Logfile of HijackThis v1.99.1
Scan saved at 11.01.35, on 13/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\BitTornado\btdownloadgui.exe
C:\Documents and Settings\Fabio\Documenti\Fabio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search and Destroy\SDHelper.dll
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: BRedObj Class - {63CF97E8-4133-438a-A831-CC9C6D47D673} - c:\Program Files\Reg2\Reg2.dll (file missing)
O2 - BHO: BRedObj Class - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:\Program Files\Xmod\xm320.dll (file missing)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {EB8B3F24-D871-4671-A51B-B6941BAFD59C} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CJQXELSZN] C:\WINDOWS\CJQXELSZN.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [regsrv] scvhost.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eMusicClient] C:\Programmi\Winamp\eMusic\eMusicClient.exe
O4 - HKLM\..\Run: [DI2] C:\DOCUME~1\Fabio\IMPOST~1\Temp\27.exe\27.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Update Themes] C:\WINDOWS\system32\ifsubdfr.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [regsrv] scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Eandsporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O8 - Extra context menu item: Web Rebates - file://C:\Programmi\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: andFlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.playitalia.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0642e5bee8eb0ff6a106/netzip/RdxIE601_it.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.celebritaspoglie.net/all.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAD970F4-122A-4089-8F8F-F41C9CB7DA69}: NameServer = 85.37.17.8 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CAD970F4-122A-4089-8F8F-F41C9CB7DA69}: NameServer = 85.37.17.8 151.99.125.1
O21 - SSODL: Player - {0C6CD321-6406-418C-BE98-FD0AC0EBAD28} - C:\WINDOWS\system32\msortore.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - :ProgramFiles:\WinPcap\rpcapd.exe" -d -f ":ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=homeandCodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
-
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
-
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: BRedObj Class - {63CF97E8-4133-438a-A831-CC9C6D47D673} - c:\Program Files\Reg2\Reg2.dll (file missing)
O2 - BHO: BRedObj Class - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:\Program Files\Xmod\xm320.dll (file missing)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {EB8B3F24-D871-4671-A51B-B6941BAFD59C} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
-
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
-
O4 - HKLM\..\Run: [CJQXELSZN] C:\WINDOWS\CJQXELSZN.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
-
O4 - HKLM\..\Run: [regsrv] scvhost.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
-
O4 - HKLM\..\Run: [DI2] C:\DOCUME~1\Fabio\IMPOST~1\Temp\27.exe\27.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Update Themes] C:\WINDOWS\system32\ifsubdfr.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
-
O4 - HKLM\..\RunServices: [regsrv] scvhost.exe
-
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O8 - Extra context menu item: Web Rebates - file://C:\Programmi\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
-
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: andFlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
-
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.playitalia.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0642e5bee8eb0ff6a106/netzip/RdxIE601_it.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.celebritaspoglie.net/all.exe
-
O21 - SSODL: Player - {0C6CD321-6406-418C-BE98-FD0AC0EBAD28} - C:\WINDOWS\system32\msortore.dll
-
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - :ProgramFiles:\WinPcap\rpcapd.exe" -d -f ":ProgramFiles:\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,
==================================
fla.dll
Reg2.dll
xm320.dll
fln.dll
ftk.dll
lbbho.dll
CJQXELSZN.exe
whSurvey.exe
bptre.exe
scvhost.exe
P2P Networking.exe
27.exe
ifsubdfr.exe
flacpy.exe
ftkcpy.exe
msortore.dll
windowssvc.exe
==================================

ELIMINA LE CARTELLE IN ROSSO
c:\Program Files\<font color=red><b>Fla</font id=red></b>
c:\Program Files\<font color=red><b>Reg2</font id=red></b>
c:\Program Files\<font color=red><b>Xmod</font id=red></b>
c:\Program Files\<font color=red><b>Fln</font id=red></b>
c:\Program Files\<font color=red><b>Ftk</font id=red></b>
C:\Program Files\<font color=red><b>webHancer</font id=red></b>
C:\Program Files\Common Files\<font color=red><b>Java</font id=red></b>
C:\WINDOWS\System32\<font color=red><b>P2P Networking</font id=red></b>
C:\Programmi\<font color=red><b>Web_Rebates</font id=red></b>

ELIMINA IL FILE IN ROSSO CHE SI TROVA IN QUESTO PERCORSO
E:\<font color=red><b>Setup.exe</font id=red></b>

SVUOTA LA CARTELLA IN BLU
C:\DOCUME~1\Fabio\IMPOST~1\<font color=blue><b>Temp</font id=blue></b>


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA


al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.


Nel sistema manca un programma firewall, se non ne possiedi uno installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56

L'antivirus risulta disattivato, meglio fare una scansione on line da questo indirizzo
http://security.symantec.com/default.asp?productid=symhome&langid=it&venid=sym
se qui rileva virus e il tuo antivirus non riesce a correggere, ti conviene formattare e reinstallare tuitto.

---

Collaboratore Aiutamici

Visto tutta la robaccia presente, ti consiglio di formattare il disco fisso e reinstallare tutto a nuovo, senza dimenticare di reinstallare Antivirus e Firewall prima di fare il primo collegamento a internet.

---

alfonso_aiutamici@hotmail.it