Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » spyware doctor segnala 185 intrusioni!!!!!!!!!!!!!aiuto .....

spyware doctor segnala 185 intrusioni!!!!!!!!!!!!!aiuto ..... Opzioni
Topic Precedente · Topic Sucessivo
niky13
Inviato: Saturday, January 31, 2009 6:23:07 PM
Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0
salve,
sono di nuovo qui,il mio pc e ralentato al massimo,non arrivo più a collegarmi a internet ne con IE7,ne con mozilla, mi stacca di continuo la comunicazione .
avrei bisogno d'aiuto.grazie Niky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.21.52, on 31/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\PMJ151LA.BIN
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\QuickTime\QTTask.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmi\IMVU\IMVUClient.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Programmi\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\NIKY\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nikypic.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0103B230-36E9-473C-9359-242B79C30789} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Programmi\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 25918 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, January 31, 2009 6:23:07 PM

 
Torna in alto
 
r16
Inviato: Saturday, January 31, 2009 6:56:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
Elimina TUTTE le 018
Trova e cancella i file in rosso:
C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (è una cartella.)

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp.
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Riavvia il pc.
*********************************************************************************************************
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema e, una volta terminata la scansione,assicurati che tutti i files evidenziati, siano selezionati, e clicca Rimuovi Selezionati
Posta il log.
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Poi alla fine posta un log aggiornato di HJT.(assieme a quelli richiesti)
Torna in alto
 
niky13
Inviato: Saturday, January 31, 2009 9:47:47 PM
Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0
C:\Documents and Settings\ADA\Preferiti\banca\UniCredit Banca - Servizi bancari per la persona, la famiglia e la piccola impresa - UniCredit Banca.url : favicon (6966 bytes)
C:\Documents and Settings\ADA\Preferiti\casa\Coin - eventi - Natale Coin, a new Christmas experience.url : favicon (2550 bytes)
C:\Documents and Settings\ADA\Preferiti\fotografia\Alberto Segramora.url : favicon (3638 bytes)
C:\Documents and Settings\ADA\Preferiti\fotografia\Benvenuto in Flickr!.url : favicon (1150 bytes)
C:\Documents and Settings\ADA\Preferiti\fotografia\Canon EOS 450D 12 Megapixel e Live View Digitali Canon.url : favicon (894 bytes)
C:\Documents and Settings\ADA\Preferiti\fotografia\Chrysis.net - Manuale di Fotografia.url : favicon (7886 bytes)
C:\Documents and Settings\ADA\Preferiti\fotografia\Come fotografare le modelle.url : favicon (7406 bytes)
C:\Documents and Settings\ADA\Preferiti\fotografia\flickr girls.url : favicon (1150 bytes)
C:\Documents and Settings\ADA\Preferiti\fotografia\IL SITO SU FULMINI, SISMOGRAFIA E METEOROLOGIA - FOTOGRAFARE I FULMINI.url : favicon (2238 bytes)
C:\Documents and Settings\ADA\Preferiti\fotografia\nital.it - Corso base di fotografia digitale.url : favicon (894 bytes)
C:\Documents and Settings\ADA\Preferiti\informatica\Aiutamici.com.url : favicon (2862 bytes)
C:\Documents and Settings\ADA\Preferiti\informatica\Nuovo server per MegaLab.it [MegaLab.it].url : favicon (188 bytes)
C:\Documents and Settings\ADA\Preferiti\informatica\PC PRIMI PASSI,il portale italiano per i neofiti del computer,corsi,servizi gratuiti,articoli,aiuto, soluzione problemi softwar.url : favicon (3638 bytes)
C:\Documents and Settings\ADA\Preferiti\judo\Associazione Laus Judo.url : favicon (1406 bytes)
C:\Documents and Settings\ADA\Preferiti\judo\Fijlkam F.V.G. - News - Judo - Alla Ginnastica Triestina il 13° Trofeo Biancoceleste - News.url : favicon (1152 bytes)
C:\Documents and Settings\ADA\Preferiti\judo\Judo Club Tolmezzo - Home.url : favicon (1150 bytes)
C:\Documents and Settings\ADA\Preferiti\judo\Lustige Videos - Gratis Fun Video - Deine funny Videos bei Clipfish.url : favicon (1406 bytes)
C:\Documents and Settings\ADA\Preferiti\Libero.url : favicon (318 bytes)
C:\Documents and Settings\ADA\Preferiti\shopping\ShopMania - Trova i migliori prezzi d'Italia, leggi opinioni.url : favicon (1150 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : DFC5A2B2 (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : DFC5A2B2 (104 bytes)
C:\Documents and Settings\NIKY\Preferiti\Blog de just-us90 - Skyrock.com.url : favicon (318 bytes)
C:\Documents and Settings\NIKY\Preferiti\Entertainment Weekly's EW.com Entertainment News TV News TV Shows Movie, Music and DVD Reviews.url : favicon (318 bytes)
C:\Documents and Settings\NIKY\Preferiti\fotografia\Benvenuto in Flickr - Condivisione di foto.url : favicon (1150 bytes)
C:\Documents and Settings\NIKY\Preferiti\fotografia\Flickr Organizza le tue foto.url : favicon (1150 bytes)
C:\Documents and Settings\NIKY\Preferiti\Grey's Anatomy\episode 2.url : favicon (2550 bytes)
C:\Documents and Settings\NIKY\Preferiti\GUCCI Donna - GUCCI - YOOX - Moda, Abbigliamento, Fashion & Design online.url : favicon (1406 bytes)
C:\Documents and Settings\NIKY\Preferiti\importante\Corretta procedura di formattazione - Problemi Informatici - Aiutamici Forum.url : favicon (2862 bytes)
C:\Documents and Settings\NIKY\Preferiti\judo\riviste informatica\Download CHIP.eu - Freeware, Shareware, Demo, Test, Recensioni, Domande e Risposte, Trucchi, Community.url : favicon (1406 bytes)
C:\Documents and Settings\NIKY\Preferiti\judo\UISP Area Discipline Orientali.url : favicon (1406 bytes)
C:\Documents and Settings\NIKY\Preferiti\Nicole Kidman @ Nicole's Magic » the #1 fansite for nicole.url : favicon (1406 bytes)
C:\Documents and Settings\NIKY\Preferiti\NIKY\frasiiiiii.url : favicon (3262 bytes)
C:\Documents and Settings\NIKY\Preferiti\NIKY\TV-Shows.url : favicon (894 bytes)
C:\Documents and Settings\NIKY\Preferiti\Online Web Series Guide Veoh Video Network.url : favicon (2550 bytes)

questo e il risultato ,ma non so quali sono questi ADS,il log l'ho postato da l'altro pc.
l'eliminazione della cartella temp non è riuscita,ripeteva programma in uso
sono ferma qui ,che faccio?
salve niky
Torna in alto
 
r16
Inviato: Saturday, January 31, 2009 10:06:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
niky13 ha scritto:
C:\
l'eliminazione della cartella temp non è riuscita,ripeteva programma in uso
sono ferma qui ,che faccio?
salve niky


Non ci siamo capiti, (o hai letto male il post)
NON DEVI ELIMINARLA LA CARTELLA TEMP, la devi SVUOTARE del suo contenuto.
Se trovi dei file che non riesci a eliminare (in uso) fà niente, prosegui con le altre operazioni.

Per gli ADS: spunta tutte le caselline e clicca su Remove selected

Quello che mi interessa veramente sono i log delle scansioni di Malwarebytes e Combofix.
E, per favore, esegui alla lettera le istruzioni che riguardano Combofix.
Torna in alto
 
niky13
Inviato: Sunday, February 01, 2009 12:58:06 AM
Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0
Malwarebytes' Anti-Malware 1.33
Versione del database: 1654
Windows 5.1.2600 Service Pack 3

01/02/2009 0.52.19
mbam-log-2009-02-01 (00-52-19).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 173848
Tempo trascorso: 1 hour(s), 21 minute(s), 37 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\NIKY\DoctorWeb\Quarantine\A0083327.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\NIKY\DoctorWeb\Quarantine\Setup.exe (Adware.Zango) -> Quarantined and deleted successfully.
ciao,
per domani il risultato di combofix.
continuo domani.......buona notte e grazie
Torna in alto
 
a.roselli
Inviato: Sunday, February 01, 2009 1:15:21 AM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,055
Adware.Zango è una brutta bestia, riavvia in modalità provvisoria, disattiva il ripristino di configurazione e lancia Spybot, alla fine della scansione riavvia nuovamente in modalità provvisoria e lancia nuovamente Spybot, continua cosi fino a che non da più problemi, poi inserisci nuovamente il log di Hijack da fare in avvio normale.
alfonso_aiutamici@hotmail.it
Torna in alto
 
niky13
Inviato: Sunday, February 01, 2009 10:34:01 AM
Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0
ComboFix 09-01-31.01 - NIKY 2009-02-01 10.06.38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1022.497 [GMT 1:00]
Eseguito da: c:\documents and settings\NIKY\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
FW: Norton Internet Worm Protection *disabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-01-01 al 2009-02-01 )))))))))))))))))))))))))))))))))))
.

2009-01-31 19:38 . 2009-01-31 19:38 <DIR> d-------- c:\programmi\CCleaner
2009-01-27 18:22 . 2009-01-27 19:32 <DIR> d-------- c:\documents and settings\NIKY\DoctorWeb
2009-01-25 10:48 . 2009-01-25 10:48 <DIR> d-------- c:\programmi\Trend Micro
2009-01-24 18:17 . 2009-01-24 18:17 <DIR> d-------- c:\documents and settings\NIKY\Dati applicazioni\Malwarebytes
2009-01-24 18:16 . 2009-01-31 23:21 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-24 18:16 . 2009-01-24 18:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-24 18:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-24 18:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-22 18:16 . 2009-01-22 18:16 <DIR> d-------- c:\programmi\CVeM PRO
2009-01-19 19:38 . 2009-01-19 19:38 <DIR> d-------- c:\windows\system32\it
2009-01-19 19:38 . 2009-01-19 19:38 <DIR> d-------- c:\windows\system32\bits
2009-01-19 19:38 . 2009-01-19 19:38 <DIR> d-------- c:\windows\l2schemas
2009-01-19 19:26 . 2009-01-19 19:40 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-19 18:57 . 2009-01-19 18:57 <DIR> d-------- c:\windows\EHome
2009-01-02 22:14 . 2009-01-02 22:14 <DIR> d-------- c:\programmi\Veoh Networks
2009-01-01 14:55 . 2009-01-23 18:15 <DIR> d-------- c:\programmi\eMule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 09:19 35,875,872 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-01 09:17 1,183,264 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-01 09:14 482,432 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-01 09:14 111,884 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-01 08:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-01-31 19:34 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-31 14:07 --------- d-----w c:\programmi\CDDC-MahJongg
2009-01-31 09:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-01-30 14:01 --------- d-----w c:\programmi\File comuni\Symantec Shared
2009-01-30 14:00 --------- d-----w c:\programmi\Norton Security Scan
2009-01-30 07:52 --------- d-----w c:\programmi\Spyware Doctor
2009-01-21 19:15 --------- d-----w c:\documents and settings\NIKY\Dati applicazioni\LimeWire
2009-01-19 19:03 --------- d-----w c:\programmi\Google
2009-01-02 18:45 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-30 17:20 --------- d-----w c:\documents and settings\NIKY\Dati applicazioni\Any Video Converter
2008-12-12 23:30 --------- d-----w c:\documents and settings\NIKY\Dati applicazioni\toshiba
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 14:18 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-08 14:18 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-08 14:10 --------- d-----w c:\programmi\Nokia
2008-12-08 14:07 --------- d-----w c:\programmi\File comuni\Nokia
2008-12-08 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2008-12-01 17:17 --------- d-----w c:\programmi\AceBIT
2007-10-06 19:49 328,656 ----a-w c:\documents and settings\NIKY\vdownloader.zip
2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 09:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-07-14 10:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r c:\windows\system32\cygz.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2004-01-24 22:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2007-02-21 11:47 31,744 --sh--r c:\windows\system32\msfDX.dll
2005-02-28 11:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-24 22:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"LDM"="c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-19 36864]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-06-13 2137024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"THotkey"="c:\programmi\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"Tvs"="c:\programmi\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"YeppStudioAgent"="c:\programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-09-12 40960]
"SweetIM"="c:\programmi\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"NSLauncher"="c:\programmi\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MMTray"="c:\programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 29744]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"TPSMain"="TPSMain.exe" [2005-08-04 c:\windows\system32\TPSMain.exe]
"TDispVol"="TDispVol.exe" [2005-09-16 c:\windows\system32\TDispVol.exe]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\ADA\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 1744896]
Device Detector 3.lnk - c:\programmi\Olympus\DeviceDetector\DevDtct2.exe [2007-09-16 118784]
Directrec Configuration Tool.lnk - c:\programmi\Olympus\DeviceDetector\DirectrecConfig.exe [2007-09-16 122880]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-19 196608]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2006-04-02 450560]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-09-03 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]
R4 PMJ151NM;Panasonic DVC Web Camera;c:\windows\system32\drivers\PMJ151NM.sys [2006-10-21 14848]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-18 29744]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [2008-11-16 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d0b7b40-1da8-11db-9af9-00a0d1308fb9}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4ef7eb1-15ee-11dd-aac2-00037a1181b2}]
\Shell\AutoRun\command - E:\qwc.exe
\Shell\explore\Command - E:\qwc.exe
\Shell\open\Command - E:\qwc.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-30 c:\windows\Tasks\Norton Security Scan for NIKY.job
- c:\programmi\Norton Security Scan\Nss.exe [2008-12-11 17:49]

2009-01-31 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-BitDefender Antiphishing Helper - c:\programmi\BitDefender\BitDefender 2008\IEShow.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\NIKY\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\NIKY\Dati applicazioni\Mozilla\Firefox\Profiles\4if0hgk2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\programmi\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\programmi\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 10:16:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PMJ151LA]
"ImagePath"="%SystemRoot%\PMJ151LA.BIN"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2060361960-2196133-3887048701-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b9,18,de,01,2c,0d,c7,5b,95,a5,05,4f,be,63,38,fb,cd,80,34,bb,3d,ca,b3,
f3,73,a2,80,e2,78,e5,bb,0e,76,50,f4,05,31,ab,56,64,78,41,bc,f5,62,f4,55,e4,\
"??"=hex:7f,d7,7b,f8,f6,90,34,61,3a,85,55,3c,2e,59,05,e4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,fe,ae,02,2e,e1,
9e,61,38,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,af,24,70,fc,71,
5f,c2,e6,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,bc,73,3c,b9,c4,
32,48,1b,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,4d,34,97,ed,0a,
f5,94,85,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fb,a8,49,7b,b4,
94,e1,1c,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,83,f2,cb,21,74,
5c,17,f6,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c1,5b,9d,d1,d8,
1b,cf,eb,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,43,ed,db,4a,4e,
87,dd,e6,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1c,9c,b6,05,91,
df,53,af,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,82,ad,91,5c,41,
df,19,6d,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,3d,c2,c9,2d,1a,
1f,61,0f,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,19,14,7a,3c,70,
86,84,1e,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1476)
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll

- - - - - - - > 'lsass.exe'(1532)
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Toshiba\ConfigFree\CFSvcs.exe
c:\programmi\Olympus\DeviceDetector\DM1Service.exe
c:\windows\system32\DVDRAMSV.exe
c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\PMJ151LA.BIN
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Synaptics\SynTP\Toshiba.exe
c:\programmi\Toshiba\ConfigFree\CFSServ.exe
c:\windows\system32\TPSBattM.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-01 10:24:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-01 09:24:02

Pre-Run: 23.690.514.432 byte disponibili
Post-Run: 23,936,143,360 byte disponibili

304 --- E O F --- 2009-01-31 23:59:25

Ho visto che mi è arrivata un'altra e-mail secondo la quale devo scaricare spybot e fare una serie di altre operazioni.
Dove devo scaricarlo?E quindi devo fare anche queste altre operazioni?
Aspetto una vostra risposta ricordandovi che non me ne intendo molto di computer e che avrei biswogno di qualche spiegazione in più.
Grazie fin da ora...Pray
Niky
Torna in alto
 
r16
Inviato: Sunday, February 01, 2009 1:03:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Vorrei sapere se il pc è migliorato, e che eventuali problemi sono rimasti.
posta un log aggiornato di HJT.
Torna in alto
 
niky13
Inviato: Sunday, February 01, 2009 3:10:23 PM
Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.06.02, on 01/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\PMJ151LA.BIN
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\Toshiba.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmi\IMVU\IMVUClient.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Programmi\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\NIKY\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nikypic.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Programmi\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 13148 bytes
ciao r16,il pc continua a comportarsi in modo anomalo,e molto lento e continua a scollegarsi dalla rete.
salve niky
Torna in alto
 
r16
Inviato: Sunday, February 01, 2009 3:32:29 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Programmi\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\NIKY\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nikypic.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Trova e cancella i file in rosso:
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe(è una cartella)

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)

Scarica Spy-Bot da qui http://www.aiutaamici.com/software?ID=10831 e fai una scansione sempre in Modalità Provvisoria.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il computer.
Vedi se cambia qualcosa.
Torna in alto
 
niky13
Inviato: Sunday, February 01, 2009 8:54:43 PM
Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0
VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
01/02/2009 - 18:00:14

[SCANSIONE DEL REGISTRO]
{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} Infetto da BHO.Softomate.D
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Programmi\MUSICMATCH\Musicmatch Jukebox\mmlicmgr.dll Infetto da Packer.Vundo.Gen
* * * RIMOSSO * * *
C:\Programmi\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.inp Infetto da Packer.Vundo.Gen
* * * RIMOSSO * * *
C:\Programmi\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.out Infetto da Packer.Vundo.Gen
* * * RIMOSSO * * *

[D:]


Chiavi Registro infette: 1.
Files Infetti: 3.
Files Sospetti: 0.
Files Analizzati: 99246.
Files Totali: 99246.
Chiavi Registro rimosse: 1.
Virus Rimossi: 3.

[SCANSIONE DELLA MEMORIA]
OK
01/02/2009 - 20:46:13

[SCANSIONE DELLA MEMORIA]
OK
ora pulisco con ccleaner
Torna in alto
 
niky13
Inviato: Sunday, February 01, 2009 10:11:25 PM
Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0
salve r16,
sembra che il pc funzioni molto meglio.
si è velocizzato ,non mi da problemi di connessione con mozilla.
IE7 continua a richiedermi la connessione a internet ,io non so cosa fare.
per tutti i programmi che ho scaricato come devo comportarmi?
un amico mi ha detto che ho troppi programmi nella barra delle applicazioni in funzione,ma ne io ne lui conosciamo il sistema per
eliminarli dalla barra.
ti ringrazio per i consigli che potrai darmi ,tante grazie per tutto.Applause
Torna in alto
 
r16
Inviato: Sunday, February 01, 2009 10:24:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per IE prova cosi:
Clicca su Strumenti\Opzioni internet\Avanzate.
Sotto vedrai un pulsante con scritto "reimposta" cliccalo e vedi se migliora.
Elimina la cartella (se la trovi) in rosso:
C:\Programmi\MUSICMATCH
Poi il tuo amico ha ragione che sei pieno di programmi, io te ne ho levati 9 dall'avvio.
Se non li usi tutti, eliminane un pò.
Per disistallare Virit,fai :
Start\Tutti Programmi, e trovi il suo Unistall.
Hai eliminato la cartella in rosso?
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe(è una cartella)


Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)

Malwarebytes tienilo, che è buono, ricorda solo di aggiornarlo prima di ogni scansione.
Torna in alto
 
niky13
Inviato: Sunday, February 01, 2009 11:13:04 PM
Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0
Elimina la cartella (se la trovi) in rosso:
C:\Programmi\MUSICMATCH
per tutto il resto e ok.
per la cartella
C:\Programmi\MUSICMATCH non ci sono riuscita mi dice accesso negato per " core dll."
come devo fare?
Torna in alto
 
r16
Inviato: Monday, February 02, 2009 5:33:45 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Elimina questa voce di HJT:
O4 - HKLM\..\Run: [MMTray] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
Almeno la disattiviamo dall'avvio.
Poi fai una pulizia con CCleaner.
Se il pc và bene, lasciamolo cosi.
Se noti problemi, sono qui.
Ciao.
Torna in alto
 
niky13
Inviato: Monday, February 02, 2009 6:48:41 PM
Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0
salve r16,
Ti ringrazio molto per l'aiuto.
Ho cancellato la cartella, ora provo il pc.
saluti e grazie per tutto.
Applause
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » spyware doctor segnala 185 intrusioni!!!!!!!!!!!!!aiuto .....


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.