Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

firefox ed explorer aprono finestre all'improvviso

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

firefox ed explorer aprono finestre all'improvviso

Postdi jaja_65 » 04/10/08 23:28

ciao a tutti, ho cercato nei topic qualcosa che facesse al caso mio... ho provato anche scaricandomi ad-aware che ha trovato un po' di robaccia ma non mi ha risolto il problema.
All'inizio mi si aprivano solo le finestre di explorer (che tra l'altro non uso) da ieri ha cominciato anche con firefox...
se vado in task manager-->processi, trovo un'applicazione che si chiama IEXPLORE.EXE. Pensavo che fosse quella a crearmi il problema... mi sbagliavo!
comunque vi allego il log di hijackthis. spero che qualcuno possa aiutarmi. grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.25.11, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmi\iPass\iPassConnect\iPassConnectGUI.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Acer\OrbiCam10\OrbiCam.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\TROTTA~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Lexico\CleverKeys\CK.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\iPass\iPassConnect\iPassConnectEngine.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\Teamspeak2_RC2\TeamSpeak.exe
D:\Sword of the New World\SNW\Sword of The New World\release\XTrap\XTrap.xt
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\trotta's family\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul0.dll
R3 - URLSearchHook: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMult.dll
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbSha0.dll
O1 - Hosts: 83.103.59.122 L2authd.lineage2.com
O1 - Hosts: 83.103.59.122 L2testauthd.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMult.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbSha0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul0.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul0.dll
O3 - Toolbar: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMult.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbSha0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [iPassConnect] C:\Programmi\iPass\iPassConnect\iPassConnectGUI.exe /S
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Programmi\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Dati applicazioni\Admin Inter 1 Mags\browse keep.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [L07IXLRD_2102578] "C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [deleteshow] C:\DOCUME~1\TROTTA~1\DATIAP~1\ACEBIT~1\SURF SOFTWARE SIZE.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: CleverKeys.lnk = C:\Programmi\Lexico\CleverKeys\CK.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?2abef00b016340fbbde65f353dd16cc3
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?2abef00b016340fbbde65f353dd16cc3
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Programmi\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Programmi\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Programmi\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 17863 bytes
jaja_65
Newbie
 
Post: 8
Iscritto il: 18/04/07 14:15

Sponsor
 

Re: firefox ed explorer aprono finestre all'improvviso

Postdi Luke57 » 05/10/08 08:57

Ciao, apri hijackthis premi "do a system scan only", cerca e spunta le voci seguenti:
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Dati applicazioni\Admin Inter 1 Mags\browse keep.exe
O4 - HKCU\..\Run: [deleteshow] C:\DOCUME~1\TROTTA~1\DATIAP~1\ACEBIT~1\SURF SOFTWARE SIZE.exe

premi fix checked.

Visualizza file e cartelle nascosti (risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti">OK)

Cerca ed elimina:
C:\Documents and Settings\All Users\Dati applicazioni\Admin Inter 1 Mags (la cartella)
C:\DOCUME~1\TROTTA~1\DATIAP~1\ACEBIT~1 (la cartella)

Poi, scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disattiva il tea timer di spybot che entra in conflitto con combofix
Poi avvia combofix.exe parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: firefox ed explorer aprono finestre all'improvviso

Postdi jaja_65 » 05/10/08 19:14

ecco il file di combofix
ComboFix 08-10-04.07 - trotta's family 2008-10-05 19.56.36.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1463 [GMT 2:00]
Eseguito da: C:\Documents and Settings\trotta's family\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Starware371
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\494_button_1b_def.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\494_button_1b_over.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\498_button_1b_def.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\498_button_1b_over.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\499_button_1b_def.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\499_button_1b_over.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\Button_60.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\Button_70.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\Button_80.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\findithotxp.png
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\finditxp.png
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\logo.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\contexts\error.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\contexts\Related.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\contexts\Travel.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Brani\BraniOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Brani\BraniOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Button_6\Button_6Options.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Button_6\Button_6Options.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Button_7\Button_7Options.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Button_7\Button_7Options.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Button_8\Button_8Options.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Button_8\Button_8Options.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Configurator\Configurator.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Configurator\Configurator.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Manager\ManagerOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\trotta's family\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\hzmgqc.dat
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\hzmgqc_nav.dat
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\hzmgqc_navps.dat
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\syauuww.dat
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\syauuww.exe
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\syauuww_nav.dat
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\syauuww_navps.dat
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\wnfvmwof.dat
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\wnfvmwof.exe
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\wnfvmwof_nav.dat
C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\wnfvmwof_navps.dat
C:\Documents and Settings\trotta's family\Impostazioni locali\Temporary Internet Files\artmod_jewel_expand.GIF
C:\Documents and Settings\trotta's family\Impostazioni locali\Temporary Internet Files\t012741a.jpg
C:\Documents and Settings\trotta's family\Impostazioni locali\Temporary Internet Files\t045082a.jpg
C:\Documents and Settings\trotta's family\Impostazioni locali\Temporary Internet Files\t054804a.jpg
C:\Documents and Settings\trotta's family\Impostazioni locali\Temporary Internet Files\t241020a.jpg
C:\Documents and Settings\trotta's family\Impostazioni locali\Temporary Internet Files\t641284a.jpg
C:\Documents and Settings\trotta's family\Preferiti\Videos.url
C:\InfoSat.txt
C:\Programmi\Hot internet offers
C:\Programmi\Hot internet offers\offers.exe
C:\Programmi\webmediaplayer
C:\Programmi\webmediaplayer\resources\wmp_translation_file.xml
C:\Programmi\webmediaplayer\skins\classic.skn
C:\Programmi\webmediaplayer\sqlite3.dll
C:\Programmi\webmediaplayer\uninst.exe
C:\Programmi\webmediaplayer\WebMediaPlayer.exe
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_MCHINJDRV
-------\Legacy_NPF
-------\Service_asc3550p
-------\Service_NPF
-------\Service_taskmon.sys


((((((((((((((((((((((((( Files Creati Da 2008-09-05 al 2008-10-05 )))))))))))))))))))))))))))))))))))
.

2008-10-05 19:32 . 2008-10-05 19:32 <DIR> d--hs---- C:\FOUND.001
2008-10-05 08:39 . 2008-10-05 20:00 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-05 08:39 . 2008-10-05 20:00 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-05 01:21 . 2008-10-05 01:21 <DIR> d--hs---- C:\FOUND.000
2008-10-05 01:14 . 2008-10-05 01:14 <DIR> d-------- C:\Programmi\Zone Labs
2008-10-05 01:14 . 2008-10-05 01:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-10-05 01:13 . 2008-10-05 01:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-10-04 13:08 . 2008-10-04 13:08 <DIR> d-------- C:\Programmi\Lavasoft
2008-10-04 13:08 . 2008-10-04 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-10-04 13:07 . 2008-10-04 13:07 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-10-01 21:35 . 2008-10-01 21:35 <DIR> d-------- C:\Programmi\sina
2008-10-01 21:35 . 2008-06-20 13:51 361,600 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old
2008-10-01 21:29 . 2008-10-01 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\wmp
2008-09-26 18:59 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-09-26 18:59 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\Programmi\Steinberg
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\Programmi\Image-Line
2008-09-22 17:38 . 2008-09-22 17:38 <DIR> d-------- C:\Documents and Settings\trotta's family\ANDREA
2008-09-21 20:05 . 2008-09-29 21:02 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-09-21 20:05 . 2008-09-29 21:02 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-09-21 20:05 . 2008-09-29 21:02 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-09-21 20:01 . 2008-09-21 20:01 <DIR> d-------- C:\Sierra
2008-09-21 20:01 . 2008-09-23 21:25 214 --a------ C:\WINDOWS\SIERRA.INI
2008-09-20 21:32 . 2008-09-20 21:32 <DIR> d-------- C:\Programmi\SopCast
2008-09-20 10:57 . 2008-09-20 10:57 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-09-20 10:57 . 2008-09-20 10:57 <DIR> d-------- C:\WINDOWS\system32\it
2008-09-20 10:57 . 2008-09-20 10:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-20 10:57 . 2008-09-20 10:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-20 10:54 . 2008-09-20 10:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 11:44 . 2008-09-18 11:44 <DIR> d--hs---- C:\FOUND.059
2008-09-17 12:16 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-09-16 16:22 . 2008-09-16 16:22 <DIR> d--hs---- C:\FOUND.058
2008-09-16 16:09 . 2008-09-16 16:09 <DIR> d-------- C:\Programmi\alaplaya
2008-09-14 20:10 . 2008-09-14 20:10 <DIR> d-------- C:\Programmi\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 03:31 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-05 03:31 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-01 21:48 --------- d-----w C:\Programmi\acebitssite
2008-08-31 21:21 --------- d-----w C:\Programmi\IrfanView
2008-08-31 10:40 --------- d-----w C:\Programmi\Circle Developement
2008-08-31 10:02 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-31 10:02 --------- d-----w C:\Programmi\File comuni\xing shared
2008-08-14 15:13 --------- d-----w C:\Programmi\Teamspeak2_RC2
2008-08-14 15:13 --------- d-----w C:\Documents and Settings\trotta's family\Dati applicazioni\teamspeak2
2008-08-11 19:11 267,304 ------w C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-08-11 19:10 952,360 ------w C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-08-09 08:43 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:38 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 07:05 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc0410.dll
2008-07-09 07:05 42,384 ----a-w C:\WINDOWS\zllsputility_loc0410.dll
2008-07-09 07:05 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc0410.dll
2008-07-09 07:05 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc0410.dll
2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:27 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-05-20 17:31 99,528 ----a-w C:\Documents and Settings\trotta's family\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-12-13 18:05 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-11-25 15:37 92,064 ----a-w C:\Documents and Settings\trotta's family\mqdmmdm.sys
2007-11-25 15:37 9,232 ----a-w C:\Documents and Settings\trotta's family\mqdmmdfl.sys
2007-11-25 15:37 79,328 ----a-w C:\Documents and Settings\trotta's family\mqdmserd.sys
2007-11-25 15:37 66,656 ----a-w C:\Documents and Settings\trotta's family\mqdmbus.sys
2007-11-25 15:37 6,208 ----a-w C:\Documents and Settings\trotta's family\mqdmcmnt.sys
2007-11-25 15:37 5,936 ----a-w C:\Documents and Settings\trotta's family\mqdmwhnt.sys
2007-11-25 15:37 4,048 ----a-w C:\Documents and Settings\trotta's family\mqdmcr.sys
2007-11-25 15:37 25,600 ----a-w C:\Documents and Settings\trotta's family\usbsermptxp.sys
2007-11-25 15:37 22,768 ----a-w C:\Documents and Settings\trotta's family\usbsermpt.sys
.

------- Sigcheck -------

2008-06-20 13:51 361600 4afb3b0919649f95c1964aa1fad27d73 C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 13:51 361600 4afb3b0919649f95c1964aa1fad27d73 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-09-07 20:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"L07IXLRD_2102578"="C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE" [2006-06-13 351000]
"DAEMON Tools Pro Agent"="C:\Programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]
"Google Update"="C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"eMuleAutoStart"="C:\Programmi\eMule\emule.exe" [2008-05-11 5423104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 64512]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 86016]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 344064]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 3080192]
"iPassConnect"="C:\Programmi\iPass\iPassConnect\iPassConnectGUI.exe" [2006-07-27 978944]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"AcerOrbicamRibbon"="C:\Programmi\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712]
"LVCOMSX"="C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-08-31 185896]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-07-20 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

C:\Documents and Settings\trotta's family\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-02-07 125624]
CleverKeys.lnk - C:\Programmi\Lexico\CleverKeys\CK.exe [2008-06-24 561664]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2008-06-29 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\FlashGet\\FlashGet.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\sina\\SAP\\SAPlatform.exe"=

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 78208]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-11-28 847392]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 16768]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ]
S3 ETX2US25;I-O DATA ETX2-US2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ETX2US25.SYS [2006-08-16 22528]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [ ]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2006-07-17 30368]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys [ ]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys [ ]
S3 XDva190;XDva190;C:\WINDOWS\system32\XDva190.sys [ ]
.
Contenuto della cartella 'Scheduled Tasks'

2008-09-29 C:\WINDOWS\Tasks\Norton Internet Security - Scansione completa sistema - trotta's family.job
- C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-10-05 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-03-14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-10-03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-05-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-05 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]

2008-10-04 C:\WINDOWS\Tasks\OGADaily.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]

2008-10-05 C:\WINDOWS\Tasks\BDAF39CE9344A036.job
- c:\docume~1\trotta~1\datiap~1\acebit~1\Lieslisttrust.exe []

2008-10-05 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\trotta's family\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 17:11]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-updateMgr - C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-wnfvmwof - c:\documents and settings\trotta's family\impostazioni locali\dati applicazioni\wnfvmwof.exe
HKCU-Run-fsm - (no file)
HKLM-Run-LogitechVideo[inspector] - C:\Programmi\Acer\OrbiCam\InstallHelper.exe


.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\trotta's family\Dati applicazioni\Mozilla\Firefox\Profiles\mct2tjyq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - C:\Programmi\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Programmi\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Programmi\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll
FF -: plugin - C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 20:02:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\PROGRAMMI\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAMMI\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM32\WGATRAY.EXE
C:\PROGRAMMI\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\PROGRAMMI\FILE COMUNI\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\PROGRAMMI\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\PROGRAMMI\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\PROGRAMMI\FILE COMUNI\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\PROGRAMMI\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAMMI\IPASS\IPASSCONNECT\IPASSPERIODICUPDATESERVICE.EXE
C:\PROGRAMMI\FILE COMUNI\LIGHTSCRIBE\LSSRVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRAMMI\LAUNCH MANAGER\LMANAGER.EXE
C:\DOCUME~1\TROTTA~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\iPass\iPassConnect\iPassConnectEngine.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-05 20:11:21 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-05 18:11:12

Pre-Run: 6.183.354.368 byte disponibili
Post-Run: 6,092,423,168 byte disponibili

412 --- E O F --- 2008-09-21 01:00:49
jaja_65
Newbie
 
Post: 8
Iscritto il: 18/04/07 14:15


Torna a Sicurezza e Privacy


Topic correlati a "firefox ed explorer aprono finestre all'improvviso":

Problema con firefox
Autore: Girod
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti