Ancora problemi Hi***jack

[anitapod]

Ho ancora il problema che ogni volta che voglio aprire un topic che contiene il nome Hi**jack mi si chiude Internet Explorer. In oltre non posso scaricare Hi**jack. Mia sorelle mi ha mandato Hi***jack per E-mail ma non so apre,anzi si apre per un secondo ma si chiude subito,non riesco a aviarlo.Cosa posso fare??????

[Luke57]

Ciao, sarà sicuramente un'infezione da linkoptimizer; scarica runanalyzer da qui (rilascia un rapporto stile hijackthis, anche se non propriamente uguale):
http://www.safer-networking.org/files/runalyz.exe
lasciagli caricare le informazioni, poi vai su "Rapporti" e clicca su "Crea Rapporto stile HJT",salvalo cliccando sull'icona apposita.
Poi lo incolli in un post.

[anitapod]

Ciao ho fatto come hai consigliato


Logfile of RunAlyzer 0.3. Copyright © 2000-2005 Safer Networking Limited. Tutti i diritti sono riservati.
Scan saved at 29/10/2006 14.31.20
Platform: Windows XP (Build: 2600) Service Pack 2 (5.1.2600)

Running processes:
[System]
System
c:\windows\toshibacenter.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CSRSS.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\ALG.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\toshibacenter.exe",
O20 - Winlogon Notify: SASWinLogon = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [avgnt] C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
O23 - Service: Driver ACPI Microsoft (ACPI) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ACPI.sys
O23 - Service: Eliminatore di eco acustico del kernel Microsoft (aec) - /owner unsupported/ - C:\WINDOWS\system32\drivers\aec.sys
O23 - Service: Ambiente supporto di rete AFD (AFD) - /owner unsupported/ - C:\WINDOWS\System32\drivers\afd.sys
O23 - Service: Service for WDM 3D Audio Driver (ALCXSENS) - /owner unsupported/ - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
O23 - Service: Service for Realtek AC97 Audio (WDM) (ALCXWDM) - /owner unsupported/ - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O23 - Service: Avvisi (Alerter) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Gateway di livello applicazione (ALG) - /owner unsupported/ - C:\WINDOWS\System32\alg.exe
O23 - Service: Driver del processore AMD K7 (AmdK7) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\amdk7.sys
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - /owner unsupported/ - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - /owner unsupported/ - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Gestione applicazione (AppMgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Protocollo client ARP 1394 (Arp1394) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\arp1394.sys
O23 - Service: Driver per supporti asincroni RAS (AsyncMac) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\asyncmac.sys
O23 - Service: Controller disco rigido IDE/ESDI standard (atapi) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\atapi.sys
O23 - Service: Protocollo client ARP ATM (Atmarpc) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\atmarpc.sys
O23 - Service: Audio Windows (AudioSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver stub audio (audstub) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\audstub.sys
O23 - Service: avgntdd (avgntdd) - /owner unsupported/ - C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys
O23 - Service: avgntmgr (avgntmgr) - /owner unsupported/ - C:\WINDOWS\SYSTEM32\drivers\avgntmgr.sys
O23 - Service: Servizio trasferimento intelligente in background (BITS) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Browser di computer (Browser) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: C-DillaCdaC11BA (C-DillaCdaC11BA) - /owner unsupported/ - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Smart Cam, WDM Video Capture (Ca100v) - /owner unsupported/ - System32\Drivers\Ca100v.sys
O23 - Service: Closed Caption Decoder (CCDECODE) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
O23 - Service: CdaC15BA (CdaC15BA) - /owner unsupported/ - C:\WINDOWS\System32\drivers\CdaC15BA.SYS
O23 - Service: Driver del CD-ROM (Cdrom) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\cdrom.sys
O23 - Service: Servizio di indicizzazione (CiSvc) - /owner unsupported/ - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - /owner unsupported/ - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Applicazione di sistema COM+ (COMSysApp) - /owner unsupported/ - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Servizi di crittografia (CryptSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Utilità di avvio processo server DCOM (DcomLaunch) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Client DHCP (Dhcp) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver del disco (Disk) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\disk.sys
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - /owner unsupported/ - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Gestione dischi logici (dmserver) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Sintetizzatore DLS Microsoft Kernel (DMusic) - /owner unsupported/ - C:\WINDOWS\system32\drivers\DMusic.sys
O23 - Service: Client DNS (Dnscache) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Decodificatore audio DRM del kernel Microsoft (drmkaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\drmkaud.sys
O23 - Service: Servizio di segnalazione errori (ERSvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Registro eventi (Eventlog) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Sistema di eventi COM+ (EventSystem) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Compatibilità di Cambio rapido utente (FastUserSwitchingCompatibility) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Fax (Fax) - /owner unsupported/ - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Driver controller disco floppy (Fdc) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\fdc.sys
O23 - Service: Driver disco floppy (Flpydisk) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\flpydisk.sys
O23 - Service: FltMgr (FltMgr) - /owner unsupported/ - C:\WINDOWS\system32\drivers\fltmgr.sys
O23 - Service: Driver archiviazione volumi (Ftdisk) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ftdisk.sys
O23 - Service: Utilità di classificazione pacchetti generica (Gpc) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\msgpc.sys
O23 - Service: Guida in linea e supporto tecnico (helpsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Accesso periferica Human Interface (HidServ) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP (HTTP) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\HTTP.sys
O23 - Service: SSL HTTP (HTTPFilter) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di porta mouse PS/2 e tastiera i8042 (i8042prt) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
O23 - Service: Driver filtro masterizzazione CD (Imapi) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\imapi.sys
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - /owner unsupported/ - C:\WINDOWS\System32\imapi.exe
O23 - Service: Driver Windows Firewall IPv6 (ip6fw) - /owner unsupported/ - C:\WINDOWS\system32\drivers\ip6fw.sys
O23 - Service: Driver filtro traffico IP (IpFilterDriver) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
O23 - Service: Driver tunnel IP in IP (IpInIp) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ipinip.sys
O23 - Service: Traduttore indirizzi di rete IP (IpNat) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ipnat.sys
O23 - Service: Driver IPSEC (IPSec) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ipsec.sys
O23 - Service: Servizio enumeratore infrarossi (IRENUM) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\irenum.sys
O23 - Service: Driver bus PnP ISA/EISA (isapnp) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\isapnp.sys
O23 - Service: Driver classe tastiera (Kbdclass) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\kbdclass.sys
O23 - Service: Mixer wave audio del kernel Microsoft (kmixer) - /owner unsupported/ - C:\WINDOWS\system32\drivers\kmixer.sys
O23 - Service: Server (lanmanserver) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Helper NetBIOS di TCP/IP (LmHosts) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Messenger (Messenger) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - /owner unsupported/ - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Driver classe mouse (Mouclass) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\mouclass.sys
O23 - Service: Gestore installazione (Mounting) (MountMgr) - /owner unsupported/ -
O23 - Service: Redirector del client WebDav (MRxDAV) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\mrxdav.sys
O23 - Service: MRXSMB (MRxSmb) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
O23 - Service: Distributed Transaction Coordinator (MSDTC) - /owner unsupported/ - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - /owner unsupported/ - C:\WINDOWS\System32\msiexec.exe
O23 - Service: Proxy di servizio di flusso Microsoft (MSKSSRV) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O23 - Service: Proxy clock di flusso Microsoft (MSPCLOCK) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O23 - Service: Proxy di gestione qualità di flusso Microsoft (MSPQM) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPQM.sys
O23 - Service: Driver BIOS Microsoft System Management (mssmbios) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\mssmbios.sys
O23 - Service: Mup (Mup) - /owner unsupported/ -
O23 - Service: NABTS/FEC VBI Codec (NABTSFEC) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
O23 - Service: Driver di sistema NDIS (NDIS) - /owner unsupported/ -
O23 - Service: Microsoft TV/Video Connection (NdisIP) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\NdisIP.sys
O23 - Service: Driver TAPI NDIS di accesso remoto (NdisTapi) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ndistapi.sys
O23 - Service: Protocollo I/O modalità utente su NDIS (Ndisuio) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ndisuio.sys
O23 - Service: Driver WAN NDIS di accesso remoto (NdisWan) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ndiswan.sys
O23 - Service: Interfaccia NetBIOS (NetBIOS) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\netbios.sys
O23 - Service: NetBT (NetBT) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\netbt.sys
O23 - Service: DDE di rete (NetDDE) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: DDE DSDM di rete (NetDDEdsdm) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: Accesso rete (Netlogon) - /owner unsupported/ - C:\WINDOWS\System32\lsass.exe
O23 - Service: Connessioni di rete (Netman) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: 1394 Net Driver (NIC1394) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\nic1394.sys
O23 - Service: NLA (Network Location Awareness) (Nla) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Upper Class Filter Driver (NTIDrvr) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - /owner unsupported/ - C:\WINDOWS\System32\lsass.exe
O23 - Service: Archivi rimovibili (NtmsSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro traffico IPX (NwlnkFlt) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
O23 - Service: Driver inoltratore traffico IPX (NwlnkFwd) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
O23 - Service: Host controller VIA OHCI compatibile IEEE 1394 (ohci1394) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ohci1394.sys
O23 - Service: Driver della porta parallela (Parport) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\parport.sys
O23 - Service: Gestore partizioni (PartMgr) - /owner unsupported/ -
O23 - Service: Driver bus PCI (PCI) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\pci.sys
O23 - Service: Plug and Play (PlugPlay) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Servizi IPSEC (PolicyAgent) - /owner unsupported/ - C:\WINDOWS\System32\lsass.exe
O23 - Service: WAN Miniport (PPTP) (PptpMiniport) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\raspptp.sys
O23 - Service: Driver processore (Processor) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\processr.sys
O23 - Service: Archiviazione protetta (ProtectedStorage) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Utilità di pianificazione pacchetti QoS (PSched) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\psched.sys
O23 - Service: Driver Direct Parallel Link (Ptilink) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ptilink.sys
O23 - Service: Driver connessione automatica Accesso remoto (RasAcd) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O23 - Service: Auto Connection Manager di Accesso remoto (RasAuto) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: WAN Miniport (L2TP) (Rasl2tp) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
O23 - Service: Connection Manager di Accesso remoto (RasMan) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver PPPOE di accesso remoto (RasPppoe) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\raspppoe.sys
O23 - Service: Direct Parallel (Raspti) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\raspti.sys
O23 - Service: Rdbss (Rdbss) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\rdbss.sys
O23 - Service: Gestione sessione di assistenza mediante desktop remoto (RDSessMgr) - /owner unsupported/ - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Driver filtro riproduzione CD-ROM audio digitale (redbook) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\redbook.sys
O23 - Service: Routing e Accesso remoto (RemoteAccess) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: RPC Locator (RpcLocator) - /owner unsupported/ - C:\WINDOWS\System32\locator.exe
O23 - Service: RPC (Remote Procedure Call) (RpcSs) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - /owner unsupported/ - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver (RTL8023) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
O23 - Service: Gestione account di protezione (SAM) (SamSs) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: SASDIFSV (SASDIFSV) - /owner unsupported/ - C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
O23 - Service: SASENUM (SASENUM) - /owner unsupported/ - C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
O23 - Service: SASKUTIL (SASKUTIL) - /owner unsupported/ - C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
O23 - Service: smart card (SCardSvr) - /owner unsupported/ - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Utilità di pianificazione (Schedule) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secdrv (Secdrv) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\secdrv.sys
O23 - Service: Accesso secondario (seclogon) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notifica eventi di sistema (SENS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro Serenum (serenum) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\serenum.sys
O23 - Service: Driver della porta seriale (Serial) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\serial.sys
O23 - Service: Windows Firewall / Condivisione connessione Internet (ICS) (SharedAccess) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rilevamento hardware shell (ShellHWDetection) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: BDA Slip De-Framer (SLIP) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\SLIP.sys
O23 - Service: Frazionatore audio del kernel Microsoft (splitter) - /owner unsupported/ - C:\WINDOWS\system32\drivers\splitter.sys
O23 - Service: Spooler di stampa (Spooler) - /owner unsupported/ - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Driver filtro Ripristino configurazione di sistema (sr) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\sr.sys
O23 - Service: Servizio Ripristino configurazione di sistema (srservice) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Srv (Srv) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\srv.sys
O23 - Service: Servizio di rilevamento SSDP (SSDPSRV) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver per fotocamera digitale seriale (StillCam) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\serscan.sys
O23 - Service: Acquisizione di immagini di Windows (WIA) (stisvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: BDA IPSink (streamip) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\StreamIP.sys
O23 - Service: Driver bus software (swenum) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\swenum.sys
O23 - Service: Sintetizzatore Wavetable GS kernel Microsoft (swmidi) - /owner unsupported/ - C:\WINDOWS\system32\drivers\swmidi.sys
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - /owner unsupported/ - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Periferica audio di sistema Microsoft Kernel (sysaudio) - /owner unsupported/ - C:\WINDOWS\system32\drivers\sysaudio.sys
O23 - Service: Avvisi e registri di prestazioni (SysmonLog) - /owner unsupported/ - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver protocollo TCP/IP (Tcpip) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\tcpip.sys
O23 - Service: Driver della periferica terminale (TermDD) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\termdd.sys
O23 - Service: Servizi terminal (TermService) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Temi (Themes) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Manutenzione collegamenti distribuiti client (TrkWks) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Filtro Microsoft AGPv3.5 (uagp35) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\uagp35.sys
O23 - Service: Driver aggiornamento microcodice (Update) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\update.sys
O23 - Service: Host di periferiche Plug and Play universali (upnphost) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Gruppo di continuità (UPS) - /owner unsupported/ - C:\WINDOWS\System32\ups.exe
O23 - Service: DSC Still Image Capture (CA100) (USBCamera) - /owner unsupported/ - System32\Drivers\Bulk100.sys
O23 - Service: Driver principale generico USB Microsoft (usbccgp) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\usbccgp.sys
O23 - Service: Driver Miniport controller enhanced host USB 2.0 Microsoft (usbehci) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\usbehci.sys
O23 - Service: Hub abilitato USB2 (usbhub) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\usbhub.sys
O23 - Service: Classe stampanti USB Microsoft (usbprint) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\usbprint.sys
O23 - Service: Driver scanner USB (usbscan) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\usbscan.sys
O23 - Service: Driver archiviazione di massa USB (usbstor) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
O23 - Service: Driver Miniport Controller Universal Host USB Microsoft (usbuhci) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\usbuhci.sys
O23 - Service: Controller video VGA. (VgaSave) - /owner unsupported/ - C:\WINDOWS\System32\drivers\vga.sys
O23 - Service: Virit eXplorer Lite (viritsvclite) - /owner unsupported/ - C:\VEXPLITE\viritsvc.exe
O23 - Service: Copia replicata del volume (VSS) - /owner unsupported/ - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Ora di Windows (W32Time) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver ARP IP di accesso remoto (Wanarp) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\wanarp.sys
O23 - Service: Driver di compatibilità audio Microsoft WINMM WDM (wdmaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\wdmaud.sys
O23 - Service: WebClient (WebClient) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Strumentazione gestione Windows (winmgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Scheda WMI Performance (WmiApSrv) - /owner unsupported/ - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Centro sicurezza PC (wscsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: World Standard Teletext Codec (WSTCODEC) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
O23 - Service: Aggiornamenti automatici (wuauserv) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zero Configuration reti senza fili (WZCSVC) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Provisioning di rete (xmlprov) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {20DC44B5-D466-4F26-9ECF-F3FF0C8A6DFB} - blank
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} () - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://java.sun.com/products/plugin/aut ... s-i586.cab

[Luke57]

Ciao, Scarica AVGPfix da qui:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

Se non ti è scauto aggiorna virit alle ultimissime definizioni.

Poi apri il taskmanager (Ctrl+alt+canc) premi il tab Processi, se individui
toshibacenter.exe
lo evidenzi e premi Termina processo.

Apri il registro di sistema:
start>esegui>regedit (lo digiti nello spazio bianco)>OK
Aperto l’ediror del registro, ciccando sul segno + accanto alle singole voci, segui questo percorso:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsot\WindowsNT\CurrentVersion\Winlogon, click sullacartella Winlogon, cerchi sulla destra questo valore:
Userinit REG_SZ c:\windows\system32 \userinit.exe,"c:\windows\toshibacenter.exe

doppio click su di esso, nella finestra Modifica stringa che si apre, nello spazio apposito, troverai scritto:
c:\windows\system32\userinit.exe,c:\windows\toshibacenter.exe
selezioni
,c:\windows\toshibacenter.exe (virgola compresa)
in modo che non evidenziato resti:
c:\windows\system32 \userinit.exe, (virgola compresa)
premi il tasto canc>OK
Attenta a non cancellare
c:\windows\system32\userinit.exe,
il computer non sarebbe in grado di riavviarsi.

Rendi visibili file e cartelle nascosti (vai in start>impostazioni>pannello di controllo>opzioni cartella, e clicca su "visualizzazione". Seleziona "visualizza file e cartelle nascosti", "visualizza il contenuto delle cartelle di sistema" e deseleziona "nascondi file protetti e di sistema". Clicca su OK

Esegui AVGPfix, cercando ed eliminando il file:
c:\windows\toshibacenter.exe

Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Fai una scansione completa del sistema con virit
Riavvia in mod.normale, nuova scansione con Virit, posta il report delle scansioni di Virit e prova a riutilizzare hijackthis.

[anitapod]

Finalmente si aviato HIJACK, qua il report:

Logfile of HijackThis v1.99.1
Scan saved at 19.38.10, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ANITA PODBELSEK\Documenti\ANTIVIRUS\arsch.com\hijack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {20DC44B5-D466-4F26-9ECF-F3FF0C8A6DFB} - blank (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0069627062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0069554484
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

In piu mando il logfile di VIRIT:

29/10/2006 - 19:05:23

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 48727.
Files Totali: 48727.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK

[Luke57]

Ciao, apri hiajckthis, premi "do a system scan only", cerca e spunta:
O2 - BHO: Class - {20DC44B5-D466-4F26-9ECF-F3FF0C8A6DFB} - blank (file missing)

premi fix checked.

Inoltre, quella BHO è una vce che fa riferimento a linkoptimizer, usa questi due tool che trovi qui:
http://www.pc-facile.com/forum/viewtopic.php?t=49816
disattiva l'antivirus durante la scansione. Quello della prevx terminerà la scansione al riavvio del computer. Al termine della stessa, rilascia un report in C:\Gromozon_Removal.log; quello della symantec nella cartella dove hai collocato il file.

Posta entrambi i report.

[anitapod]

Ciao Luke

Qua il report del Prevx

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni


Trojan.Gromozon does not exist - your system is clean.

Invece FixLinkOpt mi dice :
Symantec Trojan Linkoptimizer Removal must be execudet from save boot mode only.
Come faccio questo save boot mode???

[anitapod]

Qua anche il Fixlink,ho capito che devo farlo in modalità provisoria

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.

Ho aperto anche Hijack e seguito i tuoi ultimi consigli.
Adesso sarà tutto a posto????