Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aiuto Windows Internet Explorer pagine bianca

4 pages: [1] 2 3 4
Aiuto Windows Internet Explorer pagine bianca Opzioni
Topic Precedente · Topic Sucessivo
mediterraneo78
Inviato: Friday, February 13, 2009 4:34:19 PM
Rank: Newbie

Iscritto dal : 2/13/2009
Posts: 0
Salve ragazzi ho un problema con Explorer in pratica mentre navigo mi esce in automatico una o piu' pagine bianche senza alcun indirizzo come posso eliminarla definitivamente vi copio il log hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.25.42, on 13/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programmi\GiocoDigitale\Poker\GiocoDigitalePoker.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\administrator\impostazioni locali\dati applicazioni\okgyu.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoby.net/sb/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?hl=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof1.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB06153 - {07CA483F-30BC-425D-823D-48620A3BD13F} - C:\Programmi\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ilcorsaronero Toolbar - {f4035115-6152-4901-a81d-f4e0a0479615} - C:\Programmi\ilcorsaronero\tbilco.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Programmi\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Share Accelerator - {FA34EE7E-55EB-41DB-9718-1AE6EA1CF9A5} - C:\Programmi\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ilcorsaronero Toolbar - {f4035115-6152-4901-a81d-f4e0a0479615} - C:\Programmi\ilcorsaronero\tbilco.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [okgyu] "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\okgyu.exe" okgyu
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 10433 bytes
Torna in alto
 
Sponsor
Inviato: Friday, February 13, 2009 4:34:19 PM

 
Torna in alto
 
shapiro
Inviato: Friday, February 13, 2009 5:33:44 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked


R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)

O4 - HKCU\..\Run: [okgyu] "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\okgyu.exe" okgyu

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html



controlla ne l pannello installazioni applicazioni se e' presente ask toolbar, nel caso disinstallala


Analizza qui ► http://www.virustotal.com/it/ questi file in rosso e posta il report che ti rilascia

C:\Programmi\Softonic_Italia\tbSof1.dll


C:\Programmi\BS.Player ControlBar\BSToolbar.dll







Scarica http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe e installalo.
Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows
=> scegli modalità provvisoria (usa il tasto freccia ^).

esegui Navilog1 e scegli l'opzione 4, inserisci il nome okgyu e confermalo ridigitandolo quando richiesto.

A questo punto, ripulirà il pc dai file infetti.
Quando finisce, riavvia il pc in modalità normale

Da modalità normale, svuota C:\WINDOWS\Prefetch

Ripulisci con CCleaner i file temporanei e cookie (eseguilo 2 volte).

http://www.filehippo.com/download_ccleaner/




scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum




Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis



una domanda: il tuo antivirus funziona regolarmente?
Torna in alto
 
mediterraneo78
Inviato: Friday, February 13, 2009 7:30:18 PM
Rank: Newbie

Iscritto dal : 2/13/2009
Posts: 0
Ciao Shapiro ti ringrazio della tua disponibilita' appena posso faro' tutto come da te descritto per quanto riguarda l'antivirus uso kav 2009 con il crack versione prova !cioè ogni meso inserisco la versione prova) se tu hai un antivirus da consigliarmi ed altri progrmammi utili per evitare errori ecc non esitare a suggerirmi grazie ...)
Torna in alto
 
shapiro
Inviato: Friday, February 13, 2009 7:33:13 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

no non togliere norton e' un buon prodotto anche se pesante

ti avevo chiesto questo per altri motivi

quando avrai finito di fare quello che ti ho indicato, proseguiremo con le operazioni di pulizia
Torna in alto
 
mediterraneo78
Inviato: Friday, February 13, 2009 9:52:46 PM
Rank: Newbie

Iscritto dal : 2/13/2009
Posts: 0
Ciao Shapiro ecco i report da te richiesti se ci sono errori dimmelo senza problemi :

questo il primo post C:\Programmi\Softonic_Italia\tbSof1.dll

Informazioni addizionali
File size: 1881112 bytes
MD5...: f9b508bc69d1ee43a09dfbcae6c42e04
SHA1..: f31b07e34538a43fef46847cd29a001069780d19
SHA256: b755356503232df79de9b08c116e870ef03ac1f6b1b3bdb77b7afbe06c12cfcf
SHA512: d9b9b4b111db21fc0989576d22756a406634722abaae044677615684925521a1
c89d5e7c099c97723b9cd88cd0996ca1a3ebf20730157c5c69fef6e034535dee
ssdeep: 24576:tS7xQcB+fGWuUNWUEkw4Xs+a7W/4dI6U2prKGa40BcVg9SSXJ6gelveCFi
B65df9:tOOGWDUhibTpW463fHzVQ6tLT
PEiD..: -
TrID..: File type identification
Windows OCX File (71.0%)
Win32 Executable MS Visual C++ (generic) (21.6%)
Win32 Executable Generic (4.9%)
Generic Win/DOS Executable (1.1%)
DOS Executable Generic (1.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xde15a
timedatestamp.....: 0x4975cd8f (Tue Jan 20 13:11:43 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10da12 0x10dc00 6.56 7c135281188d610ed638c7234c241966
.rdata 0x10f000 0x55d7f 0x55e00 4.51 7c6252c1f58f4dc55afde9bb9efae496
.data 0x165000 0x6260 0x4200 4.84 17d3e694c044f25072850637c050a8e0
.rsrc 0x16c000 0x4c170 0x4c200 5.65 488b4a71ffb64bf677b82c6e58d78564
.reloc 0x1b9000 0x16442 0x16600 5.90 e4eb470fb6941fbbb82b6942efa51b1b

( 19 imports )
> COMCTL32.dll: ImageList_ReplaceIcon, CreatePropertySheetPageW, PropertySheetW, CreateToolbarEx, InitCommonControlsEx, _TrackMouseEvent, ImageList_Create
> WININET.dll: DeleteUrlCacheEntry, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, InternetCanonicalizeUrlW, InternetCrackUrlW, InternetCloseHandle, InternetSetOptionA, InternetCanonicalizeUrlA, FindCloseUrlCache, InternetSetOptionExA, InternetConnectA, InternetGetLastResponseInfoA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetCrackUrlA, InternetOpenW, InternetSetOptionW, InternetOpenUrlW, InternetReadFile, InternetGetConnectedState, HttpOpenRequestA, GetUrlCacheEntryInfoW, InternetQueryOptionA
> SHLWAPI.dll: PathFileExistsW
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
> MSIMG32.dll: GradientFill
> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW
> CRYPT32.dll: CryptMsgClose, CryptProtectData, CryptUnprotectData, CryptQueryObject, CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringW, CertFreeCertificateContext, CertCloseStore, CertGetNameStringA
> WINMM.dll: PlaySoundW, sndPlaySoundW, PlaySoundA, timeGetTime
> KERNEL32.dll: GetVersionExA, GetLocalTime, GetModuleHandleW, GetLongPathNameW, GetModuleFileNameA, GetCurrentThreadId, lstrcpyA, GetTickCount, GetThreadLocale, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, CreateFileA, SetStdHandle, GetLocaleInfoA, FlushFileBuffers, SetFilePointer, GetConsoleMode, GetConsoleCP, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, LCMapStringW, LCMapStringA, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, ExitProcess, VirtualFree, HeapCreate, HeapDestroy, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, VirtualAlloc, MoveFileW, GetProcessHeap, GetCommandLineA, ResumeThread, ExitThread, RaiseException, GetSystemTimeAsFileTime, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, ReleaseSemaphore, CreateSemaphoreW, InterlockedExchange, GetCurrentThread, SetThreadPriority, GetComputerNameW, MoveFileExW, RemoveDirectoryW, TerminateProcess, CreateToolhelp32Snapshot, Thread32First, Thread32Next, OpenProcess, LocalAlloc, InterlockedDecrement, OutputDebugStringW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, MulDiv, LoadLibraryA, CreateFileW, GetFileSize, ReadFile, SizeofResource, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, WideCharToMultiByte, GetModuleHandleA, GetLastError, GetModuleFileNameW, CloseHandle, ReleaseMutex, CreateMutexW, GetCurrentProcess, FlushInstructionCache, VirtualProtect, Sleep, ExpandEnvironmentStringsW, CreateProcessW, GetLocaleInfoW, LoadLibraryW, GetProcAddress, FreeLibrary, CreateDirectoryW, Beep, GetDateFormatW, GetTimeFormatW, FindResourceW, LoadResource, LockResource, FreeResource, GetFileAttributesW, WaitForSingleObject, SetLastError, CreateThread, GetExitCodeThread, TerminateThread, FindFirstFileW, DeleteFileW, FindNextFileW, FindClose, MultiByteToWideChar, CopyFileW, GetCurrentProcessId, lstrlenW, lstrcpyW, LocalFree
> USER32.dll: GetDlgCtrlID, GetClientRect, SetWindowTextW, SetWindowTextA, wsprintfW, CallWindowProcA, InvalidateRect, GetWindow, GetClassInfoExW, RegisterClassExW, CopyRect, UpdateWindow, GetLastInputInfo, MonitorFromRect, LoadImageW, IsWindow, GetDlgItem, SendMessageA, ClientToScreen, GetParent, GetWindowLongW, SetCursor, LoadCursorA, PostMessageA, ShowWindow, SetWindowLongW, DialogBoxParamW, DialogBoxParamA, CreateDialogParamA, CreateDialogParamW, ReleaseDC, IsWindowEnabled, GetDlgItemTextA, FrameRect, DrawFrameControl, MessageBoxA, GetWindowThreadProcessId, AllowSetForegroundWindow, IsWindowUnicode, GetDesktopWindow, MsgWaitForMultipleObjects, EndDialog, GetDlgItemTextW, GetScrollInfo, IsMenu, GetMenuInfo, SetMenuInfo, GetMenuItemID, GetMenuState, CheckMenuItem, TrackPopupMenu, GetMonitorInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, IsIconic, SetForegroundWindow, PostThreadMessageA, SetWindowRgn, SetWindowPos, EnableWindow, IsDlgButtonChecked, CallWindowProcW, GetMenuItemCount, InsertMenuItemW, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, EnableMenuItem, EndMenu, CheckDlgButton, GetAsyncKeyState, SetActiveWindow, TranslateMessage, GetMessageA, ReleaseCapture, GetCapture, DispatchMessageA, SetCapture, GetCursorPos, BeginPaint, EndPaint, GetUpdateRect, ScreenToClient, SetDlgItemTextW, GetMonitorInfoA, DrawIconEx, GetIconInfo, DestroyIcon, FillRect, GetSysColor, PeekMessageA, MessageBoxW, DefWindowProcW, GetWindowTextW, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, FindWindowW, IsWindowVisible, SetWindowsHookExA, UnhookWindowsHookEx, GetMenuItemInfoA, CallNextHookEx, GetClassInfoW, RegisterClassW, CreateWindowExW, GetSystemMetrics, KillTimer, GetWindowLongA, SetTimer, UnregisterClassA, GetClassNameW, SetWindowLongA, DefWindowProcA, DestroyWindow, GetFocus, IsChild, SetFocus, PostMessageW, PtInRect, FindWindowExW, RegisterWindowMessageW, GetWindowRect, GetDC, DrawTextW, MoveWindow
> GDI32.dll: GetDeviceCaps, GetTextColor, GetBkColor, GetBkMode, SetTextAlign, TextOutW, ExcludeClipRect, RoundRect, CreateRectRgn, CombineRgn, GetPixel, BitBlt, Polygon, GdiFlush, SetPixel, GetObjectA, GetTextAlign, GetTextExtentPoint32W, Rectangle, SetBkColor, CreateSolidBrush, CreateFontIndirectW, GetLayout, CreateCompatibleDC, CreateCompatibleBitmap, PlgBlt, DeleteDC, CreatePen, SelectObject, MoveToEx, LineTo, DeleteObject, GetWindowOrgEx, SetWindowOrgEx, SetBkMode, SetTextColor, GetStockObject
> comdlg32.dll: GetOpenFileNameW
> ADVAPI32.dll: RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, RegQueryValueExW, CryptAcquireContextA, CryptReleaseContext, OpenProcessToken, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegQueryInfoKeyW, RegCloseKey
> SHELL32.dll: ShellExecuteW, SHGetFolderPathW, SHCreateDirectoryExW, ShellExecuteExW
> ole32.dll: CoGetMalloc, StringFromIID, CoCreateInstance, IIDFromString, CreateStreamOnHGlobal, CLSIDFromString, CoUninitialize, CoInitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> PSAPI.DLL: GetModuleFileNameExW, EnumProcessModules, GetProcessMemoryInfo
> DNSAPI.dll: DnsQuery_A

( 11 exports )
DllCanUnloadNow, DllGetClassObject, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate

questo è il secondo post C:\Programmi\BS.Player ControlBar\BSToolbar.dll

Informazioni addizionali
File size: 757192 bytes
MD5...: 065019683405c3fdbe398f6e5c48241a
SHA1..: d2e78a28f114169afc7083b8b025c001c26be95a
SHA256: 98ad7bc6afead2b63201ea67b18af2b8feafcd225c00893228252b2b0a337a18
SHA512: 1a837300a6b97f6d82bf96ef6917ef94bfda7c13d435aa632be37736f8282c33
cda3b040d66abbc1c4787d36f363824c9b00c13ac2522ca35456b521e42d2ad6
ssdeep: 12288:AWD5tN4k3Gua3PD0wtmFdApqU7DJ5ANeqoIagvo+Fm4g2nK:Agb4k2N3PP
wEZDJ8/oIagvo+42K
PEiD..: -
TrID..: File type identification
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x60775
timedatestamp.....: 0x48a29a69 (Wed Aug 13 08:25:13 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8cd3e 0x8d000 6.68 775cfadbcd911aaa62cb0a8cab4d2b08
.rdata 0x8e000 0x1bbf5 0x1c000 4.98 e565086ededcc93881fc4c27aeddb79b
.data 0xaa000 0x6604 0x4000 4.55 3c88397fa0d0f61c7e520ccf71e97430
.rsrc 0xb1000 0x1b04 0x2000 4.68 b3ed369cd24dfde2b85d126c7f8c3971
.reloc 0xb3000 0x7246 0x8000 6.30 f917d2afb2649bcb6d3ada644110be38

( 12 imports )
> WININET.dll: DeleteUrlCacheEntryW, InternetCloseHandle, InternetReadFile, HttpQueryInfoW, HttpSendRequestA, HttpOpenRequestW, InternetConnectW, InternetOpenW
> urlmon.dll: URLDownloadToFileW
> iphlpapi.dll: GetAdaptersInfo
> KERNEL32.dll: lstrcmpiW, LoadLibraryExW, SizeofResource, LoadResource, FindResourceW, WideCharToMultiByte, PulseEvent, ReleaseMutex, WaitForSingleObject, WaitForMultipleObjects, CreateMutexW, CreateEventW, TerminateThread, SetEvent, CloseHandle, GetTempFileNameW, DeleteFileW, CreateDirectoryW, SetFileAttributesW, SetCurrentDirectoryW, GetLocaleInfoA, GetUserDefaultLCID, MulDiv, GlobalFree, LockResource, FreeResource, GlobalAlloc, ReadFile, GetFileSize, CreateFileW, SetFilePointer, GetFileType, DuplicateHandle, DosDateTimeToFileTime, SystemTimeToFileTime, GetCurrentDirectoryW, SetFileTime, WriteFile, FreeEnvironmentStringsA, FlushFileBuffers, GetConsoleMode, GetConsoleCP, GetStartupInfoA, SetHandleCount, IsValidCodePage, GetOEMCP, GetModuleFileNameA, GetStdHandle, DeleteCriticalSection, HeapCreate, HeapDestroy, FatalAppExitA, GetCurrentThread, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, ExitProcess, GetStringTypeW, GetStringTypeA, GetCPInfo, LCMapStringW, LCMapStringA, GetCommandLineA, FindNextFileA, FindFirstFileA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, MoveFileW, GetSystemTimeAsFileTime, CreateThread, ExitThread, HeapReAlloc, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, Sleep, GetThreadLocale, GetACP, InterlockedExchange, GetVersionExA, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, HeapAlloc, GetProcessHeap, HeapFree, InterlockedCompareExchange, InitializeCriticalSection, LocalAlloc, LocalFree, InterlockedIncrement, GetCurrentThreadId, FreeLibrary, OutputDebugStringA, GetModuleFileNameW, SetLastError, GetLastError, GetCurrentProcess, FlushInstructionCache, LeaveCriticalSection, EnterCriticalSection, RaiseException, GetVersion, GetFileAttributesW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetTimeFormatA, GetDateFormatA, EnumSystemLocalesA, IsValidLocale, SetConsoleCtrlHandler, GetLocaleInfoW, GetProcAddress, GetModuleHandleW, GetModuleHandleA, LoadLibraryW, LoadLibraryA, GlobalLock, GlobalUnlock, lstrlenA, lstrlenW, InterlockedDecrement, MultiByteToWideChar, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, GetTimeZoneInformation, CreateFileA, SetEndOfFile, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetEnvironmentStrings, HeapSize, FreeEnvironmentStringsW, WriteConsoleA
> USER32.dll: SetTimer, GetWindowDC, CreatePopupMenu, InsertMenuItemW, DestroyMenu, GetDC, ReleaseDC, GetActiveWindow, FillRect, GetSystemMetrics, EnableScrollBar, SetScrollPos, wsprintfW, ScreenToClient, SetScrollInfo, GetScrollInfo, GetCursorPos, MessageBoxW, IsWindowVisible, CreateDialogParamW, EndDialog, IsWindowEnabled, DialogBoxParamW, SystemParametersInfoW, MapWindowPoints, SetWindowPos, EnableWindow, InvalidateRect, UpdateWindow, PostMessageW, PeekMessageW, GetSysColor, ShowCaret, HideCaret, DrawTextW, GetDlgItem, ShowWindow, CharNextW, GetCursor, SetCursor, SetCapture, EndPaint, BeginPaint, ReleaseCapture, LoadImageW, GetIconInfo, CreateWindowExW, GetClassInfoExW, RegisterClassExW, TrackPopupMenu, ClientToScreen, LoadStringW, CopyRect, GetParent, LoadCursorW, IsWindow, KillTimer, GetClientRect, MoveWindow, DestroyWindow, GetWindow, DrawIconEx, DestroyIcon, GetKeyState, TranslateMessage, DispatchMessageW, SetWindowTextA, GetWindowLongW, SetWindowLongW, CallWindowProcW, DefWindowProcW, GetFocus, SetFocus, GetWindowRect, GetWindowTextLengthW, GetWindowTextW, SetWindowTextW, SendMessageW, UnregisterClassA, ShowScrollBar
> GDI32.dll: MoveToEx, LineTo, GetStockObject, GetObjectW, CreatePen, SelectObject, DeleteDC, DeleteObject, GetTextMetricsW, GetTextExtentPoint32W, SetBkMode, BitBlt, CreateFontW, CreateFontIndirectW, GetDeviceCaps, DPtoLP, LPtoDP, SetMapMode, GetMapMode, GdiFlush, CreateDIBSection, CreateSolidBrush, CreateCompatibleDC, SetTextColor, TextOutW
> ADVAPI32.dll: RegEnumKeyExW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, TraceEvent, RegQueryInfoKeyW
> SHELL32.dll: ShellExecuteW, DragQueryFileW, SHGetFolderPathW
> ole32.dll: ReleaseStgMedium, RegisterDragDrop, CreateStreamOnHGlobal, CoInitialize, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree, CoCreateInstance, StringFromGUID2, CoUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathAppendW, PathFileExistsW
> MSIMG32.dll: TransparentBlt

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=065019683405c3fdbe398f6e5c48241a
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=065019683405c3fdbe398f6e5c48241a

questo è il post dopo navifix:

Navipromo Removal version 3.7.3 started on 13/02/2009 at 20.47.47,57

Fix running from C:\Programmi\navilog1
Actual User Account : "Administrator"

Updated on 13.02.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05
USER : Administrator ( Administrator )
BOOT : Fail-safe boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
Firewall : Kaspersky Anti-Virus 8.0.0.357 (Not Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:117 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:139 Go)



Manual Removal

Typed filename : okgyu

Cleanning stage done in safe mode

*** Searching, making backups and deleting files ***

* Deletion in "C:\WINDOWS\system32" *


C:\WINDOWS\prefetch\okgyu*.pf found !
Copy C:\WINDOWS\prefetch\okgyu*.pf done !
C:\WINDOWS\prefetch\okgyu*.pf deleted !

* Deletion in "C:\Documents and Settings\Administrator\impost~1\datiap~1" *



*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Programmi" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Deleting folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Administrator\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Administrator\impost~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Administrator\menuav~1\progra~1" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\Administrator\impost~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


* In "C:\Documents and Settings\Administrator\impost~1\datiap~1" *


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate not found !
Montorgueil Certificate not found !
OOO-Favorit Certificate not found !
Sunny-Day-Design-Ltd Certificate not found !

*** Search others known folders and files ***



*** Cleaning stage complete on 13/02/2009 at 20.49.59,32 ***


questo è il report Malwarebytes:

Malwarebytes' Anti-Malware 1.33
Versione del database: 1654
Windows 5.1.2600 Service Pack 3

13/02/2009 21.25.17
mbam-log-2009-02-13 (21-25-16).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi scansionati: 104232
Tempo trascorso: 27 minute(s), 41 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)






















questo è il report lopsd

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
Firewall : Kaspersky Anti-Virus 8.0.0.357 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:117 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:139 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 13/02/2009|21.37 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\DATIAP~1\INTERNET SPAM SUPPORT AUDIO
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[25/08/2008|18.19] C:\DOCUME~1\ADMINI~1\DATIAP~1\Adobe
[25/08/2008|16.29] C:\DOCUME~1\ADMINI~1\DATIAP~1\Auslogics
[18/09/2008|00.52] C:\DOCUME~1\ADMINI~1\DATIAP~1\BSplayer
[18/09/2008|00.50] C:\DOCUME~1\ADMINI~1\DATIAP~1\BSplayer Pro
[26/08/2008|01.14] C:\DOCUME~1\ADMINI~1\DATIAP~1\Comodo
[25/08/2008|00.21] C:\DOCUME~1\ADMINI~1\DATIAP~1\Creative
[10/09/2008|22.07] C:\DOCUME~1\ADMINI~1\DATIAP~1\FMZilla
[10/02/2009|13.28] C:\DOCUME~1\ADMINI~1\DATIAP~1\Foxit
[15/12/2008|02.28] C:\DOCUME~1\ADMINI~1\DATIAP~1\GlarySoft
[01/11/2008|19.41] C:\DOCUME~1\ADMINI~1\DATIAP~1\Google
[10/09/2008|22.10] C:\DOCUME~1\ADMINI~1\DATIAP~1\GrabPro
[26/08/2008|21.32] C:\DOCUME~1\ADMINI~1\DATIAP~1\Help
[24/08/2008|23.28] C:\DOCUME~1\ADMINI~1\DATIAP~1\Identities
[08/09/2008|20.26] C:\DOCUME~1\ADMINI~1\DATIAP~1\InstallShield
[24/08/2008|23.46] C:\DOCUME~1\ADMINI~1\DATIAP~1\Macromedia
[29/10/2008|09.54] C:\DOCUME~1\ADMINI~1\DATIAP~1\Malwarebytes
[22/09/2008|20.03] C:\DOCUME~1\ADMINI~1\DATIAP~1\Media Player Classic
[12/02/2009|23.15] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
[19/10/2008|20.31] C:\DOCUME~1\ADMINI~1\DATIAP~1\mIRC
[25/08/2008|00.15] C:\DOCUME~1\ADMINI~1\DATIAP~1\Motive
[13/02/2009|17.46] C:\DOCUME~1\ADMINI~1\DATIAP~1\Mozilla
[25/08/2008|15.40] C:\DOCUME~1\ADMINI~1\DATIAP~1\Nero
[30/10/2008|20.27] C:\DOCUME~1\ADMINI~1\DATIAP~1\OpenOffice.org
[03/10/2008|00.09] C:\DOCUME~1\ADMINI~1\DATIAP~1\Orbit
[23/10/2008|22.27] C:\DOCUME~1\ADMINI~1\DATIAP~1\Safer Networking
[26/11/2008|01.31] C:\DOCUME~1\ADMINI~1\DATIAP~1\Softvision
[01/09/2008|17.47] C:\DOCUME~1\ADMINI~1\DATIAP~1\Sun
[25/08/2008|15.06] C:\DOCUME~1\ADMINI~1\DATIAP~1\Thunderbird
[29/08/2008|13.21] C:\DOCUME~1\ADMINI~1\DATIAP~1\TVU Networks
[12/02/2009|16.22] C:\DOCUME~1\ADMINI~1\DATIAP~1\uTorrent
[13/02/2009|18.09] C:\DOCUME~1\ADMINI~1\DATIAP~1\vghd
[01/12/2008|18.53] C:\DOCUME~1\ADMINI~1\DATIAP~1\vlc
[21/10/2008|18.00] C:\DOCUME~1\ADMINI~1\DATIAP~1\Winamp
[12/02/2009|23.27] C:\DOCUME~1\ADMINI~1\DATIAP~1\Windows Live Writer
[25/08/2008|00.33] C:\DOCUME~1\ADMINI~1\DATIAP~1\WinRAR
[0|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
[37|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[12/02/2009|16.21] C:\DOCUME~1\ALLUSE~1\DATIAP~1\80ckVB
[18/01/2009|12.51] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[29/10/2008|12.40] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Avira
[23/09/2008|00.16] C:\DOCUME~1\ALLUSE~1\DATIAP~1\AVS4YOU
[25/08/2008|00.21] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Creative
[21/09/2008|23.41] C:\DOCUME~1\ALLUSE~1\DATIAP~1\GiocoDigitale
[04/11/2008|01.25] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[08/09/2008|20.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\InstallShield
[13/02/2009|20.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kaspersky Lab
[29/10/2008|13.01] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kaspersky Lab Setup Files
[31/10/2008|00.05] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Lavasoft
[29/10/2008|09.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[13/02/2009|01.40] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Messenger Plus!
[12/02/2009|22.44] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[30/10/2008|17.05] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft Help
[25/08/2008|15.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Nero
[27/08/2008|14.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Office Genuine Advantage
[25/08/2008|12.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\PC Drivers HeadQuarters
[27/08/2008|14.53] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SecTaskMan
[13/02/2009|21.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[29/08/2008|13.21] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TVU Networks
[29/10/2008|14.32] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[25/08/2008|00.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WinZip
[25/08/2008|16.51] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[26|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[24/08/2008|23.19] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[24/08/2008|23.19] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[24/08/2008|23.19] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[13/02/2009 20.51][--a------] C:\WINDOWS\tasks\GlaryInitialize.job
[13/02/2009 15.49][--a------] C:\WINDOWS\tasks\OGADaily.job
[13/02/2009 20.51][--a------] C:\WINDOWS\tasks\OGALogon.job
[13/02/2009 20.51][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 18.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[18/01/2009|12.50] C:\Programmi\Adobe
[29/10/2008|14.36] C:\Programmi\Alice ti aiuta
[25/08/2008|19.16] C:\Programmi\AskSBar
[25/08/2008|00.17] C:\Programmi\ATI Technologies
[25/08/2008|16.29] C:\Programmi\Auslogics
[23/09/2008|00.17] C:\Programmi\AVS4YOU
[18/09/2008|00.50] C:\Programmi\BS.Player ControlBar
[25/08/2008|18.24] C:\Programmi\CCleaner
[03/09/2008|20.16] C:\Programmi\CD_DVD-ROM Generator 1.20
[13/02/2009|00.05] C:\Programmi\Circle Development
[24/08/2008|23.42] C:\Programmi\Common Files
[26/08/2008|01.17] C:\Programmi\COMODO
[24/08/2008|23.15] C:\Programmi\ComPlus Applications
[13/02/2009|00.25] C:\Programmi\Conduit
[26/08/2008|22.17] C:\Programmi\CONEXANT
[26/08/2008|20.16] C:\Programmi\Dell Photo AIO Printer 924
[11/02/2009|16.06] C:\Programmi\DkZ Studio
[04/09/2008|12.05] C:\Programmi\DkZ Update
[25/08/2008|12.59] C:\Programmi\Driver-Soft
[25/08/2008|18.23] C:\Programmi\DustBuster XP
[29/10/2008|14.35] C:\Programmi\EliBagle
[06/10/2008|16.08] C:\Programmi\Everest Poker.net
[12/02/2009|22.01] C:\Programmi\File comuni
[10/02/2009|13.31] C:\Programmi\Foxit Software
[10/09/2008|22.08] C:\Programmi\Free Music Zilla
[07/12/2008|18.25] C:\Programmi\Game Graphic Studio
[23/09/2008|12.43] C:\Programmi\GiocoDigitale
[13/12/2008|18.16] C:\Programmi\Glary Utilities
[04/11/2008|01.25] C:\Programmi\Google
[07/01/2009|19.40] C:\Programmi\GRETECH
[26/08/2008|21.01] C:\Programmi\Idf
[17/11/2008|21.31] C:\Programmi\IKEA HomePlanner
[26/11/2008|01.30] C:\Programmi\InstallShield Installation Information
[25/08/2008|13.56] C:\Programmi\Intel
[12/02/2009|19.30] C:\Programmi\Internet Explorer
[21/12/2008|23.27] C:\Programmi\Java
[08/01/2009|13.32] C:\Programmi\JRE
[29/11/2008|12.01] C:\Programmi\Kaspersky Lab
[31/10/2008|00.03] C:\Programmi\Lavasoft
[13/02/2009|17.25] C:\Programmi\Malwarebytes' Anti-Malware
[23/09/2008|20.41] C:\Programmi\Messenger
[13/02/2009|00.05] C:\Programmi\Messenger Plus! Live
[12/02/2009|22.45] C:\Programmi\Microsoft
[23/09/2008|20.46] C:\Programmi\microsoft frontpage
[12/02/2009|22.43] C:\Programmi\Microsoft SQL Server Compact Edition
[12/02/2009|22.44] C:\Programmi\Microsoft Sync Framework
[08/01/2009|13.13] C:\Programmi\Microsoft.NET
[13/02/2009|18.23] C:\Programmi\MouseRunner.com
[23/09/2008|20.38] C:\Programmi\Movie Maker
[13/02/2009|21.17] C:\Programmi\Mozilla Firefox
[13/02/2009|18.20] C:\Programmi\Mozilla Thunderbird
[07/01/2009|19.34] C:\Programmi\Mplayer
[30/10/2008|17.03] C:\Programmi\MSBuild
[24/08/2008|23.15] C:\Programmi\MSN Gaming Zone
[15/11/2008|02.32] C:\Programmi\MSXML 4.0
[24/08/2008|23.22] C:\Programmi\MSXML 6.0
[13/02/2009|20.49] C:\Programmi\Navilog1
[25/08/2008|15.38] C:\Programmi\Nero
[23/09/2008|20.35] C:\Programmi\NetMeeting
[13/02/2009|14.23] C:\Programmi\NoAds
[08/01/2009|13.32] C:\Programmi\OpenOffice.org 3
[08/01/2009|13.32] C:\Programmi\OpenOffice.org 3.0 (it) Installation Files
[23/09/2008|20.35] C:\Programmi\Outlook Express
[31/10/2008|01.03] C:\Programmi\PeerGuardian2
[26/08/2008|21.00] C:\Programmi\Pirelli
[12/02/2009|13.35] C:\Programmi\Poker Club by Lottomatica
[04/02/2009|12.31] C:\Programmi\PokerStars.IT
[06/10/2008|15.25] C:\Programmi\PokerStars.NET
[25/08/2008|14.38] C:\Programmi\PowerQuest
[13/02/2009|15.03] C:\Programmi\QUAD Utilities
[10/02/2009|00.31] C:\Programmi\Recovery Toolbox for RAR
[24/08/2008|23.23] C:\Programmi\Reference Assemblies
[02/11/2008|23.03] C:\Programmi\RegSeeker
[04/11/2008|01.27] C:\Programmi\RegToy
[07/01/2009|22.55] C:\Programmi\Security Task Manager
[24/08/2008|23.17] C:\Programmi\Servizi in linea
[26/08/2008|21.37] C:\Programmi\SigmaTel
[08/09/2008|00.55] C:\Programmi\Smart Projects
[05/02/2009|13.51] C:\Programmi\Softonic_Italia
[29/08/2008|13.26] C:\Programmi\SopCast
[31/10/2008|15.55] C:\Programmi\Spybot - Search & Destroy
[24/08/2008|23.40] C:\Programmi\Telecom Italia
[05/11/2008|20.22] C:\Programmi\The KMPlayer
[23/10/2008|22.05] C:\Programmi\Trend Micro
[03/11/2008|18.38] C:\Programmi\TVAnts
[29/08/2008|13.21] C:\Programmi\TVUPlayer
[14/12/2008|17.09] C:\Programmi\uusee
[13/02/2009|17.25] C:\Programmi\vghd
[22/09/2008|21.51] C:\Programmi\VideoLAN
[20/11/2008|20.53] C:\Programmi\VS Revo Group
[18/09/2008|00.50] C:\Programmi\Webteh
[29/10/2008|14.35] C:\Programmi\Winamp
[12/02/2009|22.45] C:\Programmi\Windows Live
[12/02/2009|22.42] C:\Programmi\Windows Live SkyDrive
[24/08/2008|23.15] C:\Programmi\Windows Media Connect 2
[23/09/2008|20.35] C:\Programmi\Windows Media Player
[23/09/2008|20.35] C:\Programmi\Windows NT
[24/08/2008|23.17] C:\Programmi\WindowsUpdate
[25/08/2008|14.42] C:\Programmi\WinRAR
[21/09/2008|22.23] C:\Programmi\wwSms Client
[23/09/2008|20.46] C:\Programmi\xerox
[07/01/2009|19.47] C:\Programmi\XP Codec Pack
[23/10/2008|22.55] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[105|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[18/01/2009|12.51] C:\Programmi\File comuni\Adobe
[23/09/2008|00.17] C:\Programmi\File comuni\AVSMedia
[26/11/2008|23.10] C:\Programmi\File comuni\DESIGNER
[08/09/2008|20.26] C:\Programmi\File comuni\InstallShield
[25/08/2008|16.44] C:\Programmi\File comuni\Java
[12/02/2009|22.42] C:\Programmi\File comuni\Microsoft Shared
[24/08/2008|23.42] C:\Programmi\File comuni\Motive
[24/08/2008|23.17] C:\Programmi\File comuni\MSSoap
[25/08/2008|15.39] C:\Programmi\File comuni\Nero
[25/08/2008|01.10] C:\Programmi\File comuni\ODBC
[25/08/2008|18.25] C:\Programmi\File comuni\Services
[25/08/2008|01.10] C:\Programmi\File comuni\SpeechEngines
[26/11/2008|23.10] C:\Programmi\File comuni\System
[02/11/2008|14.49] C:\Programmi\File comuni\uusee
[12/02/2009|22.01] C:\Programmi\File comuni\Windows Live
[25/08/2008|16.55] C:\Programmi\File comuni\WindowsLiveInstaller
[07/02/2009|22.20] C:\Programmi\File comuni\Wise Installation Wizard
[0|File] C:\Programmi\File comuni\byte
[19|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 33 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 21:40:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]



[F:3][D:1]-> C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp
[F:2][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:2][D:0]-> C:\DOCUME~1\ADMINI~1\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/02/2009|21.37 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 13/02/2009|21.41 - Option : [2]

--------------------\\ Scan completed at 21.41.41
Torna in alto
 
shapiro
Inviato: Friday, February 13, 2009 10:26:57 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sto' controllando i report, ma dovresti ripetere la scansione su virustotal - questa e' confusionaria

fai cosi'- quando hai controllato i due file che ti ho indicato prima, cerca di cliccare su formattato in alto a sinistra

copiali e postali

poi controlla tu stesso se vedi gli antivirus che lo riconoscono dannoso esce la scritta in rosso

altra cosa- hai installato la ask toolbar?
Torna in alto
 
shapiro
Inviato: Friday, February 13, 2009 10:59:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
allora.....brutte notizie - hai il bagle ma probabilmente non e' ancora attivo del tutto.....ecco perche' ti avevo chiesto all'inizio della discussione se ti funzionava l'antivirus


disattiva il ripristino

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino




scarica questo programmino... il download lo trovi in fondo alla pagina

http://www.zonavirus.com/datos/descargas/95/elibagla.asp

vai in provvisoria

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione


quando avra' finito troverai il log in C:\InfoSat.txt. - copialo in blocco note e postalo nel forum

C:\InfoSat.txt.






disattiva il tuo antivirus (sempre se funziona ancora)

scarica

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb




disattiva il tuo antivirus(ammesso che funzioni ancora) e scarica

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb


Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
Dovrai usare prima il tasto 1 (invio) per la ricerca e successivamente il tanto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.


Durante la pulizia ci saranno dei riavvii, quindi tranquillo e' del tutto normale- i riavvii fanno parte della pulizia
Torna in alto
 
r16
Inviato: Friday, February 13, 2009 11:00:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Si ti sei accorto.Anxious
Torna in alto
 
shapiro
Inviato: Friday, February 13, 2009 11:01:59 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
cusa l'intromissione :
Ti sei accorto che ha il Beagle?
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]


se leggi bene me ne sono accorto, r16 ed e' per questo che ho dato delle scansioni da fare
Torna in alto
 
r16
Inviato: Friday, February 13, 2009 11:06:51 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dai un'occhiata all'ora che ho scritto io e all'ora che hai dato la risposta.
Ci sono 4 secondi di differenza .
Torna in alto
 
shapiro
Inviato: Friday, February 13, 2009 11:08:50 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Dai un'occhiata all'ora che ho scritto io e all'ora che hai dato la risposta.
Ci sono 4 secondi di differenza .


r16 stavo preparando la risposta.....per favore se continuiamo a postare l'utente non legge quello che deve fare

GRAZIE
Torna in alto
 
r16
Inviato: Friday, February 13, 2009 11:11:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
shapiro ha scritto:
Commenta:
Dai un'occhiata all'ora che ho scritto io e all'ora che hai dato la risposta.
Ci sono 4 secondi di differenza .


r16 stavo preparando la risposta.....per favore se continuiamo a postare l'utente non legge quello che deve fare

GRAZIE

Non fare tanto il gradasso shapiro , che lo vede anche un cieco che abbiamo dato una risposta in contemporanea.
Torna in alto
 
shapiro
Inviato: Friday, February 13, 2009 11:16:01 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
mediterraneo ti lascio le operazioni che dovrai fare

Commenta:
disattiva il ripristino

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino




scarica questo programmino... il download lo trovi in fondo alla pagina

http://www.zonavirus.com/datos/descargas/95/elibagla.asp

vai in provvisoria

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione


quando avra' finito troverai il log in C:\InfoSat.txt. - copialo in blocco note e postalo nel forum





disattiva il tuo antivirus(ammesso che funzioni ancora) e scarica

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb


Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
Dovrai usare prima il tasto 1 (invio) per la ricerca e successivamente il tanto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.


Durante la pulizia ci saranno dei riavvii, quindi tranquillo e' del tutto normale- i riavvii fanno parte della pulizia






se non ti riesce il download di elibagla, scaricalo da qui

http://wikisend.com/download/616480/paperino.EXE

cerca di non usare internet, rimani solo su AIUTAMICI

se hai qualche dubbio, non esitare a contattarmi-









Torna in alto
 
mediterraneo78
Inviato: Saturday, February 14, 2009 1:47:12 PM
Rank: Newbie

Iscritto dal : 2/13/2009
Posts: 0
Ciao Shapiro ti posto i report dei 2 file e faccio quello che mi hai descritto per quanto riguardo l'ask non è installato almeno non risulta...

1 report C:\Programmi\Softonic_Italia\tbSof1.dll


File tbPee1.dll ricevuto il 2009.02.14 10:20:34 (CET)
Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.0.0.93 2009.02.14 -
AhnLab-V3 5.0.0.2 2009.02.13 -
AntiVir 7.9.0.79 2009.02.13 -
Authentium 5.1.0.4 2009.02.14 W32/OnlineGames.A.gen!Eldorado
Avast 4.8.1335.0 2009.02.14 -
AVG 8.0.0.237 2009.02.14 -
BitDefender 7.2 2009.02.14 -
CAT-QuickHeal 10.00 2009.02.13 -
ClamAV 0.94.1 2009.02.14 -
Comodo 976 2009.02.13 -
DrWeb 4.44.0.09170 2009.02.14 -
eSafe 7.0.17.0 2009.02.12 -
eTrust-Vet 31.6.6357 2009.02.14 -
F-Prot 4.4.4.56 2009.02.13 W32/OnlineGames.A.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.14 -
Fortinet 3.117.0.0 2009.02.14 -
GData 19 2009.02.14 -
Ikarus T3.1.1.45.0 2009.02.14 -
K7AntiVirus 7.10.629 2009.02.13 -
Kaspersky 7.0.0.125 2009.02.14 -
McAfee 5525 2009.02.13 -
McAfee+Artemis 5525 2009.02.14 -
Microsoft 1.4306 2009.02.14 -
NOD32 3852 2009.02.13 -
Norman 6.00.02 2009.02.13 -
nProtect 2009.1.8.0 2009.02.14 -
Panda 10.0.0.10 2009.02.13 -
PCTools 4.4.2.0 2009.02.13 -
Prevx1 V2 2009.02.14 -
Rising 21.16.51.00 2009.02.14 -
SecureWeb-Gateway 6.7.6 2009.02.14 -
Sophos 4.38.0 2009.02.14 -
Sunbelt 3.2.1851.2 2009.02.12 -
Symantec 10 2009.02.14 -
TheHacker 6.3.2.1.256 2009.02.14 -
TrendMicro 8.700.0.1004 2009.02.13 -
ViRobot 2009.2.14.1606 2009.02.14 -
VirusBuster 4.5.11.0 2009.02.13 -
Informazioni addizionali
Tamano archivo: 1881112 bytes
MD5...: f9b508bc69d1ee43a09dfbcae6c42e04
SHA1..: f31b07e34538a43fef46847cd29a001069780d19
SHA256: b755356503232df79de9b08c116e870ef03ac1f6b1b3bdb77b7afbe06c12cfcf
SHA512: d9b9b4b111db21fc0989576d22756a406634722abaae044677615684925521a1<br>c89d5e7c099c97723b9cd88cd0996ca1a3ebf20730157c5c69fef6e034535dee<br>
ssdeep: 24576:tS7xQcB+fGWuUNWUEkw4Xs+a7W/4dI6U2prKGa40BcVg9SSXJ6gelveCFi<br>B65df9:tOOGWDUhibTpW463fHzVQ6tLT<br>
PEiD..: -
TrID..: File type identification<br>Windows OCX File (71.0%)<br>Win32 Executable MS Visual C++ (generic) (21.6%)<br>Win32 Executable Generic (4.9%)<br>Generic Win/DOS Executable (1.1%)<br>DOS Executable Generic (1.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xde15a<br>timedatestamp.....: 0x4975cd8f (Tue Jan 20 13:11:43 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x10da12 0x10dc00 6.56 7c135281188d610ed638c7234c241966<br>.rdata 0x10f000 0x55d7f 0x55e00 4.51 7c6252c1f58f4dc55afde9bb9efae496<br>.data 0x165000 0x6260 0x4200 4.84 17d3e694c044f25072850637c050a8e0<br>.rsrc 0x16c000 0x4c170 0x4c200 5.65 488b4a71ffb64bf677b82c6e58d78564<br>.reloc 0x1b9000 0x16442 0x16600 5.90 e4eb470fb6941fbbb82b6942efa51b1b<br><br>( 19 imports ) <br>&gt; COMCTL32.dll: ImageList_ReplaceIcon, CreatePropertySheetPageW, PropertySheetW, CreateToolbarEx, InitCommonControlsEx, _TrackMouseEvent, ImageList_Create<br>&gt; WININET.dll: DeleteUrlCacheEntry, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, InternetCanonicalizeUrlW, InternetCrackUrlW, InternetCloseHandle, InternetSetOptionA, InternetCanonicalizeUrlA, FindCloseUrlCache, InternetSetOptionExA, InternetConnectA, InternetGetLastResponseInfoA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetCrackUrlA, InternetOpenW, InternetSetOptionW, InternetOpenUrlW, InternetReadFile, InternetGetConnectedState, HttpOpenRequestA, GetUrlCacheEntryInfoW, InternetQueryOptionA<br>&gt; SHLWAPI.dll: PathFileExistsW<br>&gt; WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>&gt; VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW<br>&gt; MSIMG32.dll: GradientFill<br>&gt; urlmon.dll: ObtainUserAgentString, URLDownloadToFileW<br>&gt; CRYPT32.dll: CryptMsgClose, CryptProtectData, CryptUnprotectData, CryptQueryObject, CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringW, CertFreeCertificateContext, CertCloseStore, CertGetNameStringA<br>&gt; WINMM.dll: PlaySoundW, sndPlaySoundW, PlaySoundA, timeGetTime<br>&gt; KERNEL32.dll: GetVersionExA, GetLocalTime, GetModuleHandleW, GetLongPathNameW, GetModuleFileNameA, GetCurrentThreadId, lstrcpyA, GetTickCount, GetThreadLocale, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, CreateFileA, SetStdHandle, GetLocaleInfoA, FlushFileBuffers, SetFilePointer, GetConsoleMode, GetConsoleCP, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, LCMapStringW, LCMapStringA, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, ExitProcess, VirtualFree, HeapCreate, HeapDestroy, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, VirtualAlloc, MoveFileW, GetProcessHeap, GetCommandLineA, ResumeThread, ExitThread, RaiseException, GetSystemTimeAsFileTime, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, ReleaseSemaphore, CreateSemaphoreW, InterlockedExchange, GetCurrentThread, SetThreadPriority, GetComputerNameW, MoveFileExW, RemoveDirectoryW, TerminateProcess, CreateToolhelp32Snapshot, Thread32First, Thread32Next, OpenProcess, LocalAlloc, InterlockedDecrement, OutputDebugStringW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, MulDiv, LoadLibraryA, CreateFileW, GetFileSize, ReadFile, SizeofResource, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, WideCharToMultiByte, GetModuleHandleA, GetLastError, GetModuleFileNameW, CloseHandle, ReleaseMutex, CreateMutexW, GetCurrentProcess, FlushInstructionCache, VirtualProtect, Sleep, ExpandEnvironmentStringsW, CreateProcessW, GetLocaleInfoW, LoadLibraryW, GetProcAddress, FreeLibrary, CreateDirectoryW, Beep, GetDateFormatW, GetTimeFormatW, FindResourceW, LoadResource, LockResource, FreeResource, GetFileAttributesW, WaitForSingleObject, SetLastError, CreateThread, GetExitCodeThread, TerminateThread, FindFirstFileW, DeleteFileW, FindNextFileW, FindClose, MultiByteToWideChar, CopyFileW, GetCurrentProcessId, lstrlenW, lstrcpyW, LocalFree<br>&gt; USER32.dll: GetDlgCtrlID, GetClientRect, SetWindowTextW, SetWindowTextA, wsprintfW, CallWindowProcA, InvalidateRect, GetWindow, GetClassInfoExW, RegisterClassExW, CopyRect, UpdateWindow, GetLastInputInfo, MonitorFromRect, LoadImageW, IsWindow, GetDlgItem, SendMessageA, ClientToScreen, GetParent, GetWindowLongW, SetCursor, LoadCursorA, PostMessageA, ShowWindow, SetWindowLongW, DialogBoxParamW, DialogBoxParamA, CreateDialogParamA, CreateDialogParamW, ReleaseDC, IsWindowEnabled, GetDlgItemTextA, FrameRect, DrawFrameControl, MessageBoxA, GetWindowThreadProcessId, AllowSetForegroundWindow, IsWindowUnicode, GetDesktopWindow, MsgWaitForMultipleObjects, EndDialog, GetDlgItemTextW, GetScrollInfo, IsMenu, GetMenuInfo, SetMenuInfo, GetMenuItemID, GetMenuState, CheckMenuItem, TrackPopupMenu, GetMonitorInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, IsIconic, SetForegroundWindow, PostThreadMessageA, SetWindowRgn, SetWindowPos, EnableWindow, IsDlgButtonChecked, CallWindowProcW, GetMenuItemCount, InsertMenuItemW, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, EnableMenuItem, EndMenu, CheckDlgButton, GetAsyncKeyState, SetActiveWindow, TranslateMessage, GetMessageA, ReleaseCapture, GetCapture, DispatchMessageA, SetCapture, GetCursorPos, BeginPaint, EndPaint, GetUpdateRect, ScreenToClient, SetDlgItemTextW, GetMonitorInfoA, DrawIconEx, GetIconInfo, DestroyIcon, FillRect, GetSysColor, PeekMessageA, MessageBoxW, DefWindowProcW, GetWindowTextW, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, FindWindowW, IsWindowVisible, SetWindowsHookExA, UnhookWindowsHookEx, GetMenuItemInfoA, CallNextHookEx, GetClassInfoW, RegisterClassW, CreateWindowExW, GetSystemMetrics, KillTimer, GetWindowLongA, SetTimer, UnregisterClassA, GetClassNameW, SetWindowLongA, DefWindowProcA, DestroyWindow, GetFocus, IsChild, SetFocus, PostMessageW, PtInRect, FindWindowExW, RegisterWindowMessageW, GetWindowRect, GetDC, DrawTextW, MoveWindow<br>&gt; GDI32.dll: GetDeviceCaps, GetTextColor, GetBkColor, GetBkMode, SetTextAlign, TextOutW, ExcludeClipRect, RoundRect, CreateRectRgn, CombineRgn, GetPixel, BitBlt, Polygon, GdiFlush, SetPixel, GetObjectA, GetTextAlign, GetTextExtentPoint32W, Rectangle, SetBkColor, CreateSolidBrush, CreateFontIndirectW, GetLayout, CreateCompatibleDC, CreateCompatibleBitmap, PlgBlt, DeleteDC, CreatePen, SelectObject, MoveToEx, LineTo, DeleteObject, GetWindowOrgEx, SetWindowOrgEx, SetBkMode, SetTextColor, GetStockObject<br>&gt; comdlg32.dll: GetOpenFileNameW<br>&gt; ADVAPI32.dll: RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, RegQueryValueExW, CryptAcquireContextA, CryptReleaseContext, OpenProcessToken, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegQueryInfoKeyW, RegCloseKey<br>&gt; SHELL32.dll: ShellExecuteW, SHGetFolderPathW, SHCreateDirectoryExW, ShellExecuteExW<br>&gt; ole32.dll: CoGetMalloc, StringFromIID, CoCreateInstance, IIDFromString, CreateStreamOnHGlobal, CLSIDFromString, CoUninitialize, CoInitialize<br>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>&gt; PSAPI.DLL: GetModuleFileNameExW, EnumProcessModules, GetProcessMemoryInfo<br>&gt; DNSAPI.dll: DnsQuery_A<br><br>( 11 exports ) <br>DllCanUnloadNow, DllGetClassObject, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate<br>
CWSandbox info: <a href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f9b508bc69d1ee43a09dfbcae6c42e04" target="_blank">http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f9b508bc69d1ee43a09dfbcae6c42e04</a>

2 report C:\Programmi\BS.Player ControlBar\BSToolbar.dll


File BSToolbar.dll ricevuto il 2009.02.11 17:19:43 (CET)
Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.0.0.93 2009.02.11 -
AhnLab-V3 5.0.0.2 2009.02.11 -
AntiVir 7.9.0.76 2009.02.11 -
Authentium 5.1.0.4 2009.02.11 -
Avast 4.8.1335.0 2009.02.11 -
AVG 8.0.0.229 2009.02.11 -
BitDefender 7.2 2009.02.11 -
CAT-QuickHeal 10.00 2009.02.11 -
ClamAV 0.94.1 2009.02.11 -
Comodo 974 2009.02.11 -
DrWeb 4.44.0.09170 2009.02.11 -
eSafe 7.0.17.0 2009.02.11 -
eTrust-Vet 31.6.6350 2009.02.11 -
F-Prot 4.4.4.56 2009.02.11 -
F-Secure 8.0.14470.0 2009.02.11 -
Fortinet 3.117.0.0 2009.02.11 -
GData 19 2009.02.11 -
Ikarus T3.1.1.45.0 2009.02.11 -
K7AntiVirus 7.10.627 2009.02.11 -
Kaspersky 7.0.0.125 2009.02.11 -
McAfee 5522 2009.02.10 -
McAfee+Artemis 5522 2009.02.10 -
Microsoft 1.4306 2009.02.11 -
NOD32 3846 2009.02.11 -
Norman 6.00.02 2009.02.11 -
nProtect 2009.1.8.0 2009.02.11 -
Panda 10.0.0.10 2009.02.11 -
PCTools 4.4.2.0 2009.02.11 -
Prevx1 V2 2009.02.11 -
Rising 21.16.22.00 2009.02.11 -
SecureWeb-Gateway 6.7.6 2009.02.11 -
Sophos 4.38.0 2009.02.11 -
Sunbelt 3.2.1851.2 2009.02.11 -
Symantec 10 2009.02.11 -
TheHacker 6.3.1.85.252 2009.02.11 -
TrendMicro 8.700.0.1004 2009.02.11 -
VBA32 3.12.8.12 2009.02.11 -
ViRobot 2009.2.11.1600 2009.02.11 -
VirusBuster 4.5.11.0 2009.02.11 -
Informazioni addizionali
File size: 757192 bytes
MD5...: 065019683405c3fdbe398f6e5c48241a
SHA1..: d2e78a28f114169afc7083b8b025c001c26be95a
SHA256: 98ad7bc6afead2b63201ea67b18af2b8feafcd225c00893228252b2b0a337a18
SHA512: 1a837300a6b97f6d82bf96ef6917ef94bfda7c13d435aa632be37736f8282c33<br>cda3b040d66abbc1c4787d36f363824c9b00c13ac2522ca35456b521e42d2ad6<br>
ssdeep: 12288:AWD5tN4k3Gua3PD0wtmFdApqU7DJ5ANeqoIagvo+Fm4g2nK:Agb4k2N3PP<br>wEZDJ8/oIagvo+42K<br>
PEiD..: -
TrID..: File type identification<br>DirectShow filter (52.6%)<br>Windows OCX File (32.2%)<br>Win32 Executable MS Visual C++ (generic) (9.8%)<br>Win32 Executable Generic (2.2%)<br>Win32 Dynamic Link Library (generic) (1.9%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x60775<br>timedatestamp.....: 0x48a29a69 (Wed Aug 13 08:25:13 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8cd3e 0x8d000 6.68 775cfadbcd911aaa62cb0a8cab4d2b08<br>.rdata 0x8e000 0x1bbf5 0x1c000 4.98 e565086ededcc93881fc4c27aeddb79b<br>.data 0xaa000 0x6604 0x4000 4.55 3c88397fa0d0f61c7e520ccf71e97430<br>.rsrc 0xb1000 0x1b04 0x2000 4.68 b3ed369cd24dfde2b85d126c7f8c3971<br>.reloc 0xb3000 0x7246 0x8000 6.30 f917d2afb2649bcb6d3ada644110be38<br><br>( 12 imports ) <br>&gt; WININET.dll: DeleteUrlCacheEntryW, InternetCloseHandle, InternetReadFile, HttpQueryInfoW, HttpSendRequestA, HttpOpenRequestW, InternetConnectW, InternetOpenW<br>&gt; urlmon.dll: URLDownloadToFileW<br>&gt; iphlpapi.dll: GetAdaptersInfo<br>&gt; KERNEL32.dll: lstrcmpiW, LoadLibraryExW, SizeofResource, LoadResource, FindResourceW, WideCharToMultiByte, PulseEvent, ReleaseMutex, WaitForSingleObject, WaitForMultipleObjects, CreateMutexW, CreateEventW, TerminateThread, SetEvent, CloseHandle, GetTempFileNameW, DeleteFileW, CreateDirectoryW, SetFileAttributesW, SetCurrentDirectoryW, GetLocaleInfoA, GetUserDefaultLCID, MulDiv, GlobalFree, LockResource, FreeResource, GlobalAlloc, ReadFile, GetFileSize, CreateFileW, SetFilePointer, GetFileType, DuplicateHandle, DosDateTimeToFileTime, SystemTimeToFileTime, GetCurrentDirectoryW, SetFileTime, WriteFile, FreeEnvironmentStringsA, FlushFileBuffers, GetConsoleMode, GetConsoleCP, GetStartupInfoA, SetHandleCount, IsValidCodePage, GetOEMCP, GetModuleFileNameA, GetStdHandle, DeleteCriticalSection, HeapCreate, HeapDestroy, FatalAppExitA, GetCurrentThread, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, ExitProcess, GetStringTypeW, GetStringTypeA, GetCPInfo, LCMapStringW, LCMapStringA, GetCommandLineA, FindNextFileA, FindFirstFileA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, MoveFileW, GetSystemTimeAsFileTime, CreateThread, ExitThread, HeapReAlloc, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, Sleep, GetThreadLocale, GetACP, InterlockedExchange, GetVersionExA, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, HeapAlloc, GetProcessHeap, HeapFree, InterlockedCompareExchange, InitializeCriticalSection, LocalAlloc, LocalFree, InterlockedIncrement, GetCurrentThreadId, FreeLibrary, OutputDebugStringA, GetModuleFileNameW, SetLastError, GetLastError, GetCurrentProcess, FlushInstructionCache, LeaveCriticalSection, EnterCriticalSection, RaiseException, GetVersion, GetFileAttributesW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetTimeFormatA, GetDateFormatA, EnumSystemLocalesA, IsValidLocale, SetConsoleCtrlHandler, GetLocaleInfoW, GetProcAddress, GetModuleHandleW, GetModuleHandleA, LoadLibraryW, LoadLibraryA, GlobalLock, GlobalUnlock, lstrlenA, lstrlenW, InterlockedDecrement, MultiByteToWideChar, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, GetTimeZoneInformation, CreateFileA, SetEndOfFile, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetEnvironmentStrings, HeapSize, FreeEnvironmentStringsW, WriteConsoleA<br>&gt; USER32.dll: SetTimer, GetWindowDC, CreatePopupMenu, InsertMenuItemW, DestroyMenu, GetDC, ReleaseDC, GetActiveWindow, FillRect, GetSystemMetrics, EnableScrollBar, SetScrollPos, wsprintfW, ScreenToClient, SetScrollInfo, GetScrollInfo, GetCursorPos, MessageBoxW, IsWindowVisible, CreateDialogParamW, EndDialog, IsWindowEnabled, DialogBoxParamW, SystemParametersInfoW, MapWindowPoints, SetWindowPos, EnableWindow, InvalidateRect, UpdateWindow, PostMessageW, PeekMessageW, GetSysColor, ShowCaret, HideCaret, DrawTextW, GetDlgItem, ShowWindow, CharNextW, GetCursor, SetCursor, SetCapture, EndPaint, BeginPaint, ReleaseCapture, LoadImageW, GetIconInfo, CreateWindowExW, GetClassInfoExW, RegisterClassExW, TrackPopupMenu, ClientToScreen, LoadStringW, CopyRect, GetParent, LoadCursorW, IsWindow, KillTimer, GetClientRect, MoveWindow, DestroyWindow, GetWindow, DrawIconEx, DestroyIcon, GetKeyState, TranslateMessage, DispatchMessageW, SetWindowTextA, GetWindowLongW, SetWindowLongW, CallWindowProcW, DefWindowProcW, GetFocus, SetFocus, GetWindowRect, GetWindowTextLengthW, GetWindowTextW, SetWindowTextW, SendMessageW, UnregisterClassA, ShowScrollBar<br>&gt; GDI32.dll: MoveToEx, LineTo, GetStockObject, GetObjectW, CreatePen, SelectObject, DeleteDC, DeleteObject, GetTextMetricsW, GetTextExtentPoint32W, SetBkMode, BitBlt, CreateFontW, CreateFontIndirectW, GetDeviceCaps, DPtoLP, LPtoDP, SetMapMode, GetMapMode, GdiFlush, CreateDIBSection, CreateSolidBrush, CreateCompatibleDC, SetTextColor, TextOutW<br>&gt; ADVAPI32.dll: RegEnumKeyExW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, TraceEvent, RegQueryInfoKeyW<br>&gt; SHELL32.dll: ShellExecuteW, DragQueryFileW, SHGetFolderPathW<br>&gt; ole32.dll: ReleaseStgMedium, RegisterDragDrop, CreateStreamOnHGlobal, CoInitialize, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree, CoCreateInstance, StringFromGUID2, CoUninitialize<br>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>&gt; SHLWAPI.dll: PathAppendW, PathFileExistsW<br>&gt; MSIMG32.dll: TransparentBlt<br><br>( 4 exports ) <br>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<br>
ThreatExpert info: <a href="http://www.threatexpert.com/report.aspx?md5=065019683405c3fdbe398f6e5c48241a" target="_blank">http://www.threatexpert.com/report.aspx?md5=065019683405c3fdbe398f6e5c48241a</a>
CWSandbox info: <a href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=065019683405c3fdbe398f6e5c48241a" target="_blank">http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=065019683405c3fdbe398f6e5c48241a</a>
Torna in alto
 
shapiro
Inviato: Saturday, February 14, 2009 1:52:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ascolta mediterraneo78 questi file li vediamo dopo

per ora esegui al piu' presto quello che ti ho scritto

hai il bagle nel pc


disattiva il ripristino

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino




scarica questo programmino... il download lo trovi in fondo alla pagina

http://www.zonavirus.com/datos/descargas/95/elibagla.asp

vai in provvisoria

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione


quando avra' finito troverai il log in C:\InfoSat.txt. - copialo in blocco note e postalo nel forum





disattiva il tuo antivirus(ammesso che funzioni ancora) e scarica

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb


Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
Dovrai usare prima il tasto 1 (invio) per la ricerca e successivamente il tanto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta.


Durante la pulizia ci saranno dei riavvii, quindi tranquillo e' del tutto normale- i riavvii fanno parte della pulizia






se non ti riesce il download di elibagla, scaricalo da qui

http://wikisend.com/download/616480/paperino.EXE

cerca di non usare internet, rimani solo su AIUTAMICI

se hai qualche dubbio, non esitare a contattarmi-
Torna in alto
 
mediterraneo78
Inviato: Saturday, February 14, 2009 1:55:42 PM
Rank: Newbie

Iscritto dal : 2/13/2009
Posts: 0
Dimenticavo Shapiro vedi che non ho nod come antivirus ma Kaspersky 2009 versione prova in pratica utilizzo il crak ogni mese per la attivare la versione prova se ritieni che devo cambiare antivirus consigliamene uno preferibilmente in italiano grazie
Torna in alto
 
shapiro
Inviato: Saturday, February 14, 2009 2:01:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
mediterraneo78 esegui quello che ti ho consigliato

hai il bagle nel pc
Torna in alto
 
mediterraneo78
Inviato: Saturday, February 14, 2009 2:47:46 PM
Rank: Newbie

Iscritto dal : 2/13/2009
Posts: 0
Shapiro ecco i report :

questo è il report di enibagla


Wed Oct 29 11:55:45 2008
EliBagle v11.90 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Octubre del 2008)
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.90
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINHOST.EXE.Muestra EliBagle v11.90
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\WINHOST.EXE --> Eliminado Bagle

Wed Oct 29 11:56:09 2008
EliBagle v11.90 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Octubre del 2008)
Lista de Acciones (por Acción Directa):

Wed Oct 29 11:56:10 2008
EliBagle v11.90 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Octubre del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{C539E949-3207-4064-92CC-4BF49BF37128}\RP99\A0020835.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{C539E949-3207-4064-92CC-4BF49BF37128}\RP99\A0020854.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{C539E949-3207-4064-92CC-4BF49BF37128}\RP99\A0021022.EXE --> Eliminado Bagle
C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\114343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\120500.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\78203.EXE --> Eliminado Bagle.VR

Nº Total de Directorios: 4457
Nº Total de Ficheros: 52104
Nº de Ficheros Analizados: 14857
Nº de Ficheros Infectados: 7
Nº de Ficheros Limpiados: 7

Wed Oct 29 12:06:50 2008
EliBagle v11.90 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Octubre del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{C539E949-3207-4064-92CC-4BF49BF37128}\RP99\A0021025.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{C539E949-3207-4064-92CC-4BF49BF37128}\RP99\A0021026.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{C539E949-3207-4064-92CC-4BF49BF37128}\RP99\A0021027.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{C539E949-3207-4064-92CC-4BF49BF37128}\RP99\A0021028.EXE --> Eliminado Bagle.VR

Nº Total de Directorios: 4457
Nº Total de Ficheros: 52101
Nº de Ficheros Analizados: 14854
Nº de Ficheros Infectados: 4
Nº de Ficheros Limpiados: 4

Wed Oct 29 12:07:53 2008
EliBagle v11.90 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Octubre del 2008)
Lista de Acciones (por Acción Directa):

Wed Oct 29 12:07:56 2008
EliBagle v11.90 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Octubre del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Nº Total de Directorios: 42
Nº Total de Ficheros: 800
Nº de Ficheros Analizados: 45
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Oct 29 12:23:26 2008
EliBagle v11.90 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Octubre del 2008)
Lista de Acciones (por Acción Directa):

Wed Oct 29 12:23:29 2008
EliBagle v11.90 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Octubre del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4460
Nº Total de Ficheros: 52203
Nº de Ficheros Analizados: 14847
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Feb 14 14:00:45 2009
EliBagle v12.22 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 13 de Febrero del 2009)
Lista de Acciones (por Acción Directa):

Sat Feb 14 14:01:03 2009
EliBagle v12.22 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 13 de Febrero del 2009)
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 4785
Nº Total de Ficheros: 41309
Nº de Ficheros Analizados: 8688
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0


Questi 2 sono i report Findykill il primo di riferisce all'optione 1



----------------- FindyKill V4.707 ------------------

* User: Administrator - SALERNIT-1DCF58
* Executed from : C:\Programmi\FindyKill
* Update on 06/12/08 by Chiquitine29
* Start at 14:13:21 the 14/02/2009
* Windows XP - Internet Explorer 8.0.6001.18372

((((((((((((((((( *** Searching *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

--------------- [ Infected files / folders ] ----------------


»»»» Presence Files in C:

Found ! [07/02/2009 22.20] - "C:\Muestras"

»»»» Presence Files in C:\WINDOWS


»»»» Presence Files in C:\WINDOWS\Prefetch


»»»» Presence Files in C:\WINDOWS\system32


»»»» Presence Files in C:\WINDOWS\system32\drivers


»»»» Presence Files in C:\Documents and Settings\Administrator\Dati applicazioni


»»»» Presence Files in C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp


»»»» Presence Files in C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WMPNSCFG=C:\Programmi\Windows Media Player\WMPNSCFG.exe
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
AVP="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
SunJavaUpdateSched="C:\Programmi\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Malwarebytes' Anti-Malware="C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=


--------------- [ Registry / Infected keys ] ----------------


Found ! - HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-500\Software\MuleAppData
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA

--------------- [ States / Services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

/!\ Ndisuio - Type of startup = 4

EapHost - Type of startup = 3

/!\ Ip6Fw - Type of startup = 4

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2



--------------- [ Searching in removable drives ] ----------------


+- Informations :

C: - Unit… fissa

F: - Unit… fissa


+- Presence of files :



--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !



Questo è il 2 report si rif. alla 2 opzione



----------------- FindyKill V4.707 ------------------

* User : Administrator - SALERNIT-1DCF58
* executed from : C:\Programmi\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 14:16:39 the 14/02/2009
* Windows XP - Internet Explorer 8.0.6001.18372


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - "C:\Muestras"

»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Administrator\Dati applicazioni


»»»» Supression files in C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp


»»»» Supression files in C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

--------------- [ States / Restarting of services ] ----------------


+- Showing of hidden files has been repaired !



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa

F: - Unit… fissa


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Administrator\Recent\Windows.Genuine.Advantage.Validation.v1.8.31.0.CRACKED.rar.lnk
C:\Documents and Settings\Administrator\Recent\Windows.Genuine.Advantage.Validation.v1.8.31.9.CRACKED.rar.lnk
Torna in alto
 
shapiro
Inviato: Saturday, February 14, 2009 3:18:17 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
bene, ti ha tolto un bel po' di infezioni del bagle

vai su questo sito ► http://www.bitdefender.com/scan8/ie.html

fai una scansione online usando internet explorer e vedi se nel pc ci sono altre infezioni

quando hai finito, esegui questa operazione:

scarica questo file .reg

http://wikisend.com/download/504660/fix.reg

cliccaci e accetta le modofiche al registro

per ogni domanda, sono qui
Torna in alto
 
Utenti presenti in questo topic
Guest

4 pages: [1] 2 3 4

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aiuto Windows Internet Explorer pagine bianca


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.