Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi controllate il log di Haijackthis per favore, grazie mille! Opzioni
enzino85
Inviato: Friday, September 12, 2008 11:37:11 AM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.32.23, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\V0350Mon.exe
C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Bonjour\mDNSResponder.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Dit.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
C:\Programmi\ATI Multimedia\main\launchpd.exe
C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\DesktopEarth\DesktopEarth.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programmi\DiskUtility\totalcmd\TOTALCMD.EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\DiskUtility\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {233b7e58-e3fc-969a-92c4-c674a8cc0d75} - {57d0cc8a-476c-4c29-a969-cf3e85e7b332} - C:\WINDOWS\system32\rdylbw.dll
O2 - BHO: (no name) - {71373331-C717-45AE-BFDE-DDB509348258} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {ADEFCC73-BD41-44F8-8A2F-5DFB45EBD59B} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AAWTray] D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [00fb0bdb] rundll32.exe "C:\WINDOWS\system32\rbscmwsl.dll",b
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programmi\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206924886906
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F161C967-45DA-43F4-B2F4-282DE0ED0F46}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rdylbw.dll
O20 - Winlogon Notify: ljJASmKC - ljJASmKC.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programmi\Foto\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Programmi\Burn\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 13881 bytes
Sponsor
Inviato: Friday, September 12, 2008 11:37:11 AM

 
r16
Inviato: Friday, September 12, 2008 12:44:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao per il momento fai queste operazioni ,poi questa sera ti riprendo.
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il computer.
*********************************************************************************************************
Poi, esegui alla lettera queste indicazioni:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.
enzino85
Inviato: Friday, September 12, 2008 5:38:15 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Ho fatto quello indicato, ad eccezione dell'avvio in modalità provvisoria perchè mi esce l'errore di a347bus.sys
Allego i due log ottenuti con hijackthis e con Combofix
Grazie di nuovo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.45.31, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PSIService.exe
d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\V0350Mon.exe
C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Dit.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Multimedia\main\launchpd.exe
C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\DesktopEarth\DesktopEarth.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\desktop\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
D:\Programmi\DiskUtility\totalcmd\TOTALCMD.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\Burn\Nero 7\Nero StartSmart\NeroStartSmart.exe
D:\Programmi\Burn\Nero 7\Core\nero.exe
D:\Programmi\Burn\Nero 7\Core\nero.exe
D:\Programmi\Burn\Nero 7\Core\nero.exe
D:\Programmi\Burn\Nero 7\Core\nero.exe
D:\Programmi\DiskUtility\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {233b7e58-e3fc-969a-92c4-c674a8cc0d75} - {57d0cc8a-476c-4c29-a969-cf3e85e7b332} - C:\WINDOWS\system32\rdylbw.dll
O2 - BHO: (no name) - {71373331-C717-45AE-BFDE-DDB509348258} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {ADEFCC73-BD41-44F8-8A2F-5DFB45EBD59B} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AAWTray] D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206924886906
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F161C967-45DA-43F4-B2F4-282DE0ED0F46}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rdylbw.dll
O20 - Winlogon Notify: ljJASmKC - ljJASmKC.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programmi\Foto\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Programmi\Burn\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 14215 bytes


ComboFix 08-09-11.02 - desktop 2008-09-12 16.57.08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1492 [GMT 2:00]
Eseguito da: C:\Documents and Settings\desktop\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - system32: deleted 0 bytes in 1 streams.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\desktop\Cookies\desktop@atdmt[1].txt.virtual.lnk
C:\Documents and Settings\desktop\Cookies\desktop@bs.serving-sys[1].txt.virtual.lnk
C:\Documents and Settings\desktop\Cookies\desktop@google[1].txt.virtual.lnk
C:\Documents and Settings\desktop\Cookies\desktop@google[2].txt.virtual.lnk
C:\Documents and Settings\desktop\Cookies\desktop@messenger.msn[1].txt.virtual.lnk
C:\Documents and Settings\desktop\Cookies\desktop@msn[2].txt.virtual.lnk
C:\Documents and Settings\desktop\Cookies\desktop@rad.msn[2].txt.virtual.lnk
C:\Documents and Settings\desktop\Cookies\desktop@serving-sys[1].txt.virtual.lnk
C:\Documents and Settings\desktop\Dati applicazioni\inst.exe
C:\Programmi\akl
C:\Programmi\akl\akl.dll
C:\Programmi\akl\akl.exe
C:\Programmi\akl\uninstall.exe
C:\Programmi\akl\unsetup.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\680984.exe
C:\WINDOWS\system32\drivers\downld\710171.exe
C:\WINDOWS\system32\drivers\downld\722921.exe
C:\WINDOWS\system32\drivers\downld\774390.exe
C:\WINDOWS\system32\drivers\downld\792718.exe
C:\WINDOWS\system32\drivers\downld\807843.exe
C:\WINDOWS\system32\drivers\downld\815281.exe
C:\WINDOWS\system32\eltonnkq.dll
C:\WINDOWS\system32\fcyrhaye.ini
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\jilRtBeg.ini
C:\WINDOWS\system32\jilRtBeg.ini2
C:\WINDOWS\system32\kpwifvfi.ini
C:\WINDOWS\system32\lilkewtl.dll
C:\WINDOWS\system32\lswmcsbr.ini
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\ndxqfvid.dll
C:\WINDOWS\system32\nekwqn.dll
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\poyfyylj.dll
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\rdylbw.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\rvtrxm.dll
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\txpwxfjd.ini
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vzqfow.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
D:\RECYCLER\mxfilerelatedcache.mxc2

----- BITS: Sites possivelmente infetados -----

http://pornotube30.net
.
((((((((((((((((((((((((( Files Creati Da 2008-08-12 al 2008-09-12 )))))))))))))))))))))))))))))))))))
.

2008-12-22 06:59 . 2008-12-22 06:59 447,200 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2008-12-22 06:59 . 2008-12-22 06:59 332,512 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-22 06:59 . 2008-12-22 06:59 25,312 --a------ C:\WINDOWS\system32\SamsungVfWCodec.dll
2008-12-22 06:59 . 2008-12-22 06:59 25,312 --a------ C:\WINDOWS\system32\DivXVfWCodec.dll
2008-12-22 06:58 . 2008-12-22 06:58 1,155,808 --a------ C:\WINDOWS\system32\3ivx.dll
2008-12-22 06:52 . 2008-12-22 06:52 66,272 --a------ C:\WINDOWS\system32\libfaac.dll
2008-09-12 14:42 . 2008-09-12 15:41 <DIR> d-------- C:\VEXPLITE
2008-09-12 14:42 . 2008-08-30 12:11 40,960 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-09-12 09:47 . 2008-09-12 09:47 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-09-12 09:40 . 2008-09-12 09:40 1,409 --a------ C:\WINDOWS\system32\tmpD89F1.FOT
2008-09-12 09:40 . 2008-09-12 09:40 1,409 --a------ C:\WINDOWS\system32\tmpC37F1.FOT
2008-09-12 09:40 . 2008-09-12 09:40 1,409 --a------ C:\WINDOWS\system32\tmpABCF1.FOT
2008-09-12 09:40 . 2008-09-12 09:40 1,409 --a------ C:\WINDOWS\system32\tmp9A7F1.FOT
2008-09-12 09:40 . 2008-09-12 09:40 1,409 --a------ C:\WINDOWS\system32\tmp6BAF1.FOT
2008-09-12 09:39 . 2008-09-12 09:39 1,409 --a------ C:\WINDOWS\system32\tmpD3FE1.FOT
2008-09-12 09:39 . 2008-09-12 09:39 1,409 --a------ C:\WINDOWS\system32\tmp3C0F1.FOT
2008-09-12 09:18 . 2004-07-09 00:29 145 --------- C:\WINDOWS\hpgmdl01.dat
2008-09-12 09:17 . 2008-09-12 09:17 1,409 --a------ C:\WINDOWS\system32\tmpFA012.FOT
2008-09-12 09:17 . 2008-09-12 09:17 1,409 --a------ C:\WINDOWS\system32\tmpC2112.FOT
2008-09-12 09:17 . 2008-09-12 09:17 1,409 --a------ C:\WINDOWS\system32\tmpBE312.FOT
2008-09-12 09:17 . 2008-09-12 09:17 1,409 --a------ C:\WINDOWS\system32\tmp9B112.FOT
2008-09-12 09:17 . 2008-09-12 09:17 1,409 --a------ C:\WINDOWS\system32\tmp86412.FOT
2008-09-12 09:17 . 2008-09-12 09:17 1,409 --a------ C:\WINDOWS\system32\tmp62212.FOT
2008-09-12 09:17 . 2008-09-12 09:17 1,409 --a------ C:\WINDOWS\system32\tmp0D512.FOT
2008-09-12 09:09 . 2008-09-12 09:09 1,409 --a------ C:\WINDOWS\system32\tmpC2852.FOT
2008-09-12 09:09 . 2008-09-12 09:09 1,409 --a------ C:\WINDOWS\system32\tmpA2B52.FOT
2008-09-12 09:09 . 2008-09-12 09:09 1,409 --a------ C:\WINDOWS\system32\tmp64952.FOT
2008-09-12 09:09 . 2008-09-12 09:09 1,409 --a------ C:\WINDOWS\system32\tmp41C52.FOT
2008-09-12 09:09 . 2008-09-12 09:09 1,409 --a------ C:\WINDOWS\system32\tmp31752.FOT
2008-09-12 09:09 . 2008-09-12 09:09 1,409 --a------ C:\WINDOWS\system32\tmp21F52.FOT
2008-09-12 09:09 . 2008-09-12 09:09 1,409 --a------ C:\WINDOWS\system32\tmp02A52.FOT
2008-09-12 02:24 . 2008-09-12 02:11 104,036 --------- C:\WINDOWS\hpoins04.dat.temp
2008-09-12 02:24 . 2004-06-22 02:36 17,176 --------- C:\WINDOWS\hpomdl04.dat.temp
2008-09-12 02:19 . 2007-01-26 01:16 794,624 -ra------ C:\WINDOWS\system32\hpgt4070.dll
2008-09-12 02:19 . 2007-01-26 01:18 626,688 -ra------ C:\WINDOWS\system32\hpxp4070.dll
2008-09-12 02:19 . 2007-01-26 01:17 442,368 -ra------ C:\WINDOWS\system32\hp4070co.dll
2008-09-12 02:13 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-09-12 02:13 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-09-12 02:13 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-09-12 02:13 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-09-12 02:13 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-09-12 02:13 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-09-12 02:09 . 2008-09-12 08:53 104,084 --a------ C:\WINDOWS\hpoins04.dat
2008-09-12 02:09 . 2004-06-22 02:36 17,176 --------- C:\WINDOWS\hpomdl04.dat
2008-09-12 02:08 . 2008-09-12 02:09 <DIR> d-------- C:\temp\HP_WebRelease
2008-09-12 01:46 . 2008-09-12 01:46 <DIR> d-------- C:\Programmi\XPC Tools
2008-09-12 01:21 . 2008-09-12 01:21 <DIR> d-------- C:\Programmi\Hewlett-Packard
2008-09-12 01:21 . 2008-09-12 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Hewlett-Packard
2008-09-12 00:59 . 2008-09-12 00:59 <DIR> d-------- C:\CompChecker
2008-09-11 21:44 . 2008-09-12 01:26 85,296 --------- C:\WINDOWS\hpgins01.dat.temp
2008-09-11 21:44 . 2004-07-08 15:29 145 --------- C:\WINDOWS\hpgmdl01.dat.temp
2008-09-11 21:42 . 2008-09-11 21:43 <DIR> d-------- C:\col8356
2008-09-11 21:40 . 2008-09-11 21:40 <DIR> d-------- C:\temp\ispatch
2008-09-11 21:40 . 2008-09-11 21:40 <DIR> d-------- C:\COL9278
2008-09-11 21:27 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-09-11 21:27 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-09-11 21:27 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-09-11 21:25 . 2008-09-11 21:25 <DIR> d-------- C:\Programmi\File comuni\HP
2008-09-11 21:24 . 2008-09-11 21:24 <DIR> d-------- C:\Programmi\File comuni\Hewlett-Packard
2008-09-11 21:23 . 2008-09-12 02:13 <DIR> d-------- C:\Programmi\HP
2008-09-11 21:23 . 2008-09-12 09:35 85,303 --a------ C:\WINDOWS\hpgins01.dat
2008-09-10 23:26 . 2008-09-10 23:26 <DIR> d-------- C:\WINDOWS\system32\Macromed
2008-09-10 23:17 . 2008-09-10 23:17 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-09-10 23:06 . 2008-09-10 23:06 <DIR> d-------- C:\WINDOWS\09D796A099CB4A1AA5E5E026042DCF09.TMP
2008-09-10 23:01 . 2008-09-10 23:01 250 --a------ C:\WINDOWS\gmer.ini
2008-09-10 14:52 . 2008-09-10 14:52 <DIR> d-------- C:\Documents and Settings\Amdinistrator\Dati applicazioni\Acronis
2008-09-10 14:34 . 2008-09-10 14:34 <DIR> d-------- C:\Documents and Settings\Amdinistrator\Dati applicazioni\ATI
2008-09-10 14:34 . 2004-08-19 15:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-10 14:33 . 2008-03-31 03:01 <DIR> d--h----- C:\Documents and Settings\Amdinistrator\Risorse di stampa
2008-09-10 14:33 . 2008-03-31 03:01 <DIR> d--h----- C:\Documents and Settings\Amdinistrator\Risorse di rete
2008-09-10 14:33 . 2008-09-10 14:34 <DIR> dr------- C:\Documents and Settings\Amdinistrator\Preferiti
2008-09-10 14:33 . 2008-03-30 22:11 <DIR> d--h----- C:\Documents and Settings\Amdinistrator\Modelli
2008-09-10 14:33 . 2008-09-10 14:41 <DIR> dr------- C:\Documents and Settings\Amdinistrator\Menu Avvio
2008-09-10 14:33 . 2008-09-12 16:59 <DIR> d--h----- C:\Documents and Settings\Amdinistrator\Impostazioni locali
2008-09-10 14:33 . 2008-09-10 14:34 <DIR> dr------- C:\Documents and Settings\Amdinistrator\Documenti
2008-09-10 14:33 . 2008-09-10 14:33 <DIR> d-------- C:\Documents and Settings\Amdinistrator\Dati applicazioni\PC Suite
2008-09-10 14:33 . 2008-09-10 14:52 <DIR> dr-h----- C:\Documents and Settings\Amdinistrator\Dati applicazioni
2008-09-10 14:33 . 2008-09-10 14:33 <DIR> d-------- C:\Documents and Settings\Amdinistrator
2008-09-10 01:00 . 2008-09-10 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-09-10 00:33 . 2008-09-10 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BufferZone
2008-09-09 11:32 . 2008-09-09 11:32 1,665 --a------ C:\WINDOWS\Sti_Trace.log.virtual.lnk
2008-09-09 09:22 . 2008-09-09 09:22 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-08 23:47 . 2008-09-10 23:50 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-09-08 23:47 . 2008-09-10 23:43 <DIR> d-------- C:\Documents and Settings\desktop\Dati applicazioni\Spyware Terminator
2008-09-08 23:47 . 2008-09-08 23:47 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-08 20:46 . 2008-09-08 20:48 <DIR> d-------- C:\Virtual
2008-09-08 19:10 . 2008-09-08 19:10 <DIR> d-------- C:\Programmi\Enigma Software Group
2008-09-08 18:57 . 2008-09-08 18:57 <DIR> d-------- C:\VundoFix Backups
2008-09-08 17:03 . 2008-09-08 17:03 <DIR> d-------- C:\Programmi\VSO
2008-09-08 17:03 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-09-08 17:03 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-09-08 17:03 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-09-08 17:03 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-09-08 17:03 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-09-08 17:03 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-09-08 17:03 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-09-08 17:03 . 2008-09-08 17:03 47,360 --a------ C:\Documents and Settings\desktop\Dati applicazioni\pcouffin.sys
2008-09-08 16:45 . 2008-09-08 16:45 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-08 15:40 . 2008-09-08 15:40 113,668 --a------ C:\WINDOWS\system32\msxml71.dll
2008-09-08 11:31 . 2008-09-08 11:31 <DIR> d-------- C:\Documents and Settings\desktop\EurekaLog
2008-09-07 01:45 . 2008-09-07 01:45 <DIR> d-------- C:\Movavi files
2008-09-07 01:43 . 2008-09-07 01:43 <DIR> d-------- C:\Programmi\File comuni\MOVAVI
2008-09-07 01:43 . 2008-09-07 01:43 65 --a------ C:\WINDOWS\IniFile1.ini
2008-09-06 20:44 . 2008-09-06 20:44 <DIR> d-------- C:\Documents and Settings\desktop\Dati applicazioni\LEAPS
2008-09-06 20:42 . 2008-09-06 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Pegasys Inc
2008-09-06 19:31 . 2008-09-06 19:31 <DIR> d-------- C:\Programmi\Photodex Presenter
2008-09-06 14:02 . 2008-09-06 14:02 <DIR> d-------- C:\Documents and Settings\desktop\Dati applicazioni\Ulead Systems
2008-09-06 10:52 . 2008-09-06 14:20 26 --a------ C:\WINDOWS\dvdSanta.INI
2008-09-06 10:39 . 2008-09-06 10:39 <DIR> d-------- C:\TempDVD
2008-09-06 10:39 . 2008-09-06 11:17 <DIR> d-------- C:\dvdsanta
2008-09-06 09:44 . 2008-09-06 09:45 <DIR> d-------- C:\Programmi\iTunes
2008-09-06 09:44 . 2008-09-06 09:44 <DIR> d-------- C:\Programmi\iPod
2008-09-06 09:44 . 2008-09-06 09:44 <DIR> d-------- C:\Programmi\Bonjour
2008-09-06 09:43 . 2008-09-06 09:43 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-09-06 09:25 . 2008-09-06 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-09-04 21:38 . 2008-09-04 21:38 1,409 --a------ C:\WINDOWS\system32\tmpF9894.FOT
2008-09-04 21:21 . 2008-09-04 21:21 1,409 --a------ C:\WINDOWS\system32\tmpB2484.FOT
2008-09-04 21:21 . 2008-09-04 21:21 1,409 --a------ C:\WINDOWS\system32\tmp8F184.FOT
2008-09-04 21:21 . 2008-09-04 21:21 1,409 --a------ C:\WINDOWS\system32\tmp76784.FOT
2008-09-04 21:21 . 2008-09-04 21:21 1,409 --a------ C:\WINDOWS\system32\tmp2B584.FOT
2008-09-04 21:20 . 2007-04-05 21:53 335,872 --a------ C:\WINDOWS\Nero PhotoShow.scr
2008-09-04 19:03 . 2008-09-04 19:03 1,409 --a------ C:\WINDOWS\system32\tmp54A57.FOT
2008-09-04 18:41 . 2008-09-04 18:41 1,409 --a------ C:\WINDOWS\system32\tmpE73F2.FOT
2008-09-04 18:41 . 2008-09-04 18:41 1,409 --a------ C:\WINDOWS\system32\tmp622F2.FOT
2008-09-04 18:41 . 2008-09-04 18:41 1,409 --a------ C:\WINDOWS\system32\tmp2D2F2.FOT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 14:50 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-09-12 12:35 --------- d-----w C:\Programmi\DesktopEarth
2008-09-12 09:02 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\MailWasherPro
2008-09-12 09:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ATI MMC
2008-09-11 18:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-09-09 21:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-09-08 18:50 --------- d---a-w C:\Documents and Settings\desktop\Dati applicazioni\Skype
2008-09-08 15:03 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-08 14:07 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\Nero
2008-09-05 19:41 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\Ahead
2008-09-04 21:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-09-04 21:48 --------- d-----w C:\Programmi\File comuni\Simple Star Shared
2008-09-04 21:22 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\Simple Star
2008-08-25 19:50 --------- d-----w C:\Programmi\Telecom Italia
2008-08-17 22:37 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-03 21:09 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\kiwi.software.NET
2008-07-27 22:21 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\GetRightToGo
2008-07-27 12:09 --------- d-----w C:\Programmi\Skype
2008-07-27 12:09 --------- d-----w C:\Programmi\File comuni\Skype
2008-07-27 12:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-07-24 13:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SRS Labs
2008-07-23 15:50 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\Nokia Multimedia Player
2008-07-21 23:06 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\Anvil Studio
2008-07-21 19:44 --------- d-----w C:\Programmi\My-Tool
2008-07-21 19:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-07-21 19:43 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-07-21 19:43 --------- d-----w C:\Programmi\Conduit
2008-07-21 19:43 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\AVSMedia
2008-07-20 13:20 --------- d-----w C:\Documents and Settings\desktop\Dati applicazioni\Yahoo!
2008-07-20 13:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-07-20 13:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!
2008-07-20 13:02 --------- d---a-w C:\Programmi\Yahoo!
2008-04-19 23:15 16 ---ha-w C:\Programmi\mxfilerelatedcache.mxc2
2008-04-11 08:41 18,224 ----a-w C:\Documents and Settings\desktop\Dati applicazioni\GDIPFONTCACHEV1.DAT
2003-07-31 09:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2007-09-11 16:26 1212928 --a------ C:\WINDOWS\system32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2007-09-11 16:26 1212928 --a------ C:\WINDOWS\system32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2007-09-11 16:26 1212928 --a------ C:\WINDOWS\system32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2007-09-11 16:26 1212928 --a------ C:\WINDOWS\system32\RlShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"ATI Launchpad"="C:\Programmi\ATI Multimedia\main\launchpd.exe" [2006-04-05 102400]
"ATI DeviceDetect"="C:\Programmi\ATI Multimedia\main\ATIDtct.EXE" [2006-04-05 57344]
"STYLEXP"="C:\Programmi\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-31 68856]
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 335872]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"Lexmark 1200 Series"="C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-06-04 32768]
"TVTray"="C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe" [2004-09-10 245760]
"Acronis True Image Monitor"="D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe" [2008-04-04 500561]
"Acronis Scheduler2 Service"="C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2008-04-04 65536]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"AliceRE_McciTrayApp"="C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe" [2006-11-21 936960]
"GrooveMonitor"="D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"zBrowser Launcher"="C:\Programmi\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 406016]
"AAWTray"="D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-09-12 245760]
"TCASUTIEXE"="TCAUDIAG.exe" [2003-07-16 C:\WINDOWS\system32\TCAUDIAG.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 C:\WINDOWS\LOGI_MWX.EXE]
"Dit"="Dit.exe" [2003-12-29 C:\WINDOWS\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido di HP Image Zone.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
DesktopEarth AutoStart.lnk - C:\WINDOWS\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-05-16 29926]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rdylbw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= ATIYUV12.DLL
"VIDC.MJPG"= Pvmjpg30.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SEDG"= SamsungVfWCodec.dll
"vidc.DX50"= DivXVfWCodec.dll
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^desktop^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adparatus
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbstrchk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s9201
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Somefox
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-22 15:09 63712 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BufferZone]
--a------ 2007-09-11 16:26 3280232 D:\Programmi\DiskUtility\BufferZone\ClientGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-08-16 12:00 531272 C:\Programmi\File comuni\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-07 11:10 133104 C:\Documents and Settings\desktop\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
--a------ 2007-04-27 20:16 312848 D:\PROGRA~1\Foto\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-06-03 15:27 21718312 C:\Programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-31 02:10 68856 C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-02-29 09:14 4670704 C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"D:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"D:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"D:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"D:\\Programmi\\Internet\\eMule\\eMule.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS [2007-09-11 2243328]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-08-30 40960]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2007-10-18 40928]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2007-10-18 27776]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-04-19 110304]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NMSAccessU;NMSAccessU;d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 tcaicchg;tcaicchg;C:\WINDOWS\system32\tcaicchg.sys [2000-06-06 21233]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 19534]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-09-12 57344]
R3 Cap7134;713x TV Card Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-22 335520]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-09-12 13440]
R3 PhTVTune;TV AV WDM TVTuner (FM1216ME);C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-09 27808]
R3 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 13824]
R3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-10 142656]
R3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-05-10 170368]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Programmi\Foto\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 UPnPService;UPnPService;C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b19fcfc-1d96-11dd-b6bd-000ea6429028}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb40bc22-476e-11dd-b757-000ea6429028}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÇOS REMOVIDOS - - - -

URLSearchHooks-{0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
BHO-{57d0cc8a-476c-4c29-a969-cf3e85e7b332} - C:\WINDOWS\system32\rdylbw.dll
BHO-{71373331-C717-45AE-BFDE-DDB509348258} - (no file)
BHO-{ADEFCC73-BD41-44F8-8A2F-5DFB45EBD59B} - (no file)
Toolbar-{0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
WebBrowser-{0E6D7A5D-B560-4D1C-9713-18DD1ADE6011} - (no file)
HKLM-Run-zzzHPSETUP - E:\Setup.exe
ShellExecuteHooks-{ADEFCC73-BD41-44F8-8A2F-5DFB45EBD59B} - (no file)
Notify-ljJASmKC - ljJASmKC.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\desktop\Dati applicazioni\Mozilla\Firefox\Profiles\fwlvgmsd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nontipago.it/Servizi/Notizie.htm
FF -: plugin - C:\Documents and Settings\desktop\Impostazioni locali\Dati applicazioni\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Programmi\Google\Google Updater\2.2.1172.2021\npCIDetect11.dll
FF -: plugin - C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Programmi\Virtual Earth 3D\npVE3D.dll
FF -: plugin - C:\Programmi\Yahoo!\Shared\npYState.dll
.
.
------- File Associations (Beta) -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 17:02:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
D:\Programmi\Foto\ProShowGold\scsiaccess.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\Programmi\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-12 17:16:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 15:16:47

Pre-Run: 20,153,901,056 byte disponibili
Post-Run: 20,170,452,992 byte disponibili

510 --- E O F --- 2008-04-23 07:19:45
r16
Inviato: Friday, September 12, 2008 5:48:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scusa enzino85 , vorrei sapere se hai fatto il log di HijackThis DOPO (o PRIMA) la scansione di Combofix.
E' importante che tu me lo dica con precisione.
Se hai eseguito HijackThis , PRIMA di fare la scansione di Combofix, devi postarmi un'altro log di HijackThis DOPO la scansione di Combofix.
Tutto chiaro ?.
enzino85
Inviato: Friday, September 12, 2008 7:02:45 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Questo log di HijackThis è DOPO la scansione di Combofix.
Scusa e grazie ancora.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.58.30, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PSIService.exe
d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\V0350Mon.exe
C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\Dit.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Multimedia\main\launchpd.exe
C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\DesktopEarth\DesktopEarth.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\hpcoretech\comp\hptskmgr.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
D:\Programmi\DiskUtility\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\desktop\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\DiskUtility\HijackThis\HijackThis.exe

O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 3634 bytes
r16
Inviato: Friday, September 12, 2008 8:42:24 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
enzino85 , non è completo il log, manca praticamente tutto........Drool
enzino85
Inviato: Friday, September 12, 2008 9:26:38 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Spero che adesso sia completo.
grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.23.25, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PSIService.exe
d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\V0350Mon.exe
C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\Dit.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Multimedia\main\launchpd.exe
C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\DesktopEarth\DesktopEarth.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqdirec.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\DiskUtility\totalcmd\TOTALCMD.EXE
D:\Programmi\DiskUtility\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {233b7e58-e3fc-969a-92c4-c674a8cc0d75} - {57d0cc8a-476c-4c29-a969-cf3e85e7b332} - C:\WINDOWS\system32\rdylbw.dll (file missing)
O2 - BHO: (no name) - {71373331-C717-45AE-BFDE-DDB509348258} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {ADEFCC73-BD41-44F8-8A2F-5DFB45EBD59B} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AAWTray] D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206924886906
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F161C967-45DA-43F4-B2F4-282DE0ED0F46}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programmi\Foto\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Programmi\Burn\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 13212 bytes
r16
Inviato: Saturday, September 13, 2008 12:51:05 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Combofix, ti ha levato una montagna di schifezze, ma non è finita.
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
R3 - URLSearchHook: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: {233b7e58-e3fc-969a-92c4-c674a8cc0d75} - {57d0cc8a-476c-4c29-a969-cf3e85e7b332} - C:\WINDOWS\system32\rdylbw.dll (file missing)
O2 - BHO: (no name) - {71373331-C717-45AE-BFDE-DDB509348258} - (no file)
O2 - BHO: (no name) - {ADEFCC73-BD41-44F8-8A2F-5DFB45EBD59B} - (no file)
O3 - Toolbar: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe

Riavvia il pc
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Apri il Task Manager con Ctrl + Alt + Canc:
Apri la scheda Processi, scorri l'elenco e, se presente, seleziona Knight.exe oppure Disk Knight.exe e termina il relativo processo .
Prosegui:
Start
Pannello di Controllo
Installazione Applicazioni
Guarda se, tra il programmi installati, è presente knight oppure Disk Knight, procedi alla disinstallazione .
Poi vai in: C:\Windows e rimuovi il file Knight.exe.
Poi:
Start
Cerca
clicca su Altre opzioni Avanzate

spunta, anche, la voce Cerca nei file e nelle cartelle nascosti
nella finestra di dialogo digita Knight e rimuovi tutto ciò che verrà rilevato
ripeti la stessa operazione digitando Disk Knight
Apri Risorse del Computer > Disco Locale C e rimuovi, se presente, il file autorun
Ripeti la stessa operazione con tutti gli altri dischi locali. (se ne hai)

Apri CCleaner, nel menu a sinistra clicca su Strumenti
In alto a sinistra clicca su Avvio
Cerca nell'elenco se è presente la voce Disk Knight oppure Knight
seleziona la voce e clicca su Cancella Voce e conferma con OK
Dammi conferma se lo trovi.
Ci sentiamo domani. (buon lavoro)
enzino85
Inviato: Saturday, September 13, 2008 6:06:47 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Fatto tutto !
Non ho trovato ne Knight ne Disk Knight.
Il computer sembra aver ripreso tutte le sue funzioni.
Sono felicissimo ........... pensavo di formattare!
Allego l'ultimo log di hijackthis
Un abbraccio
....................... avrei un altro problemino, quando installo il programma HP All-In-One per lo scanner HP Scanjet 4070 non riesco superare
l'errore "MDAC 2.8 RTM non è compatibile con questa versione di Windows. Tutte le sue funzionalità fanno parte di Windows".
C'è una soluzione ?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.37.57, on 13/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\V0350Mon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\Dit.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Multimedia\main\launchpd.exe
C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\DesktopEarth\DesktopEarth.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
D:\Programmi\DiskUtility\totalcmd\TOTALCMD.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\DiskUtility\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\TVAV~1\TVAV~1\TVTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "D:\Programmi\DiskUtility\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AAWTray] D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206924886906
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F161C967-45DA-43F4-B2F4-282DE0ED0F46}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programmi\Foto\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Programmi\Burn\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 12394 bytes

r16
Inviato: Saturday, September 13, 2008 10:26:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
enzino85 ha scritto:
Fatto tutto !
Non ho trovato ne Knight ne Disk Knight.
Il computer sembra aver ripreso tutte le sue funzioni.
Sono felicissimo ........... pensavo di formattare!
Allego l'ultimo log di hijackthis
Un abbraccio
....................... avrei un altro problemino, quando installo il programma HP All-In-One per lo scanner HP Scanjet 4070 non riesco superare
l'errore "MDAC 2.8 RTM non è compatibile con questa versione di Windows. Tutte le sue funzionalità fanno parte di Windows".
C'è una soluzione ?




Strano che non l'hai trovato.
Per sicurezza, ti posto un link nell'eventualità che usi una chiavetta infettata da questo virus:
http://ppecile.blogspot.com/2007/11/knightexe-il-virus-della-chiavetta.html

Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Provvedi a svuotare del suo contenuto la cartella Prefetch :


clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)
SVUOTA IL CESTINO
A proposito il log di HijackThis è pulito.
Per il problema, dello scanner, forse è un problema di Driver, ma con precisione non te lo saprei dire.
Prova a porre il problema nella Sezione "Drivers",forse qualcuno ti potrà aiutare.
Ciao!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.