39 2007
EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Documents and Settings\Altri\Impostazioni locali\Temp\~D.EXE --> Eliminado Bagle
C:\Documents and Settings\Altri\Impostazioni locali\Temp\~49.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP515\A0510671.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP515\A0510672.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP515\A0511662.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP515\A0511663.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP515\A0511705.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP516\A0512033.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP516\A0512039.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP516\A0512058.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP517\A0512192.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP517\A0512236.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP517\A0513235.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP517\A0513269.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP517\A0514270.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP517\A0515270.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP517\A0516269.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP517\A0516275.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP518\A0517269.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP518\A0518269.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP518\A0519269.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP519\A0519292.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP519\A0520292.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP520\A0520318.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP520\A0522323.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP520\A0522338.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP520\A0523318.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP521\A0523346.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP521\A0524347.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP522\A0524363.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP522\A0525363.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP522\A0525370.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP522\A0525611.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP522\A0525614.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP522\A0525615.EXE --> Eliminado Bagle

Fri Mar 30 16:21:45 2007
EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\HLDRRR.EXE.VIR --> Eliminado
Eliminada Carpeta "%WinDir%\exefld"
Eliminada Carpeta "%AppData%\Hidires"

Fri Mar 30 16:22:11 2007
EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Exploración Detenida por el Usuario.

Fri Mar 30 16:23:04 2007
EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Mar 30 16:23:05 2007
EliBagle v10.33 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Documents and Settings\Altri\Dati applicazioni\hidires\HIDR.EXE --> Eliminado Bagle
C:\Documents and Settings\Altri\Dati applicazioni\hidires\M_HOOK.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP523\A0525696.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{65FB5E74-D1ED-41D1-B1F4-B5A9417F69E1}\RP523\A0525697.SYS --> Eliminado Bagle (rootkit)
Top
Profilo Invia messaggio privato
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 30 Mar 2007 17:58    Oggetto: Rispondi citando
Orange ha scritto:
posta il log da C:/InfoSat.txt, quello di GMER fatto DOPO la passata con il tool( scheda rootkit) e un nuovo log di HiJack

sono un pò impedita, dopo questo log che devo fare con gmer?? quel DOPO cosi mi fa paura, e mi mette ansia,e non lo capisco! Crying or Very sad
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 30 Mar 2007 18:09    Oggetto: Rispondi citando
aim for a smile ha scritto:
Orange ha scritto:
posta il log da C:/InfoSat.txt, quello di GMER fatto DOPO la passata con il tool( scheda rootkit) e un nuovo log di HiJack

sono un pò impedita, dopo questo log che devo fare con gmer?? quel DOPO cosi mi fa paura, e mi mette ansia,e non lo capisco! Crying or Very sad

Very Happy Very Happy
tranquilla..
avevo evidenziato "dopo", perche alcuni utenti mi facevano prima lo scan di GMER e DOPO ( Wink ) quello del tool. e in quel modo lì, risultava sempre presente l'infezione...

con Gmer fai stesso procedimento
Citazione:
fai il log dal tab Rootkit
quando ha finito lo scan seleziona Copy
apri il blocco note di windows, mediante i tasti ctrl+V incolla dentro il log e salvalo.

posta il risultato.

Ciao
Top
Profilo Invia messaggio privato
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 30 Mar 2007 18:28    Oggetto: Rispondi citando
ragioniiiiiiiiiiiissima Very Happy ora riposto ho sbagliato anche ioooo
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 30 Mar 2007 18:32    Oggetto: Rispondi citando
no, non hai sbagliato! vuol dire che l'ignobile Bagle è debellato Very Happy
(scherzi a parte, significa che hai il sistema pulito, libero dai rootkit)
ora serve il log di HiJack per vedere se c'è qualcos'altro da eliminare..


EDIT:
caspita, hai cambiato il messaggio....
Top
Profilo Invia messaggio privato
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 30 Mar 2007 18:41    Oggetto: Rispondi citando
Logfile of HijackThis v1.99.1
Scan saved at 18.22.14, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\lxbtcoms.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TUO\Impostazioni locali\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?9d9aab7f36bb4a12a09da434aee854c9
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?9d9aab7f36bb4a12a09da434aee854c9
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {EBD7F2F3-23FE-4D1F-A955-0118861CB5AF} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kurtina89.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28527918-00B9-4994-ABC5-52E13E1A15A1}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS2\Services\Tcpip\..\{28527918-00B9-4994-ABC5-52E13E1A15A1}: NameServer = 85.37.17.58 85.38.28.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe

ecco qqui! 8)
Top
Profilo Invia messaggio privato
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 30 Mar 2007 18:43    Oggetto: Rispondi citando
Orange ha scritto:

EDIT:
caspita, hai cambiato il messaggio....

ero ALQUANTO confusa.... Embarassed
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 30 Mar 2007 19:05    Oggetto: Rispondi citando
il log non presenta i malware in esecuzione.
ti appaiono ancora quelle finestre? ( comunque Bagle non era la causa)
ora metti l'antivirus e anche un buon firewall.
fai la scansione on-line con Kaspersky per vedere se c'è qualche altro problema.
Top
Profilo Invia messaggio privato
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 30 Mar 2007 19:07    Oggetto: Rispondi citando
grazie Smile mi puoi consigliare un buon antivirus,antispyware e firewall? Razz grazie ancora! ora vediamo con kaspersky
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 30 Mar 2007 21:25    Oggetto: Rispondi citando
aim for a smile ha scritto:
grazie Smile mi puoi consigliare un buon antivirus,antispyware e firewall?
Tu cosa hai, al momento?
Top
Profilo Invia messaggio privato
aim for a smile
Mortale pio
Mortale pio


Registrato: 28/03/07 16:51
Messaggi: 22
MessaggioInviato: 31 Mar 2007 13:50    Oggetto: Rispondi citando
assoutamente nuylla perchè quelli che avevo prima con il problema che avevo non funzionavano piu... quindi li ho disinstallati! Sad
Top
Profilo Invia messaggio privato
chemicalbit
Dio maturo
Dio maturo


Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
MessaggioInviato: 31 Mar 2007 20:54    Oggetto: Rispondi
Ci riprovo Wink

Quali avevi prima?
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2  Successivo
Pagina 1 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi