Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » salti di connessione

4 pages: [1] 2 3 4
salti di connessione Opzioni
Topic Precedente · Topic Sucessivo
65maria
Inviato: Sunday, July 27, 2008 6:45:36 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
scusate vorrei sapere cosa prende al mio pc, mi salta di continuo la connessione, ho fatto delle scansioni con antivirus ma nn risulta nulla. ho provato a chidere e un amico mi ha fatto fare una scansione con hijack this, di recente mi si apre una finestra dicendomi "errore nello script di internet", quando accendo il pc mi dice che deve controllare un file sistem di tipo NTFS. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.41.59, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\TEMP\zzfiaa.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Ares\Ares.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.rossoalice.alice.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Programmi\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zzfiaa.exe] C:\WINDOWS\TEMP\zzfiaa.exe
O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AliceMessenger] C:\Programmi\Alice Messenger\alicemessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.www.sessosubito.net
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maria65italy.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1C7D19-5014-4264-9DAD-F9DC8B856E91}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 9356 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.41.59, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\TEMP\zzfiaa.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Ares\Ares.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.rossoalice.alice.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Programmi\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zzfiaa.exe] C:\WINDOWS\TEMP\zzfiaa.exe
O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AliceMessenger] C:\Programmi\Alice Messenger\alicemessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.www.sessosubito.net
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maria65italy.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1C7D19-5014-4264-9DAD-F9DC8B856E91}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 9356 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.41.59, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\TEMP\zzfiaa.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Ares\Ares.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.rossoalice.alice.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Programmi\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zzfiaa.exe] C:\WINDOWS\TEMP\zzfiaa.exe
O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AliceMessenger] C:\Programmi\Alice Messenger\alicemessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.www.sessosubito.net
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maria65italy.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1C7D19-5014-4264-9DAD-F9DC8B856E91}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 9356 bytes

questo è quello che è venuto fuori, io nn ci capisco nulla, qualcuno mi può dire se è tutto ok?

grazie
Torna in alto
 
Sponsor
Inviato: Sunday, July 27, 2008 6:45:36 PM

 
Torna in alto
 
Rudewolf
Inviato: Sunday, July 27, 2008 6:55:47 PM

Rank: AiutAmico

Iscritto dal : 5/2/2006
Posts: 6,184
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.www.sessosubito.net
Queste tre righe non dicono niente di buono,comunque aspetta il responso di r16,pidue o roselli.
Torna in alto
 
65maria
Inviato: Sunday, July 27, 2008 7:07:40 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
ok rudewolf grz
Torna in alto
 
r16
Inviato: Sunday, July 27, 2008 10:27:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao 65maria .
Con calma,e senza fretta, esegui queste operazioni :
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [zzfiaa.exe] C:\WINDOWS\TEMP\zzfiaa.exe
O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe
O4 - HKCU\..\Run: [AliceMessenger] C:\Programmi\Alice Messenger\alicemessenger.exe
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.www.sessosubito.net
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maria65italy.spaces.live.com/PhotoUpload/MsnPUpld.cab
Trova e cancella i file in rosso:
C:\WINDOWS\TEMP\zzfiaa.exe
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log.
Riavvia il computer.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

*********************************************************************************************************
Poi:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria

Dimmi se il problema si è risolto.
Torna in alto
 
65maria
Inviato: Monday, July 28, 2008 6:18:37 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
ok r16 mi ci vuole un pò di tempo, ma riuscirò a fare tutto, grz per adesso, quando avrò fatto ti posterò i log qui.
Torna in alto
 
r16
Inviato: Monday, July 28, 2008 6:23:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ti aspetto....Drool
Torna in alto
 
65maria
Inviato: Monday, July 28, 2008 10:43:36 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
nn riesco a passarti il log di virit scusami, ogni modo è risultato infetto:
C\programmi\telecom italia\ win minoport1st\srvany.exe
infetto da trojan.win32agent.BBF rimosso

questo stava scritto ti allego anche il log di hijack this


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.38.09, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\VEXPLITE\MONLITE.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Ares\Ares.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.rossoalice.alice.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Programmi\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.www.sessosubito.net
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 8835 bytes


il resto devo farlo per forza domani
Torna in alto
 
r16
Inviato: Monday, July 28, 2008 11:07:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Il log di HijackThis,è pulito.
Aspetto il log di Combofix.
Per eliminare Virit all'Avvio:
Nella schermata iniziale, clicca sulla sesta icona (Scheduler) e Togli la spunta da all'Avvio.
Per disistallare Virit,fai :
Start\Tutti Programmi, e trovi il suo Unistall.
********************************************************************************************************
Per Disinstallare combofix, fai in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
*********************************************************************************************************
Dovresti aggiornare Java, perchè hai una versione molto vecchia.
Eccoti la nuova:
http://www.aiutaamici.com/software?ID=11134
Torna in alto
 
65maria
Inviato: Tuesday, July 29, 2008 6:20:56 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
r16 ti d'ho una bella notizia e una brutta. la bella è che anche cosi da finire il lavoro che mi hai detto di fare la connessione non salta più, e la brutta è che nn ho la benchè minima idea di come fare a disabilitare l'antivirus.
Torna in alto
 
r16
Inviato: Tuesday, July 29, 2008 6:52:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao
Di norma il tasto destro applicato
all'icona in system tray (vicino all'orologio) dovrebbe consentirti di disabilitarlo.
Vedi 65maria,come è la vita alle volte......... sono capace di eliminare virus, e mi trovo in difficoltà, a disabilitare un antivirus.( e non è il primo)
Non sò se mettermi a ridere o.........Anxious
Comunque se adesso la connessione và bene ,e il pc non dà problemi,puoi fare una pulizia con CCleaner, e non accanirsi più di tanto.
Torna in alto
 
65maria
Inviato: Tuesday, July 29, 2008 6:56:12 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
beh ormai che ci sono vorrei fare tutto completamente e essere sicura di aver pulito per bene, ogni modo taglio la testa al toro (metaforicamente parlando) elimino l'antivirus e quando ho fatto lo riscarico di nuovo tanto ci vuole pochi attimi, faccio scansione e poi ti faccio vedere alla prossima, grz per adesso
Torna in alto
 
r16
Inviato: Tuesday, July 29, 2008 7:41:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Mi raccomando , non navigare in internet senza antivirus.......
AVG 8 adesso è anche in italiano.
(magari lo sapevi già).
Torna in alto
 
65maria
Inviato: Tuesday, July 29, 2008 7:43:08 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
tranquillo nn navigo senza antivirus, nn posso sempre stare al pc a togliere i cattivi, devo solo trovare il modo di toglierlo visto che nn me lo fa togliere, adesso cena ci penso dopo, appena pronta ti metto il log
Torna in alto
 
65maria
Inviato: Tuesday, July 29, 2008 9:51:11 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
quello che c'è di buono da questa storia sto imparando a mettere i topic nel forum, scherzi a parte ho fatto la scansione con combofix e sorpresa...........non riesco a metterti il log qui, (sai sono un pò duretta, ma testarda), ogni modo diceva file infetti 0. ho rifatto la scansione con hijack this e questo è il risultatoLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.43.39, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\VEXPLITE\MONLITE.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Ares\Ares.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.rossoalice.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Programmi\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.www.sessosubito.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1C7D19-5014-4264-9DAD-F9DC8B856E91}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9005 bytes



forse ho capito adesso dove ho sbagliato..........domani riprovo..........se nn mi blocca la connessione come stasera


ahhhh ti d'ho una dritta per disattivare l'antivirus basta cliccare con il dx sull'icona dell'antivirus vicino all'orologio e cliccare su esci............ma penso che era questo che mi dicevi prima.........prova di quanto sono duretta.
Torna in alto
 
65maria
Inviato: Tuesday, July 29, 2008 9:53:38 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
mi sono dimenticata di dirti che la connessione cosi regge, ma all'avvio mi si presenta sempre quella schermata celeste con scritto che deve testare il disco c da un file sistem di tipo NTFS, alla fase 2 si blocca............riproverò anche quello domani, notte grz per adesso
Torna in alto
 
r16
Inviato: Tuesday, July 29, 2008 10:37:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Allora fai anche un Scan Disk approfondito, è possibile che Hard Disk sia danneggiato.
Fai anche una deframmentazione del disco rigido.
Il log di Combofix,si trova in :C:\ComboFix.txt.
Non hai aggiornato JAVA, come ti avevo consigliato.........Not talking
Il log di HijackThis è pulito.
Torna in alto
 
65maria
Inviato: Wednesday, July 30, 2008 1:48:22 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
il java l'ho aggiornato poco dopo averti scritto,

ComboFix 08-07-28.6 - user 2008-07-29 20.30.04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.114 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-28 al 2008-07-29 )))))))))))))))))))))))))))))))))))
.

2008-07-28 21:09 . 2008-07-29 20:11 <DIR> d-------- C:\VEXPLITE
2008-07-28 21:09 . 2008-07-28 21:16 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-07-22 21:11 . 2008-07-22 21:11 <DIR> d-------- C:\Programmi\CCleaner
2008-07-22 17:31 . 2008-07-22 17:31 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-20 12:44 . 2008-07-20 12:44 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\PCToolsFirewallPlus
2008-07-20 12:40 . 2008-07-20 18:16 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\TEMP
2008-07-20 12:39 . 2008-07-20 18:56 <DIR> d-------- C:\Programmi\PC Tools Firewall Plus
2008-07-19 16:05 . 2008-07-19 16:05 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-15 21:45 . 2008-07-29 14:42 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-15 21:45 . 2008-07-15 21:50 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\AVGTOOLBAR
2008-07-15 21:45 . 2008-07-15 21:45 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-15 21:45 . 2008-07-15 21:45 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-15 21:45 . 2008-07-15 21:45 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-14 21:43 . 2008-07-29 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Avg8
2008-07-09 14:31 . 2008-07-09 14:31 <DIR> d-------- C:\Programmi\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 18:29 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\OpenOffice.org2
2008-07-29 16:47 --------- d-----w C:\Programmi\eMule
2008-07-22 19:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2008-07-15 20:12 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-07-15 16:47 --------- d-----w C:\Programmi\Alwil Software
2008-07-13 17:27 --------- d-----w C:\Programmi\NCH Swift Sound
2008-07-13 17:23 --------- d-----w C:\Programmi\Lavasoft
2008-07-13 17:23 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Lavasoft
2008-06-28 19:08 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\LimeWire
2008-06-28 18:38 --------- d-----w C:\Programmi\LimeWire
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 17:01 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-17 17:01 --------- d-----w C:\Programmi\Telecom Italia
2008-06-17 17:00 --------- d-----w C:\Programmi\Alice ti aiuta
2008-06-17 16:59 --------- d-----w C:\Programmi\Motive
2008-06-16 18:20 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Auslogics
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 11:27 119,611 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_02_19_19_26_small.dmp.zip
2008-05-23 15:22 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"ares"="C:\Programmi\Ares\Ares.exe" [2008-02-20 16:33 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 17:57 73728]
"CreativeMouse "="C:\Programmi\Mouse Driver\MouseDrv.exe" [2004-06-27 15:38 503808]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE" [2003-11-25 05:00 99840]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 16:26 936960]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-15 21:45 1232152]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-07-29 19:43 245760]
"TFncKy"="TFncKy.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-06-17 18:58:44 217088]
BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-09-30 10:16:38 691720]
InterVideo WinCinema Manager.lnk - C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-03 18:52:05 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 23:18 443968 C:\Programmi\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2007-10-18 11:26 88363 C:\WINDOWS\agrsmmsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Ares\\Ares.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-07-28 21:16]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 21:45]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-15 21:45]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-15 21:45]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-15 21:45]
R2 Start BT in service;Start BT in service;C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 10:16]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-29 19:43]
S2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://hp.rossoalice.alice.it/
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O15 -: Trusted Zone: www.www.sessosubito.net
O17 -: HKLM\CCS\Interface\{7A1C7D19-5014-4264-9DAD-F9DC8B856E91}: NameServer = 85.37.17.55 85.38.28.93

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 20:31:58
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-29 20:33:26
ComboFix-quarantined-files.txt 2008-07-29 18:33:14
ComboFix2.txt 2008-07-29 18:21:23

Pre-Run: 6,979,784,704 byte disponibili
Post-Run: 6,972,727,296 byte disponibili

147 --- E O F --- 2008-07-24 15:22:45



ce l'ho fatta finalmente
Torna in alto
 
65maria
Inviato: Wednesday, July 30, 2008 1:53:34 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
scusa la mia durezza (nn sai che gatta da pelare ti sei messo intorno ad aiutarmi) ma dove trovo il programma per fare un scan disk?
Torna in alto
 
65maria
Inviato: Wednesday, July 30, 2008 2:15:13 PM

Rank: AiutAmico

Iscritto dal : 3/9/2008
Posts: 143
trovato
Torna in alto
 
Utenti presenti in questo topic
Guest

4 pages: [1] 2 3 4

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » salti di connessione


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.