Salve ragazzi..
qualche decina di giorni orsono, ho beccato come un cretino il virus ISTBAR.
Dopo aver cancellato qualche file, e aver disinfettato il pc usando questi programmi:

Trojan Remover
Stinger
Trend micro internet security
Scan on-line dal sito trend
Ad-Aware (lavasoft)
Spybot e destroyer
SwatIt
Microsoft Malware

temo di avere ancora questo rompi.. sul pc, perché
l'internet explorer si apre da solo indirizzandomi su una pagina non esistente, e sempre da solo mi chiude le pagine di explorer, mentre sto navigando :muro:

Ho installato successivamente il service pack 2 XP e attivato il firewall, ma le cose sono rimaste immutate :help:

Cosa devo fare???? :help:

posta il log di hijackthis ! :)

:mc:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
C:\Programmi\Trend Micro\Internet Security\tmproxy.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Multimedia\Trust\305KSMouse\mouse32a.exe
C:\Programmi\Trend Micro\Internet Security\pccguide.exe
C:\Programmi\Trend Micro\Internet Security\PCClient.exe
C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Multimedia\Trust\305KSKeyboard\KbdAp32A.exe
C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programmi\Internet\P2p\FiGo\mirc.exe
C:\WINDOWS\System32\wisptis.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programmi\Internet\Posta\MagicMail\Magic.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Salvatore\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\Utility\SnagIt 7\SnagItBHO.dll
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\system32\vFLjduld.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Utility\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\Utility\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmi\Multimedia\Trust\305KSKeyboard\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programmi\Multimedia\Trust\305KSMouse\mouse32a.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Programmi\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Utility\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Update.hta
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Utility\Download Express\Add_Url.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Adobe LM Service - Unknown - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\tmproxy.exe

help up

sospetti

O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\system32\vFLjduld.dll
O4 - Global Startup: Windows Update.hta
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

abbastanza sospetto

O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25

sconosciuti

C:\Programmi\Internet\Posta\MagicMail\Magic.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programmi\Multimedia\Trust\305KSMouse\mouse32a.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

ecco il virus

O4 - Global Startup: Windows Update.hta

ecco il virus

O4 - Global Startup: Windows Update.hta

Giaffatto. Grazie cmq.

mi chiedo solo come mai tutti quei belin di programmi sovracitati non lo abbiano mai individuato...

nn so com'è il trendmicro

mi chiedo solo come mai tutti quei belin di programmi sovracitati non lo abbiano mai individuato...
il miglior AV per il tuo pc sono le tue conoscenze,dunque te stesso

il miglior AV per il tuo pc sono le tue conoscenze,dunque te stesso
;) quoto
cmq spybot se non ricordo bene lo levava ma sicuramente qui ci ha messo del suo il ripristino del sistema ;)

;) quoto
cmq spybot se non ricordo bene lo levava ma sicuramente qui ci ha messo del suo il ripristino del sistema ;)

Disattivato a suo tempo...
cmq adesso si è ripresentato il problema sotto menti spoglie! :muro:

Dite che rimuovo i file sospetti in modalità provvisoria si toglierà x sempre?

Disattivato a suo tempo...
cmq adesso si è ripresentato il problema sotto menti spoglie! :muro:

Dite che rimuovo i file sospetti in modalità provvisoria si toglierà x sempre?
prova ma cmq non è che sia un virus di quelli che fanno dannare mi sembra strano che tu abbia questo problema ;) facci sapere

Non c'è verso di eliminarlo!
ho usato hijackthis, spybot e ad-aware
anche in modalità provvisoria...
Ogni volta che riavvio con hijackthis esce un file DLL
dalla cartella windows/system32 di nome sempre diverso e si
accompagna a questa stringa:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25


Cosa devo fare x debellare???

Non c'è verso di eliminarlo!
ho usato hijackthis, spybot e ad-aware
anche in modalità provvisoria...
Ogni volta che riavvio con hijackthis esce un file DLL
dalla cartella windows/system32 di nome sempre diverso e si
accompagna a questa stringa:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25


Cosa devo fare x debellare???

questo lascialo stare.. sono i parametri per la connessione al provider

O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25


riposta il log di Hijackthis

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
C:\Programmi\Trend Micro\Internet Security\tmproxy.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Multimedia\Trust\305KSMouse\mouse32a.exe
C:\Programmi\Trend Micro\Internet Security\pccguide.exe
C:\Programmi\Trend Micro\Internet Security\PCClient.exe
C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Multimedia\Trust\305KSKeyboard\KbdAp32A.exe
C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
C:\Programmi\Internet\Posta\MagicMail\Magic.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Salvatore\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.it/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\Utility\SnagIt 7\SnagItBHO.dll
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\system32\UcxHQxDy.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Utility\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\Utility\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmi\Multimedia\Trust\305KSKeyboard\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programmi\Multimedia\Trust\305KSMouse\mouse32a.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Programmi\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Utility\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Adobe LM Service - Unknown - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\tmproxy.exe

sicuramente questo è da fixare subito:

O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\system32\UcxHQxDy.dll

sicuramente questo è da fixare subito:

O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\system32\UcxHQxDy.dll

Si, ma dopo averlo fixato, quando riavvio il pc, mi esce un altro DLL di nome diverso, ma sempre che hijack mi da rosso...e ritornano gli stessi problemi che IE si apre e si chiude da solo!

...Quest' altra è sospetta:
"O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab"

...Quest' altra è sospetta:
"O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab"

Quello è il percorso della scansione online dal sito TREND MICRO

..Sì..credo che tu abbia ragione :D ...Il tuo caso è proprio difficile...

hai disabilitato il ripristino :mbe:

...Quest' altra è sospetta:
"O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab"
anche a me sempre sospetto...



sicuramente ce un altro file che continua a creare quei dile .dll :muro:

Fixa la solita riga

poi pulisci tutti file temporary internet files e le direttrici temp.

Usa Ccleaner.

poi start-esplora-impostazioni locali-temporary internet files e cancella a mano tutte le direttrici che sono eventualmente rimaste.

Poi fai il reboot della macchina

hai disabilitato il ripristino :mbe:
E' una settimana che il ripristino l'ho disabilitato

E' una settimana che il ripristino l'ho disabilitato
cacchio

allor fai come ha detto bluepix

se non funziona cerchiamo un altro metodo

O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25


a me mi puzza sta stringa...
Ho l'adsl con libero e il mio IP inizia con 151.xx.xx.xx

cmq non è quella cosa che ti crea quel file di cacca[mad]

Sembra che questo programma funzioni... Grazie!

Sembra che questo programma funzioni... Grazie!
;)

O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25


a me mi puzza sta stringa...
Ho l'adsl con libero e il mio IP inizia con 151.xx.xx.xx

Tranquillo è proprio lui:


Information related to '193.70.128.0 - 193.70.255.255'

inetnum: 193.70.128.0 - 193.70.255.255
netname: IT-INFOSTRADA-193-70
descr: INFOSTRADA
country: IT
admin-c: IIS1-RIPE
tech-c: IIS1-RIPE
status: ASSIGNED PA
mnt-by: AS1267-MNT
mnt-routes: AS1267-MNT
source: RIPE

person: Infostrada Internet Staff
address: Infostrada SpA
address: Via Lorenteggio 257
address: I-20152 Milano
address: Italy
phone: +39 02 413311
e-mail: staff@iunet.it
nic-hdl: IIS1-RIPE
mnt-by: AS1267-MNT
source: RIPE

:cry: E' tornato!!!

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
C:\Programmi\Trend Micro\Internet Security\tmproxy.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Multimedia\Trust\305KSMouse\mouse32a.exe
C:\Programmi\Trend Micro\Internet Security\pccguide.exe
C:\Programmi\Trend Micro\Internet Security\PCClient.exe
C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Multimedia\Trust\305KSKeyboard\KbdAp32A.exe
C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Salvatore\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.it/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\Utility\SnagIt 7\SnagItBHO.dll
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\system32\MDNJhnE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Utility\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\Utility\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmi\Multimedia\Trust\305KSKeyboard\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programmi\Multimedia\Trust\305KSMouse\mouse32a.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Programmi\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Utility\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Utility\Download Express\Add_Url.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Adobe LM Service - Unknown - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\tmproxy.exe

Non sembra che ci sia nulla che indichi quale sia l'agente di infezione.
(purtroppo il CLSID {01FB9C55-FC66-4476-A199-389241193188} non da nessun aiuto ed è riferito ad un generico "unknown malware")

Comunque io consiglierei di:
1) controllare il livello di sicurezza del firewall (porte 137-139 e 445)
2) Aggiornare windows con tutte le patches di sicurezza (Windows Update)
2) Fixare la solita riga
3) Lanciare CClear.
4) Aggiornare le firme dell'antivirus che hai installato
5) Fare uno scan on-line con panda
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

e se dovesse dare segnalazioni prendi nota e segnalacelo.

Buon lavoro

Adware:Adware/SaveNow No disinfected Windows Registry
Virus:Trj/Tofger.A Disinfected Operating system
Spyware:Spyware/BetterInet No disinfected Windows Registry
Virus:VBS/Inor.gen Disinfected C:\Documents and Settings\Salvatore\Desktop\backups\backup-20050509-162310-628-Windows Update.hta
Virus:Trj/Downloader.AGJ Disinfected C:\Documents and Settings\Salvatore\rundl32.exe
Virus:mIRC/Gen No disinfected C:\Download\addon.rar[revolution.ini]
Virus:Trj/Gatescan No disinfected C:\Download\Temporanea\chat\FiGo.rar[Wgscan.exe]
Virus:mIRC/Gen No disinfected C:\Download\Temporanea\chat\FiGo.rar[revolution.ini]
Virus:Trj/Gatescan Disinfected C:\Programmi\Internet\P2p\FiGo\addons\Wgscan.exe
Virus:mIRC/Gen Disinfected C:\Programmi\Internet\P2p\FiGo\revolution.ini
Adware:Adware/Wazzup No disinfected C:\WINDOWS\dd.dll
Adware:Adware/Wazzup No disinfected C:\WINDOWS\dd.dll.tmp
Adware:Adware/Wazzup No disinfected C:\WINDOWS\dd.exe
Virus:Trj/Downloader.SZ Disinfected C:\WINDOWS\Downloaded Program Files\tr5sc7\hsjdhsd.exe
Virus:Trj/Downloader.ALQ Disinfected C:\WINDOWS\gaSrv.exe
Virus:Trj/Agent.NE Disinfected C:\WINDOWS\nnx32.dll.tmp
Virus:Trj/Downloader.CPA Disinfected C:\WINDOWS\svchos1at.exe
Virus:Trj/Downloader.CPA Disinfected C:\WINDOWS\svchos1sat.exe
Virus:Trj/Downloader.CPA Disinfected C:\WINDOWS\svchos2sat.exe
Adware:Adware/FunWeb No disinfected C:\WINDOWS\system32\f3PSSavr.scr
Virus:W32/Mabutu.A.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from alesabpoiana@hotmail.com\[email-::ffff:212.171.245.215+NvVlqSY85.txt][jenifer.zip][jenifer.jpg
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from info@lordcanepari.it\[email-::ffff:82.54.132.245+iHJ05jI8R1W.txt]
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from geirsven@online.no\[email-::ffff:82.52.87.242+c0n1rguULcbV.txt]
Virus:W32/Mabutu.A.worm Disinfected Cartelle locali\Posta eliminata\Sex\[britney.zip][britney.jpg .scr]
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from msccatus@microsoft.com\[email-::ffff:82.55.175.244+PP6apf6MOJs.txt][Notice.zip][Notice.txt
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from sales@keszo.com\[email-::ffff:82.59.120.81+DRDwnAjRxe91.txt][Notice.zip][Notice.txt
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from kwlavoro@kataweb.it\[email-::ffff:82.56.70.21+PaKmwPVSqlN5a.txt]
Virus:W32/Mydoom.N.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from postmaster@ngi.it\[email-::ffff:82.56.70.21+MAAE7YxNC46Qb.txt][text.zip][text.htm
Virus:W32/Netsky.P.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from funds.selection@wanadoo.fr\[email-::ffff:82.56.70.21+reOInlt6gkwKm.txt][message.zip][details.txt .pif]
Virus:W32/Sober.V.worm Disinfected Cartelle locali\Posta eliminata\Registration Confirmation\[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Mydoom.N.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from postmaster@ngi.it\[email-::ffff:82.52.86.140+bu8wM82l0nM7.txt][message.zip][message.zip][Message.exe]
Virus:W32/Netsky.P.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from catanese2@guidocatanese.191.it\[email-::ffff:82.52.86.140+X5jJyvKvxNJF.txt][file.zip][data.rtf .scr]
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from search@it.tiscali.com\[email-::ffff:82.50.152.251+wseVTI4f2By.txt]
Virus:W32/Netsky.P.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from info@trepievi.com\[email-::ffff:82.50.152.251+RgL7qiCGjsT.txt][pwd02.txt .pif]
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from alession@allthematrix.net\[email-::ffff:82.55.175.15+EUrcqo35eDqm.txt][Details.zip][Details.txt
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from paul.mcjones@acm.org\[email-::ffff:213.45.168.103+XVjmOL5mhI.txt][Part-2.zip][Part-2.txt
Virus:W32/Mydoom.N.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from MAILER-DAEMON@ngi.it\[email-::ffff:82.54.142.110+wYFnAd3Dfv2.txt][letter.zip][letter.txt
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from gehl4@tecnocasa.it\[email-::ffff:82.54.142.110+Ihp3C0BvNwl.txt]
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from greatcustomer@msn.com\[email-::ffff:213.45.167.4+ICvgBPKnHB1S.txt][Part-2.zip][Part-2.txt
Virus:W32/Netsky.C.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from news899111111.info@it.buongiorno.com\[email-::ffff:82.49.138.103+NiA7NPxMVCQ.txt][class_photos.exe]
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from edc-annecy@wanadoo.fr\[email-::ffff:82.50.160.16+fVSsNMmAN697.txt]
Virus:W32/Mabutu.A.worm Disinfected Cartelle locali\Posta in arrivo\Hello\[brochure sviluppo italia.zip][brochure sviluppo italia.txt .scr]

ma che culo!!!
La tua collezione è quasi meglio della mia :eek:

mi puoi mandare qualcuno di quei file infetti o allegati di posta al mio indirizzo inviaqui@email.it??? mi faresti un grosso piacere.

inoltre potresti aggiungere il mio indirizzo nella tua rubrica così se ti infetti di nuovo qualcosa potrebbe arrivare anche a me :sofico:

..Comunque hai un report che è una "Caporetto"....La vedo dura.. :( .

1) Cancella tutte le directory sotto Internet temporary files
2) Svuota la cartella "Posta Eliminata" nel tuo client di posta

C'è da cancellare questi file (in modalità provvisoria)
C:\Download\addon.rar[revolution.ini]
C:\Download\Temporanea\chat\FiGo.rar[Wgscan.exe]
C:\Download\Temporanea\chat\FiGo.rar[revolution.ini]
C:\WINDOWS\dd.dll
C:\WINDOWS\dd.dll.tmp
C:\WINDOWS\dd.exe
C:\WINDOWS\system32\f3PSSavr.scr

poi rifai lo scan con Panda

se ci sono problemi riposta il log

ciao

Adware:Adware/SaveNow No disinfected Windows Registry
Virus:Trj/Tofger.A Disinfected Operating system
Spyware:Spyware/BetterInet No disinfected Windows Registry
Virus:VBS/Inor.gen Disinfected C:\Documents and Settings\Salvatore\Desktop\backups\backup-20050509-162310-628-Windows Update.hta
Virus:Trj/Downloader.AGJ Disinfected C:\Documents and Settings\Salvatore\rundl32.exe
Virus:mIRC/Gen No disinfected C:\Download\addon.rar[revolution.ini]
Virus:Trj/Gatescan No disinfected C:\Download\Temporanea\chat\FiGo.rar[Wgscan.exe]
Virus:mIRC/Gen No disinfected C:\Download\Temporanea\chat\FiGo.rar[revolution.ini]
Virus:Trj/Gatescan Disinfected C:\Programmi\Internet\P2p\FiGo\addons\Wgscan.exe
Virus:mIRC/Gen Disinfected C:\Programmi\Internet\P2p\FiGo\revolution.ini
Adware:Adware/Wazzup No disinfected C:\WINDOWS\dd.dll
Adware:Adware/Wazzup No disinfected C:\WINDOWS\dd.dll.tmp
Adware:Adware/Wazzup No disinfected C:\WINDOWS\dd.exe
Virus:Trj/Downloader.SZ Disinfected C:\WINDOWS\Downloaded Program Files\tr5sc7\hsjdhsd.exe
Virus:Trj/Downloader.ALQ Disinfected C:\WINDOWS\gaSrv.exe
Virus:Trj/Agent.NE Disinfected C:\WINDOWS\nnx32.dll.tmp
Virus:Trj/Downloader.CPA Disinfected C:\WINDOWS\svchos1at.exe
Virus:Trj/Downloader.CPA Disinfected C:\WINDOWS\svchos1sat.exe
Virus:Trj/Downloader.CPA Disinfected C:\WINDOWS\svchos2sat.exe
Adware:Adware/FunWeb No disinfected C:\WINDOWS\system32\f3PSSavr.scr
Virus:W32/Mabutu.A.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from alesabpoiana@hotmail.com\[email-::ffff:212.171.245.215+NvVlqSY85.txt][jenifer.zip][jenifer.jpg
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from info@lordcanepari.it\[email-::ffff:82.54.132.245+iHJ05jI8R1W.txt]
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from geirsven@online.no\[email-::ffff:82.52.87.242+c0n1rguULcbV.txt]
Virus:W32/Mabutu.A.worm Disinfected Cartelle locali\Posta eliminata\Sex\[britney.zip][britney.jpg .scr]
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from msccatus@microsoft.com\[email-::ffff:82.55.175.244+PP6apf6MOJs.txt][Notice.zip][Notice.txt
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from sales@keszo.com\[email-::ffff:82.59.120.81+DRDwnAjRxe91.txt][Notice.zip][Notice.txt
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from kwlavoro@kataweb.it\[email-::ffff:82.56.70.21+PaKmwPVSqlN5a.txt]
Virus:W32/Mydoom.N.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from postmaster@ngi.it\[email-::ffff:82.56.70.21+MAAE7YxNC46Qb.txt][text.zip][text.htm
Virus:W32/Netsky.P.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from funds.selection@wanadoo.fr\[email-::ffff:82.56.70.21+reOInlt6gkwKm.txt][message.zip][details.txt .pif]
Virus:W32/Sober.V.worm Disinfected Cartelle locali\Posta eliminata\Registration Confirmation\[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Mydoom.N.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from postmaster@ngi.it\[email-::ffff:82.52.86.140+bu8wM82l0nM7.txt][message.zip][message.zip][Message.exe]
Virus:W32/Netsky.P.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from catanese2@guidocatanese.191.it\[email-::ffff:82.52.86.140+X5jJyvKvxNJF.txt][file.zip][data.rtf .scr]
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from search@it.tiscali.com\[email-::ffff:82.50.152.251+wseVTI4f2By.txt]
Virus:W32/Netsky.P.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from info@trepievi.com\[email-::ffff:82.50.152.251+RgL7qiCGjsT.txt][pwd02.txt .pif]
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from alession@allthematrix.net\[email-::ffff:82.55.175.15+EUrcqo35eDqm.txt][Details.zip][Details.txt
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from paul.mcjones@acm.org\[email-::ffff:213.45.168.103+XVjmOL5mhI.txt][Part-2.zip][Part-2.txt
Virus:W32/Mydoom.N.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from MAILER-DAEMON@ngi.it\[email-::ffff:82.54.142.110+wYFnAd3Dfv2.txt][letter.zip][letter.txt
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from gehl4@tecnocasa.it\[email-::ffff:82.54.142.110+Ihp3C0BvNwl.txt]
Virus:W32/Netsky.Z.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from greatcustomer@msn.com\[email-::ffff:213.45.167.4+ICvgBPKnHB1S.txt][Part-2.zip][Part-2.txt
Virus:W32/Netsky.C.worm Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from news899111111.info@it.buongiorno.com\[email-::ffff:82.49.138.103+NiA7NPxMVCQ.txt][class_photos.exe]
Virus:Exploit/iFrame Disinfected Cartelle locali\Posta eliminata\ALERT: virus found from edc-annecy@wanadoo.fr\[email-::ffff:82.50.160.16+fVSsNMmAN697.txt]
Virus:W32/Mabutu.A.worm Disinfected Cartelle locali\Posta in arrivo\Hello\[brochure sviluppo italia.zip][brochure sviluppo italia.txt .scr]


però :eek:

mamma mia ma che hai nel pc un allevamento di schifezze mai visto un log cosi impestato :muro:

mamma mia ma che hai nel pc un allevamento di schifezze mai visto un log cosi impestato :muro:
ma hai antivirus e firewall??? :mbe:

ma hai antivirus e firewall??? :mbe:
ma parli da solo :ciapet:


cmq ce tr roba

ma parli da solo :ciapet:


cmq ce tr roba
:asd: :asd: :asd: devo aver sbalgiato qualche cosa :doh:
non ti sfugge niente caro bravogt :p

:asd: :asd: :asd: devo aver sbalgiato qualche cosa :doh:
non ti sfugge niente caro bravogt :p


hehehehhe :Perfido:

Per la maggiore erano file di virus zippati, mai aperti e cestinati in outlook!
Ho il firewall, win xp SP2, antivirus, filtro antispam, uso trojan remover, trend micro, spybot e adaware!

:mc:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
C:\Programmi\Trend Micro\Internet Security\tmproxy.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Multimedia\Trust\305KSMouse\mouse32a.exe
C:\Programmi\Trend Micro\Internet Security\pccguide.exe
C:\Programmi\Trend Micro\Internet Security\PCClient.exe
C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Multimedia\Trust\305KSKeyboard\KbdAp32A.exe
C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programmi\Internet\P2p\FiGo\mirc.exe
C:\WINDOWS\System32\wisptis.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programmi\Internet\Posta\MagicMail\Magic.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Salvatore\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\Utility\SnagIt 7\SnagItBHO.dll
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\system32\vFLjduld.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Utility\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\Utility\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmi\Multimedia\Trust\305KSKeyboard\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programmi\Multimedia\Trust\305KSMouse\mouse32a.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Programmi\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Utility\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Update.hta
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Utility\Download Express\Add_Url.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E69FC681-45D5-4BED-BBA6-E327A0FF4E63}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Adobe LM Service - Unknown - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\tmproxy.exe
ci tengo a precisare che si parlava solo di istbar:asd:

In principio era lui, e invece....

...Purtroppooo
...In effettiiii

ci tengo a precisare che si parlava solo di istbar:asd:
si vede che gli altri erano scappati