mi partono mail a mia insaputa ai miei contatti con all'interno un link




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17.02.25, on 01/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
F:\Programmi\Java\jre6\bin\jqs.exe
F:\Programmi\Microsoft LifeCam\MSCamS32.exe
F:\Programmi\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
F:\Programmi\Eset\nod32krn.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
F:\WINDOWS\system32\RunDll32.exe
F:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
F:\Programmi\Eset\nod32kui.exe
F:\Programmi\Windows Defender\MSASCui.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
F:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
F:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
F:\WINDOWS\vVX1000.exe
F:\WINDOWS\system32\rundll32.exe
F:\Programmi\File comuni\Java\Java Update\jusched.exe
F:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Skype\Phone\Skype.exe
F:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
F:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
F:\Programmi\Windows Live\Contacts\wlcomm.exe
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\WINDOWS\system32\msiexec.exe
F:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "F:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "F:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VX1000] F:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "F:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UpdateReminder] F:\Programmi\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [Babylon Client] F:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ClamWin] "F:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "F:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Reboot.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - F:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - F:\Programmi\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - F:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 10380 bytes

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":


Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti trovati.
Posta il log.

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutamici.com/software?ID=11175


No, lo avrei indicato.


Quello di Malwarebytes.

Lo copi, e lo incolli in questo topic. (dopo avere eliminato eventuali file infetti trovati)

con malwarebytes ..... dovresti fare la scansione completa .... non quella veloce



ps ... non anticipare quello che ti verrà chiesto di fare in seguito .... ciao :O)

---

"/>

alla fine della scansione di MSN Virus Remover mi ha dato questa schermata,mi ha spento il computer ma non mi ha dato nessun suggerimento di cambiare password.
mi consigli di cambiarla?
grazie