Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo log Opzioni
Inviato: Monday, July 27, 2009 4:05:44 PM

Rank: AiutAmico

Iscritto dal : 12/20/2005
Posts: 1,417
Logfile of HijackThis v1.99.1
Scan saved at 15.58.20, on 27/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\utente\Documenti\ClassicEdition\mIRC.exe
C:\Documents and Settings\utente\Documenti\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PoivY] "C:\Programmi\\PoivY\PoivY.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DU Meter] C:\WINDOWS\system32\DUMeter.exe
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

Il problema riscontrato è un processo svchost che all'improvviso scarica mb. Usando il cell. come modem e pagando secondo lo scarico mi sono accorta di questa cosa. Grazie :)
Inviato: Monday, July 27, 2009 4:05:44 PM

Inviato: Monday, July 27, 2009 4:59:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
Ci sarebbero alcune cose che dovresti aggiornare:
1) il SP2 (scaricare l'SP3)
Aggiornare HijackThis.
Aggiornare il Java.

Comunque segui prima queste indicazioni:

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked

O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PoivY] "C:\Programmi\\PoivY\PoivY.exe" -nosplash -minimized
O4 - HKCU\..\Run: [DU Meter] C:\WINDOWS\system32\DUMeter.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

Dai una pulita (registro compreso)con CCleaner
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a Cancella i file in Windows Temp solo se più vecchi di 48 ore

Riavvia il pc.

Scarica ed installa MalwareBytes:
clicca qui per il download :
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

Poi posta un nuovo log di HJT.

Poi vorrei sapere se Kaspersky, funziona.
Dal log di HJT, si direbbe di no.
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
Inviato: Monday, July 27, 2009 6:44:52 PM

Rank: AiutAmico

Iscritto dal : 12/20/2005
Posts: 1,417
Ora faccio tutto, cmq il kis funziona ma l'ho aggiornato da poco al 2009 può darsi sia un file vecchio?
Inviato: Monday, July 27, 2009 11:12:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
stellina148 ha scritto:
Ora faccio tutto, cmq il kis funziona ma l'ho aggiornato da poco al 2009 può darsi sia un file vecchio?

Elimina anche quella voce, (mancando l'eseguibile non serve a niente)
Inviato: Thursday, July 30, 2009 2:01:54 PM

Rank: AiutAmico

Iscritto dal : 12/20/2005
Posts: 1,417
gli 023 non riesco ad eliminarli... consigli?
Inviato: Thursday, July 30, 2009 5:14:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
stellina148 ha scritto:
gli 023 non riesco ad eliminarli... consigli?

Quanti ne vuoi....

Hai provato in Modalità Provvisoria?

Se non funziona usa questo programma:
Scarica e installa Pserv sul desktop:
Lo lanci da "Tutti programmi" cliccando : "Services & Devices"
Nella schermata che apparirà, cerca e trova il servizio incriminato.
Clicca con il tasto destro sopra il servizio, e scegli : Delete.
Chiudi Pserv.
Riavvia il pc.
Inviato: Friday, July 31, 2009 5:12:10 PM

Rank: AiutAmico

Iscritto dal : 12/20/2005
Posts: 1,417
Logfile of HijackThis v1.99.1
Scan saved at 17.06.09, on 31/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\utente\Documenti\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

Questo è il nuovo log. La scansionecon programma malaware non ha trovato nulla.
Inviato: Friday, July 31, 2009 6:31:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
Ahi, ahi....stellina148
Ti avevo chiesto di aggiornare un pò di cose......Think
Almeno HJT, me lo aspettavo da subito.
Guarda che hai il pc ad alto rischio di infezioni, se non fai gli aggiornamenti che ti ho consigliato.
Il log và bene.
Riscontri problemi?
Inviato: Friday, July 31, 2009 9:42:12 PM

Rank: AiutAmico

Iscritto dal : 12/20/2005
Posts: 1,417
java è aggiornato, il sp3 mi crea problemi di connessione poi scarico il nuo hj...problemi solo quello che ti avevo detto :)
Inviato: Friday, July 31, 2009 11:05:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
stellina148 ha scritto:

Il problema riscontrato è un processo svchost che all'improvviso scarica mb. Usando il cell. come modem e pagando secondo lo scarico mi sono accorta di questa cosa. Grazie :)

In pratica il problema è questo.
Dovresti guardare nel Task Manager, e fra i tanti processi "svchost" individuare qual'è.
Proviamo a fare una scansione con Combofix, per vedere se rileva qualcosa.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Inviato: Monday, August 03, 2009 4:46:13 PM

Rank: AiutAmico

Iscritto dal : 12/20/2005
Posts: 1,417
Scusami sono stata assente qualche giorno... Ma dovrei scaricare combofix con antivirus e firewall disattivato?
Inviato: Monday, August 03, 2009 5:24:23 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
stellina148 ha scritto:
Scusami sono stata assente qualche giorno... Ma dovrei scaricare combofix con antivirus e firewall disattivato?

Lo scarichi, e una volta scaricato, Sconnettiti da Internet.
Poi disattivi l'antivirus e tutti i programmi con protezione in "tempo reale" che hai nel pc.
Poi fai partire la scansione.
Finita la scansione, prima di Ri-connetterti, Riattiva l'antivirus e gli altri programmi che hai disabilitato precedentemente.
Spero di essermi spiegato decentemente....Whistle
Inviato: Tuesday, August 04, 2009 9:33:20 AM

Rank: AiutAmico

Iscritto dal : 12/20/2005
Posts: 1,417
ComboFix 09-08-03.04 - utente 04/08/2009 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1015.626 [GMT 2:00]
Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Windows Live Messenger .lnk
C:\Documents and Settings\utente\Preferiti\eMule Italia .url
C:\Documents and Settings\utente\Preferiti\ Immagini animate .url
C:\Documents and Settings\utente\Preferiti\Test velocità .url

((((((((((((((((((((((((( Files Creati Da 2009-07-04 al 2009-08-04 )))))))))))))))))))))))))))))))))))

2009-08-03 15:07:32 . 2009-08-03 15:08:19 0 d-----w- C:\Programmi\Trend Micro
2009-08-03 13:46:00 . 2009-01-12 07:12:56 105344 ----a-w- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys
2009-08-03 13:46:00 . 2009-01-04 15:29:50 104960 ----a-w- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys
2009-08-03 13:46:00 . 2009-01-04 15:29:50 104960 ----a-w- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys
2009-08-03 13:45:55 . 2009-08-03 13:46:02 0 d-----w- C:\WINDOWS\system32\SupportAppXL
2009-08-03 13:45:51 . 2009-08-03 14:59:18 0 d-----w- C:\Programmi\Chiavetta Internet
2009-07-31 14:36:36 . 2009-07-31 14:36:36 0 d-----w- C:\Programmi\
2009-07-29 13:24:31 . 2009-07-29 13:24:34 0 d-----w- C:\Documents and Settings\utente\Dati applicazioni\vlc
2009-07-27 19:30:21 . 2009-07-27 19:30:21 0 d-----w- C:\Documents and Settings\utente\Dati applicazioni\Malwarebytes
2009-07-27 19:30:15 . 2009-07-13 11:36:34 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-07-27 19:30:14 . 2009-07-27 19:30:14 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2009-07-27 19:30:13 . 2009-07-27 19:30:20 0 d-----w- C:\Programmi\Malwarebytes' Anti-Malware
2009-07-27 19:30:13 . 2009-07-13 11:36:12 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-07-27 12:19:23 . 2008-03-21 11:57:18 14640 ------w- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-07-27 12:15:51 . 2009-01-29 02:15:54 23680 ----a-w- C:\WINDOWS\system32\drivers\motmodem.sys
2009-07-27 12:15:51 . 2008-03-27 02:49:38 1112288 ----a-w- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-07-25 15:58:34 . 2009-07-25 15:58:34 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Hagel Technologies
2009-07-25 15:39:06 . 2009-07-25 15:39:06 0 d-----w- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Hagel Technologies
2009-07-14 20:35:33 . 2009-07-14 20:36:47 0 d-----w- C:\Programmi\Zylom Games
2009-07-14 20:35:33 . 2009-07-14 20:35:33 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Zylom
2009-07-14 20:35:33 . 2009-03-24 09:10:44 114688 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-07-14 20:35:33 . 2006-12-12 15:07:12 161976 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-07-12 09:01:02 . 2009-07-12 09:01:02 0 d-----w- C:\Programmi\File comuni\Skype
2009-07-10 17:00:04 . 2005-07-12 10:21:02 225280 ----a-w- C:\WINDOWS\system32\KPDPMUI.dll
2009-07-10 17:00:04 . 2005-07-12 10:19:50 290816 ----a-w- C:\WINDOWS\system32\KPDPM.dll
2009-07-10 17:00:04 . 2005-06-23 14:50:04 64512 ----a-w- C:\WINDOWS\system32\PTPITCP.dll
2009-07-10 16:59:05 . 2009-07-10 16:59:05 0 d-----w- C:\WINDOWS\system32\BWKDLogs
2009-07-10 16:58:16 . 2009-07-10 16:58:16 0 d-----w- C:\Programmi\File comuni\Kodak
2009-07-10 16:57:52 . 2009-07-10 16:57:52 0 d-----w- C:\KPCMS
2009-07-10 16:57:47 . 2009-07-10 16:57:47 0 d-----w- C:\WINDOWS\system32\color
2009-07-10 16:54:14 . 2009-07-10 16:59:21 0 d-----w- C:\Programmi\Kodak
2009-07-10 16:54:06 . 2009-07-10 16:54:06 163840 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Kodak\EasyShareSetup\KDEVICES\CR2\cr_stop.exe
2009-07-10 16:54:00 . 2009-07-10 16:54:00 69632 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Kodak\EasyShareSetup\Ksu\ksustop.exe
2009-07-10 16:53:22 . 2009-07-10 16:53:22 167936 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Kodak\EasyShareSetup\CCS\CCSStop.exe
2009-07-10 16:52:38 . 2009-07-10 16:52:38 425984 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Kodak\EasyShareSetup\$SETUP_140011_1f0e206\EasyShrx.Dll
2009-07-10 16:52:38 . 2005-07-11 13:16:08 1110016 ----a-r- C:\Documents and Settings\All Users\Dati applicazioni\Kodak\EasyShareSetup\$SETUP_140011_1f0e206\Setup.exe
2009-07-10 16:52:37 . 2009-07-10 16:52:37 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Kodak
2009-07-08 10:57:26 . 2009-08-03 15:16:11 0 d-----w- C:\Programmi\Microsoft Silverlight

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
2009-08-04 07:19:18 . 2008-05-17 12:25:14 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2009-08-04 07:18:30 . 2009-05-11 09:47:34 2218528 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat
2009-08-04 07:18:23 . 2009-05-11 09:47:34 19460 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx
2009-08-04 07:16:20 . 2009-05-11 09:47:34 499744 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.dat
2009-08-04 07:16:20 . 2009-05-11 09:47:34 2788 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.idx
2009-08-03 13:45:50 . 2007-05-04 22:45:22 0 d--h--w- C:\Programmi\InstallShield Installation Information
2009-08-02 19:07:18 . 2007-06-07 20:20:27 0 d-----w- C:\Documents and Settings\utente\Dati applicazioni\Skype
2009-08-02 19:06:45 . 2007-11-20 09:47:41 0 d-----w- C:\Documents and Settings\utente\Dati applicazioni\skypePM
2009-07-27 12:19:32 . 2009-07-27 12:19:32 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-07-27 12:19:29 . 2009-07-27 12:19:29 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-27 12:17:12 . 2007-07-25 16:46:02 0 d-----w- C:\Programmi\Motorola Phone Tools
2009-07-27 12:13:26 . 2007-07-23 07:24:52 0 d-----w- C:\Programmi\Avanquest update
2009-07-25 22:15:54 . 2008-11-30 16:01:33 0 d-----w- C:\Documents and Settings\utente\Dati applicazioni\IObit
2009-07-25 12:03:59 . 2009-05-11 10:03:53 208616 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\\avp.exe
2009-07-20 06:51:25 . 2007-05-04 15:04:20 0 d-----w- C:\Programmi\Google
2009-07-16 16:02:36 . 2008-11-06 12:14:53 0 d-----w- C:\Programmi\RealArcade Games
2009-07-12 09:01:25 . 2007-11-20 09:46:58 0 d-----r- C:\Programmi\Skype
2009-07-12 09:00:58 . 2007-06-07 20:19:49 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2009-07-12 07:19:36 . 2007-07-19 07:51:01 0 d-----w- C:\Programmi\IZArc
2009-07-05 14:40:13 . 2008-11-23 09:50:05 0 d-----w- C:\Programmi\IObit
2009-07-04 19:34:28 . 2009-07-04 19:34:19 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2009-07-03 05:57:04 . 2007-05-04 22:45:23 0 d-----w- C:\Programmi\Java
2009-07-03 05:55:57 . 2009-07-03 05:55:57 152576 ----a-w- C:\Documents and Settings\utente\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-29 15:55:04 . 2004-08-19 08:00:00 827392 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-06-29 15:55:00 . 2004-08-19 08:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-06-29 15:54:59 . 2004-08-19 08:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-06-25 12:21:36 . 2009-06-25 12:21:36 86016 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\zylom\parkingdash\it-IT\ZylomHost.exe
2009-06-25 12:21:32 . 2009-06-25 12:21:32 49152 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\zylom\parkingdash\it-IT\ZylomAdapter.dll
2009-06-25 12:21:24 . 2009-06-25 12:21:24 2002944 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\zylom\parkingdash\it-IT\ParkingDash.exe
2009-06-16 14:53:19 . 2004-08-19 08:00:00 82432 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-16 14:53:19 . 2004-08-19 08:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-03 19:25:57 . 2004-08-19 08:00:00 1295872 ----a-w- C:\WINDOWS\system32\quartz.dll
2009-05-29 17:59:51 . 2009-05-11 09:48:33 94643 ----a-w- C:\WINDOWS\system32\drivers\klick.dat
2009-05-29 17:59:51 . 2009-05-11 09:48:33 105395 ----a-w- C:\WINDOWS\system32\drivers\klin.dat
2009-05-16 22:20:00 . 2009-05-16 22:20:00 75048 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes\SetupAdmin.exe
2009-05-11 10:03:58 . 2008-01-29 15:29:38 33808 ----a-w- C:\WINDOWS\system32\drivers\klbg.sys
2009-05-11 10:03:53 . 2009-05-11 10:03:53 33808 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\\klbg.sys
2009-05-11 10:03:53 . 2009-05-11 10:03:52 226832 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\\XP\klif.sys
2009-05-07 15:41:56 . 2008-05-07 12:14:50 346112 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-07-27 12:25:33 . 2008-11-08 15:18:55 134648 ----a-w- C:\Programmi\mozilla firefox\components\brwsrcmp.dll
2004-08-19 08:00:00 . 2004-08-19 08:00:00 94816 -csh--w- C:\WINDOWS\twain.dll
2004-08-19 08:00:00 . 2004-08-19 08:00:00 50688 -csh--w- C:\WINDOWS\twain_32.dll
2007-05-11 14:03:17 . 2007-05-11 14:03:17 56 -csha-w- C:\WINDOWS\SMINST\hpboot.sys
2004-08-19 08:00:00 . 2004-08-19 08:00:00 1028096 --sh--w- C:\WINDOWS\system32\mfc42.dll
2004-08-19 08:00:00 . 2004-08-19 08:00:00 54784 --sh--w- C:\WINDOWS\system32\msvcirt.dll
2004-08-19 08:00:00 . 2004-08-19 08:00:00 413696 --sh--w- C:\WINDOWS\system32\msvcp60.dll
2004-08-19 08:00:00 . 2004-08-19 08:00:00 343040 --sh--w- C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:40:54 . 2008-05-07 12:14:50 550912 --sh--w- C:\WINDOWS\system32\oleaut32.dll
2004-08-19 08:00:00 . 2004-08-19 08:00:00 83456 --sh--w- C:\WINDOWS\system32\olepro32.dll
2004-08-19 08:00:00 . 2004-08-19 08:00:00 12288 --sh--w- C:\WINDOWS\system32\regsvr32.exe

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 08:00:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34:14 5724184]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-04 19:34:21 39408]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 20:56:58 204288]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-04-06 04:20:00 122940]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 16:22:46 794713]
"QlbCtrl"="C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33:12 163840]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 13:58:26 458752]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 14:51:40 1187840]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 09:23:06 697976]
"WatchDog"="C:\Programmi\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 11:58:20 184320]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 15:04:06 707376]
"LifeCam"="C:\Programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 15:01:18 277296]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 08:47:04 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 08:46:36 135168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-15 15:55:32 185872]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-25 12:04:06 208616]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 08:00:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DVD Check.lnk - C:\Programmi\InterVideo\DVD Check\DVDCheck.exe [2007-5-4 184320]


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^ 3.0.lnk]
path=C:\Documents and Settings\utente\Menu Avvio\Programmi\Esecuzione automatica\ 3.0.lnk
backup=C:\WINDOWS\pss\ 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"EnableFirewall"= 0 (0x0)

"C:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [29/01/2008 17.29.38 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\drivers\klfltdev.sys [13/03/2008 18.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [30/04/2008 17.06.48 24592]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys --> C:\WINDOWS\system32\DRIVERS\motodrv.sys [?]
S3 Useless;Absolutely Useless LED Keyboard Control;C:\Kaizoku_Script\KEngine\Dll\Useless.sys [22/07/2003 14.21.14 4096]
Contenuto della cartella 'Scheduled Tasks'

2009-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]

2009-08-04 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04 19:34:16 . 2009-07-04 19:34:16]

2009-08-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2009-07-04 19:30:53 . 2009-07-04 19:30:50]

2009-08-03 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2009-07-04 19:30:53 . 2009-07-04 19:30:50]

2009-08-02 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-05 14:40:14 . 2009-07-02 07:22:24]

Notify-dimsntfy - (no file)

------- Scansione supplementare -------
uStart Page = hxxp://
uSearchMigratedDefaultURL = hxxp://{searchTerms}&sourceid=ie7&
uInternet Connection Wizard,ShellNext = hxxp://
uSearchURL,(Default) = hxxp://
IE: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\
FF - ProfilePath - C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\1hf473h4.default\
FF - prefs.js: browser.startup.homepage - hxxp://
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: C:\Documents and Settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\1hf473h4.default\extensions\\plugins\npTVUAx.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: C:\Programmi\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: C:\Programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: C:\Programmi\Google\Update\\npGoogleOneClick8.dll
FF - plugin: C:\Programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
Inviato: Tuesday, August 04, 2009 2:41:17 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
Combofix ha eliminato alcune infezioni.
Nessun risultato positivo?
Vorrei che facessi una scansione nella lettera E:\
Si tratta di una partizione, oppure di una chiavetta?
Scansionala singolarmente con Kaspersky. (tasto destro sopra il disco rimovibile o partizione , e fai la scansione)

Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Inviato: Tuesday, August 04, 2009 5:40:45 PM

Rank: AiutAmico

Iscritto dal : 12/20/2005
Posts: 1,417
Fatto tutto questo è il mio nuovo log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.37.36, on 04/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Trend Micro\HijackThiss\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EB863FA-57E5-49D3-BFA3-DAACE196BBA6}: NameServer =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

End of file - 8076 bytes

C'è un modo per scoprire questi svchost da dove inviano dati? Grazie :)
Inviato: Tuesday, August 04, 2009 10:48:56 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
Il file svchost, viene usato da molti programmi.
Ti posto un link, in cui scaricando un tooll (Process Explorer, ) è possibile sapere ulteriori e approfondite informazioni sui processi svchost.(oltre agli altri )

Ecco anche una guida per l'uso:
Utenti presenti in questo topic

Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another versione (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another All rights reserved.