Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi controllate questo log? Opzioni
sodomino
Inviato: Wednesday, December 24, 2008 1:29:43 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
Devo fare una pulizia sia della roba inutile ke di virus del mio pc mi aiutate please???
Vi posto il log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.28.10, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\Philips\SPC230NC\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\All Users\Application Data\1331569191\171759592.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servlet/ProductMessages?module=11001&error=266&language=Italian&product=MCF&version=2.0.0.164&HResult=0x800400CA
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer 7 personalizzato MSN!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: Smart PC Toolbar - {e3aaf71e-b295-4156-ae11-777237a1db3c} - C:\Programmi\Smart_PC\tbSma0.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Programmi\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Smart PC Toolbar - {e3aaf71e-b295-4156-ae11-777237a1db3c} - C:\Programmi\Smart_PC\tbSma0.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Smart PC Toolbar - {e3aaf71e-b295-4156-ae11-777237a1db3c} - C:\Programmi\Smart_PC\tbSma0.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Programmi\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [171759592] "C:\Documents and Settings\All Users\Application Data\1331569191\171759592.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunServices: [Microsoft Update Machine] xlvnkh.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NSeries.PCSync] C:\Programmi\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Programmi\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ScaricaMP3 - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jessikina10.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165848883171
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jessikina10.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.amicidipetro.net/download/vs/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} (DigitalDM) - http://www.leonardotravelebooks.com/ebooks/DIGITALDM2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86654165-96C7-443B-93A4-D5B19DA4C3A3}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 16573 bytes

è pieno x favore aiutatemi a ripristinarlo completamente nn vorrei formattare se fosse possibile...
Sponsor
Inviato: Wednesday, December 24, 2008 1:29:43 PM

 
sodomino
Inviato: Wednesday, December 24, 2008 5:26:16 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
x piacere ragazzi help me siete sempre stati fantastici fate un'altro miracolo
pidue
Inviato: Wednesday, December 24, 2008 5:39:06 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Fai bene attenzione a quello che devi fare:
Chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

Disattiva il Ripristino configurazione di Sistema come qui descritto;
avvia in modalità provvisoria come qui descritto;
rendi visibili le cartelle nascoste ------ > procedura:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
Visualizza file e cartelle nascoste;
togli la spunta da:
Nascondi file protetti del sistema(consigliato)

Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exeO4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [171759592] "C:\Documents and Settings\All Users\Application Data\1331569191\171759592.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunServices: [Microsoft Update Machine] xlvnkh.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Programmi\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
O9 - Extra button: ScaricaMP3 - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} (DigitalDM) - http://www.leonardotravelebooks.com/ebooks/DIGITALDM2.cab
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file



Trova e cancella i file in rosso:
___________________________________________
C:\Documents and Settings\All Users\Application Data\1331569191\171759592.exe
___________________________________________

Start >> Esegui. Scrivi (o copia e incolla) la stringa %temp%, clicca su Ok, svuota la cartella temp;
Vai su Strumenti >> Opzioni Internet, elimina la cronologia, i files temporanei internet, i cookies;
svuota il cestino.
Riavvia normalmente il pc, poi:
scarica Combofix , salvalo sul desktop, disabilita l'antivirus e chiudi la connessione a internet.
Lancialo in mod normale e segui scrupolosamente le istruzioni a video.
Al termine, verrà creato un log in C:\ComboFix.txt.

Pubblica:
- il log di ComboFix
- un log aggiornato di HijackThis

riferisci se il problema è risolto.

PS: risultano due antivirus attivi: AVAST e il NIS. Dovresti tenere solo uno, due non va bene sullo stesso pc.




sodomino
Inviato: Wednesday, December 24, 2008 9:36:21 PM
Rank: AiutAmico

Iscritto dal : 7/17/2008
Posts: 96
Log combofix
ComboFix 08-12-24.01 - jessica toselli 2008-12-24 21.27.35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1023.585 [GMT 1:00]
Eseguito da: c:\documents and settings\jessica toselli\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jessica toselli\Dati applicazioni\020000003230b166509C.manifest
c:\documents and settings\jessica toselli\Dati applicazioni\020000003230b166509O.manifest
c:\documents and settings\jessica toselli\Dati applicazioni\020000003230b166509P.manifest
c:\documents and settings\jessica toselli\Dati applicazioni\020000003230b166509S.manifest
c:\documents and settings\jessica toselli\Dati applicazioni\FunWebProducts
c:\documents and settings\jessica toselli\Dati applicazioni\FunWebProducts\Data\jessica toselli\avatar.dat
c:\documents and settings\jessica toselli\Dati applicazioni\FunWebProducts\Data\jessica toselli\register.dat
c:\documents and settings\jessica toselli\Dati applicazioni\FunWebProducts\Data\jessica toselli\zbucks.dat
c:\documents and settings\jessica toselli\Desktop\Videos.url
c:\documents and settings\jessica toselli\Impostazioni locali\Dati applicazioni\uugiuwu.dat
c:\documents and settings\jessica toselli\Impostazioni locali\Dati applicazioni\uugiuwu_nav.dat
c:\documents and settings\jessica toselli\Impostazioni locali\Dati applicazioni\uugiuwu_navps.dat
c:\documents and settings\jessica toselli\Preferiti\Videos.url
c:\programmi\ContextTool
c:\programmi\ContextTool\ContextHelper.dat
c:\programmi\ContextTool\pcre3.dll
c:\programmi\ContextTool\uninstall.exe
c:\programmi\FBrowserAdvisor
c:\programmi\FBrowsingAdvisor
c:\programmi\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\programmi\FBrowsingAdvisor\Logo.png
c:\programmi\FBrowsingAdvisor\main.db
c:\programmi\FBrowsingAdvisor\Thumbs.db
c:\programmi\FBrowsingAdvisor\unins000.dat
c:\programmi\FBrowsingAdvisor\unins000.exe
c:\programmi\FBrowsingAdvisor\XPCOMEvents.dll
c:\programmi\FunWebProducts
c:\programmi\FunWebProducts\ScreenSaver\Images\00297690.urr
c:\programmi\FunWebProducts\ScreenSaver\Images\0114CBCD.urr
c:\programmi\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
c:\programmi\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\programmi\FunWebProducts\Shared\0170E6D7.dat
c:\programmi\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\programmi\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\programmi\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\programmi\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\programmi\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\programmi\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\programmi\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\programmi\Internet Explorer\msimg32.dll
c:\programmi\MyWebSearch
c:\programmi\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\programmi\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\programmi\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\programmi\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\programmi\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\programmi\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\programmi\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\programmi\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\programmi\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\programmi\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\programmi\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\programmi\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\programmi\MyWebSearch\bar\Avatar\COMMON.F3S
c:\programmi\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\programmi\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\programmi\MyWebSearch\bar\Avatar\COMMON\common.css
c:\programmi\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\include.js
c:\programmi\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\programmi\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\programmi\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\programmi\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\programmi\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\programmi\MyWebSearch\bar\Cache\0004A5A2
c:\programmi\MyWebSearch\bar\Cache\0004B523
c:\programmi\MyWebSearch\bar\Cache\0004E7FB
c:\programmi\MyWebSearch\bar\Cache\0004FDE4
c:\programmi\MyWebSearch\bar\Cache\000703C6
c:\programmi\MyWebSearch\bar\Cache\000921E4
c:\programmi\MyWebSearch\bar\Cache\000967E5
c:\programmi\MyWebSearch\bar\Cache\00096BED.bin
c:\programmi\MyWebSearch\bar\Cache\0009791C.bin
c:\programmi\MyWebSearch\bar\Cache\00097A93.bin
c:\programmi\MyWebSearch\bar\Cache\000BD115
c:\programmi\MyWebSearch\bar\Cache\00102731
c:\programmi\MyWebSearch\bar\Cache\0027BCDA.bin
c:\programmi\MyWebSearch\bar\Cache\0027BE22.bin
c:\programmi\MyWebSearch\bar\Cache\0027CA76.bin
c:\programmi\MyWebSearch\bar\Cache\0027CC6A.bin
c:\programmi\MyWebSearch\bar\Cache\0027CDA2.bin
c:\programmi\MyWebSearch\bar\Cache\0027DA83
c:\programmi\MyWebSearch\bar\Cache\0027DF46.bin
c:\programmi\MyWebSearch\bar\Cache\0027E050.bin
c:\programmi\MyWebSearch\bar\Cache\0027E1C7.bin
c:\programmi\MyWebSearch\bar\Cache\0027E2E0.bin
c:\programmi\MyWebSearch\bar\Cache\files.ini
c:\programmi\MyWebSearch\bar\Game\CHECKERS.F3S
c:\programmi\MyWebSearch\bar\Game\CHESS.F3S
c:\programmi\MyWebSearch\bar\Game\REVERSI.F3S
c:\programmi\MyWebSearch\bar\History\search2
c:\programmi\MyWebSearch\bar\icons\CM.ICO
c:\programmi\MyWebSearch\bar\icons\MFC.ICO
c:\programmi\MyWebSearch\bar\icons\PSS.ICO
c:\programmi\MyWebSearch\bar\icons\SMILEY.ICO
c:\programmi\MyWebSearch\bar\icons\WB.ICO
c:\programmi\MyWebSearch\bar\icons\ZWINKY.ICO
c:\programmi\MyWebSearch\bar\Message\COMMON.F3S
c:\programmi\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\center.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\index.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\protect.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\stop.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\systray.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\warn.gif
c:\programmi\MyWebSearch\bar\Notifier\COMMON.F3S
c:\programmi\MyWebSearch\bar\Notifier\DOG.F3S
c:\programmi\MyWebSearch\bar\Notifier\FISH.F3S
c:\programmi\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\programmi\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAID.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\programmi\MyWebSearch\bar\Notifier\OPERA.F3S
c:\programmi\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\programmi\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\programmi\MyWebSearch\bar\Notifier\SURFER.F3S
c:\programmi\MyWebSearch\bar\Settings\prevcfg2.htm
c:\programmi\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\GnuHashes.ini
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\3.tmp
c:\windows\system32\autorun.ini
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\3.video.zip
c:\windows\system32\GroupPolicyManifest\3.video.zip.kwd
c:\windows\system32\GroupPolicyManifest\4.setup.zip
c:\windows\system32\GroupPolicyManifest\4.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\5.unpack.zip
c:\windows\system32\GroupPolicyManifest\5.unpack.zip.kwd
c:\windows\system32\UpMedia

.
((((((((((((((((((((((((( Files Creati Da 2008-11-24 al 2008-12-24 )))))))))))))))))))))))))))))))))))
.

2008-12-24 13:27 . 2008-12-24 13:27 <DIR> d-------- c:\programmi\Trend Micro
2008-12-16 16:29 . 2008-12-16 16:29 <DIR> d-------- c:\windows\OpenOffice.org
2008-12-15 18:03 . 2008-12-18 17:29 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-15 18:03 . 2008-12-15 18:03 1,409 --a------ c:\windows\QTFont.for
2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- c:\programmi\Alwil Software
2008-12-09 16:51 . 2008-12-09 16:50 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-06 15:59 . 2008-12-06 15:59 373,760 --ahs---- c:\windows\system32\91.tmp
2008-11-28 18:17 . 2008-11-28 18:17 <DIR> d-------- c:\documents and settings\jessica toselli\Dati applicazioni\ACD Systems
2008-11-28 18:05 . 2008-11-28 19:28 <DIR> d-------- c:\programmi\File comuni\ACD Systems
2008-11-26 20:41 . 2008-11-26 20:41 <DIR> d-------- c:\documents and settings\jessica toselli\Dati applicazioni\Conceiva
2008-11-26 20:39 . 2008-11-26 20:39 <DIR> d-------- c:\programmi\Matroska Pack
2008-11-26 20:39 . 2008-11-26 20:39 36,734 --a------ c:\windows\system32\OggDSuninst.exe
2008-11-26 20:38 . 2008-11-26 20:38 <DIR> d-------- c:\windows\system32\windows media
2008-11-26 20:38 . 2008-11-26 20:38 <DIR> d-------- c:\programmi\Windows Media Components
2008-11-26 20:35 . 2001-09-13 04:48 614,477 --a------ c:\windows\system32\vorbis.acm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 20:25 --------- d-----w c:\documents and settings\jessica toselli\Dati applicazioni\Skype
2008-12-24 20:18 --------- d-----w c:\documents and settings\jessica toselli\Dati applicazioni\skypePM
2008-12-24 19:34 --------- d-----w c:\programmi\Pro_wIRC
2008-12-24 11:40 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-23 19:11 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-23 19:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-12-22 17:48 230,432 ----a-w C:\SPC230NC.DAT
2008-12-15 16:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\CanonIJPLM
2008-12-09 15:50 --------- d-----w c:\programmi\Java
2008-12-05 17:51 --------- d-----w c:\documents and settings\jessica toselli\Dati applicazioni\Nokia
2008-11-28 18:37 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-20 10:54 --------- d-----w c:\programmi\NOS
2008-11-20 10:54 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
2008-11-19 19:57 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-17 15:31 --------- d-----w c:\programmi\MSBuild
2008-11-17 15:27 --------- d-----w c:\programmi\Reference Assemblies
2008-11-17 15:13 --------- d-----w c:\programmi\Nokia
2008-11-15 17:11 --------- d-----w c:\documents and settings\jessica toselli\Dati applicazioni\uTorrent
2008-11-13 14:55 --------- d-----w c:\programmi\MSXML 4.0
2008-11-09 19:52 --------- d-----w c:\programmi\Skype
2008-11-09 19:52 --------- d-----w c:\programmi\File comuni\Skype
2008-11-09 19:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2008-11-08 17:06 --------- d-----w c:\documents and settings\jessica toselli\Dati applicazioni\ArcSoft
2008-11-08 16:46 --------- d-----w c:\programmi\Philips
2008-11-08 16:46 --------- d-----w c:\programmi\ArcSoft
2008-11-08 16:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Philips
2008-11-03 20:11 --------- d-----w c:\programmi\Veoh Networks
2008-11-03 16:20 --------- d-----w c:\programmi\Wise Registry Cleaner 3
2008-11-03 16:12 --------- d-----w c:\documents and settings\jessica toselli\Dati applicazioni\Smart PC Solutions
2008-11-03 16:08 --------- d-----w c:\programmi\Smart PC Solutions
2008-11-03 16:01 --------- d-----w c:\programmi\File comuni\Nokia
2008-11-03 15:35 --------- d-----w c:\documents and settings\jessica toselli\Dati applicazioni\OpenOffice.org
2008-11-03 15:30 --------- d-----w c:\programmi\OpenOffice.org 3
2008-11-03 15:30 --------- d-----w c:\programmi\JRE
2008-11-03 15:28 --------- d-----w c:\programmi\File comuni\Java
2008-10-28 17:51 --------- d-----w c:\programmi\Windows Live Toolbar
2008-10-28 17:50 --------- d-----w c:\programmi\Windows Live Favorites
2008-10-28 17:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-10-28 10:40 634,628 ----a-w c:\windows\java\Packages\DJVBRRVH.ZIP
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 10:46 --------- d-----w c:\documents and settings\jessica toselli\Dati applicazioni\PC Suite
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-02-22 20:37 36,664 ----a-w c:\documents and settings\jessica toselli\obpdysbk.exe
2007-12-13 20:29 168 --sh--r c:\windows\system32\A18D38DCD4.sys
2007-12-13 20:29 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3aaf71e-b295-4156-ae11-777237a1db3c}"= "c:\programmi\Smart_PC\tbSma0.dll" [2008-11-16 1784856]

[HKEY_CLASSES_ROOT\clsid\{e3aaf71e-b295-4156-ae11-777237a1db3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2007-12-23 11:26 394688 --a------ c:\programmi\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3aaf71e-b295-4156-ae11-777237a1db3c}]
2008-11-16 19:16 1784856 --a------ c:\programmi\Smart_PC\tbSma0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3aaf71e-b295-4156-ae11-777237a1db3c}"= "c:\programmi\Smart_PC\tbSma0.dll" [2008-11-16 1784856]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "c:\programmi\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3AAF71E-B295-4156-AE11-777237A1DB3C}"= "c:\programmi\Smart_PC\tbSma0.dll" [2008-11-16 1784856]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "c:\programmi\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]

[HKEY_CLASSES_ROOT\clsid\{e3aaf71e-b295-4156-ae11-777237a1db3c}]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NSeries.PCSync"="c:\programmi\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe" [2007-02-23 1716224]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-03-28 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\stefano\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\jessica toselli\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
TrayMin230.lnk - c:\programmi\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2008-11-08 241664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\LimeWireshared\\LimeWire.exe"=
"c:\\Programmi\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Programmi\\Pro_wIRC\\mirc.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\jessica toselli\\Documenti\\File ricevuti\\utorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\DRIVERS\bsstor.sys [2007-02-06 9344]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-10 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-10 20560]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\BsUDF.sys [2007-02-06 434944]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2006-12-11 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2006-12-11 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2006-12-11 108675]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\DRIVERS\PAEAFLT.sys [2008-11-08 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\DRIVERS\SPC230NC.SYS [2008-11-08 461056]
S4 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-24 c:\windows\Tasks\AA2119A191B68F69.job
- c:\docume~1\jessic~1\datiap~1\toolba~1\trans start 1.exe []

2008-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-24 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-Run-Nokia.PCSync - c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
HKU-Default-Run-Picasa Media Detector - c:\programmi\Picasa2\PicasaMediaDetector.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.yahoo.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/techsupp/servlet/ProductMessages?module=11001&error=266&language=Italian&product=MCF&version=2.0.0.164&HResult=0x800400CA
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: Yahoo! Pool 2 - hxxp://origin.games.yahoo.net/games/clients/y/poti_x.cab
c:\windows\Downloaded Program Files\Yahoo! Pool 2.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 21:29:21
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-12-24 21.30.14
ComboFix-quarantined-files.txt 2008-12-24 20:29:55

Pre-Run: 60.953.296.896 byte disponibili
Post-Run: 61,554,630,656 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

403 --- E O F --- 2008-12-18 22:19:11

Log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.35.48, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\Philips\SPC230NC\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servlet/ProductMessages?module=11001&error=266&language=Italian&product=MCF&version=2.0.0.164&HResult=0x800400CA
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Smart PC Toolbar - {e3aaf71e-b295-4156-ae11-777237a1db3c} - C:\Programmi\Smart_PC\tbSma0.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Programmi\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Smart PC Toolbar - {e3aaf71e-b295-4156-ae11-777237a1db3c} - C:\Programmi\Smart_PC\tbSma0.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Smart PC Toolbar - {e3aaf71e-b295-4156-ae11-777237a1db3c} - C:\Programmi\Smart_PC\tbSma0.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Programmi\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NSeries.PCSync] C:\Programmi\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jessikina10.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165848883171
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jessikina10.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.amicidipetro.net/download/vs/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86654165-96C7-443B-93A4-D5B19DA4C3A3}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12246 bytes

Ditemi va bene ora??? fatemi sapere....
pidue
Inviato: Wednesday, December 24, 2008 11:23:27 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ok, il log è pulito, e Combofix ti ha tolto un mucchio di schifezze.
Adesso puoi disinstallare Combofix così:
Star >> Esegui, digita (o copia e incolla) la stringa Combofix /u e dai l'OK. Poi cancella la cartella C:\qoobox.
Il computer dovrebbe andare meglio, crea un nuovo punto di ripristino.
Ciao.



Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.