Home News Guide Hardware Download Forum Glossario

Condividi:        

wlapo, d.exe e pc ko

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

wlapo, d.exe e pc ko

Postdi spinch » 08/10/07 17:59

Mi ritrovo di punto in bianco in C: dei file .exe che si chiamano wlapo, d, adsghf. Credo siano la causa di un problema che mi si presenta sul pc che consiste nell'invio infinito di e mail e che Symantec mi segnala come non effettuabili perchè tali indirizzi non esistono. In pratica per ogni tentata mail inviata symantec la scansiona e avvisa che non può effettuare l'operazione di invio. Questo per infinite volte a ritmo continuo sino a quando non riesco a disabilitare faticosamente la LAN che mi collega al modem adsl Alice. Così facendo il loop termina. Anche eliminando manualmente i file questi mi si ripresentano al successivo riavvio procurandomi lo stesso identico problema.
Inoltre non riesco più a collegarmi con alice utilizzando la connessione remota insieme alla connessione LAN: mi si disconnette dopo pochi minuti e mi si presenta un'altra connessione remota denominata "internet connection". Sempre, anche se la elimino dalle impostazioni internet mi si ripresenta.
Norton ogni tanto mi avvisa di file infetti presenti sul disco C che se vado a cercarli non li trovo (a.bat, it.exe)
Grazie in anticipo a quanti potranno aiutarmi


Logfile of HijackThis v1.99.1
Scan saved at 18.49.34, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\winmgnt.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\winmgnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programmi\RealVNC\WinVNC\WinVNC.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\SpyStopper\spystopper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\V0220Mon.exe
C:\Programmi\Creative\Shared Files\CTSched.exe
C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\WNDXP.exe
C:\WINDOWS\system32\windetd7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Bytemobile BHO - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Programmi\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] C:\Programmi\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpyStopper] C:\Programmi\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Programmi\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Audio Device Manager] WNDXP.exe
O4 - HKLM\..\Run: [Winupdates] windetd7.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {67ED061B-323B-4E1A-B24E-2A6E89765817} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1877632769
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: øÐp - øÐp (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogPpr - Unknown owner - \\?\C:\Programmi\File comuni\Services\com7.exe (file missing)
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
spinch
Utente Junior
 
Post: 23
Iscritto il: 09/01/06 00:14
Top
Sponsor
 

Postdi Luke57 » 08/10/07 18:12

Ciao, vai qui:
http://www.wininizio.it/forum/index.php ... 3&hl=Sdfix
utilizza il tool per come spiegato, posta poi il rapporto + nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Postdi spinch » 08/10/07 19:17

Perchè mi hai mandato lì? Mi porta ad una pagina di registrazione, cosa che ho fatto. Ti chiedo se devo ripostare la mia richiesta.
Qui non è possibile continuare?
Grazie.
spinch
Utente Junior
 
Post: 23
Iscritto il: 09/01/06 00:14
Top

Postdi spinch » 08/10/07 19:34

Di quale tools parli? Se rilinko dopo la registrazione mi dice che la pagina non esiste più.
spinch
Utente Junior
 
Post: 23
Iscritto il: 09/01/06 00:14
Top

Postdi Luke57 » 08/10/07 20:11

spinch ha scritto:Di quale tools parli? Se rilinko dopo la registrazione mi dice che la pagina non esiste più.

Ciao, scusa per il link fasullo, scarica sdfix da qui http://downloads.andymanchesta.com/remo ... /sdfix.zip
Riavvia il pc in modalità provvisoria, scompatta l'archivio, ed esegui il file sdfix.exe. Adesso recati in c:\sdfix ed esegui il file runthis.bat. Appena finisce la scansione premi un tasto per riavviare; al riavvio attendi la fine della scansione, poi recati in c:\sdfix, qui troverai un report, copiane il contenuto e postalo, insieme a un altro log di hijackthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Postdi spinch » 08/10/07 21:17

Contenuto di sdfix report:

SDFix: Version 1.107

Run by Proprietario on 08/10/2007 at 21.50

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted
C:\142060~1 - Deleted
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\97054b2d-f26b-a1e4-0609-328cca9403dc.tmp.exe - Deleted
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\$b17a2e8.tmp - Deleted
C:\d.exe - Deleted
C:\WINDOWS\img3841.zip - Deleted
C:\WINDOWS\img4851.zip - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\WINDOWS\system32\drivers\etc\hosts.bho - Deleted
C:\WINDOWS\system32\ssms.exe - Deleted
C:\WINDOWS\system32\TFTP2164 - Deleted
C:\WINDOWS\system32\TFTP2348 - Deleted
C:\WINDOWS\system32\TFTP2604 - Deleted
C:\WINDOWS\system32\TFTP2996 - Deleted
C:\WINDOWS\system32\TFTP3136 - Deleted
C:\WINDOWS\system32\TFTP3932 - Deleted
C:\WINDOWS\system32\TFTP4008 - Deleted
C:\WINDOWS\Temp\$_2341233.TMP - Deleted
C:\WINDOWS\Temp\$_2341234.TMP - Deleted
C:\WINDOWS\Temp\$_2341235.TMP - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\SpyStopper\\SpyStopper.exe"="C:\\Programmi\\SpyStopper\\SpyStopper.exe:*:Enabled:SpyStopper"
"C:\\Programmi\\hp center\\137903\\Program\\BackWeb-137903.exe"="C:\\Programmi\\hp center\\137903\\Program\\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"C:\\Programmi\\Yahoo!\\Messenger\\YPager.exe"="C:\\Programmi\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programmi\\Messenger\\msmsgs.exe"="C:\\Programmi\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmi\\Paltalk Messenger\\paltalk.exe"="C:\\Programmi\\Paltalk Messenger\\paltalk.exe:*:Enabled:Paltalk Messenger 8.1"
"C:\\Documents and Settings\\Proprietario\\Desktop\\webtv\\ViViPlay.exe"="C:\\Documents and Settings\\Proprietario\\Desktop\\webtv\\ViViPlay.exe:*:Disabled:ViViMediaPlay Microsoft ???????"
"C:\\Programmi\\ppStream\\ppStream.exe"="C:\\Programmi\\ppStream\\ppStream.exe:*:Enabled:ppStream P2P Streaming Player"
"C:\\Programmi\\PPLive\\PPLive.exe"="C:\\Programmi\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Programmi\\QQLive\\QQLive.exe"="C:\\Programmi\\QQLive\\QQLive.exe:*:Enabled:QQLive Microsoft ???????"
"C:\\Programmi\\Common Files\\Synacast\\SynaLive\\PE.exe"="C:\\Programmi\\Common Files\\Synacast\\SynaLive\\PE.exe:*:Enabled:SynacastPE"
"C:\\Programmi\\CoolstreamingIT\\CoolstreamingIT0.3.exe"="C:\\Programmi\\CoolstreamingIT\\CoolstreamingIT0.3.exe:*:Enabled:eBook Workshop"
"C:\\Documents and Settings\\Proprietario\\Desktop\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\Proprietario\\Desktop\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Programmi\\tvants\\Tvants.exe"="C:\\Programmi\\tvants\\Tvants.exe:*:Enabled:Tvants"
"C:\\Programmi\\TVEase\\tvease.exe"="C:\\Programmi\\TVEase\\tvease.exe:*:Enabled:tvease"
"C:\\Programmi\\Tencent\\QQLive\\QQLive.exe"="C:\\Programmi\\Tencent\\QQLive\\QQLive.exe:*:Enabled:QQ??????"
"C:\\Documents and Settings\\Proprietario\\mute\\MUTE\\fileSharingMUTE.exe"="C:\\Documents and Settings\\Proprietario\\mute\\MUTE\\fileSharingMUTE.exe:*:Enabled:fileSharingMUTE"
"C:\\Documents and Settings\\Proprietario\\Desktop\\MUTE\\fileSharingMUTE.exe"="C:\\Documents and Settings\\Proprietario\\Desktop\\MUTE\\fileSharingMUTE.exe:*:Enabled:fileSharingMUTE"
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programmi\\Internet Explorer\\iexplore.exe"="C:\\Programmi\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Programmi\\eDonkey2000\\edonkey2000.exe"="C:\\Programmi\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Documents and Settings\\All Users\\Desktop\\webtv\\ViViPlay.exe"="C:\\Documents and Settings\\All Users\\Desktop\\webtv\\ViViPlay.exe:*:Enabled:ViViMediaPlay Microsoft ???????"
"C:\\Programmi\\File comuni\\Synacast\\SynaLive\\PE.exe"="C:\\Programmi\\File comuni\\Synacast\\SynaLive\\PE.exe:*:Enabled:SynacastPE"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Programmi\\feidian\\Win32Client.exe"="C:\\Programmi\\feidian\\Win32Client.exe:*:Enabled:??????"
"C:\\Programmi\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"="C:\\Programmi\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe:*:Enabled:Namo WebEditor 5"
"C:\\Programmi\\NetMeeting\\conf.exe"="C:\\Programmi\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\Programmi\\mirc\\mirc.exe"="C:\\Programmi\\mirc\\mirc.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Condivis. App. RTC"
"C:\\Programmi\\StreamerOne\\streamerone.exe"="C:\\Programmi\\StreamerOne\\streamerone.exe:*:Enabled:streamerone"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Disabled:Esplora risorse"
"C:\\Programmi\\SightSpeed\\SightSpeed.exe"="C:\\Programmi\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Programmi\\RealVNC\\VNC4\\vncviewer.exe"="C:\\Programmi\\RealVNC\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32"
"C:\\Programmi\\RealVNC\\WinVNC\\winvnc.exe"="C:\\Programmi\\RealVNC\\WinVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\\Programmi\\RealVNC\\vncviewer.exe"="C:\\Programmi\\RealVNC\\vncviewer.exe:*:Enabled:vncviewer"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\SopCast\\SopCast.exe"="C:\\Programmi\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Proprietario\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Proprietario\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"c:\\windows\\system32\\windetd5.exe"="c:\\windows\\system32\\windetd5.exe:*:Enabled:windetd5"
"c:\\windows\\system32\\windetd7.exe"="c:\\windows\\system32\\windetd7.exe:*:Enabled:windetd7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 4 Oct 2007 22,265 ..SHR --- "C:\WINDOWS\WNDXP.exe"
Thu 5 Jun 2003 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sun 13 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 25 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 13 Mar 2005 119,808 A..H. --- "C:\Documents and Settings\casa\Desktop\ricerche loira\~WRL0917.tmp"
Sun 13 Mar 2005 91,136 A..H. --- "C:\Documents and Settings\casa\Desktop\ricerche loira\~WRL1393.tmp"
Sun 13 Mar 2005 105,472 A..H. --- "C:\Documents and Settings\casa\Desktop\ricerche loira\~WRL1569.tmp"
Sun 13 Mar 2005 105,984 A..H. --- "C:\Documents and Settings\casa\Desktop\ricerche loira\~WRL1589.tmp"
Sun 13 Mar 2005 105,472 A..H. --- "C:\Documents and Settings\casa\Desktop\ricerche loira\~WRL2095.tmp"
Sun 13 Mar 2005 78,336 A..H. --- "C:\Documents and Settings\casa\Desktop\ricerche loira\~WRL2767.tmp"
Fri 21 Oct 2005 660,992 A..H. --- "C:\Documents and Settings\Proprietario\Desktop\test\wininet.dll"
Sat 6 Sep 2003 1,206 A..HR --- "C:\Programmi\File comuni\Symantec Shared\Registry Backup\ccReg.reg"
Thu 2 Jan 2003 1,206 A..HR --- "C:\Programmi\File comuni\Symantec Shared\Registry Backup\ccReg_old.reg"
Thu 2 Jan 2003 12,262 A..HR --- "C:\Programmi\File comuni\Symantec Shared\Registry Backup\CommonClient_old.reg"
Sat 6 Sep 2003 12,368 A..HR --- "C:\Programmi\File comuni\Symantec Shared\Registry Backup\CommonClient.reg"
Tue 22 Nov 2005 20,480 ...H. --- "C:\Documents and Settings\casa\Dati applicazioni\Microsoft\Word\~WRL0003.tmp"
Tue 22 Nov 2005 20,992 ...H. --- "C:\Documents and Settings\casa\Dati applicazioni\Microsoft\Word\~WRL0005.tmp"
Thu 3 Feb 2005 19,456 A..H. --- "C:\Documents and Settings\casa\Dati applicazioni\Microsoft\Word\~WRL1247.tmp"
Thu 3 Feb 2005 19,456 A..H. --- "C:\Documents and Settings\casa\Dati applicazioni\Microsoft\Word\~WRL1386.tmp"
Tue 22 Nov 2005 21,504 ...H. --- "C:\Documents and Settings\casa\Dati applicazioni\Microsoft\Word\~WRL2679.tmp"
Thu 3 Feb 2005 19,456 A..H. --- "C:\Documents and Settings\casa\Dati applicazioni\Microsoft\Word\~WRL2828.tmp"
Sun 13 Mar 2005 108,032 A..H. --- "C:\Documents and Settings\casa\Dati applicazioni\Microsoft\Word\~WRL3010.tmp"
Mon 31 Jan 2005 19,456 A..H. --- "C:\Documents and Settings\casa\Dati applicazioni\Microsoft\Word\~WRL3125.tmp"
Sun 13 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\casa\Documenti\Musica\Backup licenza\drmv1key.bak"
Mon 3 Apr 2006 20 A..H. --- "C:\Documents and Settings\casa\Documenti\Musica\Backup licenza\drmv1lic.bak"
Sun 13 Nov 2005 400 A.SH. --- "C:\Documents and Settings\casa\Documenti\Musica\Backup licenza\drmv2key.bak"
Sun 13 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\Proprietario\Documenti\Musica\Backup licenza\drmv1key.bak"
Sun 13 Nov 2005 20 A..H. --- "C:\Documents and Settings\Proprietario\Documenti\Musica\Backup licenza\drmv1lic.bak"
Sun 13 Nov 2005 400 A.SH. --- "C:\Documents and Settings\Proprietario\Documenti\Musica\Backup licenza\drmv2key.bak"
Sat 8 Nov 2003 7,318 A..H. --- "C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Office\Shortcut Bar\DesD.tmp"
Sun 12 Oct 2003 8,246 A..H. --- "C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Office\Shortcut Bar\DesDh.tmp"
Sun 12 Oct 2003 8,246 A..H. --- "C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Office\Shortcut Bar\DesDs.tmp"
Sat 8 Nov 2003 2,518 A..H. --- "C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Office\Shortcut Bar\Off9.tmp"
Sun 12 Oct 2003 8,246 A..H. --- "C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Office\Shortcut Bar\Off9h.tmp"
Sun 12 Oct 2003 8,246 A..H. --- "C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Office\Shortcut Bar\Off9s.tmp"

Finished!

Contenuto di hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 22.14.21, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\winmgnt.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\winmgnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programmi\RealVNC\WinVNC\WinVNC.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\windows\system\hpsysdrv.exe
C:\Programmi\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\SpyStopper\spystopper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\V0220Mon.exe
C:\Programmi\Creative\Shared Files\CTSched.exe
C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\windetd7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
c:\Programmi\File comuni\Symantec Shared\NMain.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Bytemobile BHO - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Programmi\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] C:\Programmi\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpyStopper] C:\Programmi\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Programmi\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Winupdates] windetd7.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {67ED061B-323B-4E1A-B24E-2A6E89765817} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1877632769
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: àøX - àøX (file missing)
O20 - Winlogon Notify: øÐp - øÐp (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogPpr - Unknown owner - \\?\C:\Programmi\File comuni\Services\com7.exe (file missing)
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

Grazie.
spinch
Utente Junior
 
Post: 23
Iscritto il: 09/01/06 00:14
Top

Postdi Luke57 » 09/10/07 20:51

Ciao, per caso ho visto che hai esposto il tuo problema anche in un altro forum. Per non fare fatica doppia, dato che questo log di hijackthis è pieno di infezioni, e siccome nel medesimo forum hai detto di aver quasi risolto il tuo problema (me lo auguro ;)) , ti consiglio di continuare lì.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Postdi spinch » 09/10/07 23:02

Luke, è risolvibile la faccenda?
O devo iniziare a fare dei salvataggi?
spinch
Utente Junior
 
Post: 23
Iscritto il: 09/01/06 00:14
Top
Rispondi al post

Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 34 ospiti