Pc E Navigazioni Rallentati E Adware.win32

dekoflast · September 11, 2008

Salve a tutti,

Ho da poco un pc nuovo ma sembra già essere abbastanza incasinato,pur avendo installato appena comprato programmi del tipo di

spybot ,ad-ware avast ecc..

Ho sscaricato installato e utilizzato tutti i programmi consigliati nella sezione " prima di postare log di hijack" ,eliminando una miriade di problemi,dal casino nel file host, a altri problemi con il registo e cose varie,

ma la situazione è cambiata solo in parte purtroppo,

ora riesco di nuovo a navigare,e a accedere a messenger cosa che prima era diventata impossibile.

Facendo la scansione con kaspersky online inoltre mi ha rilevato un cert not-virus : adware.win32.

E il pc continua a essere rallentato,a bloccarsi spesso e a non avere una pronta risposta ai comandi ,cosa che da un pc di un mese non ci si aspetta.

Cercate di aiutarmi perchè è davvero un casino!

grazie a tutti.

Davide

POSTO QUI IL MIO LOG DI HIJACK, GRAZIE A TUTTI ANCORA!

DAVIDE

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17.50.39, on 11/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programmi\Java\jre1.5.0_12\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe

C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxext.exe

C:\DOCUME~1\user\IMPOST~1\Temp\RtkBtMnt.exe

C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Programmi\File comuni\LightScribe\LSSrvc.exe

C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programmi\CyberLink\Shared Files\RichVideo.exe

C:\Programmi\Spyware Terminator\sp_rsser.exe

C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmi\Windows Live\Messenger\msnmsgr.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\Programmi\Windows Defender\MsMpEng.exe

C:\Programmi\Windows Defender\MSASCui.exe

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\BitComet\BitComet.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\WinRar\WinRAR.exe

C:\DOCUME~1\user\IMPOST~1\Temp\Rar$EX00.734\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://it.intl.acer.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_12\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_12\bin\jusched.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica tutti i video usando BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Scarica tutto usando BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Scarica usando &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programmi\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{960BE5DF-432E-4245-BFA0-C2BE1D1DE5F0}: NameServer = 85.37.17.17 85.38.28.72

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC64DDCF-F82A-43BD-9123-89681CDD7A1A}: NameServer = 212.17.192.216

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Hewlett-Packard Company - (no file)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--

End of file - 11379 bytes

the doctor · September 11, 2008

Benvenuto/a!

Ciao e Benvenuto/a nel forum, dekolfast.

Perché non personalizzi la tua presenza in WinInizio aggiungendo una firma e un'immagine al tuo profilo personale ? se non sai come fare, clicca qui.

Se sei una ragazza e vuoi essere aggiunta al gruppo delle WinGirls non dovrai fare altro che presentarti in questo thread o contattare un membro dello staff; se invece hai meno di 18 anni potresti far parte degli Juniores, per farlo presentati qui o contatta un membro dello staff.

Il gruppo WinGirls e Juniores offrono alcuni vantaggi speciali, scoprili nell'apposito thread di presentazione!

Ricordati, infine, che un titolo appropriato per dare visibilità alle tue nuove discussioni è essenziale: chiamare una discussione "Aiuto" o "Consiglio" non permette di capire subito la tua richiesta e rende più difficili le ricerche per gli altri utenti.

Link utili:

- Regolamento
- Netiquette
- Glossario
- Thread di Benvenuto
- Guida all'uso di WinInizio

In attesa di un esperto della sicurezza, per quello che posso cercherò di aiutarti. Hai localizzato il virus che kaspersky ha rilevato? Hai provato a eliminarlo?

Hai già aggiornato, immunizzato e fatto una scansione con Spybot Search & Destroy?

Nel frattempo ti consiglio, se non l'hai già fatto, di utilizzare firefox al posto di internet explorer, un browser sicuramente molto più sicuro. Inoltre ti consiglio di installare spywareblaster, un antispyware che protegge durante la navigazione internet.

P.S.: dal log di hijack this non mi sembra di aver visto nulla di dannoso...ma ripeto, non sono competente in questo campo. Sii fiducioso e appena qualcuno potrà aiutarti sono sicuro che lo farà.

Modificato September 11, 2008 da the doctor

$angelique!? · September 12, 2008

Ciao dekolfast,

ben arrivato anche da parte mia

- Scarica ed esegui questa utility per eliminare ogni traccia Symantec

- Scarica Advanced Windows Care, lancia la scansione e correggi gli errori

******************************

Chiudi i programmi di sicurezza: Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

Salvalo sul desktop.

(se il file salvato dal primo link non dovesse funzionare, scaricalo dal secondo link)

Disconnettiti da internet...

1. Doppio click su combofix.exe, comparirà la seguente videata:

http://img293.imageshack.us/img293/8500/combofix01fn6zj1.jpg

2. Digita 1, premi Invio e segui le indicazioni.

3. Al termine, verrà creato un file log chiamato C:\ComboFix.txt.

4. Posta il log creato

Nota: Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

********************************

- Scarica XP TCP/IP Repair clicca su entrambi e pulsanti e riavvia

dekoflast · September 12, 2008

Ciao a tutti e grazie dell'aiuto!

Allora ho seguito tutte le istruzioni, e infine ho utilizzato il programma combofix e ora vi posto qui il LOG.

Fatemi sapere qualcosa.. =)

Volevo chiedervi ancora una cosa,

che software mi consigliate di tenere installati per proteggere il mio sistema dopo aver risolto questi problemi?

Al momento ne ho installati un casino..tipo spybot,spyware terminator,avasta,ad aware,malwarebytes anit malware,hoster-it,spyware blaster,cc leaner,altri per la pulizia del registro e cose simili..mi sembra una farmacia questo pc..

è il bello è che ha poco più di 2 mesi!!

Grazie ankora!

Davide

ComboFix 08-09-10.04 - user 2008-09-12 11.15.20.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1457 [GMT 2:00]

Eseguito da: C:\Documents and Settings\user\Desktop\ComboFiqx.exe

* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\user\Dati applicazioni\inst.exe

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\clgoxrybfs.dat

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\clgoxrybfs_nav.dat

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\clgoxrybfs_navps.dat

.

((((((((((((((((((((((((( Files Creati Da 2008-08-12 al 2008-09-12 )))))))))))))))))))))))))))))))))))

.

2008-09-12 11:12 . 2008-09-12 11:12 <DIR> d-------- C:\ComboFix

2008-09-12 11:01 . 2008-09-12 11:01 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Yahoo!

2008-09-12 11:01 . 2008-09-12 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion

2008-09-12 11:00 . 2008-09-12 11:00 <DIR> d-------- C:\Programmi\IObit

2008-09-12 10:57 . 2008-09-12 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NortonInstaller

2008-09-11 22:13 . 2008-09-11 22:13 <DIR> d-------- C:\WINDOWS\system32\logs

2008-09-11 22:11 . 2008-09-11 22:11 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Malwarebytes

2008-09-11 22:10 . 2008-09-11 22:10 <DIR> d-------- C:\Programmi\CCleaner

2008-09-11 20:17 . 2008-09-11 20:17 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml

2008-09-11 20:17 . 2008-09-11 20:17 385 --a------ C:\WINDOWS\system32\user_gensett.xml

2008-09-11 20:05 . 2008-09-11 22:06 <DIR> d-------- C:\Programmi\BitDefender

2008-09-11 20:03 . 2008-09-11 22:07 <DIR> d-------- C:\Programmi\File comuni\BitDefender

2008-09-11 16:12 . 2008-09-11 22:07 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware

2008-09-11 16:12 . 2008-09-11 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes

2008-09-11 16:12 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-11 16:12 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-11 16:08 . 2008-09-11 22:08 <DIR> d-------- C:\Programmi\Windows Defender

2008-09-11 14:54 . 2008-09-11 22:10 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner

2008-09-11 14:47 . 2008-09-11 22:10 <DIR> d-------- C:\Programmi\WinClamAVShield

2008-09-11 14:47 . 2008-09-11 22:10 <DIR> d-------- C:\Programmi\SpywareBlaster

2008-09-11 14:36 . 2008-09-11 22:31 <DIR> d-------- C:\Programmi\Spyware Terminator

2008-09-11 14:36 . 2008-09-11 22:29 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Spyware Terminator

2008-09-11 14:36 . 2008-09-11 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator

2008-09-11 14:36 . 2008-09-11 14:36 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-09-11 13:15 . 2008-09-11 13:15 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Motive

2008-09-11 13:14 . 2008-09-11 14:43 <DIR> d-------- C:\WINDOWS\Motive

2008-09-11 13:14 . 2008-09-11 13:14 <DIR> d-------- C:\Programmi\Telecom Italia

2008-09-11 13:14 . 2008-09-11 13:14 <DIR> d-------- C:\Programmi\File comuni\Motive

2008-09-11 12:54 . 2008-09-11 14:43 <DIR> d-------- C:\Programmi\Alice ti aiuta

2008-09-08 11:57 . 2008-09-08 11:57 <DIR> d-------- C:\Programmi\eBay

2008-09-08 11:57 . 2008-09-08 11:57 <DIR> d-------- C:\Documents and Settings\All Users\eBay

2008-09-03 14:56 . 2008-09-03 14:56 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Apple Computer

2008-09-03 14:53 . 2008-09-03 14:54 <DIR> d-------- C:\Programmi\QuickTime

2008-09-03 14:53 . 2008-09-03 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer

2008-08-30 14:22 . 2008-09-11 13:05 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\skypePM

2008-08-30 14:22 . 2008-08-30 14:22 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-08-30 14:20 . 2008-08-30 14:20 <DIR> d-------- C:\Programmi\Skype

2008-08-30 14:20 . 2008-08-30 14:20 <DIR> d-------- C:\Programmi\File comuni\Skype

2008-08-30 14:20 . 2008-09-11 13:07 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Skype

2008-08-30 14:20 . 2008-08-30 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype

2008-08-29 16:49 . 2008-09-11 20:09 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-12 09:01 --------- d-----w C:\Programmi\Yahoo!

2008-09-12 08:59 --------- d-----w C:\Programmi\File comuni\Symantec Shared

2008-09-11 20:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2008-09-11 18:23 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP

2008-09-11 17:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater

2008-09-11 11:14 --------- d--h--w C:\Programmi\InstallShield Installation Information

2008-09-11 11:13 --------- d-----w C:\Programmi\Common Files

2008-09-11 10:55 155,995 ----a-w C:\WINDOWS\java\Packages\2FXBHBF1.ZIP

2008-09-11 07:32 --------- d-----w C:\Programmi\eMule

2008-09-10 19:49 --------- d-----w C:\Programmi\Windows Live

2008-09-10 19:48 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller

2008-09-10 06:40 --------- d-----w C:\Programmi\Microsoft SQL Server

2008-09-09 06:12 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\DNA

2008-09-09 06:03 --------- d-----w C:\Programmi\DNA

2008-08-11 19:11 267,304 ------w C:\WINDOWS\system32\dllcache\wgaLogon.dll

2008-08-11 19:10 952,360 ------w C:\WINDOWS\system32\dllcache\WgaTray.exe

2008-08-02 10:15 --------- d-----w C:\Programmi\Google

2008-07-31 11:26 --------- d-----w C:\Programmi\OptiTex 9

2008-07-31 11:24 --------- d-----w C:\Programmi\OptiTex 9 Demo

2008-07-31 11:20 --------- d-----w C:\Programmi\SGSDrape

2008-07-30 18:14 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll

2008-07-30 18:14 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys

2008-07-30 12:55 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll

2008-07-30 12:55 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll

2008-07-29 19:32 --------- d-----w C:\Programmi\TomTom DesktopSuite

2008-07-28 12:07 --------- d-----w C:\Programmi\KONAMI

2008-07-25 11:46 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\CyberLink

2008-07-25 11:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 12:58 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-06-24 08:15 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:22 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:22 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-05-15 13:15 47,360 ----a-w C:\Documents and Settings\user\Dati applicazioni\pcouffin.sys

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-25 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]

"preload"="C:\Windows\RUNXMLPL.exe" [2007-04-21 20480]

"IAAnotif"="C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-13 142104]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-13 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-13 138008]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-05-27 413696]

"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-11 1783808]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 C:\WINDOWS\RTHDCPL.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Nokia Nseries PC Suite.lnk]

backup=C:\WINDOWS\pss\Nokia Nseries PC Suite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-08-03 12:51 202024 C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2008-06-03 05:42 2596152 C:\Programmi\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2007-01-08 22:17 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2007-10-17 19:59 858632 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-08-08 09:25 1828136 C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2007-01-08 22:26 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-08-12 18:19 21741864 C:\Programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2007-09-07 20:33 1015808 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]

--a------ 2007-09-07 20:35 102400 C:\Programmi\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"C:\\Programmi\\DNA\\btdna.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programmi\\eMule\\emule.exe"=

"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6881:TCP"= 6881:TCP:bittorrent1

"9774:TCP"= 9774:TCP:BitComet 9774 TCP

"9774:UDP"= 9774:UDP:BitComet 9774 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-11 141312]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]

S3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b266a02-226c-11dd-9e1b-0017c41a52f5}]

\Shell\AutoRun\command - .\run\autorun.exe

\Shell\open\Command - .\run\autorun.exe

*Newly Created Service* - PROCEXP90

.

Contenuto della cartella 'Scheduled Tasks'

.

- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-Symantec PIF AlertEng - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.it/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://it.intl.acer.yahoo.com/

O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 -: Scarica tutti i video usando BitComet - C:\Programmi\BitComet\BitComet.exe/AddVideo.htm

O8 -: Scarica tutto usando BitComet - C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm

O8 -: Scarica usando &BitComet - C:\Programmi\BitComet\BitComet.exe/AddLink.htm

O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programmi\BitComet\tools\BitCometBHO_1.2.2.28.dll/206

O17 -: HKLM\CCS\Interface\{FC64DDCF-F82A-43BD-9123-89681CDD7A1A}: NameServer = 212.17.192.216

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-12 11:16:48

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

Ora fine scansione: 2008-09-12 11:17:44

ComboFix-quarantined-files.txt 2008-09-12 09:17:42

Pre-Run: 37,779,361,792 byte disponibili

Post-Run: 37,811,871,744 byte disponibili

247 --- E O F --- 2008-09-12 07:12:38

$angelique!? · September 12, 2008

Ciao dekolfast,

-scarica Starter

ed elimina le cose inutili in avvio (togliendo la spunta)

riporto qui l'elenco di ciò che ti carica, quelle in neretto puoi toglierle (se qualche applicazione non dovesse funzionare, basta rimettere la spunta da Starter)

[preload] C:\Windows\RUNXMLPL.exe

[iAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

[RTHDCPL] RTHDCPL.EXE

[Alcmtr] ALCMTR.EXE

[AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe

[iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[igfxTray] C:\WINDOWS\system32\igfxtray.exe

[HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

[Persistence] C:\WINDOWS\system32\igfxpers.exe

[avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[sunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_12\bin\jusched.exe"

[bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles

[QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

[spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"

[Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide

[swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

[spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

************************

ricorda anche che se usi programmi peer to peer (bitcomet) la lentezza nella navogazione è normale

Disinstalla Ad-Aware, gli altri puoi tenerli...

allega un nuovo log di hijackthis dopo aver seguito questi consigli

dekoflast · September 12, 2008

Ciao angelique..

grazie ancora..

si bit torrent è installato ma ovviamente vedendo i rallentamenti nn lho utilizzato.

ora sembra andar bene a livello di connessione,è ancora un pò rallentato come risposta e prontezza il sistema(aperutra programmi

finestre ecc..)

ma forse per questo ci son ben poche soluzioni..e vabbè!!

Non si può voler tutto,intanto mi hai risolto gran parte dei problemi e te ne sono grato!

Ti posto qui il log di hijack come mi hai richiesto! grazie ancora,

Davide

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13.12.54, on 12/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Windows Defender\MsMpEng.exe

C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://it.intl.acer.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_2] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmnetmgr.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_3] C:\WINDOWS\system32\regsvr32 /s /u "C:\WINDOWS\system32\wmv8dmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_4] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_5] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmoe2.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_6] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmoe.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_7] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_8] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmoe.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_9] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_10] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe2.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_20] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_21] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mpg4dmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_22] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp43dmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_23] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp4sdmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_24] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmod.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_30] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\laprxy.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_31] "C:\WINDOWS\system32\logagent.exe" /RegServer

O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_32] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvcore.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_1] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmstor.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_2] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmclien.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_4] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmv2clt.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_5] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\blackbox.dll"

O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_6] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\msnetobj.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_0] C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_1] "C:\Programmi\Windows Media Player\migrate.exe" /s

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_2] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmp.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_8] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpshell.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_9] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpasf.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_10] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpdxm.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_11] C:\WINDOWS\system32\regsvr32 /s "C:\Programmi\Windows Media Player\mpvis.dll"

O4 - HKLM\..\RunOnce: [OE_WMPWMDM_Install_7] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mspmsnsv.dll

O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica tutti i video usando BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Scarica tutto usando BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Scarica usando &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll