Il mio log al vostro giudizio

[giupy79]

Salve a tutti, sono nuovo e vi sottopongo il mio log convinto che qualcosa non va.Infatti il log non presenta i processi attivi dovuto forse al fatto che anche il tash manager mi dà continuamente errore!

cmq ecco il log, attendendo con fiducia un vostro giudizio.

Logfile of HijackThis v1.99.1
Scan saved at 12.01.52, on 27/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Giuseppe\Desktop\92622406.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {EB298A87-BD35-4424-9BA2-B198D2B63BBD} (WebPhoneEVT Control) - http://www.abbeyphone.com/activex/WebPh ... _heavy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD96CEA4-6026-43CF-A638-E621512E8886}: NameServer = 212.245.255.2 193.70.192.25
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: SysBjr - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\com7.exe (file missing)

[giupy79]

Help me! ho continui errori....

[andorra24]

Ciao, usa il tool della symantec:
http://securityresponse.symantec.com/av ... inkopt.exe

L´esito viene salvato nel file FixLinkopt.log
Incolla il report in un post.


Scarica anche questo tool di rimozione:
http://info.prevx.com/download.asp?grab=GROMOZONREMTOOL
disattiva momentaneamente l'antivirus, con i programmi e applicazioni chiusi, esegui il tool.
Al riavvio del computer, il programma terminerà la scansione nelle restanti cartelle di windows. Al termine della scansione sarà rilasciato un report in C:\Gromzon_Removal.log.
Posta il report sul forum.

[giupy79]

Symantec Trojan.Linkoptimizer Removal Tool 1.0.2
SeTakeOwnershipPrivilege acquired
Failed to acquire SeDebugPrivilege
service: SysBjr (logon as: .\Yuocn, passed filters)
service: SysBjr (file path: \\?\C:\Programmi\File comuni\Microsoft Shared\com7.exe - infected)
file: \\?\C:\Programmi\File comuni\Microsoft Shared\com7.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SysBjr\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SysBjr\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SysBjr (key deleted)
reg: ...\SpecialAccounts\UserList\Yuocn (value deleted)
folder: \\?\C:\Documents and Settings\Yuocn (deleted)
user: Yuocn (deleted)


C:\WINDOWS\system32\ayaa.dll: (deleted)
C:\WINDOWS\23.tmp: (deleted)
C:\WINDOWS\F.tmp: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\5F.tmp: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\m: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\21.tmp: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\22.tmp: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\25.tmp: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\8C.tmp: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\C6.tmp: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\C9.tmp: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\148.tmp: (deleted)
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\C.tmp: (deleted)
C:\Programmi\File comuni\System\com7.exe: (deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConnectionServices (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LinkOptimizer (key deleted)

Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 36898
The number of deleted threat files: 15
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of registry entries fixed: 6
The number of threat services removed: 1
The number of accounts disabled: 1

The tool initiated a system reboot.


Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS


Trojan.Gromozon does not exist - your system is clean.

[andorra24]

Scarica Gmer :
http://www.suspectfile.com/upload/files/tools/gmer.zip

Dopo averlo scompattato, lo avvii, selezioni "Rootkit" nella tabella dei Menu
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.

[giupy79]

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-28 13:07:32
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.10 ----

Device \Driver\SMBHC \Device\SmbHc IRP_MJ_CREATE [F7B09C98] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_CLOSEIRP_MJ_READ [F7B09C98] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B094A4] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_SHUTDOWN [F7B093D2] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_SYSTEM_CONTROL [F7B09386] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_DEVICE_CHANGE [F7B094A4] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_PNP_POWER [F7B09E88] SMBCLASS.SYS

---- Processes - GMER 1.0.10 ----

Process C:\WINDOWS\service32.exe (*** hidden *** ) 1596 <-- ROOTKIT !!!

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\45CHL7AM1J
Reg \Registry\MACHINE\SOFTWARE\45CHL7AM1J@45CHL7AM1J 0x01 0x00 0x00 0xB8 ...
Reg \Registry\MACHINE\SOFTWARE\45CHL7AM1J@45CHL7AM1J 0x01 0x00 0x00 0xB8 ...

---- EOF - GMER 1.0.10 ----

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-28 13:08:18
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxsrvc.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
anbmService /*Notebook Manager Service*/@ = C:\Acer\eManager\anbmServ.exe
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LaunchAppAlaunch = Alaunch
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@PCMService"C:\Program Files\Arcade\PCMService.exe" = "C:\Program Files\Arcade\PCMService.exe"
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@MSPY2002C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
@PHIME2002ASyncC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
@PHIME2002AC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@EPM-DMc:\acer\epm\epm-dm.exe = c:\acer\epm\epm-dm.exe
@ePowerManagementC:\Acer\ePM\ePM.exe boot = C:\Acer\ePM\ePM.exe boot
@LManagerC:\Programmi\Launch Manager\QtZgAcer.EXE = C:\Programmi\Launch Manager\QtZgAcer.EXE
@SunJavaUpdateSchedC:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe = C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@VoipStunt"C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized /*file not found*/ = "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} /*IZArc DragDrop Menu*/C:\Programmi\IZArc\IZArcCM.dll = C:\Programmi\IZArc\IZArcCM.dll
@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} /*IZArc Shell Context Menu*/C:\Programmi\IZArc\IZArcCM.dll = C:\Programmi\IZArc\IZArcCM.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
IZArcCM@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = C:\Programmi\IZArc\IZArcCM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
IZArcCM@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = C:\Programmi\IZArc\IZArcCM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\ACER.SCR

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://global.acer.com = http://global.acer.com
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Microsoft Office.lnk

---- EOF - GMER 1.0.10 ----

[Luke57]

Ciao di nuovo, esegui in ordine queste procedure:

Verifica se in pannello di controllo\installazioni\applicazioni hai LinkOptimizer /o Connection Services , se sì NON PROVARE A DISISTALLARLE, ma scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disistallare LinkOptimizer.
Apri il programma (click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer e/o Connection Services , click con il dx e scegli Delected)





4) scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Files to delete:
C:\WINDOWS\service32.exe

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.

Vai nella cartella C:\windows, se trovi:
syst32.dll
syshost.dll
eliminali
Posta un nuovo log di hiajckthis.

[giupy79]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gqqiwdpf

*******************

Script file located at: \??\C:\WINDOWS\system32\realfvxh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\service32.exe deleted successfully.


Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ora il log di hiajckthis

Logfile of HijackThis v1.99.1
Scan saved at 19.03.18, on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Abbeynet\Chocophone\chocophone.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Giuseppe\Desktop\peppe\programmi\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {EB298A87-BD35-4424-9BA2-B198D2B63BBD} (WebPhoneEVT Control) - http://www.abbeyphone.com/activex/WebPh ... _heavy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD96CEA4-6026-43CF-A638-E621512E8886}: NameServer = 193.70.152.25 193.70.192.25
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

cmq già noto i miglioramenti...grazie...

[andorra24]

Il log adesso e' pulito.

[giupy79]

Vi ringrazio infinitamente per i preziosi consigli.Grazie