Home News Guide Hardware Download Forum Glossario

Condividi:        

win32/bagle

Hai problemi con i file Zip, vuoi formattare l'HD, non sai come funziona FireFox? O magari ti serve proprio quel programmino di cui non ricordi il nome! Ecco il forum dove poter risolvere i tuoi problemi.

Moderatori: Dylan666, hydra, gahan

Regole del forum
Rispondi al post

win32/bagle

Postdi mancar53 » 31/03/08 23:01

Somo perplesso!
Strumento di rimozione malware di Windows mi segnala "win32/bagle e Win32/bagle .genC " rimossi parzialmente, mi chiedo : possibile che Norton 2008 non me lli abbia bloccati mentre arrivavano?'
Comunque ho fatto una scansione con Kaspersky e vi allego il risultato.
Cosa devo fare adesso con Avenger?

grazie per eventuale aiuto
Codice: Seleziona tutto
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Monday, March 31, 2008 11:33:33 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 31/03/2008
 Kaspersky Anti-Virus database records: 674580
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   G:\
   H:\

Scan Statistics:
   Total number of scanned objects: 150434
   Number of viruses found: 3
   Number of infected objects: 14
   Number of suspicious objects: 0
   Duration of the scan process: 03:43:09

Infected Object Name / Virus Name / Last Action
C:\0f5366217dc5062f57be5f43c69acecc\msxml4-KB927978-enu.log   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\0742896bec4a516b1974862df9bf536d_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\4b8ec040b91cfe6be6147efd6d462674_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\6c5a3677a2b607bae8e32b84626c8a12_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\6d47c258c66529a39f24f0a09143525e_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\93dcf873c89a9b0b6847be0ec7a1bfa0_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\946223e5f34b97ee779d20d24c0adfbd_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\9729ac477d7a68939c129efad19323fa_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\b0ed3037f385c9c0b791406930d1ffd3_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\b300b46ce546787f9d10e49a83b3e2d3_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\dd5917a53ec13ba631740d08501a0e14_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\ef94c8dea5ed927a7655f8b0802ab621_384266a4-2c0d-4054-b70d-cd24e2a0ed31   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\Common Client\ccSubSDK\submissions.idx   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\Common Client\settings.DAT   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\Common Client\volatile.DAT   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\LiveUpdate\2008-03-31_Log.ALUSchedulerSvc.LiveUpdate   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBConfig.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBDebug.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBDetect.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBNotify.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBRefr.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBSetCfg.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBSetCfg2.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBSetDev.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBSetLoc.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBSetUsr.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBStHash.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\BBValid.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\Shl_{D2D0E11D-EBA5-4D26-9BA7-89D6DB1B7076}.ldb   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\Shl_{D2D0E11D-EBA5-4D26-9BA7-89D6DB1B7076}.sds   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\SPPolicy.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\SPStart.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SPBBC\SPStop.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SRTSP\SrtErEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SRTSP\SrtETmp\38635EE4.TMP   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SRTSP\SrtMoEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SRTSP\SrtNvEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SRTSP\SrtScEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SRTSP\SrtTxFEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\SRTSP\SrtViEvt.log   Object is locked   skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Cronologia\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Documenti\ELISTARA.25012008.EXE   Infected: Trojan-Downloader.Win32.IstBar.qr   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Cronologia\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\bl.db   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\is2.db   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Identities\{8E549894-1CEA-4B2E-A374-51CE2C716830}\Microsoft\Outlook Express\Folders.dbx   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Identities\{8E549894-1CEA-4B2E-A374-51CE2C716830}\Microsoft\Outlook Express\Offline.dbx   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Identities\{8E549894-1CEA-4B2E-A374-51CE2C716830}\Microsoft\Outlook Express\Pop3uidl.dbx   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Identities\{8E549894-1CEA-4B2E-A374-51CE2C716830}\Microsoft\Outlook Express\Posta in arrivo.dbx   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Temp\Perflib_Perfdata_600.dat   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\Manlio.PC-HOME\NTUSER.DAT.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG   Object is locked   skipped
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcrst.dll   Object is locked   skipped
C:\Programmi\File comuni\Symantec Shared\EENGINE\EPERSIST.DAT   Object is locked   skipped
C:\Programmi\File comuni\Symantec Shared\NFWEVT.LOG   Object is locked   skipped
C:\Programmi\File comuni\Symantec Shared\SNDALRT.log   Object is locked   skipped
C:\Programmi\File comuni\Symantec Shared\SNDCON.log   Object is locked   skipped
C:\Programmi\File comuni\Symantec Shared\SNDDBG.log   Object is locked   skipped
C:\Programmi\File comuni\Symantec Shared\SNDFW.log   Object is locked   skipped
C:\Programmi\File comuni\Symantec Shared\SNDIDS.log   Object is locked   skipped
C:\Programmi\File comuni\Symantec Shared\SNDSYS.log   Object is locked   skipped
C:\Programmi\Nero\Nero8\Nero BackItUp\BIU1.txt   Object is locked   skipped
C:\Programmi\Norton AntiVirus\AVApp.log   Object is locked   skipped
C:\Programmi\Norton AntiVirus\AVError.log   Object is locked   skipped
C:\Programmi\Norton AntiVirus\AVVirus.log   Object is locked   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{569506C7-0CCA-4E53-B424-3F3F0740B376}\RP38\change.log   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll   Object is locked   skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll   Object is locked   skipped
C:\WINDOWS.0\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS.0\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS.0\SoftwareDistribution\EventCache\{3B22FF26-5C5F-4BF8-8540-253F96A8D0F4}.bin   Object is locked   skipped
C:\WINDOWS.0\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS.0\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS.0\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS.0\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS.0\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS.0\system32\config\default   Object is locked   skipped
C:\WINDOWS.0\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS.0\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS.0\system32\config\SAM   Object is locked   skipped
C:\WINDOWS.0\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS.0\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS.0\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS.0\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS.0\system32\config\software   Object is locked   skipped
C:\WINDOWS.0\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS.0\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS.0\system32\config\system   Object is locked   skipped
C:\WINDOWS.0\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS.0\system32\config\systemprofile\Impostazioni locali\Temp\JETC582.tmp   Object is locked   skipped
C:\WINDOWS.0\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS.0\wiadebug.log   Object is locked   skipped
C:\WINDOWS.0\wiaservc.log   Object is locked   skipped
C:\WINDOWS.0\WindowsUpdate.log   Object is locked   skipped
D:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
D:\System Volume Information\_restore{569506C7-0CCA-4E53-B424-3F3F0740B376}\RP38\change.log   Object is locked   skipped
E:\documentiback\DPE\Nero 8.1.1.0b ITA + MultiLang Incl. Keygen by Controller Programmi\Nero-8.1.1.0b_ita_trial.exe/Toolbar.exe   Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm   skipped
E:\documentiback\DPE\Nero 8.1.1.0b ITA + MultiLang Incl. Keygen by Controller Programmi\Nero-8.1.1.0b_ita_trial.exe   7-Zip: infected - 1   skipped
E:\documentiback\ELISTARA.25012008.EXE   Infected: Trojan-Downloader.Win32.IstBar.qr   skipped
E:\documentiback\Mirc v6.16 + crack.zip/Mirc v6.16 + crack/mirc616.exe/data0001.bin   Infected: not-a-virus:Client-IRC.Win32.mIRC.616   skipped
E:\documentiback\Mirc v6.16 + crack.zip/Mirc v6.16 + crack/mirc616.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.616   skipped
E:\documentiback\Mirc v6.16 + crack.zip   ZIP: infected - 2   skipped
E:\Nero 8.1.1.0b ITA + MultiLang Incl. Keygen by Controller Programmi\Nero-8.1.1.0b_ita_trial.exe/Toolbar.exe   Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm   skipped
E:\Nero 8.1.1.0b ITA + MultiLang Incl. Keygen by Controller Programmi\Nero-8.1.1.0b_ita_trial.exe   7-Zip: infected - 1   skipped
E:\Nuova cartella\Mirc v6.16 + crack.zip/Mirc v6.16 + crack/mirc616.exe/data0001.bin   Infected: not-a-virus:Client-IRC.Win32.mIRC.616   skipped
E:\Nuova cartella\Mirc v6.16 + crack.zip/Mirc v6.16 + crack/mirc616.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.616   skipped
E:\Nuova cartella\Mirc v6.16 + crack.zip   ZIP: infected - 2   skipped
E:\Nuova cartella\Nero 8.1.1.0b ITA + MultiLang Incl. Keygen by Controller Programmi\Nero-8.1.1.0b_ita_trial.exe/Toolbar.exe   Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm   skipped
E:\Nuova cartella\Nero 8.1.1.0b ITA + MultiLang Incl. Keygen by Controller Programmi\Nero-8.1.1.0b_ita_trial.exe   7-Zip: infected - 1   skipped
E:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
E:\System Volume Information\_restore{569506C7-0CCA-4E53-B424-3F3F0740B376}\RP38\change.log   Object is locked   skipped

Scan process completed.
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32
Top
Sponsor
 

Re: win32/bagle

Postdi Opensource » 02/04/08 12:09

ciao
dal log del kaspersky, non vedo infezioni di bagle, ma emergono file infetti di vario genere e per lo più si tratta di keygen e crack scaricate presuppongo da te!!!!
ti consiglio di postare un log di hijackthis così da poter vedere altre eventuali infezioni così da eliminarle tutte in una sola volta!!!!
Avatar utente
Opensource
Utente Senior
 
Post: 684
Iscritto il: 02/11/06 20:45
Top

Re: win32/bagle

Postdi hydra » 02/04/08 14:34

Per favore, quando inserisci log/codice/citazioni inserisci tra i tag CODE, almeno il post è leggibile. ;)
Avatar utente
hydra
Moderatore
 
Post: 7007
Iscritto il: 19/07/04 08:06
Località: Vallis Duplavis
Top

Re: win32/bagle

Postdi mancar53 » 03/04/08 17:47

Ecco il risultato :

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.42.48, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Programmi\FreeMem Professional\Fmempro.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
G:\in profondita\toolkit per power user\varie\WindowClippings\WindowClippings.exe
G:\in profondita\toolkit per power user\varie\WindowClippings\WindowClippings.exe
C:\Programmi\stickies\stickies.exe
C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Programmi\Outlook Express\msimn.exe
E:\Shareback\Hijackthis v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WebCam Monitor] C:\Programmi\Creative\WebCam Monitor\TrayMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CB Active User] C:\Programmi\Comodo\BackUp\CmdBkStart.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS.0\system32\PuXpTwks.exe /TWEAK
O4 - HKLM\..\Run: [AAWTray] C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Programmi\FreeMem Professional\Fmempro.exe" Startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [KennyKerr.WindowClippings.HotKey] "G:\in profondita\toolkit per power user\varie\WindowClippings\WindowClippings.exe" /hotkey
O4 - HKCU\..\Run: [KennyKerr.WindowClippings.Icon] "G:\in profondita\toolkit per power user\varie\WindowClippings\WindowClippings.exe" /icon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Programmi\stickies\stickies.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A153652-D550-4603-ACDA-5F9C31C74892}: NameServer = 85.37.17.43 85.38.28.96
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Unknown owner - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmi\File comuni\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 9922 bytes
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32
Top
Rispondi al post

Torna a Software Windows


Topic correlati a "win32/bagle":

xpmmsilauncher.exe ,non è una applicazione di win32 valida
Autore: alidoro 		Forum: Sistemi Operativi Windows
Risposte: 1
xpmmsilauncher.exe ,non è una applicazione di win32 valida
Autore: alidoro 		Forum: Sistemi Operativi Windows
Risposte: 1
trojan win32/sirefef
Autore: marzianu 		Forum: Sicurezza e Privacy
Risposte: 27
win32/sinowal.gen!y
Autore: diego78 		Forum: Sicurezza e Privacy
Risposte: 15
Come eliminare il warm bagle
Autore: paolodik 		Forum: Sicurezza e Privacy
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 179 ospiti