mario82

avevo eseguito anche Combofix (oltre all'utilità di disinstallazione norton) come consigliato, dunque per correttezza e completezza posto anche il log di questo programma. per quanto riguarda il crossposting, non credevo onestamente fosse un problema. se lo è, ad ogni modo non proseguirò qui questo topic. ti ringrazio in ogni caso e ti invito se vuoi a dare un'occhiata agli sviluppi della vicenda anche sull'altro forum. ciao ComboFix 08-12-09.02 - LILIANA 2008-12-10 16.04.29.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.234 [GMT 1:00] Eseguito da: c:\documents and settings\LILIANA\Desktop\ComboFix.exe * Creato nuovo punto di ripristino . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\tmp.reg . ((((((((((((((((((((((((( Files Creati Da 2008-11-10 al 2008-12-10 ))))))))))))))))))))))))))))))))))) . 2008-12-10 15:48 . 2008-12-10 15:48 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller 2008-12-10 14:38 . 2008-12-10 14:38 <DIR> d-------- C:\BackUpMSNCleaner 2008-12-09 16:44 . 2008-12-10 15:10 9,162,784 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-09 16:44 . 2008-12-10 15:10 108,452 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-09 15:53 . 2008-12-09 15:52 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-09 15:53 . 2008-12-09 15:52 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-12-05 22:58 . 2008-12-05 23:44 <DIR> d-------- c:\programmi\Spyware Terminator 2008-12-05 22:58 . 2008-12-05 23:44 <DIR> d-------- c:\documents and settings\LILIANA\Dati applicazioni\Spyware Terminator 2008-12-05 22:58 . 2008-12-05 23:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator 2008-12-05 22:58 . 2008-12-05 22:58 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2008-11-19 23:12 . 2008-11-19 23:12 <DIR> d-------- c:\windows\Internet Logs 2008-11-19 23:11 . 2008-03-29 17:36 125,328 --a------ c:\windows\system32\drivers\dne2000.sys 2008-11-19 23:11 . 2008-03-29 17:36 106,768 --a------ c:\windows\system32\dneinobj.dll 2008-11-19 23:10 . 2008-11-19 23:10 <DIR> d-------- c:\programmi\File comuni\Deterministic Networks 2008-11-19 23:10 . 2008-11-19 23:10 <DIR> d-------- c:\programmi\Cisco Systems 2008-11-19 23:10 . 2008-11-19 23:12 1,594 --a------ c:\windows\VPNInstall.MIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 14:53 --------- d-----w c:\documents and settings\LILIANA\Dati applicazioni\Skype 2008-12-10 14:51 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2008-12-10 14:51 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2008-12-10 14:49 --------- d-----w c:\programmi\File comuni\Symantec Shared 2008-12-10 14:24 21,036 ----atw c:\windows\system32\SIntfNT.dll 2008-12-10 14:24 15,132 ----atw c:\windows\system32\SIntf32.dll 2008-12-10 14:24 12,067 ----atw c:\windows\system32\SIntf16.dll 2008-12-09 19:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic 2008-12-09 14:52 --------- d-----w c:\programmi\Java 2008-12-09 14:38 --------- d-----w c:\programmi\File comuni\Adobe 2008-12-05 23:14 --------- d-----w c:\programmi\Softwin 2008-12-05 22:42 --------- d-----w c:\programmi\Spybot - Search & Destroy 2008-12-05 21:45 --------- d-----w c:\programmi\Enigma Software Group 2008-12-05 21:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy 2008-11-02 01:37 --------- d-----w c:\documents and settings\LILIANA\Dati applicazioni\uTorrent 2008-10-31 14:53 --------- d-----w c:\programmi\eMule 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-13 17:48 --------- d-----w c:\documents and settings\LILIANA\Dati applicazioni\Livestation 2008-10-13 17:47 413,696 ----a-w c:\windows\system32\wrap_oal.dll 2008-10-13 17:47 110,592 ----a-w c:\windows\system32\OpenAL32.dll 2008-10-13 17:47 --------- d-----w c:\programmi\OpenAL 2008-10-13 17:47 --------- d-----w c:\programmi\Livestation 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-03-10 14:47 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat 2007-09-03 15:44 55,832 ----a-w c:\documents and settings\LILIANA\Dati applicazioni\GDIPFONTCACHEV1.DAT 2005-11-03 23:29 72,832 ----a-r c:\windows\inf\CamAvb.sys 2008-05-13 15:04 86,070 ----a-w c:\programmi\mozilla firefox\plugins\pthreadVC2.dll 2008-05-13 15:04 1,561,336 ----a-w c:\programmi\mozilla firefox\plugins\RineraProxy.dll 2008-09-07 14:35 2 --shatr c:\windows\winstart.bat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536] "MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208] "Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-11 21741864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-24 5419008] "Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2004-03-23 196608] "PadTouch"="c:\programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2004-06-29 1077326] "CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2004-11-29 667648] "TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248] "SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-12-21 118784] "HWSetup"="c:\programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672] "TOSHIBA Accessibility"="c:\programmi\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-01-14 24576] "SVPWUTIL"="c:\programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-12-27 61440] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-30 127035] "RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-04-16 98304] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920] "avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-01-18 185896] "LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-09 136600] "nwiz"="nwiz.exe" [2004-11-24 c:\windows\system32\nwiz.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 c:\windows\agrsmmsg.exe] "TPSMain"="TPSMain.exe" [2004-12-23 c:\windows\system32\TPSMain.exe] "TCtryIOHook"="TCtrlIOHook.exe" [2005-01-24 c:\windows\system32\TCtrlIOHook.exe] "Zooming"="ZoomingHook.exe" [2004-07-14 c:\windows\system32\ZoomingHook.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\LILIANA\Menu Avvio\Programmi\Esecuzione automatica\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] LG SyncManager.lnk - c:\programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-01-02 299008] Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-09-05 66864] Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-04-06 155648] VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2008-11-19 6144] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-07-23 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-09-04 09:33 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\eMule\\emule.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\Programmi\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Programmi\\NetMeeting\\conf.exe"= "c:\\Programmi\\Real\\RealPlayer\\realplay.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programmi\\Mozilla Firefox\\firefox.exe"= "c:\\Programmi\\uTorrent\\uTorrent.exe"= "c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 55024] R2 acedrv10;acedrv10;\??\c:\windows\system32\drivers\acedrv10.sys [2007-07-24 328824] R2 acehlp10;acehlp10;\??\c:\windows\system32\drivers\acehlp10.sys [2007-07-11 201848] R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2005-02-02 14336] S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [] S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2006-12-24 52384] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2006-12-24 6096] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2006-12-24 87456] S3 RegGuard;RegGuard;\??\c:\windows\system32\Drivers\regguard.sys [2007-01-11 25837] S3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] S3 Tosrfpcc;Bluetooth PC Card Controller from Toshiba;c:\windows\system32\Drivers\tosrfpcc.sys [2002-08-01 160672] S3 utm5nzgw;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utm5nzgw.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2bc65f2-411d-11dd-9ca1-000e35fe8dd8}] \Shell\AutoRun\command - f:\wd_windows_tools\WDSetup.exe *Newly Created Service* - PROCEXP90 . Contenuto della cartella 'Scheduled Tasks' 2005-04-13 c:\windows\Tasks\Promemoria registrazione 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-19 12:00] 2005-04-20 c:\windows\Tasks\Promemoria registrazione 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-19 12:00] 2005-04-06 c:\windows\Tasks\Promemoria registrazione 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-19 12:00] . - - - - ORFÃOS REMOVIDOS - - - - WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) . ------- Supplementare di scansione ------- . uStart Page = hxxp://www.google.it/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FireFox -: Profile - c:\documents and settings\LILIANA\Dati applicazioni\Mozilla\Firefox\Profiles\8sntm5zs.default\ FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\programmi\Mozilla Firefox\plugins\nprinera-1.4.5.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-10 16:06:27 Windows 5.1.2600 Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1688) c:\programmi\SUPERAntiSpyware\SASWINLO.DLL . Ora fine scansione: 2008-12-10 16.08.00 ComboFix-quarantined-files.txt 2008-12-10 15:07:29 Pre-Run: 8.879.112.192 byte disponibili Post-Run: 8,961,462,272 byte disponibili WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 207 --- E O F --- 2008-11-24 15:36:31

grazie per i consigli, ho eseguito e ho fatto una nuova scansione con hijackthis il cui post allego, sperando sia utile... potresti verificare se c'è ancora qualcosa di strano? ho inoltre fatto una scansione con gmer antirootkit, ma non mi ha segnalato valori in rosso. grazie ancora Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:32:51, on 10/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programmi\Apoint2K\Apoint.exe C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe C:\Programmi\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe C:\Programmi\Logitech\QuickCam\Quickcam.exe C:\Programmi\Apoint2K\Apntex.exe C:\Programmi\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\RAMASST.exe C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\LILIANA\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 11\Applications\LEC IE Translation Extension.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) -- End of file - 12119 bytes

salve a tutti, ho un problema e mi chiedo se qualcuno qui possa aiutarmi. da un pò di tempo, per quanto non si riscontrino problemi evidenti, il mio antivirus avira antivir segnala ad ogni scansione la presenza del worm roron.50 in file come Britneysucks.exe o PamelaAnderson.exe. Ho provato a fare scansioni con tutto: Avira antivir, spybot, spyware terminator, superantispyware: niente. Ho provato anche con un apposito tool scaricato da internet per il Roron Worm, fatto girare anche in modalità provvisoria, ma nulla di fatto. Su internet sono disponibili diverse descrizioni del virus, tra cui questa http://www.avira.com/it/threats/section/fu...m_roron.50.html, che descrive in modo dettagliato anche il modo in cui il worm si inserisce nel registro, eccetera. Il problema è che io, nel registro, non saprei come metterci le mani, e mi chiedevo se qualcuno possa suggerirmi, anche alla luce delle informazioni fornite dal sito Avira, come sbarazzarmi di questo worm. Il sistema è Windows XP SP2. Allego inoltre un log di hijackthis. Ringrazio di cuore chiunque abbia voglia e tempo di aiutarmi. Logfile of HijackThis v1.99.1 Scan saved at 14:34:23, on 10/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programmi\Apoint2K\Apoint.exe C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe C:\Programmi\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\QuickTime\qttask.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe C:\Programmi\Logitech\QuickCam\Quickcam.exe C:\Programmi\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programmi\Apoint2K\Apntex.exe C:\Programmi\Messenger\msmsgs.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\RAMASST.exe C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Documents and Settings\LILIANA\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 11\Applications\LEC IE Translation Extension.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: is-S9MQ0.lnk = C:\Documents and Settings\LILIANA\Desktop\Virus Removal Tool\is-S9MQ0\startup.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

salve a tutti, ho un problema: navigo wireless (libero 8 mega adsl) con un router sitecom wl-127, e non riesco ad impostare l'ip statico per poter sbloccare le porte TCP e UDP per emule. Ho provato solo una volta a impostare un ip statico sul pc e nella configurazione del modem, ma l'unico risultato che ho ottenuto è stato il non riuscire più a navigare... ho trovato su internet delle indicazioni su come aprire le porte, ma quello che mi manca è precisamente questo passaggio preliminare... l'ip statico. qualcuno può aiutarmi? grazie mille a chiunque vorrà rispondere

ciao a tutti, come posso cambiare il file system di una partizione del mio hard disk da fat32 a ntfs senza perdere i dati in essa contenuti?

ciao a tutti, ho un problema: credo di aver preso un virus da una chiavetta usb infetta, l'antivir ha riscontrato la presenza di un trojan nel pc in alcuni file, tra cui copy.exe, temp1.exe, temp2.exe... all'avvio del pc mi appariva un messaggio in cui mi si avvertiva di non poter trovare il file svchost.exe... ho eseguito varie scansioni, ho eliminato alcuni file, ho fatto girare un removal tool W32.Perlovga.remover, e credo di avere in parte risolto il problema, visto che il messaggio su svchost non appare più, ma quando inserisco la chiavetta usb, non parte l'autorun, e quando provo ad aprirla con il doppio click, appare un messaggio di errore su copy.exe. inoltre ho provato a riavviare e ad eseguire un'altra scansione e antivir continua a trovare il trojan TR/Diamin.Gen in vari file A0028962, A0028963, A0028964, tutti in una directory di System Volume information, trojan che avevo rimosso prima di riavviare... ci sarà un rootkit? ad ogni modo, posto il log di hijackthis, qualcuno può aiutarmi? grazie mille Logfile of HijackThis v1.99.1 Scan saved at 13.58.59, on 22/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\Apoint2K\Apoint.exe C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe C:\Programmi\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Apoint2K\Apntex.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE C:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe C:\WINDOWS\system32\RAMASST.exe C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\LILIANA\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 11\Applications\LEC IE Translation Extension.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SD1.tmp" /EF "HKLM" O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: CD Software aggiuntivo.lnk = ? O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

ciao a tutti, ho un problema: putroppo ho aperto un link contenuto in una e-mail che mi si voleva far credere provenire da AmericanGreetings.com... mentre il collegamento si apriva, AVG mi ha segnalato la presenza del trojan JS/PSYME in un file che diceva di non poter riparare. quindi l'ho spostato nel vault e l'ho cancellato. Ora non so se sono riuscito a bloccare l'infezione o meno, ho fatto scansioni con CWshredder, spybot e ad-aware, ma nessuno dei 3 ha dato niente. inoltre ho spyware terminator con la protezione antispyware fissa e neanche lui ha dato allarmi. allego il log hijackthis, qualcuno può dargli un'occhiata e vedere se è pulito? grazie mille hijackthis.log

vi ringrazio tantissimo... quindi (x Kuma) quella chiave di registro la elimino o no? grazie di nuovo

ecco il responso di kaspersky... kaspersky2.html

dunque, ho avviato regedit, ho fatto trova ma non ha trovato nulla... ho cercato manualmente nella directory indicata da panda e ho trovato una cartella chiamata con il codice che mi hai indicato, che contiene un'altra cartella, "iexplore", che a sua volta contiene i file "predefinito", "blocked", "count", "time", "type". ne devo eliminare solo uno di questi o tutta la cartella? scusa se insisto, ma non so usare il regedit e non vorrei combinare qualche guaio... grazie

salve a tutti, ho un problema: qualche giorno fa, con una scansione di AVG spyware ho riscontrato la presenza di diversi spyware nel mio pc, tra cui un trojan. dopo aver fatto diverse scansioni con Bitdefender, Spybot, Ad-Aware, Superantispyware... il Panda ActiveScan online continua a darmi questo risultato preoccupante: Dialer:dialer.min Non Disinfettato HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF} come posso eliminarlo? premetto che navigo su ADSL quindi il dialer non cosituisce effettivo pericolo, ma vorrei toglierlo... posto il log di HJT, qualcuno può aiutarmi? grazie! Logfile of HijackThis v1.99.1 Scan saved at 10.32.06, on 17/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Acer\eManager\anbmServ.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\Acer\eRecovery\Monitor.exe C:\Programmi\Arcade\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\acer\epm\epm-dm.exe C:\Programmi\Launch Manager\QtZgAcer.EXE C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programmi\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe C:\Programmi\iPod\bin\iPodService.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Win-Xp\Documenti\Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Coolstreaming_Tool-Bar_v1.0 toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Coolstreaming_Tool-Bar_v1.0 toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Coolstreaming_Tool-Bar_v1.0 toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo0.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 11\Applications\LEC IE Translation Extension.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Arcade\PCMService.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SC8.tmp" /EF "HKLM" O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HELPExpress.lnk = C:\Programmi\HELPExpress\bin\matcli.exe O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{830A095F-2541-434A-9B80-32F772035FEB}: NameServer = 85.37.17.11 85.38.28.69 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe