Pagina 1 di 4 1 2 3 ... ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 35
  1. #1

    finestre popup impazzite!!

    ciao ragazzi...vi scrivo perchè ho un problema...mentre navigo mi si aprono continuamente un sacco di finestre di popup nonostante io abbia bloccato i popup sia su IE che su firefox....ho facco una scansione con spybot e con adware...ma il problema rimane...
    vi posto i log di HijackThis codice:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14.32.25, on 06/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\PixArt\Pac207\Monitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Users\utente\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\9DO8SA16\HiJackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.ldrja"
    O4 - HKCU\..\Run: [Sixth exit vga dash] "C:\ProgramData\About Does Save.z2a7xsi"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Alice - {50D51729-CA2B-41F4-8D6C-382C84995D2E} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT...1/GAME_UNO1.cab
    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binar...ro.cab56649.cab
    O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://194.244.16.123/g_bin/eng/wor...le_2_0_0_48.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...ash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.57 85.38.28.80
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

    --
    End of file - 10842 bytes
    che posso fare? grazie per gli aiuti

  2. #2
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072

    Re: finestre popup impazzite!!

    Disinstalla hijackthis (deve trovarsi in una cartella dedicata per conservare il backup dei fix).
    Scarica nuovamente Hijackthis e mettilo in un cartella dedicata (tipo: c:\programmi\Hijackthis) oppure clicca su "download hijackthis installer".

    Eseguilo, clicca sul tasto "Do a system scan only", spunta le seguenti voci e clicca su "fix Checked"
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.ldrja"
    O4 - HKCU\..\Run: [Sixth exit vga dash] "C:\ProgramData\About Does Save.z2a7xsi"
    O13 - Gopher Prefix:
    analizza su Virustotal il files c:\program files\google\googletoolbar1.dll e posta i risultati.


    Vai in C:\ProgramData ed elimina i files:

    About Does Save.z2a7xsi
    ford win win.ldrja

    (o meglio, elimina tutti i files che hanno come nome la parte evidenziata in rosso)

    Hai installato msn?

    Ciao
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___

  3. #3
    File GoogleToolbar1.dll ricevuto il 2008.04.27 10:33:26 (CET)
    Stato corrente: finito

    Risultato: 0/32 (0.00%)
    Formattato Stampa risultati
    Antivirus Versione Ultimo aggiornamento Risultato
    AhnLab-V3 2008.4.25.2 2008.04.25 -
    AntiVir 7.8.0.10 2008.04.25 -
    Authentium 4.93.8 2008.04.27 -
    Avast 4.8.1169.0 2008.04.26 -
    AVG 7.5.0.516 2008.04.26 -
    BitDefender 7.2 2008.04.27 -
    CAT-QuickHeal 9.50 2008.04.26 -
    ClamAV 0.92.1 2008.04.27 -
    DrWeb 4.44.0.09170 2008.04.27 -
    eSafe 7.0.15.0 2008.04.21 -
    eTrust-Vet 31.3.5736 2008.04.26 -
    Ewido 4.0 2008.04.26 -
    F-Prot 4.4.2.54 2008.04.26 -
    F-Secure 6.70.13260.0 2008.04.26 -
    FileAdvisor 1 2008.04.27 -
    Fortinet 3.14.0.0 2008.04.27 -
    Ikarus T3.1.1.26.0 2008.04.27 -
    Kaspersky 7.0.0.125 2008.04.27 -
    McAfee 5282 2008.04.25 -
    Microsoft 1.3408 2008.04.22 -
    NOD32v2 3057 2008.04.26 -
    Norman 5.80.02 2008.04.25 -
    Panda 9.0.0.4 2008.04.26 -
    Prevx1 V2 2008.04.27 -
    Rising 20.41.60.00 2008.04.27 -
    Sophos 4.28.0 2008.04.26 -
    Sunbelt 3.0.1056.0 2008.04.17 -
    Symantec 10 2008.04.27 -
    TheHacker 6.2.92.294 2008.04.26 -
    VBA32 3.12.6.5 2008.04.26 -
    VirusBuster 4.3.26:9 2008.04.26 -
    Webwasher-Gateway 6.6.2 2008.04.27 -
    Informazioni addizionali
    File size: 2423872 bytes
    MD5...: f0b634b957e774e90edf0f90d0039303
    SHA1..: 801b383244caee681c21e95bb1da792431d80824
    SHA256: fa73cba48ba9f0a20be43a8042d248ff2c1216445d1708418b 13df0de7f423b4
    SHA512: b62f9f132310ba581b5489220284329116ab8ed5ee88fff92e cb4ab38d438511
    6bff26d1e3686d1d41b4df67037d389af7d77bad2906687192 ea980f4dee3074
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x100c5c2c
    timedatestamp.....: 0x45b1bc45 (Sat Jan 20 06:52:53 2007)
    machinetype.......: 0x14c (I386)

    ( 6 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xe3826 0xe4000 6.65 1462df2a2d37f42dd10a1907a83e2f7a
    .rdata 0xe5000 0x29b64 0x2a000 4.89 d496c4b12492175f1b38571ba29aedf2
    .data 0x10f000 0x140abc 0xb000 2.93 29b0a52b5113dead39a8266b54b9ffc7
    shared 0x250000 0x4 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
    .rsrc 0x251000 0x122aa8 0x123000 6.43 3470f4799dd56d9a81fd4a31bc01a997
    .reloc 0x374000 0xfc9a 0x10000 5.85 f1cdcf4dec75c531e1e383ee90fb519c

    ( 18 imports )
    > KERNEL32.dll: GetFileTime, GetStringTypeExW, FileTimeToSystemTime, GetSystemTime, SystemTimeToFileTime, CompareFileTime, MapViewOfFile, OpenFileMappingW, GetVersionExA, VirtualAlloc, GetLocaleInfoW, SearchPathW, UnmapViewOfFile, CreateFileMappingW, MapViewOfFileEx, SetEndOfFile, GetProcessTimes, GetSystemTimeAsFileTime, SetFileAttributesW, VerSetConditionMask, VerifyVersionInfoW, LocalAlloc, HeapDestroy, HeapReAlloc, HeapSize, ExitThread, ResumeThread, IsBadReadPtr, GetTimeZoneInformation, FileTimeToLocalFileTime, GetFileInformationByHandle, PeekNamedPipe, GetFileType, VirtualProtect, GetSystemInfo, ExitProcess, RtlUnwind, LCMapStringA, LCMapStringW, GetCPInfo, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue, HeapCreate, VirtualFree, IsBadWritePtr, UnhandledExceptionFilter, SetHandleCount, GetStdHandle, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetStringTypeA, GetStringTypeW, SetStdHandle, GetTimeFormatA, GetDateFormatA, QueryPerformanceCounter, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadCodePtr, CreateFileA, CompareStringA, CompareStringW, SetEnvironmentVariableA, FreeLibrary, LoadLibraryExW, CreateMutexW, WideCharToMultiByte, ReleaseMutex, SetEvent, CreateProcessW, lstrcpynW, GetTempPathW, FlushFileBuffers, VirtualQuery, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, SetUnhandledExceptionFilter, ExpandEnvironmentStringsW, TryEnterCriticalSection, SetFilePointer, ReadFile, GetPrivateProfileStringW, lstrlenA, EnumResourceNamesW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FindFirstFileW, FindNextFileW, FindClose, TerminateProcess, GetExitCodeProcess, GetFileSize, WaitForMultipleObjects, GlobalHandle, GlobalFree, GetTempFileNameW, GlobalSize, GetTickCount, lstrcmpW, MulDiv, GlobalAlloc, GlobalLock, GlobalUnlock, LoadLibraryA, InterlockedExchangeAdd, MultiByteToWideChar, HeapAlloc, GetProcessHeap, HeapFree, FlushInstructionCache, LeaveCriticalSection, EnterCriticalSection, OpenProcess, GetCurrentProcess, DuplicateHandle, GetCurrentThreadId, lstrcatW, CreateEventW, CreateThread, WaitForSingleObject, GetExitCodeThread, CopyFileW, MoveFileExW, RemoveDirectoryW, DeleteFileW, GetCurrentProcessId, Sleep, GetCommandLineW, GetFullPathNameW, OutputDebugStringA, GetModuleFileNameW, LoadLibraryW, WriteFile, CreateFileW, GetFileAttributesW, FormatMessageW, SetLastError, lstrlenW, lstrcmpiW, lstrcpyW, CloseHandle, InterlockedDecrement, InterlockedIncrement, GetLastError, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetVersionExW, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, LocalFree, GetVersion, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetCommandLineA
    > USER32.dll: IsWindowEnabled, GetScrollInfo, DrawFrameControl, SetMenuInfo, GetMessagePos, IsDlgButtonChecked, SystemParametersInfoA, LoadImageW, CharLowerBuffW, MsgWaitForMultipleObjects, PeekMessageW, GetSubMenu, SetMenuItemInfoW, LoadMenuW, MonitorFromRect, GetMonitorInfoW, GetComboBoxInfo, LoadIconW, SendDlgItemMessageW, MapWindowPoints, SetDlgItemTextW, PtInRect, CharUpperBuffW, CheckMenuItem, DrawFocusRect, MessageBoxIndirectW, AppendMenuW, TrackPopupMenu, EnableWindow, EndDialog, MapDialogRect, SetWindowContextHelpId, DialogBoxIndirectParamW, GetClassInfoW, SetParent, GetClassLongW, GetCapture, UpdateWindow, SetWindowsHookExW, RegisterClipboardFormatW, GetDlgCtrlID, ShowCursor, CloseClipboard, GetClipboardData, OpenClipboard, DrawEdge, SetWindowRgn, EqualRect, CharLowerW, GetWindowDC, UnionRect, IsCharAlphaNumericW, wvsprintfW, MonitorFromPoint, IsMenu, SetMenuDefaultItem, GetDoubleClickTime, GetSysColorBrush, EndDeferWindowPos, BeginDeferWindowPos, TrackMouseEvent, TrackPopupMenuEx, CreateMenu, UnhookWindowsHookEx, DestroyCursor, GetMenuStringW, ModifyMenuW, GetForegroundWindow, GetWindowThreadProcessId, CallNextHookEx, IsWindowVisible, GetActiveWindow, MessageBeep, PostThreadMessageW, GetMessageW, TranslateMessage, DispatchMessageW, CharUpperW, CharNextW, InSendMessage, MessageBoxW, UnregisterClassW, GetWindowLongW, SetCursor, LoadCursorW, GetAsyncKeyState, GetSysColor, DestroyMenu, SetWindowLongW, DestroyWindow, GetWindowRect, ScreenToClient, ShowWindow, SetCapture, IsWindow, SendMessageW, SetTimer, KillTimer, BringWindowToTop, SetWindowPos, GetMenuItemID, GetMenuItemCount, InvalidateRect, GetParent, FillRect, FrameRect, SetRectEmpty, PostMessageW, CopyRect, IsRectEmpty, InflateRect, OffsetRect, IntersectRect, EndMenu, WindowFromPoint, GetCursorPos, DeleteMenu, GetMenuState, InsertMenuW, DrawTextW, RegisterClassW, RegisterClassExW, GetClassInfoExW, CreateWindowExW, SystemParametersInfoW, GetSystemMetrics, DialogBoxParamW, GetMenuItemInfoW, InsertMenuItemW, CreatePopupMenu, SetWindowTextW, RemoveMenu, FindWindowExW, ClientToScreen, GetClientRect, GetMenuItemRect, RemovePropW, GetPropW, DefWindowProcW, GetWindowTextW, GetWindowTextLengthW, RegisterWindowMessageW, ReleaseDC, GetDC, CallWindowProcW, DrawTextExW, GetClassNameW, MoveWindow, ReleaseCapture, InvalidateRgn, GetDesktopWindow, EndPaint, BeginPaint, SetFocus, GetWindow, IsChild, GetFocus, DestroyAcceleratorTable, GetDlgItem, RedrawWindow, CreateAcceleratorTableW, SendMessageTimeoutW, GetKeyState, wsprintfW, EnumChildWindows, SetPropW
    > msi.dll: -, -, -, -, -
    > CRYPT32.dll: CryptDecodeObject, CryptQueryObject, CertEnumCertificatesInStore, CertDuplicateCertificateContext, CertNameToStrW, CertFreeCertificateContext
    > imagehlp.dll: ImageAddCertificate, ImageGetDigestStream, ImageGetCertificateData, ImageRemoveCertificate, ImageGetCertificateHeader
    > SHLWAPI.dll: SHDeleteKeyW, PathFindExtensionW, SHRegGetUSValueW, SHDeleteValueW, SHSetValueW, ColorHLSToRGB, ColorRGBToHLS, SHGetValueW, PathCombineW, UrlGetPartW, SHRegCloseUSKey, SHRegOpenUSKeyW, StrCatBuffA, SHCopyKeyW, PathAppendW, PathIsDirectoryW, StrRetToStrW, SHOpenRegStream2W, PathCanonicalizeW, PathRemoveFileSpecW, PathIsRelativeW, PathFileExistsW
    > urlmon.dll: CreateURLMoniker
    > WININET.dll: HttpOpenRequestA, InternetSetOptionW, InternetCombineUrlW, InternetSetStatusCallbackA, InternetConnectW, HttpOpenRequestW, ReadUrlCacheEntryStream, RetrieveUrlCacheEntryStreamW, UnlockUrlCacheEntryStream, InternetCreateUrlW, InternetCanonicalizeUrlW, GetUrlCacheEntryInfoW, DeleteUrlCacheEntryW, InternetGetConnectedState, InternetCrackUrlW, InternetCloseHandle, InternetOpenUrlW, InternetOpenW, InternetGetCookieExW, InternetConnectA, InternetReadFile, InternetQueryDataAvailable, HttpSendRequestW, HttpAddRequestHeadersW, HttpQueryInfoW
    > WINMM.dll: PlaySoundW
    > WINTRUST.dll: WinVerifyTrust
    > WSOCK32.dll: -, -, -, -
    > IMM32.dll: ImmGetCompositionStringW, ImmGetOpenStatus, ImmNotifyIME, ImmReleaseContext, ImmGetContext
    > ADVAPI32.dll: RegCreateKeyExW, RegDeleteKeyW, RegCloseKey, RegQueryInfoKeyW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegEnumKeyExW, CryptDestroyHash, CryptDestroyKey, RegFlushKey, DeregisterEventSource, ReportEventW, RegisterEventSourceW, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, IsValidSid, GetAce, AddAce, InitializeSid, InitializeAcl, GetSidLengthRequired, GetTokenInformation, OpenProcessToken, RegEnumValueW, RegSetValueExW, CopySid, GetLengthSid, GetAclInformation, MakeSelfRelativeSD, GetSecurityDescriptorControl, GetSecurityDescriptorLength, RegQueryValueExW, RegDeleteValueW, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, MakeAbsoluteSD, RegSetKeySecurity, RegGetKeySecurity, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, LookupAccountNameW, ConvertSidToStringSidW, GetUserNameW, RegEnumKeyW, CryptCreateHash, CryptImportKey, CryptVerifySignatureW, CryptHashData, CryptAcquireContextW, CryptReleaseContext, RegOpenKeyExW
    > ole32.dll: CoRevokeClassObject, CoRegisterClassObject, CoInitialize, CoUninitialize, StringFromGUID2, CoCreateInstance, CoInitializeEx, RevokeDragDrop, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoTaskMemAlloc, OleLockRunning, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, RegisterDragDrop, CoCreateGuid, OleRun, CoTaskMemFree, CoInitializeSecurity, OleSaveToStream, CoTaskMemRealloc, OleRegEnumVerbs, OleRegGetUserType, OleRegGetMiscStatus, CreateOleAdviseHolder, OleLoadFromStream, WriteClassStm
    > SHELL32.dll: ShellExecuteW, ShellExecuteExW, SHGetSpecialFolderLocation, SHGetMalloc, SHGetDesktopFolder, SHGetSpecialFolderPathW, SHGetFolderPathW, -, CommandLineToArgvW, SHFileOperationW
    > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
    > MSIMG32.dll: AlphaBlend
    > GDI32.dll: CreateDCW, LPtoDP, SetMapMode, SelectPalette, SetViewportOrgEx, CreateRectRgnIndirect, GetStretchBltMode, RealizePalette, StretchBlt, CreateHalftonePalette, SetDIBits, CreateDIBSection, SetPixel, SetWindowOrgEx, CreateBitmap, CreatePatternBrush, PatBlt, SetStretchBltMode, GetCurrentObject, GetBkColor, GetTextFaceW, GetTextMetricsW, EnumFontFamiliesExW, GetTextExtentExPointW, GetDeviceCaps, CreateCompatibleBitmap, DeleteDC, DeleteObject, RestoreDC, GetStockObject, CreateSolidBrush, BitBlt, SelectObject, CreateCompatibleDC, CreateFontIndirectW, GetObjectW, GetTextExtentPoint32W, SaveDC, SetBkColor, SetBkMode, SetTextColor, CreateICW, CreatePen, MoveToEx, LineTo, GetLayout, ExtTextOutW, TextOutW

    ( 10 exports )
    BrokerWinMain, DllCanUnloadNow, DllGetClassObject, DllInfoA, DllRegisterServer, DllUnregisterServer, DllUpdated, DllUpdated2, DllVersionStringA, DllVersionStringW

    Ciao Defoibe, ti ho postato ciò che mi hai chiesto, ho esguito tutti i passaggi ma il problema continua. Spero di non aver commesso qualche errore! Sto impazzendo .... help me!

  4. #4
    Scusami Defoibe, mi sono scordato di dirti che ho installato msn.
    Non so se ti può essere utile per vedere se ho eseguito correttamente le tue indicazioni ma ti posto comunque il nuovo log di hijackthis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13.22.56, on 08/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\PixArt\Pac207\Monitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.250.5.250:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.mpswy9b"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://peppefava91.spaces.live.com/P...PUpldit-it.cab
    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://194.244.16.123/g_bin/eng/word...e_2_0_0_48.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

    --
    End of file - 10559 bytes

  5. #5
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    una delle due voci è sparita, mentre l'altra (O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.mpswy9b") c'è ancora.

    Entra in modalità provvisoria e riprova a fixarla. Assicurati che non ci sia nessun file di nome "ford win win" nel pc e riposta un nuovo hjt.

    Sono rimaste anche queste voci:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    fixa da provvisoria anche queste.

    riesegui hjt e posta il rapporto.
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___

  6. #6
    Ti ringrazio anzitutto per la gentilezza e pazienza che mi stai offrendo nel seguirmi passo per passo.
    ecco qui il nuovo log hij:
    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15.14.55, on 08/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\PixArt\Pac207\Monitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\taskeng.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.250.5.250:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local>
    O1 - Hosts: ::1 localhost
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://peppefava91.spaces.live.com/P...PUpldit-it.cab
    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://194.244.16.123/g_bin/eng/word...e_2_0_0_48.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

    --
    End of file - 10323 bytes

  7. #7
    Porca miseria!! sta continuando ad aprirmi sempre delle pagine indesiderate pubblicitarie...

  8. #8
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    ok, scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___

  9. #9
    Ho eseguito lo scan ed ho fatto tutto ciò che mi hai detto.. però è sorto un problema, non riesco ad inviarti il report. Perdona la mia ignoranza ma come faccio ad inviartelo?
    Ho provato ad allegarlo ma è troppo grande.. Dimmi te..

  10. #10
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    devi caricare il file di testo su www.savefile.com e postare il link ottenuto
    ..te lo avevo scritto
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  
Powered by vBulletin® Version 4.2.1
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.