HiJackThis - Analisi Log - leggere Regole di Sezione

[hrxn]

Se non ricordo male si cmq adesso sto facendo una scansione con spy doctor e se riesco posto i risultati,grazie per l'aiuto.

[hypercube]

Salve ragazzi ho questo piccolo problema che mi affligge sia sul desktop che sul portatile. mentre la macchina è accesa, all'interno di windows (xp) mi appare sempre sulla barra delle applicazioni un'icona di un'applicazione che è stata appena ridotta per poi sparire nel nulla. non ha titolo quindi non so di cosa si tratti. si ripete regolarmente una volta ogni 10 minuti circa. E' molto fastidiosa perchè ad esempio mentre sono alle prese con qualche videogioco, mi torna in ambiente windows lasciandomi un po nella cacca in special maniera se sto giocando online. All'inizio pensavo che mi fossi beccato qualcosa ma successivamente dopo aver formattato per altri motivi il portatile, ho notato che questo problema ricompariva immediatamente. Le mie poche ipotesi mi hanno portato a giungere alla conclusione che si tratti di norton antivirus 2005 che ho installato su ambedue le macchine. secondo voi di che si tratta? ma soprattutto si può risolvere? grazie a tutti per l'attenzione e le eventuali risposte.

Logfile of HijackThis v1.99.1
Scan saved at 15.25.52, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\SkypeMate\SkypeMate.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\hypercube\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WeatherWatcher] C:\Programmi\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [SkypeMate] C:\Programmi\SkypeMate\SkypeMate.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{909BDC6C-B932-45A2-9866-FD7704A4F11A}: NameServer = 85.37.17.57 85.38.28.80
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

[hrxn]

RAgazzi ho il risultato dello scan,ma non riesco a copiarli.Mi ricordate come si fa a fare una fotografia al dekstop?

[andorra24]

hipercube il log e' pulito.

[hypercube]

allora non so dove sbattere la testa

[wgator]

Quote:

Originariamente inviato da hypercube

Salve ragazzi ho questo piccolo problema che mi affligge sia sul desktop che sul portatile.

Ciao,

verifica che le voci segnalate come "04" (sono quelle in avvio automatico con windows) ti servano effettivamente tutte... sono legittime ma quasi tutte inutili inoltre in mezzo ci sono dei programmi che potrebbero interferire con il gioco oppure potrebbero avviarsi ad intervalli regolari

[hrxn]

Spyware Doctor Activity Report
Generated on 12/03/2006 11.24.34
Spyware Doctor Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 12/03/2006 11.24.58
scan stop: 12/03/2006 11.36.21
scanned items: 98385
found items: 80
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP41\A0008209.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP41\A0008210.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP41\A0008211.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP41\A0008213.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP81\A0009179.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP81\A0009186.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP81\A0009189.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP81\A0009190.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP82\A0009259.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP82\A0009260.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP82\A0009261.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP82\A0009263.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009837.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009844.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009847.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009848.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009860.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009861.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009862.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009864.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010337.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010344.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010347.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010348.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010360.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010361.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010362.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010364.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010756.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010763.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010766.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010767.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010776.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010777.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010778.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010780.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0011022.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0011029.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0011032.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0011033.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011291.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011292.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011293.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011295.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011559.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011566.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011569.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011570.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011579.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011580.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011581.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011583.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011974.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011981.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011984.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011985.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011993.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011994.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011995.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011997.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012308.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012315.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012318.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012319.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012328.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012329.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012330.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012332.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012698.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012705.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012708.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012709.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012718.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012719.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012720.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012722.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012964.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012971.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012974.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012975.exe Low

Scan Results:
scan start: 12/03/2006 11.49.38
scan stop: 12/03/2006 12.03.26
scanned items: 98487
found items: 80
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP41\A0008209.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP41\A0008210.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP41\A0008211.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP41\A0008213.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP81\A0009179.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP81\A0009186.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP81\A0009189.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP81\A0009190.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP82\A0009259.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP82\A0009260.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP82\A0009261.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP82\A0009263.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009837.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009844.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009847.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009848.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009860.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009861.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009862.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP83\A0009864.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010337.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010344.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010347.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010348.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010360.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010361.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010362.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010364.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010756.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010763.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010766.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010767.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010776.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010777.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010778.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0010780.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0011022.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0011029.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0011032.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP85\A0011033.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011291.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011292.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011293.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011295.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011559.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011566.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011569.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011570.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011579.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011580.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011581.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011583.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011974.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011981.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011984.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011985.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011993.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011994.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011995.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0011997.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012308.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012315.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012318.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012319.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012328.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012329.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012330.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012332.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012698.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012705.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012708.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012709.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012718.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012719.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012720.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012722.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012964.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012971.exe Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012974.dll Low
Casino C:\System Volume Information\_restore{F403B806-467D-4C42-B6FE-31F7CBF47008}\RP87\A0012975.exe Low


Other Sections:

Copyright © 2003 PC Tools Research Pty Ltd. All rights reserved. Legal Notice
sigs
Click to go back

[Stev-O]

non riesci dalla modalità provvisoria ad eliminarli?
oppure usando killbox?

[andorra24]

Le presunte infezioni sono localizzate tutte nella cartella di ripristino. Disattiva il ripristino di sistema e ripeti la scansione con spywaredoctor.

[Stev-O]

un'altra cosa che potresti fare è fare pulizia disco ed eliminare tutto tranne l'ultimo punto di ripristino

[hrxn]

ok provo a disattivare il ripristino di configurazione del sistema,pero non ho capito a che serve dato che spydoctor in ogni modo non me lo fa cancellare?

[andorra24]

Quote:

Originariamente inviato da hrxn

ok provo a disattivare il ripristino di configurazione del sistema,pero non ho capito a che serve dato che spydoctor in ogni modo non me lo fa cancellare?

Ma se spywaredoctor non ti toglie le cose che ti trova perche' non lo disinstalli? Secondo me serve solo a crearti confusione. Hai gia molti antispyware e non ti serve anche spywaredoctor.

[Stev-O]

infatti

[hrxn]

Lo so infatti lo voglio disinstallare,cmq il problema che mi ha trovato questi spyware rimane con che cosa li posso cancellare?
Mi avete consigliato di disattivare il ripristino di configurazione ,una volta fatto come devo procedere a eliminarli?

[andorra24]

Quote:

Originariamente inviato da hrxn

Lo so infatti lo voglio disinstallare,cmq il problema che mi ha trovato questi spyware rimane con che cosa li posso cancellare?
Mi avete consigliato di disattivare il ripristino di configurazione ,una volta fatto come devo procedere a eliminarli?

Innanzitutto non c'e' la certezza che SpywareDoctor abbia azzeccato trovandoti questi spyware perche' e' un programma abbastanza famoso per i suoi numerosi falsi positivi. Dal log che hai mostrato sembra che questi PRESUNTI spywares si trovino nella cartella del ripristino e quindi disattivando il ripristino dovrebbero andarsene. Riprova a scansionare nuovamente con spywaredoctor ma il mio consiglio e' di disinstallare al piu' presto quel programma visto che gia' ne hai tanti.

[hrxn]

Ok provo a seguire il tuo consiglio,grazie cmq per la pazienza dimostrata e per la disponibilità.

[andorra24]

Quote:

Originariamente inviato da hrxn

Ok provo a seguire il tuo consiglio,grazie cmq per la pazienza dimostrata e per la disponibilità.

Prego, fammi sapere.

[DucaConte360]

Dunque il mio problema lo trovate qualche post più in là...cmq per farla breve ora il mio pc dopo varie scansioni sembra essere privo di virus, trojan e cavolate varie ma non riesco cmq a mettere mano sul task manager perchè dice che è in uso da qualche altra applicazione, mi è stato consigliato di far partire il "regedit" da "esegui" ma stessa identica risposta. Questo è il log.

Logfile of HijackThis v1.99.1
Scan saved at 20.54.17, on 15/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Update05\Setup.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gsiizpwlrodmucyewojgdru.c...8kpFqgX/V.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spaziogames.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BA359BDE-A064-1764-D19E-C430D8762AC3} - (no file)
O4 - HKLM\..\Run: [ThrustTSR] C:\Programmi\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [AVAUTODELETE] "C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Setup] C:\Program Files\Update05\Setup.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ADSL LiberoLight (2).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scaricare usando &BitSpirit
- C:\Programmi\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105878342250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DC60910-4E1B-4DF5-80F6-C15E446635E9}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8F15DD2-E3D7-403B-80C8-92F2BBB8DB8B}: NameServer = 192.168.0.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Spiegatemi bene che fare

[Stev-O]

andorra a te l'onore

[jucca]

potreste darmi un'occhiata al log plz?

Logfile of HijackThis v1.99.1
Scan saved at 23.12.03, on 03/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\USBPlug.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\rnathchk.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/oggi/indexbb.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_14.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmi\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [dscService] C:\WINDOWS\system32\USBPlug.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Programmi\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EEB762E-ECC9-49B3-8252-83DEFA66A725}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EEB762E-ECC9-49B3-8252-83DEFA66A725}: NameServer = 193.70.152.15 193.70.152.25
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmi\RXToolBar\sfcont.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

è del pc di un mio amico, sul quale ho fatto un pò di scansioni... visto che asseriva dei problemi :P

purtroppo a me da quando ho messo sygate come firewall non mi riesce più a far andare la pagina dell'analisi dei log

ciao e grazie