Qualche virus?

marcosesto1 · **Iscritto il:** sab mag 29, 2004 11:59 pm **Messaggi:** 77

Non mi si apre più ne l'antivirus nod32 ne spybot e hijackThis mi dice che non è un applicazione valida di win32, Qualche virus?

RikyToro · **Inviato:** lun nov 02, 2009 11:13 am

Mollto probabilmente sì.

Segui questa guida passo passo e postaci tutti i log richiesti: informatica-ed-internet-virus/procedura-per-ripulire-un-pc-infetto-t21749.html

marcosesto1 · **Iscritto il:** sab mag 29, 2004 11:59 pm **Messaggi:** 77

ho fatto quasi tutto ma quando installo Combo fix rimane la clessidra ferma e non si apre il programma

RikyToro · **Inviato:** lun nov 02, 2009 1:50 pm

Usalo in modalità provvisoria.

marcosesto1 · **Iscritto il:** sab mag 29, 2004 11:59 pm **Messaggi:** 77

Ti mando i log, il log dello scan online Kaspersky non l'ho fatto perchè non ho capito come si fa,spero vada bene ugualmente

ComboFix 09-11-01.04 - marco mattioli 02/11/2009 17.07.21.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.675 [GMT 1:00]
Eseguito da: K:\gesubambino.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\marco mattioli\Dati applicazioni\drivers\downld
c:\documents and settings\marco mattioli\Dati applicazioni\inst.exe
c:\documents and settings\marco mattioli\Impostazioni locali\Dati applicazioni\jfbdzvrn_nav.dat
c:\documents and settings\marco mattioli\Impostazioni locali\Dati applicazioni\jfbdzvrn_navps.dat
c:\windows\system32\auto.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_SROSA
-------\Service_Boonty Games

((((((((((((((((((((((((( Files Creati Da 2009-10-02 al 2009-11-02 )))))))))))))))))))))))))))))))))))
.

2009-11-01 21:28 . 2009-11-01 21:28 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\IObit
2009-11-01 21:28 . 2009-11-01 21:28 -------- d-----w- c:\programmi\IObit
2009-11-01 17:34 . 2009-11-01 17:34 7168 ----a-w- c:\windows\system32\srosa2.sys
2009-11-01 11:52 . 2009-11-01 13:17 -------- d-----w- c:\windows\BDOSCAN8
2009-10-31 21:30 . 2009-11-01 17:34 119188 ----a-w- c:\windows\system32\wfsintwq.sys
2009-10-31 21:25 . 2009-11-02 16:11 -------- d--h--w- c:\documents and settings\marco mattioli\Dati applicazioni\drivers
2009-10-31 18:10 . 2009-10-31 18:10 -------- d-sh--w- c:\documents and settings\marco mattioli\Phone Browser
2009-10-31 15:09 . 2009-10-31 15:09 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\PC Suite
2009-10-29 18:12 . 2009-10-31 07:44 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\Nokia
2009-10-29 18:12 . 2009-10-31 08:12 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\PC Suite
2009-10-29 18:12 . 2009-10-29 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-10-29 18:11 . 2009-10-29 18:12 -------- d-----w- c:\programmi\DIFX
2009-10-29 18:11 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-29 18:11 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-29 18:09 . 2009-10-29 18:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-10-21 17:45 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-21 17:45 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-21 17:44 . 2009-10-21 17:44 -------- d-----w- c:\programmi\iPod
2009-10-21 17:44 . 2009-10-21 17:45 -------- d-----w- c:\programmi\iTunes
2009-10-21 17:44 . 2009-10-21 17:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-21 17:06 . 2009-10-21 17:06 -------- d-----w- c:\programmi\Bonjour
2009-10-20 20:08 . 2009-10-20 20:08 -------- d-----w- c:\programmi\WinRicette
2009-10-18 09:17 . 2009-10-18 09:17 -------- d-----w- c:\programmi\Borland
2009-10-15 19:55 . 2009-10-15 19:55 -------- d-----w- c:\documents and settings\marco mattioli\.jnlp-applet
2009-10-14 15:10 . 2009-10-30 19:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BVRP Software
2009-10-12 18:52 . 2009-10-12 18:52 2983 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-10-09 19:34 . 2009-10-09 19:34 -------- d-----w- c:\documents and settings\marco mattioli\Impostazioni locali\Dati applicazioni\Thunderbird
2009-10-09 19:34 . 2009-10-09 19:34 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\Thunderbird

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 16:04 . 2009-07-18 10:19 -------- d-----w- c:\programmi\ESET
2009-11-02 15:30 . 2008-12-27 19:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-01 21:41 . 2009-03-31 11:03 -------- d-----w- c:\programmi\FindyKill
2009-11-01 09:37 . 2003-04-08 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2009-11-01 09:37 . 2003-04-08 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2009-10-31 18:58 . 2008-12-28 10:42 -------- d-----w- c:\programmi\BeClean
2009-10-31 06:44 . 2008-12-28 07:52 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\VSO
2009-10-30 20:16 . 2009-07-20 17:39 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\vlc
2009-10-30 19:00 . 2008-12-26 11:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-29 18:58 . 2009-10-29 18:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-10-29 18:58 . 2009-10-29 18:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-10-27 18:44 . 2008-12-27 08:13 -------- d-----w- c:\programmi\Google
2009-10-26 11:13 . 2008-12-31 17:26 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\dvdcss
2009-10-25 20:00 . 2009-01-03 07:58 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\uTorrent
2009-10-25 07:35 . 2009-01-03 14:27 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\Skype
2009-10-25 07:02 . 2009-01-03 14:30 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\skypePM
2009-10-24 14:27 . 2009-03-21 12:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-21 19:49 . 2009-02-13 20:57 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-10-21 18:23 . 2009-01-03 11:45 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\Apple Computer
2009-10-21 17:44 . 2009-01-03 11:43 -------- d-----w- c:\programmi\File comuni\Apple
2009-10-21 17:15 . 2009-07-05 08:32 -------- d-----w- c:\programmi\QuickTime
2009-10-21 17:15 . 2009-01-03 11:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-10-21 17:02 . 2008-12-26 12:42 -------- d-----w- c:\programmi\Packard Bell External HDD
2009-10-21 17:02 . 2009-10-18 09:17 -------- d-----w- c:\programmi\In Cucina con Windows
2009-10-18 09:36 . 2009-10-18 09:33 -------- d-----w- c:\programmi\La Cucina Regionale
2009-10-18 09:33 . 2009-10-18 09:33 -------- d-----w- c:\programmi\Finson Live Update
2009-10-18 07:28 . 2008-12-26 18:32 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-02 17:03 . 2008-12-26 11:07 -------- d-----w- c:\programmi\Windows Live
2009-10-02 17:01 . 2009-10-02 17:01 -------- d-----w- c:\programmi\Microsoft
2009-09-24 17:19 . 2008-12-26 10:49 27248 ----a-w- c:\documents and settings\marco mattioli\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-24 11:55 . 2009-09-24 11:55 -------- d-----w- c:\programmi\JRE
2009-09-24 11:55 . 2008-12-27 08:01 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-09-21 19:46 . 2009-09-21 19:46 -------- d-----w- c:\programmi\PrintFolders
2009-09-12 15:12 . 2008-12-30 12:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-09-11 18:27 . 2008-12-26 18:08 -------- d-----w- c:\documents and settings\marco mattioli\Dati applicazioni\VoipStunt
2009-09-11 14:17 . 2003-04-08 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:09 . 2009-09-10 18:09 3279 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
2009-09-10 16:26 . 2009-05-01 11:09 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-10 12:54 . 2009-03-21 12:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-03-21 12:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 14:48 . 2009-02-04 19:04 -------- d-----w- c:\programmi\File comuni\Real
2009-09-05 14:48 . 2009-09-05 14:48 -------- d-----w- c:\programmi\File comuni\xing shared
2009-09-05 14:48 . 2009-09-05 14:48 -------- d-----w- c:\programmi\Real
2009-09-04 21:03 . 2003-04-08 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 18:11 . 2009-08-21 18:28 1676832 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-08-29 07:56 . 2003-04-08 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-04-08 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 17:41 . 2009-02-20 18:04 10 ----a-w- c:\windows\popcinfo.dat
2009-08-05 19:26 . 2009-08-05 18:22 16577946 ----a-w- c:\programmi\x-video-converter-standard.exe
2009-08-05 18:26 . 2009-08-05 18:26 3004 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2009-08-05 08:59 . 2003-04-08 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:26 . 2003-04-08 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2002-09-09 13:34 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2004-06-05 856064]
"Packard Bell Software Suite"="c:\programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-08-28 1934144]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\marco mattioli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-03-25 133104]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\programmi\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\programmi\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-11-02 949376]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-09-05 198160]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\marco mattioli\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4663:TCP"= 4663:TCP:TCP
"4673:UDP"= 4673:UDP:UDP

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [26/12/2008 20.10.53 77312]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [18/07/2009 11.20.31 15424]
R3 TJISDN;Tiger Jet PCI 128K ISDN-U Adapter;c:\windows\system32\drivers\tjisdn.sys [26/12/2008 11.00.53 123995]
S2 gupdate1c987b7d22887aa;Google Update Service (gupdate1c987b7d22887aa);c:\programmi\Google\Update\GoogleUpdate.exe [05/02/2009 18.33.11 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [17/08/2009 10.43.27 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [17/08/2009 10.43.28 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [17/08/2009 10.43.27 42752]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-01 c:\windows\Tasks\Auto Backup for marco mattioli.job
- c:\programmi\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 14:14]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-05 17:33]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-05 17:33]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1085031214-839522115-1004Core.job
- c:\documents and settings\marco mattioli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-03-25 18:56]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1085031214-839522115-1004UA.job
- c:\documents and settings\marco mattioli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-03-25 18:56]

2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{331EB929-802A-4212-B14B-04CBE585FF5F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\imon.dll
TCP: {EF082A33-0578-4CBC-8423-B0A9CC7AA12D} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\documents and settings\marco mattioli\Dati applicazioni\Mozilla\Firefox\Profiles\yes1tilq.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?cl ... t:official
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - plugin: c:\documents and settings\marco mattioli\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\marco mattioli\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 17:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprc.sys >>UNKNOWN [0x86787938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF76BDB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF76BDB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF76BDB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF76BDB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF76BDB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF76BDB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2988)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-02 17.18.05 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-02 16:18

Pre-Run: 77.753.049.088 byte disponibili
Post-Run: 77.625.622.528 byte disponibili

- - End Of File - - FF0EED480482A51CD2C88B9F1F7FAED4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.31.53, on 02/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
K:\moooo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\marco mattioli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF082A33-0578-4CBC-8423-B0A9CC7AA12D}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c987b7d22887aa) (gupdate1c987b7d22887aa) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (file missing)

--
End of file - 7829 bytes

Malwarebytes' Anti-Malware 1.41
Versione del database: 3084
Windows 5.1.2600 Service Pack 3

02/11/2009 15.59.26
mbam-log-2009-11-02 (15-59-19).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 176381
Tempo trascorso: 53 minute(s), 57 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa (Worm.Bagle) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Worm.Bagle) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Documents and Settings\marco mattioli\Dati applicazioni\drivers\downld (Worm.Bagle) -> No action taken.

File infetti:
(Nessun elemento malevolo rilevato)

Ciao grazie

RikyToro · **Inviato:** lun nov 02, 2009 9:34 pm

Sei infetto da Bagle, segui queste istruzioni: http://www.sicurezzaeprivacy.net/files/bagle.html

marcosesto1 · **Iscritto il:** sab mag 29, 2004 11:59 pm **Messaggi:** 77

Immaginavo, senti sto pensando di formattare perchè non sono tanto pratico di pc, però voglio provarci ugualmente, l'hardisk esterno sarà infetto anche lui o non centra niente? Ciao e grazie! Marco.

RikyToro · **Inviato:** mer nov 04, 2009 6:44 pm

L'HD esterno scansionalo con MalwareBytes e NOD32.

marcosesto1 · **Iscritto il:** sab mag 29, 2004 11:59 pm **Messaggi:** 77

Ho seguito tutte le istruzioni, sembra che il pc vada da dio, pero' non so, sono in confusione, come faccio a vedere se ho più il virus? cosa ti devo mandare?

RikyToro · **Inviato:** mer nov 04, 2009 11:17 pm

Riutilizza ComboFix, MalwareBytes e Hijackthis nell'orine e postami i loro nuovi log.

marcosesto1 · **Iscritto il:** sab mag 29, 2004 11:59 pm **Messaggi:** 77

comboFix non ho capito come si fa, spero che vadano bene Malwarebites e HijackThis,
Malwarebytes' Anti-Malware 1.41
Versione del database: 3103
Windows 5.1.2600 Service Pack 3

05/11/2009 12.56.32
mbam-log-2009-11-05 (12-56-32).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 96131
Tempo trascorso: 5 minute(s), 36 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.57.27, on 05/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\JMAPP3.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\PowerSave.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\marco mattioli\Desktop\moooo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\marco mattioli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF082A33-0578-4CBC-8423-B0A9CC7AA12D}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c987b7d22887aa) (gupdate1c987b7d22887aa) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe

--
End of file - 8452 bytes
Grazie

RikyToro · **Inviato:** ven nov 06, 2009 12:06 pm

Ha ancora problemi il PC ?

marcosesto1 · **Iscritto il:** sab mag 29, 2004 11:59 pm **Messaggi:** 77

no, va tutto bene, non ho seguito le istruzioni alla lettera, pero' sembra che vada.

RikyToro · **Inviato:** ven nov 06, 2009 3:05 pm

Ok.

Se non ti si presentano più i problemi iniziali dovresti essere a posto.

marcosesto1 · **Iscritto il:** sab mag 29, 2004 11:59 pm **Messaggi:** 77

ok speriamo, grazie.

Qualche virus?

Chi c’è in linea