Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

infetta da trojan downloader bagle

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

infetta da trojan downloader bagle

Postdi maryepucci » 03/10/08 14:26

Ragazzi sono infetta dal trojan downloader bagle. Mi sapreste dire come posso eliminarlo??
Il pc mi ha disattivato internet e anche tutti gli antivirus. Non va in modalità provvisoria.
E' urgente grazie..
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Sponsor
 

Re: infetta da trojan downloader bagle

Postdi maryepucci » 03/10/08 15:32

Ho provato anche ad installare combofix sul desktop ma non parte e' tutto molto lento.
Ho fatto la scansione con Beagled non ha trovato virus.
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Re: infetta da trojan downloader bagle

Postdi maryepucci » 03/10/08 16:13

Ragazzi dopo tanto tempo sono riuscita a fare la scansione eccola:

ComboFix 08-10-02.04 - amministratore 2008-10-03 16:34:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.726 [GMT 2:00]
Command switches used :: /killall
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\amministratore\Dati applicazioni\m
C:\Documents and Settings\amministratore\Dati applicazioni\m\flec006.exe
C:\InfoSat.txt
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1029421.exe
C:\WINDOWS\system32\drivers\downld\1040437.exe
C:\WINDOWS\system32\drivers\downld\1042265.exe
C:\WINDOWS\system32\drivers\downld\104781.exe
C:\WINDOWS\system32\drivers\downld\105046.exe
C:\WINDOWS\system32\drivers\downld\1054562.exe
C:\WINDOWS\system32\drivers\downld\1061375.exe
C:\WINDOWS\system32\drivers\downld\1066953.exe
C:\WINDOWS\system32\drivers\downld\107234.exe
C:\WINDOWS\system32\drivers\downld\1074500.exe
C:\WINDOWS\system32\drivers\downld\107593.exe
C:\WINDOWS\system32\drivers\downld\1079531.exe
C:\WINDOWS\system32\drivers\downld\110421.exe
C:\WINDOWS\system32\drivers\downld\1122890.exe
C:\WINDOWS\system32\drivers\downld\112968.exe
C:\WINDOWS\system32\drivers\downld\1148546.exe
C:\WINDOWS\system32\drivers\downld\115046.exe
C:\WINDOWS\system32\drivers\downld\1166296.exe
C:\WINDOWS\system32\drivers\downld\124312.exe
C:\WINDOWS\system32\drivers\downld\128078.exe
C:\WINDOWS\system32\drivers\downld\130796.exe
C:\WINDOWS\system32\drivers\downld\136156.exe
C:\WINDOWS\system32\drivers\downld\137859.exe
C:\WINDOWS\system32\drivers\downld\185875.exe
C:\WINDOWS\system32\drivers\downld\189234.exe
C:\WINDOWS\system32\drivers\downld\210828.exe
C:\WINDOWS\system32\drivers\downld\214453.exe
C:\WINDOWS\system32\drivers\downld\223062.exe
C:\WINDOWS\system32\drivers\downld\2257281.exe
C:\WINDOWS\system32\drivers\downld\2272406.exe
C:\WINDOWS\system32\drivers\downld\2275765.exe
C:\WINDOWS\system32\drivers\downld\2299218.exe
C:\WINDOWS\system32\drivers\downld\2304750.exe
C:\WINDOWS\system32\drivers\downld\230531.exe
C:\WINDOWS\system32\drivers\downld\2309687.exe
C:\WINDOWS\system32\drivers\downld\2325296.exe
C:\WINDOWS\system32\drivers\downld\2331078.exe
C:\WINDOWS\system32\drivers\downld\2379234.exe
C:\WINDOWS\system32\drivers\downld\2466031.exe
C:\WINDOWS\system32\drivers\downld\2558046.exe
C:\WINDOWS\system32\drivers\downld\58562.exe
C:\WINDOWS\system32\drivers\downld\60359.exe
C:\WINDOWS\system32\drivers\downld\62546.exe
C:\WINDOWS\system32\drivers\downld\66734.exe
C:\WINDOWS\system32\drivers\downld\69218.exe
C:\WINDOWS\system32\drivers\downld\78578.exe
C:\WINDOWS\system32\drivers\downld\78890.exe
C:\WINDOWS\system32\drivers\downld\81015.exe
C:\WINDOWS\system32\drivers\downld\81562.exe
C:\WINDOWS\system32\drivers\downld\88453.exe
C:\WINDOWS\system32\drivers\downld\90500.exe
C:\WINDOWS\system32\drivers\downld\91328.exe
C:\WINDOWS\system32\drivers\downld\97031.exe
C:\WINDOWS\system32\drivers\downld\99687.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV


((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-03 16:13 . 2008-10-03 16:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-03 15:26 . 2008-10-03 15:26 <DIR> d-------- C:\Muestras
2008-10-03 15:05 . 2008-10-03 15:04 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-10-03 15:05 . 2008-10-03 15:05 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-10-03 15:05 . 2008-10-03 15:04 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-10-03 14:54 . 2008-10-03 14:54 <DIR> d-------- C:\Programmi\XP TCPIP Repair
2008-10-03 14:04 . 2008-10-03 14:04 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-03 14:04 . 2008-10-03 14:04 <DIR> d-------- C:\Documents and Settings\amministratore\Dati applicazioni\Malwarebytes
2008-10-03 14:04 . 2008-10-03 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-03 14:04 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-03 14:04 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-30 15:01 . 2008-09-30 15:01 <DIR> d-------- C:\Programmi\MSN BackUp
2008-09-30 11:41 . 2008-09-30 11:41 <DIR> d-------- C:\Programmi\CCleaner
2008-09-18 10:21 . 2008-09-18 10:25 <DIR> d-------- C:\Programmi\Bible live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 13:05 --------- d-----w C:\Programmi\Eset
2008-10-03 11:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-10-03 11:24 --------- d-----w C:\Programmi\File comuni\Adobe
2008-10-03 11:03 --------- d-----w C:\Programmi\CleanUp!
2008-10-03 10:47 --------- d-----w C:\Programmi\eMule
2008-09-30 07:24 40,960 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-09-26 07:01 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-08-04 13:58 --------- d-----w C:\Programmi\NoAdware5.0
2007-09-21 14:33 120,286 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\firstlsp.reg.dat
2007-07-26 12:39 24,192 ----a-w C:\Documents and Settings\amministratore\usbsermptxp.sys
2007-07-26 12:39 22,768 ----a-w C:\Documents and Settings\amministratore\usbsermpt.sys
2007-02-22 09:25 206,032 ----a-w C:\Documents and Settings\amministratore\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-07-27 10:44 54 ----a-w C:\Programmi\inc1.bat
2006-07-27 10:44 50 ----a-w C:\Programmi\bit3.bat
2006-07-27 10:44 50 ----a-w C:\Programmi\bit2.bat
2006-07-27 10:44 50 ----a-w C:\Programmi\bit.bat
2006-07-27 10:44 41 ----a-w C:\Programmi\sleep.bat
2006-07-27 10:44 401 ----a-w C:\Programmi\temp3.exe.txt
2006-07-27 10:44 401 ----a-w C:\Programmi\temp2.exe.txt
2006-07-27 10:44 401 ----a-w C:\Programmi\temp1.exe.txt
2004-08-19 13:39 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
Codice: Seleziona tutto
<pre>
------w         1,750,016 2006-03-02 03:41:46  C:\WINDOWS\zbianche\tuttomio\vari programmi utili\programmi ok\VirIT eXplorer Pro v5.2.55 + crack\VirIT eXplorer Pro 5.2.55 .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-26 1576176]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CDWCheckRubrica"="C:\SEAT\CDItalia\Chkrub_cdi" [X]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"bwprnmon.exe"="C:\BITWARE\NT\bwprnmon.exe" [2006-06-14 54272]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-08-28 282624]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-10-03 249856]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-10-03 949376]
"AGRSMMSG"="AGRSMMSG.exe" [2003-08-20 C:\WINDOWS\AGRSMMSG.exe]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-09-15 49254]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-06-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-26 09:01 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\PAGINE BIANCHE 2005-06\\CD\\ServerCDItalia.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\UTORRENT\\utorrent.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\MSN BackUp\\MSNBackup.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-09-30 40960]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service;C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2008-03-05 22016]
S0 xpdjhenv;xpdjhenv;C:\WINDOWS\system32\drivers\lkrndibo.sys [ ]
S2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-10-03 57344]
S3 pwalker;Process Walker Driver;C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\nse26B.tmp\pwalker.sys [ ]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;C:\WINDOWS\system32\DRIVERS\Rockey4USB.sys [2008-03-05 12928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\njwxh4r6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 16:38:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2008-10-03 16:41:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 14:41:12

Pre-Run: 108,595,806,208 byte disponibili
Post-Run: 108,514,963,456 byte disponibili

218 --- E O F --- 2007-07-12 06:53:53
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Re: infetta da trojan downloader bagle

Postdi Luke57 » 03/10/08 21:30

Ciao, sembra che il bale sia sparito, adesso, dal blocco note di windows, apri un file di testo, copia e incolla il seguente script nel file:

Codice: Seleziona tutto
Driver::
xpdjhenv

File::
C:\Programmi\temp3.exe.txt
C:\Programmi\temp2.exe.txt
C:\Programmi\temp1.exe.txt
C:\WINDOWS\system32\drivers\lkrndibo.sys



salva il file di testo, chiamandolo obbligatoriamente CFScript.txt nella stessa direzione di combofix, trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione e riavvio del computer. Allega nuovo report se prodotto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: infetta da trojan downloader bagle

Postdi maryepucci » 07/10/08 08:45

Grazie Luke! All'ora di pranzo farò l'operzione che mi hai detto di fare, perchè richiede un po di tempo.
Puoi vedere anche se hijackthis ha rilevato qualche altro virus?? Ecco la scansione. Grazie!!


Logfile of HijackThis v1.99.1
Scan saved at 09:38, on 07/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\VEXPLITE\VIRITEXP.EXE
C:\Programmi\Microsoft Office\Office10\EXCEL.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\amministratore\Impostazioni locali\temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infoimprese.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CDWCheckRubrica] C:\SEAT\CDItalia\Chkrub_cdi
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 151.99.125.3,213.140.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 151.99.125.3,213.140.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS3\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS4\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 151.99.125.3,213.140.2.21
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08


Torna a Sicurezza e Privacy


Topic correlati a "infetta da trojan downloader bagle":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti