Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

e1xplorer aiuto!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

e1xplorer aiuto!!!

Postdi ciccio68 » 24/06/06 14:46

Scusate, anche io ho il solito problema. Mi potete aiutare?Vi ringrazio in anticipo. Questo è il mio file di log:

Logfile of HijackThis v1.99.1
Scan saved at 15.44.08, on 24/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Programmi\ATI Technologies\ATI.ACE\cli.exe
E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\Programmi\File comuni\Symantec Shared\ccApp.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
E:\Programmi\MessengerPlus! 3\MsgPlus1.exe
E:\Programmi\Winamp\winampa.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Messenger\msmsgs.exe
E:\WINDOWS\WNSXS~1\wuauclt.exe
E:\Documents and Settings\utente pc\Dati applicazioni\??sks\??plorer.exe
E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
E:\Programmi\Norton AntiVirus\navapsvc.exe
E:\Programmi\Guitar Pro 4 Demo\Mxmidi16.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
E:\Programmi\Outlook Express\msimn.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\DOCUME~1\UTENTE~1\IMPOST~1\Temp\Rar$EX00.015\HijackThis.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9FCFA6B3-B8FD-8D2E-1853-3F33B24E6008} - E:\DOCUME~1\FEDE&K~1\DATIAP~1\AMOKAI~1\More jugs.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - E:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [ATIPTA] E:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Smapp] E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RemoteControl] "E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DtParental] E:\PROGRA~1\DIGITA~1\DIGITA~1.EXE -noshow
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eBayToolbar] E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programmi\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "E:\Documents and Settings\°° FeDe & KiArA °°\Desktop\°°Fede°°\BearShare.exe" /pause
O4 - HKLM\..\Run: [grey flap vc blue] E:\Documents and Settings\All Users\Dati applicazioni\window kind grey flap\Castaim.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [IpWins] E:\Programmi\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Ehnn] "E:\WINDOWS\WNSXS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Odpaxa] E:\Documents and Settings\utente pc\Dati applicazioni\??sks\??plorer.exe
O4 - Startup: Eurobarre.lnk = E:\Programmi\eurobarre\eb.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://e:\programmi\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &eBay Search - res://E:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &MyToolBar Search - res://E:\Programmi\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Traduci parola in italiano - res://e:\programmi\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://e:\programmi\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://e:\programmi\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://e:\programmi\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - E:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: E:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesu ... .0.3.1.cab
O16 - DPF: {38AC73DF-F9EF-4530-AD58-BD993761EF85} (TurboUploader Pixbuster) - http://stampafoto.libero.it/printinglab ... buster.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bloodsugar.spaces.msn.com//Photo ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8485398978
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F961DF4-6518-43B7-AC0F-A81400ED73E7}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: E:\WINDOWS\system32\regedit.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - E:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
ciccio68
Newbie
 
Post: 8
Iscritto il: 24/06/06 14:42

Sponsor
 

Postdi Luke57 » 24/06/06 15:47

Ciao, per prima cosa copia hijackthis .exe in una cartella permanente del disco fisso appositamente creata, non temp né desktop. Altrimenti il programma non può fare il backup delle voci rimosse.

Scarica ATF cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare i file temporanei)

Ciao, scarica stinger 260 da qui:
http://vil.mcafeesecurity.com/vil/stinger/
(è standalone, non va installato) e mettilo sul desktop

1) Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK

Apri hijackthis, con tutte le applicazioni chiuse, premi ““open the misc tools section”, poi “open process manger”, individua ed evidenzia i processi ( se non ci sono, non ti preoccupare)
E:\WINDOWS\WNSXS~1\wuauclt.exe
E:\Documents and Settings\utente pc\Dati applicazioni\??sks\??plorer.exe
E:\Programmi\Guitar Pro 4 Demo\Mxmidi16.exe
Premi kill process

Torni alla pagina principale con back, premi “scan”, cerchi e spunti le seguenti voci (se cisono tutte):
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {9FCFA6B3-B8FD-8D2E-1853-3F33B24E6008} - E:\DOCUME~1\FEDE&K~1\DATIAP~1\AMOKAI~1\More jugs.exe (file missing)
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - E:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [IpWins] E:\Programmi\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [Ehnn] "E:\WINDOWS\WNSXS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Odpaxa] E:\Documents and Settings\utente pc\Dati applicazioni\??sks\??plorer.exe
O20 - AppInit_DLLs: E:\WINDOWS\system32\regedit.dll
Premi fix cheked

Cerchi ed elimina i seguenti file e/o cartelle:
C:\WINDOWS\system32\p2pnetworking.exe
E:\Programmi\ipwins\ipwins.exe
E:\Programmi\ToolBar888\MyToolBar.dll
E:\WINDOWS\WNSXS~1\wuauclt.exe
E:\Documents and Settings\utente pc\Dati applicazioni\??sks\??plorer.exe
E:\WINDOWS\system32\regedit.dll
E:\Programmi\Guitar Pro 4 Demo\Mxmidi16.exe

Fai una scansione con Singer in tutte le unità del computer (apri il programma e premi Scan)

Poi avvia ATFCleaner. Clicca sul menu main e poi seleziona la casella Select All. Adesso clicca sul pulsante Empty selected e aspetta il messaggio Done Cleaning!.
Da pannello di controllo.installazioni/applicazioni controlla che non vi siano programmi non installati da te, in pericolare P2networking

Riavvia in modalità normale.

Dopo queste procedure scansione on line qui:
http://housecall.trendmicro.com/

Posta nuovo log per controllo
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

e1xplorer aiuto!!!

Postdi ciccio68 » 24/06/06 22:47

Ti ringrazio molto per l'aiuto. Ho fatto quello che mi hai detto, ancge se alcuni files non sono riuscito a cancellarli. Ti invio nuovamente il file di log, dimmi quello che ancora non va. Grazie.

Logfile of HijackThis v1.99.1
Scan saved at 23.46.52, on 24/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Programmi\ATI Technologies\ATI.ACE\cli.exe
E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\Programmi\File comuni\Symantec Shared\ccApp.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
E:\Programmi\MessengerPlus! 3\MsgPlus1.exe
E:\Programmi\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Messenger\msmsgs.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
E:\Programmi\SymNetDrv\wSNDMon.exe
E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
E:\Programmi\Norton AntiVirus\navapsvc.exe
E:\Programmi\MSN Messenger\msnmsgr.exe
E:\Programmi\Outlook Express\msimn.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\WinRAR\WinRAR.exe
E:\DOCUME~1\UTENTE~1\IMPOST~1\Temp\Rar$EX00.687\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] E:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Smapp] E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RemoteControl] "E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DtParental] E:\PROGRA~1\DIGITA~1\DIGITA~1.EXE -noshow
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eBayToolbar] E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programmi\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "E:\Documents and Settings\°° FeDe & KiArA °°\Desktop\°°Fede°°\BearShare.exe" /pause
O4 - HKLM\..\Run: [grey flap vc blue] E:\Documents and Settings\All Users\Dati applicazioni\window kind grey flap\Castaim.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Eurobarre.lnk = E:\Programmi\eurobarre\eb.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://e:\programmi\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &eBay Search - res://E:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://e:\programmi\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://e:\programmi\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://e:\programmi\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://e:\programmi\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - E:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: E:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesu ... .0.3.1.cab
O16 - DPF: {38AC73DF-F9EF-4530-AD58-BD993761EF85} (TurboUploader Pixbuster) - http://stampafoto.libero.it/printinglab ... buster.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bloodsugar.spaces.msn.com//Photo ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8485398978
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F961DF4-6518-43B7-AC0F-A81400ED73E7}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - E:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
ciccio68
Newbie
 
Post: 8
Iscritto il: 24/06/06 14:42

Postdi Luke57 » 25/06/06 10:51

Ciao, la situazione sembra notevolmente migliorata.
Scarica Superantispyware versione free da qui:
http://www.superantispyware.com/
lo installi e lo aggiorni.
Fai una scansione completa del sistema. Posta poi nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

file di log

Postdi ciccio68 » 25/06/06 19:24

ok, questo è il nuvo file. Attendo istruzioni. Grazie.

Logfile of HijackThis v1.99.1
Scan saved at 20.22.14, on 25/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Programmi\Norton AntiVirus\navapsvc.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Programmi\ATI Technologies\ATI.ACE\cli.exe
E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\Programmi\File comuni\Symantec Shared\ccApp.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
E:\Programmi\MessengerPlus! 3\MsgPlus1.exe
E:\Programmi\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Messenger\msmsgs.exe
E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
E:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
E:\Programmi\Norton AntiVirus\OPScan.exe
E:\Programmi\WinRAR\WinRAR.exe
E:\DOCUME~1\UTENTE~1\IMPOST~1\Temp\Rar$EX00.594\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] E:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Smapp] E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RemoteControl] "E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DtParental] E:\PROGRA~1\DIGITA~1\DIGITA~1.EXE -noshow
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eBayToolbar] E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programmi\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "E:\Documents and Settings\°° FeDe & KiArA °°\Desktop\°°Fede°°\BearShare.exe" /pause
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Eurobarre.lnk = E:\Programmi\eurobarre\eb.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://e:\programmi\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &eBay Search - res://E:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://e:\programmi\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://e:\programmi\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://e:\programmi\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://e:\programmi\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - E:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: E:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesu ... .0.3.1.cab
O16 - DPF: {38AC73DF-F9EF-4530-AD58-BD993761EF85} (TurboUploader Pixbuster) - http://stampafoto.libero.it/printinglab ... buster.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bloodsugar.spaces.msn.com//Photo ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8485398978
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F961DF4-6518-43B7-AC0F-A81400ED73E7}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - E:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - E:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
ciccio68
Newbie
 
Post: 8
Iscritto il: 24/06/06 14:42

Postdi Luke57 » 26/06/06 22:21

Ciao, con hijackthis elimin a questo (considerato uno spyware):
O4 - HKLM\..\Run: [BearShare] "E:\Documents and Settings\°° FeDe & KiArA °°\Desktop\°°Fede°°\BearShare.exe" /pause
Elimina anche il relativo file BearShare.exe

Dai una passata con Ewido antispyware

http://www.ewido.net/en/onlinescan/
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi ciccio68 » 26/06/06 22:59

Ho fatto quello che mi hai detto, ma il file bearshare.exe non sono riuscito a trovarlo. Comunque sembra che vada tutto bene, solo non riesco ad eliminare l'icona di internet explorer con la scritta e1xplorer. Cosa devo fare? Grazie per la pazienza. Ciao
ciccio68
Newbie
 
Post: 8
Iscritto il: 24/06/06 14:42

Postdi ciccio68 » 26/06/06 23:33

Ti riposto il file di log.


Logfile of HijackThis v1.99.1
Scan saved at 0.33.23, on 27/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Programmi\Norton AntiVirus\navapsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Programmi\ATI Technologies\ATI.ACE\cli.exe
E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\Programmi\File comuni\Symantec Shared\ccApp.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
E:\Programmi\MessengerPlus! 3\MsgPlus1.exe
E:\Programmi\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Messenger\msmsgs.exe
E:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
E:\Programmi\ewido anti-spyware 4.0\guard.exe
E:\Programmi\ewido anti-spyware 4.0\ewido.exe
E:\Programmi\WinRAR\WinRAR.exe
E:\DOCUME~1\UTENTE~1\IMPOST~1\Temp\Rar$EX00.031\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] E:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Smapp] E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RemoteControl] "E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DtParental] E:\PROGRA~1\DIGITA~1\DIGITA~1.EXE -noshow
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eBayToolbar] E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programmi\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "E:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Eurobarre.lnk = E:\Programmi\eurobarre\eb.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://e:\programmi\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &eBay Search - res://E:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://e:\programmi\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://e:\programmi\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://e:\programmi\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://e:\programmi\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - E:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: E:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesu ... .0.3.1.cab
O16 - DPF: {38AC73DF-F9EF-4530-AD58-BD993761EF85} (TurboUploader Pixbuster) - http://stampafoto.libero.it/printinglab ... buster.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bloodsugar.spaces.msn.com//Photo ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8485398978
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F961DF4-6518-43B7-AC0F-A81400ED73E7}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - E:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - E:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
ciccio68
Newbie
 
Post: 8
Iscritto il: 24/06/06 14:42

Postdi Luke57 » 27/06/06 08:33

Ciao, il log pare a posto, fai una scansione con questo:
http://www.softpedia.com/get/Internet/P ... over.shtml
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi ciccio68 » 29/06/06 00:38

Scusa, ma non mi permette di aprirlo. Che mi consigli?
ciccio68
Newbie
 
Post: 8
Iscritto il: 24/06/06 14:42

Postdi ciccio68 » 29/06/06 00:45

Punto e daccapo, mi si aprono finestre continuamente. Invio il file di log. Aiutoooooooo!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 1.45.10, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\ewido anti-spyware 4.0\guard.exe
E:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Programmi\ATI Technologies\ATI.ACE\cli.exe
E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\Programmi\File comuni\Symantec Shared\ccApp.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
E:\Programmi\MessengerPlus! 3\MsgPlus1.exe
E:\Programmi\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Messenger\msmsgs.exe
E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
E:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\WinRAR\WinRAR.exe
E:\DOCUME~1\UTENTE~1\IMPOST~1\Temp\Rar$EX00.250\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - E:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] E:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Smapp] E:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RemoteControl] "E:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DtParental] E:\PROGRA~1\DIGITA~1\DIGITA~1.EXE -noshow
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eBayToolbar] E:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programmi\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Eurobarre.lnk = E:\Programmi\eurobarre\eb.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = E:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://e:\programmi\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &eBay Search - res://E:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://e:\programmi\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://e:\programmi\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://e:\programmi\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://e:\programmi\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - E:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: E:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesu ... .0.3.1.cab
O16 - DPF: {38AC73DF-F9EF-4530-AD58-BD993761EF85} (TurboUploader Pixbuster) - http://stampafoto.libero.it/printinglab ... buster.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bloodsugar.spaces.msn.com//Photo ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8485398978
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F961DF4-6518-43B7-AC0F-A81400ED73E7}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - E:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - E:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
ciccio68
Newbie
 
Post: 8
Iscritto il: 24/06/06 14:42

Postdi Luke57 » 29/06/06 15:46

Ciao, nel log non vedo niente di anomalo, non avari per caso installato la versione di Messenger Plus autorizzando l'emissione di popup? Prova a verificare da pannello di controllo, installazioni\applicazioni, ci clicchi e se ti appare l'opzione dei popup, la disattivi.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "e1xplorer aiuto!!!":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti