Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Rootkit Bagle
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
mr.faggio
Comune mortale
Comune mortale


Registrato: 07/04/08 13:52
Messaggi: 3
MessaggioInviato: 09 Apr 2008 13:50    Oggetto: Rootkit Bagle Rispondi citando
Help!!
Qualcuno può aiutarmi....
Non riesco ad installare Kaspersky e nessun altro antivirus, perchè mi da sempre ERRORE 1304
Ho fatto una scansione on line e questi sono i file infetti
Cosa posso fare??
Grazie

C:\WINDOWS\system32\drivers\downld\165859.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\downld\170437.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped

C:\WINDOWS\system32\drivers\downld\83046.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\downld\88328.exe Infected: Trojan.Win32.Pakes.ciw skipped

C:\WINDOWS\system32\drivers\srosa.sys Infected: Trojan-Downloader.Win32.Bagle.mm skip
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 09 Apr 2008 16:43    Oggetto: Rispondi citando
Ciao mr.faggio Ciao e benvenuto...

E' evidente che ti sei beccato il Bagle;

Guarda questa discussione scarica e fai la scansione con Elibagla;

scarica Virit
Aggiornalo mediante l'icona della parabola posta nella barra in alto e fagli fare la scansione completa del PC.
Fai in modo che rimuova automaticamente i file infetti trovati.
Non dimenticare di disattivare momentaneamente il tuo antivirus;

lancia Combofix tramite questa discussione;

posta anche un log di Hijackthis

Esegui le operazioni nell'ordine indicato...
Top
Profilo Invia messaggio privato
mr.faggio
Comune mortale
Comune mortale


Registrato: 07/04/08 13:52
Messaggi: 3
MessaggioInviato: 10 Apr 2008 15:48    Oggetto: Rispondi citando
Ciao Sante62, ho fatto tutto come mi hai consigliato, e questi sono i risultati.
L'unica cosa che non sono riuscito a fare è la scansione con VIRIT, per scaricavo l'exe, ma mi diceva impossibile aprire C:\..
Grazie ancora
Ciao

ComboFix 08-04-09.8 - Nicola 2008-04-10 11:45:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.601 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Nicola\Impostazioni locali\Temporary Internet Files\Content.IE5\PQKWJZIY\ComboFix[1].exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Creati Da 2008-03-10 al 2008-04-10 )))))))))))))))))))))))))))))))))))
.

2008-04-10 11:15 . 2008-04-10 11:15 <DIR> d-------- C:\VEXPLITE
2008-04-07 11:23 . 2008-04-07 11:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-07 11:23 . 2008-04-10 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-04-07 08:35 . 2008-04-10 11:34 78,415 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-04-07 08:32 . 2008-04-07 08:32 2,401 --a------ C:\WINDOWS\system32\drivers\AlKernel.sys
2008-04-04 16:44 . 2008-04-04 16:44 <DIR> d-------- C:\SWSetup
2008-04-04 14:07 . 2008-04-04 14:09 <DIR> d-------- C:\Programmi\Symantec
2008-04-04 14:07 . 2008-04-04 14:09 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2008-04-04 08:48 . 2008-04-04 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-04-03 16:14 . 2004-06-01 05:08 688,128 --a------ C:\WINDOWS\system32\drivers\mdelk.exe
2008-04-03 16:10 . 2008-04-10 08:29 <DIR> d-------- C:\WINDOWS\system32\drivers\downld
2008-03-25 12:06 . 2001-08-17 22:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-03-25 12:06 . 2001-08-17 22:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-03-25 12:03 . 2008-03-25 12:03 <DIR> d-------- C:\Drivers
2008-03-25 12:03 . 2001-11-05 10:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-03-25 12:03 . 2002-10-15 23:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-03-25 12:03 . 2001-07-03 21:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-03-25 12:03 . 2001-11-05 10:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-03-25 12:03 . 2001-11-05 10:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-03-25 12:03 . 2001-07-03 21:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-03-21 15:51 . 2008-03-21 15:51 <DIR> d-------- C:\Documents and Settings\Nicola\Dati applicazioni\TomTom
2008-03-21 15:51 . 2008-03-21 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TomTom
2008-03-21 15:50 . 2008-03-21 15:50 <DIR> d-------- C:\Programmi\TomTom HOME 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 13:32 --------- d-----w C:\Programmi\VideoLAN
2008-04-04 12:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-03-25 10:03 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-21 13:50 --------- d-----w C:\Programmi\TomTom HOME
2008-02-22 08:34 --------- d-----w C:\Programmi\iTunes
2008-02-22 08:34 --------- d-----w C:\Programmi\iPod
2008-02-22 08:34 --------- d-----w C:\Programmi\Bonjour
2008-02-22 08:34 --------- d-----w C:\Documents and Settings\Nicola\Dati applicazioni\Apple Computer
2008-02-22 08:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-02-22 08:33 --------- d-----w C:\Programmi\QuickTime
2008-02-22 08:31 --------- d-----w C:\Programmi\File comuni\Apple
2007-01-16 13:29 457 ----a-w C:\Programmi\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 04:00 15360]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:38 1289000]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2008-02-18 12:58 206184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-17 16:37 344064]
"SetRefresh"="C:\Programmi\Compaq\SetRefresh\SetRefresh.exe" [2004-06-01 05:08 688128]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ToolBoxFX"="C:\Programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 09:12 45056]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 04:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"= C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"= C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Varie\\eMule0.48a\\eMule0.48a\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 18:22]
S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys []
S3 KeyPublisher;Arca Professional Key Publisher;C:\ArcaPro\KeyPublisher.exe [2008-01-10 11:30]
S3 ONDAUsbDiag;ONDA USB Diagnostics Port;C:\WINDOWS\system32\DRIVERS\ONDAUsbDiag.sys []
S3 ONDAUsbModem;ONDA USB MODEM DRIVER;C:\WINDOWS\system32\DRIVERS\ONDAUsbModem.sys []
S3 ONDAUsbNmea;ONDA USB NMEA Port;C:\WINDOWS\system32\DRIVERS\ONDAUsbNmea.sys []
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c1b0e1c-8130-11dc-b4a5-001617db5dfc}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b77477-7a11-11db-9603-001617db5dfc}]
\Shell\AutoRun\command - E:\nideiect.com
\Shell\explore\Command - E:\nideiect.com
\Shell\open\Command - E:\nideiect.com

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-04 08:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2006-12-04 10:35:04 C:\WINDOWS\Tasks\Copia_Dati.job"
- C:\WINDOWS\system32\ntbackup.exelbackup
"2008-04-09 16:18:00 C:\WINDOWS\Tasks\WebReg ITA.job"
- C:\Programmi\HP\digital imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 11:56:40
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-04-10 12:03:56 - machine was rebooted [Nicola]
ComboFix-quarantined-files.txt 2008-04-10 10:03:52
28 Directory 98,329,817,088 byte disponibili
31 Directory 99,715,842,048 byte disponibili
.
2008-03-12 17:33:10 --- E O F ---



Wed Apr 09 17:53:39 2008
EliBagle v11.23 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 09 17:53:43 2008
EliBagle v11.23 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Programmi\Compaq\SetRefresh\SETREFRESH.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)
C:\WINDOWS\system32\drivers\downld\14912140.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\165859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\29732062.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\408796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\83046.EXE --> Eliminado Bagle

Nº Total de Directorios: 5249
Nº Total de Ficheros: 135458
Nº de Ficheros Analizados: 7134
Nº de Ficheros Infectados: 7
Nº de Ficheros Limpiados: 7

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.41.07, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programmi\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Arca Professional Key Publisher (KeyPublisher) - Wolters Kluwer Italia - Artel - C:\ArcaPro\KeyPublisher.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6671 bytes
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 10 Apr 2008 22:38    Oggetto: Rispondi citando
Prova a rifare la scansione con Virit;

fai anche la scansione con Systemscan e posta il log generato come
indicato quì
Top
Profilo Invia messaggio privato
mr.faggio
Comune mortale
Comune mortale


Registrato: 07/04/08 13:52
Messaggi: 3
MessaggioInviato: 11 Apr 2008 08:46    Oggetto: Rispondi citando
Ciao,
Penso di aver fatto giusto...
Per quanto riguarda Virit niente da fare...



[URL="http://www.freefilehosting.net/files/3f5kk"]report168.txt[/URL]
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 11 Apr 2008 15:46    Oggetto: Rispondi
Scarica http://swandog46.geekstogo.com/index.html
The Avenger (Nuova versione)
Scompattalo in una sua cartella in c:\
Avvialo e clicca su OK
all'interno del box bianco
Inserisci queste righe:
Citazione:
files to delete:
C:\WINDOWS\system32\drivers\SROSA.SYS

Clicca su Execute
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Attenzione a non lasciare interlinee inutili ad esempio:
Citazione:
files to delete:

xxxxxxxxxxx

Al termine dell'operazione, si dovrebbe aprire il blocco note con il risultato, altrimenti lo trovi su C:\Avenger.txt
Se va a buon fine prova a far partire VirIT
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi