virus Bagle, istruzioni e pulizia ok!!

toscano72 · 22-02-2008, 22:32

Ho preso Bagle tramite emule (cercando un crack - non cercate mai programmi sul mulo!! e nemmeno crack!!), appena aperto l'eseguibile non è successo niente...anzi, un leggero lampeggìo del monitor mi ha fatto sospettare di avere preso un virus. Ed infatti nessun antivirus si apriva più dicendomi che "non erano applicazioni di Win32 valide".
Dopo una scansione con Panda ActiveScan da internet (virus trovati e tolti, però non Bagle) mi sono rivolto al forum.

Ho seguito le istruzioni e questo è il post di Elibagla:

Fri Feb 22 20:53:07 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Feb 22 20:54:21 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LOGITECHDESKTOPMESSENGER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 7093
Nº Total de Ficheros: 67714
Nº de Ficheros Analizados: 12882
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Fri Feb 22 21:03:11 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr

Fri Feb 22 21:04:35 2008
EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7103
Nº Total de Ficheros: 68184
Nº de Ficheros Analizados: 12903
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Dopo elibagla (al primo riavvio è necessaria un'altra scansione - come chiede il programma - poi se mi segnala che il virus è stato individuato e tolto) utilizzo Kaspersky come da voi indicato. Al secondo riavvio del programma finalmente il medesimo funziona! Ho dovuto disinstallare sia Avast! che Antivir però poi mi ha aggiornato il programma e sta iniziando la scansione...effettuata!
Avvìo Avenger, installo lo script, eseguo, riavvìo ma il logfile avenger.txt non c'è.
Attivo tutti i servizi e riavvìo il sistema ancora una volta.
Passo con CC cleaner e Hjackthis del quale posto il logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.30.39, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\1.0.103.3\GoogleUpdate.exe
C:\Programmi\BitTorrent_DNA\dna.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\Rainlendar\Rainlendar.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\YouTube\Uploader\youtubeuploader.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HDAudDeck] C:\Programmi\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [BullGuard] "C:\Programmi\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LanzarT2006] "C:\DOCUME~1\Paolo\IMPOST~1\Temp\T2006tmp\Install.exe" /SETUP:"/l0x0010"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Programmi\BullGuard Software\BullGuard\BgNewsUI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:ita
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\1.0.103.3\GoogleUpdate.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\BitTorrent_DNA\dna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Rainlendar.lnk = C:\Programmi\Rainlendar\Rainlendar.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1163602339903
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163602316513
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04D9397E-1A0A-43C5-AB4B-44E2314D81C7}: NameServer = 85.37.17.55 85.38.28.93
O17 - HKLM\System\CS3\Services\Tcpip\..\{04D9397E-1A0A-43C5-AB4B-44E2314D81C7}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 10746 bytes

Alla fine di tutto (sembra) tutto funziona come prima (e meglio di prima).
Grazie di esistere ragazzi
GRAZIE
G R A Z I E
G R A Z I E

p.s.: i logfile sono ok vero?

**Chill-Out** · 22-02-2008, 22:39

http://www.hwupgrade.it/forum/showthread.php?t=1562611
per favore edita il tuo post non conforme alle Regole di Sezione http://www.hwupgrade.it/forum/showthread.php?t=1589984

toscano72 · 23-02-2008, 22:26

Quote:

Originariamente inviato da Chill-Out

http://www.hwupgrade.it/forum/showthread.php?t=1562611
per favore edita il tuo post non conforme alle Regole di Sezione http://www.hwupgrade.it/forum/showthread.php?t=1589984

OK pardon...ma non sono molto pratico.

ELIBAGLA
http://www.fileup.itadib.com/downloa...qEp01lSkEulnFJ

HIJACKTHIS
http://www.fileup.itadib.com/downloa...GAHCsFXI1KBkMb

Riverside · 23-02-2008, 22:39

Quote:

Originariamente inviato da toscano72

OK pardon...ma non sono molto pratico.

Del tutto comprensibile ma non quando le cose vengono spiegate:
Devi postare (ed allegare il log che sono richiesti) nella apposita discussione, ovvero in questa:
http://www.hwupgrade.it/forum/showthread.php?t=1562611

murack83pa · 23-02-2008, 22:46

segnalato al mod x la chiusura

xcdegasp · 24-02-2008, 10:23

chiudo essendo thread doppione

22-02-2008, 22:32	#1
toscano72 Member Iscritto dal: Jul 2006 Messaggi: 73	virus Bagle, istruzioni e pulizia ok!! Ho preso Bagle tramite emule (cercando un crack - non cercate mai programmi sul mulo!! e nemmeno crack!!), appena aperto l'eseguibile non è successo niente...anzi, un leggero lampeggìo del monitor mi ha fatto sospettare di avere preso un virus. Ed infatti nessun antivirus si apriva più dicendomi che "non erano applicazioni di Win32 valide". Dopo una scansione con Panda ActiveScan da internet (virus trovati e tolti, però non Bagle) mi sono rivolto al forum. Ho seguito le istruzioni e questo è il post di Elibagla: Fri Feb 22 20:53:07 2008 EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Fri Feb 22 20:54:21 2008 EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LOGITECHDESKTOPMESSENGER.EXE --> Eliminado Bagle.dldr Nº Total de Directorios: 7093 Nº Total de Ficheros: 67714 Nº de Ficheros Analizados: 12882 Nº de Ficheros Infectados: 1 Nº de Ficheros Limpiados: 1 Fri Feb 22 21:03:11 2008 EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit) C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr Fri Feb 22 21:04:35 2008 EliBagle v11.04 (c)2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 7103 Nº Total de Ficheros: 68184 Nº de Ficheros Analizados: 12903 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 Dopo elibagla (al primo riavvio è necessaria un'altra scansione - come chiede il programma - poi se mi segnala che il virus è stato individuato e tolto) utilizzo Kaspersky come da voi indicato. Al secondo riavvio del programma finalmente il medesimo funziona! Ho dovuto disinstallare sia Avast! che Antivir però poi mi ha aggiornato il programma e sta iniziando la scansione...effettuata! Avvìo Avenger, installo lo script, eseguo, riavvìo ma il logfile avenger.txt non c'è. Attivo tutti i servizi e riavvìo il sistema ancora una volta. Passo con CC cleaner e Hjackthis del quale posto il logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23.30.39, on 22/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\ehome\ehtray.exe C:\Programmi\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe C:\Programmi\Logitech\QuickCam\Quickcam.exe C:\Programmi\Winamp\winampa.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Windows Media Player\WMPNSCFG.exe C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\1.0.103.3\GoogleUpdate.exe C:\Programmi\BitTorrent_DNA\dna.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\OpenOffice.org 2.3\program\soffice.exe C:\Programmi\Rainlendar\Rainlendar.exe C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\YouTube\Uploader\youtubeuploader.exe C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\dllhost.exe C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HDAudDeck] C:\Programmi\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [BullGuard] "C:\Programmi\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LanzarT2006] "C:\DOCUME~1\Paolo\IMPOST~1\Temp\T2006tmp\Install.exe" /SETUP:"/l0x0010" O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe" O4 - HKCU\..\Run: [BGNewsAgent] "C:\Programmi\BullGuard Software\BullGuard\BgNewsUI.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:ita O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\1.0.103.3\GoogleUpdate.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\BitTorrent_DNA\dna.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 10.5.1.2023 (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: Rainlendar.lnk = C:\Programmi\Rainlendar\Rainlendar.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\YouTube\Uploader\youtubeuploader.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1163602339903 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163602316513 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{04D9397E-1A0A-43C5-AB4B-44E2314D81C7}: NameServer = 85.37.17.55 85.38.28.93 O17 - HKLM\System\CS3\Services\Tcpip\..\{04D9397E-1A0A-43C5-AB4B-44E2314D81C7}: NameServer = 85.37.17.55 85.38.28.93 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe -- End of file - 10746 bytes Alla fine di tutto (sembra) tutto funziona come prima (e meglio di prima). Grazie di esistere ragazzi GRAZIE G R A Z I E G R A Z I E p.s.: i logfile sono ok vero?

22-02-2008, 22:39	#2
Chill-Out Moderatore Iscritto dal: Jun 2007 Città: 127.0.0.1 Messaggi: 25885	http://www.hwupgrade.it/forum/showthread.php?t=1562611 per favore edita il tuo post non conforme alle Regole di Sezione http://www.hwupgrade.it/forum/showthread.php?t=1589984 __________________ Regole di Sezione ▪ Guida alla Disinfezione ▪ Attenzione: Thread importanti Try again and you will be luckier.

24-02-2008, 10:23	#6
xcdegasp Senior Member Iscritto dal: Nov 2001 Città: Fidenza(pr) da Trento Messaggi: 27479	chiudo essendo thread doppione __________________ "Visti da vicino siamo tutti strani..." ~\|~ What Defines a Community? ~\|~ Thread eMule Ufficiale ~\|~ Online Armor in Italiano ~\|~ Regole di Sezione ~\|► Guida a PrivateFirewall quinto potere ~\|~ Le illusioni della TV

23-02-2008, 22:46	#5
murack83pa Bannato Iscritto dal: Oct 2007 Città: Palermo Messaggi: 4623	segnalato al mod x la chiusura

Strumenti
Mostra una versione stampabile Invia questa pagina per email