anysty2
19-12-2007, 01:05
raga sono due giorni che sto uscendo pazzo , sono tornato a casa e ho troato aperte 99 pagine di explorer , e io non uso explorer sono andato a vedere e uscivano cose strane window alert ha rilevato un virus, cleaner virus , e roba simile tutti link che non servivono a niente , poi mi sono accorto che non avevo piu punti di ripristino e che non mi fa entrare sul task manager , oltretutto si espande se copio qualkosa in una memoria di massa .
allora ho fatto la procedura prima di tutto ho avviato
ads revealer
A-Squared Free v3
Prevx CSI
e poi lo scan online di bitdefender windows e panda
mi hanno trovato il trojan e vari virus e li hanno eliminato solo ke ora ho il pc lento il task manager che non va e ogni tanto si riapre qualke pagina come devo fare help me non voglio formattare
questo è il log di a-squared
Info]: report started at 12/17/07 23.38.39
[Info]: OS: 5.1 build 2600 (Service Pack 2)
[Note]: Analysis started at: 23.38.43
[Note]: Scan option: "Complete: all NTFS drives"
[Note]: H:\Documents and Settings\Administrator\Desktop\Firefox Setup 2.0.0.6.exe (:Zone.Identifier:$DATA) => Size: 26 => SHA1: D59FC84CDD5217C6CF74785703655F78DA6B582B
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\IMAG0021.avi (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\oreste da roncade.wav (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\Q42PJF.pdf (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\telefonata.wmv (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\vincenzo il cretino.rar (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\Immagini\Adobe\Digital Camera Photos\2007-10-07-2030-31\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\Administrator\Documenti\Immagini\Adobe\Digital Camera Photos\2007-10-28-1047-25\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\Administrator\Documenti\My Recordings\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anysty@hotmail.it\Sharing Folders\antoniosavaia@hotmail.it\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_Quicksilver.uis_Scrollbar (:Smaller.WB4:$DATA) => Size: 2416 => SHA1: 6DB88EEEAEEC7232EAC441B4313AFC39796572D7
[Note]: H:\Programmi\eMule\Incoming\fulm\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\sistemi operativi\programmi\vair\Install_Messenger.exe (:Zone.Identifier:$DATA) => Size: 26 => SHA1: D59FC84CDD5217C6CF74785703655F78DA6B582B
[Note]: H:\Programmi\eMule\Incoming\sistemi operativi\programmi\vair\wrar370it.exe (:Zone.Identifier:$DATA) => Size: 26 => SHA1: D59FC84CDD5217C6CF74785703655F78DA6B582B
[Note]: H:\Programmi\eMule\Incoming\telefilm\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\telefilm\csi 7\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\telefilm\dexter.s01e01.hdtv.xvid-hv.ita_sub\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\telefilm\friday\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\telefilm\prison break\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: Analysis finished. Elapsed time (hh:mm:ss): 23:35:32. Files checked: 81700
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\prison break\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\friday\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\dexter.s01e01.hdtv.xvid-hv.ita_sub\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\csi 7\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\sistemi operativi\programmi\vair\wrar370it.exe:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\sistemi operativi\programmi\vair\Install_Messenger.exe:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\fulm\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_Quicksilver.uis_Scrollbar:Smaller.WB4:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anysty@hotmail.it\Sharing Folders\antoniosavaia@hotmail.it\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\My Recordings\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\Immagini\Adobe\Digital Camera Photos\2007-10-28-1047-25\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\Immagini\Adobe\Digital Camera Photos\2007-10-07-2030-31\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\vincenzo il cretino.rar:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\telefonata.wmv:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\Q42PJF.pdf:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\oreste da roncade.wav:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\IMAG0021.avi:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Desktop\Firefox Setup 2.0.0.6.exe:Zone.Identifier:$DATA deleted successfully.
questo di hisjackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.10.37, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Programmi\Laser Center\Laser Sensor Mouse\Panel.exe
H:\Programmi\Microsoft IntelliType Pro\itype.exe
H:\Programmi\Microsoft IntelliPoint\ipoint.exe
H:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe
H:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
H:\Programmi\iTunes\iTunesHelper.exe
H:\Programmi\VMware\VMware Workstation\vmware-tray.exe
H:\Programmi\VMware\VMware Workstation\hqtray.exe
H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
H:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
H:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Programmi\MSN Messenger\MsnMsgr.Exe
H:\Programmi\Messenger\msmsgs.exe
H:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
H:\Programmi\RALINK\Common\RaUI.exe
H:\Programmi\OpenOffice.org 2.3\program\soffice.exe
H:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
H:\Programmi\a-squared Free\a2service.exe
H:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
H:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
H:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
H:\WINDOWS\system32\vmnat.exe
H:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
H:\Programmi\VMware\VMware Workstation\vmware-authd.exe
H:\WINDOWS\system32\vmnetdhcp.exe
H:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
H:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmi\iPod\bin\iPodService.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Programmi\MSN Messenger\usnsvc.exe
H:\WINDOWS\system32\wuauclt.exe
H:\PROGRA~1\MOZILL~1\FIREFOX.EXE
H:\WINDOWS\explorer.exe
H:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - H:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Programmi\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - H:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - H:\Programmi\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - H:\Programmi\FlashFXP\IEFlash.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - H:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - H:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - H:\Programmi\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: The leosrv - {DCBF721A-11E3-4FB8-93D6-9AE46178D5B6} - H:\WINDOWS\leosrv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - H:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Laser mouse] "H:\Programmi\Laser Center\Laser Sensor Mouse\Panel.exe"
O4 - HKLM\..\Run: [itype] "H:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "H:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WinDVR SchSvr] "H:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] H:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "H:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vmware-tray] H:\Programmi\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "H:\Programmi\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [TopDesk] H:\Programmi\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "H:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CatalystRegistration] "H:\Programmi\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [CloneCDTray] "H:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "H:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "H:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [PrevxOne] "H:\Programmi\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "H:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DeskSpace] H:\Programmi\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [Steam] "H:\Programmi\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [eMuleAutoStart] H:\Programmi\eMule\eMule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = H:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: PartMetBackup.lnk = H:\Programmi\Java\jre1.6.0_03\bin\javaw.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = H:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = H:\Programmi\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Scarica tutti i video usando BitComet - res://H:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Scarica tutto usando BitComet - res://H:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Scarica usando &BitComet - res://H:\Programmi\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - H:\Programmi\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - file://H:\Programmi\eMule\Incoming\gioki\HACKERS\Interface\IntraLaunch.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: xcvwer - {466CCA78-0C1C-4CE8-A013-DF61FA8B414F} - H:\WINDOWS\xcvwer.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\Programmi\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - H:\Programmi\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - H:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - H:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PREVXAgent - Prevx - H:\Programmi\Prevx2\PXAgent.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - H:\Programmi\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - H:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - H:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - H:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - H:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - H:\WINDOWS\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - H:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - H:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
a dimenticavo delle volte esce pazzo quando apro dei download con firefox o ie
grazie
allora ho fatto la procedura prima di tutto ho avviato
ads revealer
A-Squared Free v3
Prevx CSI
e poi lo scan online di bitdefender windows e panda
mi hanno trovato il trojan e vari virus e li hanno eliminato solo ke ora ho il pc lento il task manager che non va e ogni tanto si riapre qualke pagina come devo fare help me non voglio formattare
questo è il log di a-squared
Info]: report started at 12/17/07 23.38.39
[Info]: OS: 5.1 build 2600 (Service Pack 2)
[Note]: Analysis started at: 23.38.43
[Note]: Scan option: "Complete: all NTFS drives"
[Note]: H:\Documents and Settings\Administrator\Desktop\Firefox Setup 2.0.0.6.exe (:Zone.Identifier:$DATA) => Size: 26 => SHA1: D59FC84CDD5217C6CF74785703655F78DA6B582B
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\IMAG0021.avi (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\oreste da roncade.wav (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\Q42PJF.pdf (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\telefonata.wmv (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\Administrator\Documenti\File ricevuti\vincenzo il cretino.rar (:Zone.Identifier:$DATA) => Size: 26 => SHA1: ECF45C407708B09B856E4CCF0C9C002E80785226
[Note]: H:\Documents and Settings\Administrator\Documenti\Immagini\Adobe\Digital Camera Photos\2007-10-07-2030-31\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\Administrator\Documenti\Immagini\Adobe\Digital Camera Photos\2007-10-28-1047-25\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\Administrator\Documenti\My Recordings\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anysty@hotmail.it\Sharing Folders\antoniosavaia@hotmail.it\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_Quicksilver.uis_Scrollbar (:Smaller.WB4:$DATA) => Size: 2416 => SHA1: 6DB88EEEAEEC7232EAC441B4313AFC39796572D7
[Note]: H:\Programmi\eMule\Incoming\fulm\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\sistemi operativi\programmi\vair\Install_Messenger.exe (:Zone.Identifier:$DATA) => Size: 26 => SHA1: D59FC84CDD5217C6CF74785703655F78DA6B582B
[Note]: H:\Programmi\eMule\Incoming\sistemi operativi\programmi\vair\wrar370it.exe (:Zone.Identifier:$DATA) => Size: 26 => SHA1: D59FC84CDD5217C6CF74785703655F78DA6B582B
[Note]: H:\Programmi\eMule\Incoming\telefilm\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\telefilm\csi 7\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\telefilm\dexter.s01e01.hdtv.xvid-hv.ita_sub\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\telefilm\friday\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: H:\Programmi\eMule\Incoming\telefilm\prison break\Thumbs.db (:encryptable:$DATA) => Size: 0 => SHA1: N/A
[Note]: Analysis finished. Elapsed time (hh:mm:ss): 23:35:32. Files checked: 81700
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\prison break\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\friday\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\dexter.s01e01.hdtv.xvid-hv.ita_sub\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\csi 7\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\telefilm\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\sistemi operativi\programmi\vair\wrar370it.exe:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\sistemi operativi\programmi\vair\Install_Messenger.exe:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Programmi\eMule\Incoming\fulm\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Programmi\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_Quicksilver.uis_Scrollbar:Smaller.WB4:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anysty@hotmail.it\Sharing Folders\antoniosavaia@hotmail.it\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\My Recordings\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\Immagini\Adobe\Digital Camera Photos\2007-10-28-1047-25\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\Immagini\Adobe\Digital Camera Photos\2007-10-07-2030-31\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\vincenzo il cretino.rar:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\Thumbs.db:encryptable:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\telefonata.wmv:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\Q42PJF.pdf:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\oreste da roncade.wav:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Documenti\File ricevuti\IMAG0021.avi:Zone.Identifier:$DATA deleted successfully.
[Note]: Stream H:\Documents and Settings\Administrator\Desktop\Firefox Setup 2.0.0.6.exe:Zone.Identifier:$DATA deleted successfully.
questo di hisjackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.10.37, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Programmi\Laser Center\Laser Sensor Mouse\Panel.exe
H:\Programmi\Microsoft IntelliType Pro\itype.exe
H:\Programmi\Microsoft IntelliPoint\ipoint.exe
H:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe
H:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
H:\Programmi\iTunes\iTunesHelper.exe
H:\Programmi\VMware\VMware Workstation\vmware-tray.exe
H:\Programmi\VMware\VMware Workstation\hqtray.exe
H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
H:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
H:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Programmi\MSN Messenger\MsnMsgr.Exe
H:\Programmi\Messenger\msmsgs.exe
H:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
H:\Programmi\RALINK\Common\RaUI.exe
H:\Programmi\OpenOffice.org 2.3\program\soffice.exe
H:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
H:\Programmi\a-squared Free\a2service.exe
H:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
H:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
H:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
H:\WINDOWS\system32\vmnat.exe
H:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
H:\Programmi\VMware\VMware Workstation\vmware-authd.exe
H:\WINDOWS\system32\vmnetdhcp.exe
H:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
H:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmi\iPod\bin\iPodService.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Programmi\MSN Messenger\usnsvc.exe
H:\WINDOWS\system32\wuauclt.exe
H:\PROGRA~1\MOZILL~1\FIREFOX.EXE
H:\WINDOWS\explorer.exe
H:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - H:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Programmi\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - H:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - H:\Programmi\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - H:\Programmi\FlashFXP\IEFlash.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - H:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - H:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - H:\Programmi\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: The leosrv - {DCBF721A-11E3-4FB8-93D6-9AE46178D5B6} - H:\WINDOWS\leosrv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - H:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Laser mouse] "H:\Programmi\Laser Center\Laser Sensor Mouse\Panel.exe"
O4 - HKLM\..\Run: [itype] "H:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "H:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WinDVR SchSvr] "H:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] H:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "H:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vmware-tray] H:\Programmi\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "H:\Programmi\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [TopDesk] H:\Programmi\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "H:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CatalystRegistration] "H:\Programmi\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [CloneCDTray] "H:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "H:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "H:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [PrevxOne] "H:\Programmi\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "H:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DeskSpace] H:\Programmi\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [Steam] "H:\Programmi\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [eMuleAutoStart] H:\Programmi\eMule\eMule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = H:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: PartMetBackup.lnk = H:\Programmi\Java\jre1.6.0_03\bin\javaw.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = H:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = H:\Programmi\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Scarica tutti i video usando BitComet - res://H:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Scarica tutto usando BitComet - res://H:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Scarica usando &BitComet - res://H:\Programmi\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - H:\Programmi\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - file://H:\Programmi\eMule\Incoming\gioki\HACKERS\Interface\IntraLaunch.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: xcvwer - {466CCA78-0C1C-4CE8-A013-DF61FA8B414F} - H:\WINDOWS\xcvwer.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\Programmi\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - H:\Programmi\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - H:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - H:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - H:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PREVXAgent - Prevx - H:\Programmi\Prevx2\PXAgent.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - H:\Programmi\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - H:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - H:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - H:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - H:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - H:\WINDOWS\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - H:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - H:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
a dimenticavo delle volte esce pazzo quando apro dei download con firefox o ie
grazie