HTML.it forum
HTML.it HTML.it forum Archive > Sistemi operativi e software > Sicurezza informatica e virus
 

finestre popup impazzite!!

 
patate.carote
ciao ragazzi...vi scrivo perchè ho un problema...mentre navigo mi si aprono
continuamente un sacco di finestre di popup nonostante io abbia bloccato i popup
sia su IE che su firefox....ho facco una scansione con spybot e con adware...ma
il problema rimane...
vi posto i log di HijackThis codice:
Citazione:
Logfile of Trend Micro HijackThis
v2.0.2
Scan saved at 14.32.25, on 06/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\utente\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\9DO8SA16\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://gw.aliceadsl.it/minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Credential Manager for ProtectTools -
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program
Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
-hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools
Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless
Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP
Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe
C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
/autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.ldrja"
O4 - HKCU\..\Run: [Sixth exit vga dash] "C:\ProgramData\About Does
Save.z2a7xsi"
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra button: Alice - {50D51729-CA2B-41F4-8D6C-382C84995D2E} -
http://gw.aliceadsl.it/alice (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binar...kr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/IT-IT...1/GAME_UNO1.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) -
http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binar...ro.cab56649.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word
Games) - http://194.244.16.123/g_bin/eng/wor...le_2_0_0_48.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binar...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/g...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}:
NameServer = 85.37.17.57 85.38.28.80
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler
(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition
Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) -
Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner
- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program
Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common
Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 10842 bytes


che posso fare? grazie per gli aiuti
Deifobe
Disinstalla hijackthis (deve trovarsi in una cartella dedicata per conservare il
backup dei fix).
Scarica nuovamente
Hijackthis e mettilo in un cartella dedicata (tipo:
c:\programmi\Hijackthis) oppure clicca su "download hijackthis installer".

Eseguilo, clicca sul tasto "Do a system scan only", spunta le seguenti voci e
clicca su "fix Checked"
Citazione:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.ldrja"
O4 - HKCU\..\Run: [Sixth exit vga dash] "C:\ProgramData\About Does
Save.z2a7xsi"
O13 - Gopher Prefix:


analizza su Virustotal il files
c:\program files\google\googletoolbar1.dll e posta i risultati.


Vai in C:\ProgramData ed elimina i files:

About Does Save.z2a7xsi
ford win win.ldrja

(o meglio, elimina tutti i files che hanno come nome la parte evidenziata in
rosso)

Hai installato msn?

Ciao
patate.carote
File GoogleToolbar1.dll ricevuto il 2008.04.27 10:33:26 (CET)
Stato corrente: finito

Risultato: 0/32 (0.00%)
Formattato Stampa risultati
Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.4.25.2 2008.04.25 -
AntiVir 7.8.0.10 2008.04.25 -
Authentium 4.93.8 2008.04.27 -
Avast 4.8.1169.0 2008.04.26 -
AVG 7.5.0.516 2008.04.26 -
BitDefender 7.2 2008.04.27 -
CAT-QuickHeal 9.50 2008.04.26 -
ClamAV 0.92.1 2008.04.27 -
DrWeb 4.44.0.09170 2008.04.27 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5736 2008.04.26 -
Ewido 4.0 2008.04.26 -
F-Prot 4.4.2.54 2008.04.26 -
F-Secure 6.70.13260.0 2008.04.26 -
FileAdvisor 1 2008.04.27 -
Fortinet 3.14.0.0 2008.04.27 -
Ikarus T3.1.1.26.0 2008.04.27 -
Kaspersky 7.0.0.125 2008.04.27 -
McAfee 5282 2008.04.25 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3057 2008.04.26 -
Norman 5.80.02 2008.04.25 -
Panda 9.0.0.4 2008.04.26 -
Prevx1 V2 2008.04.27 -
Rising 20.41.60.00 2008.04.27 -
Sophos 4.28.0 2008.04.26 -
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.27 -
TheHacker 6.2.92.294 2008.04.26 -
VBA32 3.12.6.5 2008.04.26 -
VirusBuster 4.3.26:9 2008.04.26 -
Webwasher-Gateway 6.6.2 2008.04.27 -
Informazioni addizionali
File size: 2423872 bytes
MD5...: f0b634b957e774e90edf0f90d0039303
SHA1..: 801b383244caee681c21e95bb1da792431d80824
SHA256: fa73cba48ba9f0a20be43a8042d248ff2c1216445d1708418b13df0de7f423b4
SHA512: b62f9f132310ba581b5489220284329116ab8ed5ee88fff92ecb4ab38d438511
6bff26d1e3686d1d41b4df67037d389af7d77bad2906687192ea980f4dee3074
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100c5c2c
timedatestamp.....: 0x45b1bc45 (Sat Jan 20 06:52:53 2007)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe3826 0xe4000 6.65 1462df2a2d37f42dd10a1907a83e2f7a
.rdata 0xe5000 0x29b64 0x2a000 4.89 d496c4b12492175f1b38571ba29aedf2
.data 0x10f000 0x140abc 0xb000 2.93 29b0a52b5113dead39a8266b54b9ffc7
shared 0x250000 0x4 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x251000 0x122aa8 0x123000 6.43 3470f4799dd56d9a81fd4a31bc01a997
.reloc 0x374000 0xfc9a 0x10000 5.85 f1cdcf4dec75c531e1e383ee90fb519c

( 18 imports )
> KERNEL32.dll: GetFileTime, GetStringTypeExW, FileTimeToSystemTime,
GetSystemTime, SystemTimeToFileTime, CompareFileTime, MapViewOfFile,
OpenFileMappingW, GetVersionExA, VirtualAlloc, GetLocaleInfoW, SearchPathW,
UnmapViewOfFile, CreateFileMappingW, MapViewOfFileEx, SetEndOfFile,
GetProcessTimes, GetSystemTimeAsFileTime, SetFileAttributesW,
VerSetConditionMask, VerifyVersionInfoW, LocalAlloc, HeapDestroy, HeapReAlloc,
HeapSize, ExitThread, ResumeThread, IsBadReadPtr, GetTimeZoneInformation,
FileTimeToLocalFileTime, GetFileInformationByHandle, PeekNamedPipe, GetFileType,
VirtualProtect, GetSystemInfo, ExitProcess, RtlUnwind, LCMapStringA,
LCMapStringW, GetCPInfo, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue,
HeapCreate, VirtualFree, IsBadWritePtr, UnhandledExceptionFilter,
SetHandleCount, GetStdHandle, GetStartupInfoA, GetModuleFileNameA,
FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW,
GetEnvironmentStringsW, GetOEMCP, GetStringTypeA, GetStringTypeW, SetStdHandle,
GetTimeFormatA, GetDateFormatA, QueryPerformanceCounter, GetUserDefaultLCID,
EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadCodePtr, CreateFileA,
CompareStringA, CompareStringW, SetEnvironmentVariableA, FreeLibrary,
LoadLibraryExW, CreateMutexW, WideCharToMultiByte, ReleaseMutex, SetEvent,
CreateProcessW, lstrcpynW, GetTempPathW, FlushFileBuffers, VirtualQuery,
GetUserDefaultUILanguage, GetSystemDefaultUILanguage,
SetUnhandledExceptionFilter, ExpandEnvironmentStringsW, TryEnterCriticalSection,
SetFilePointer, ReadFile, GetPrivateProfileStringW, lstrlenA,
EnumResourceNamesW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW,
FindFirstFileW, FindNextFileW, FindClose, TerminateProcess, GetExitCodeProcess,
GetFileSize, WaitForMultipleObjects, GlobalHandle, GlobalFree, GetTempFileNameW,
GlobalSize, GetTickCount, lstrcmpW, MulDiv, GlobalAlloc, GlobalLock,
GlobalUnlock, LoadLibraryA, InterlockedExchangeAdd, MultiByteToWideChar,
HeapAlloc, GetProcessHeap, HeapFree, FlushInstructionCache,
LeaveCriticalSection, EnterCriticalSection, OpenProcess, GetCurrentProcess,
DuplicateHandle, GetCurrentThreadId, lstrcatW, CreateEventW, CreateThread,
WaitForSingleObject, GetExitCodeThread, CopyFileW, MoveFileExW,
RemoveDirectoryW, DeleteFileW, GetCurrentProcessId, Sleep, GetCommandLineW,
GetFullPathNameW, OutputDebugStringA, GetModuleFileNameW, LoadLibraryW,
WriteFile, CreateFileW, GetFileAttributesW, FormatMessageW, SetLastError,
lstrlenW, lstrcmpiW, lstrcpyW, CloseHandle, InterlockedDecrement,
InterlockedIncrement, GetLastError, FindResourceExW, FindResourceW,
LoadResource, LockResource, SizeofResource, DeleteCriticalSection,
InitializeCriticalSection, RaiseException, GetVersionExW, GetThreadLocale,
GetLocaleInfoA, GetACP, InterlockedExchange, LocalFree, GetVersion,
GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetCommandLineA
> USER32.dll: IsWindowEnabled, GetScrollInfo, DrawFrameControl, SetMenuInfo,
GetMessagePos, IsDlgButtonChecked, SystemParametersInfoA, LoadImageW,
CharLowerBuffW, MsgWaitForMultipleObjects, PeekMessageW, GetSubMenu,
SetMenuItemInfoW, LoadMenuW, MonitorFromRect, GetMonitorInfoW, GetComboBoxInfo,
LoadIconW, SendDlgItemMessageW, MapWindowPoints, SetDlgItemTextW, PtInRect,
CharUpperBuffW, CheckMenuItem, DrawFocusRect, MessageBoxIndirectW, AppendMenuW,
TrackPopupMenu, EnableWindow, EndDialog, MapDialogRect, SetWindowContextHelpId,
DialogBoxIndirectParamW, GetClassInfoW, SetParent, GetClassLongW, GetCapture,
UpdateWindow, SetWindowsHookExW, RegisterClipboardFormatW, GetDlgCtrlID,
ShowCursor, CloseClipboard, GetClipboardData, OpenClipboard, DrawEdge,
SetWindowRgn, EqualRect, CharLowerW, GetWindowDC, UnionRect,
IsCharAlphaNumericW, wvsprintfW, MonitorFromPoint, IsMenu, SetMenuDefaultItem,
GetDoubleClickTime, GetSysColorBrush, EndDeferWindowPos, BeginDeferWindowPos,
TrackMouseEvent, TrackPopupMenuEx, CreateMenu, UnhookWindowsHookEx,
DestroyCursor, GetMenuStringW, ModifyMenuW, GetForegroundWindow,
GetWindowThreadProcessId, CallNextHookEx, IsWindowVisible, GetActiveWindow,
MessageBeep, PostThreadMessageW, GetMessageW, TranslateMessage,
DispatchMessageW, CharUpperW, CharNextW, InSendMessage, MessageBoxW,
UnregisterClassW, GetWindowLongW, SetCursor, LoadCursorW, GetAsyncKeyState,
GetSysColor, DestroyMenu, SetWindowLongW, DestroyWindow, GetWindowRect,
ScreenToClient, ShowWindow, SetCapture, IsWindow, SendMessageW, SetTimer,
KillTimer, BringWindowToTop, SetWindowPos, GetMenuItemID, GetMenuItemCount,
InvalidateRect, GetParent, FillRect, FrameRect, SetRectEmpty, PostMessageW,
CopyRect, IsRectEmpty, InflateRect, OffsetRect, IntersectRect, EndMenu,
WindowFromPoint, GetCursorPos, DeleteMenu, GetMenuState, InsertMenuW, DrawTextW,
RegisterClassW, RegisterClassExW, GetClassInfoExW, CreateWindowExW,
SystemParametersInfoW, GetSystemMetrics, DialogBoxParamW, GetMenuItemInfoW,
InsertMenuItemW, CreatePopupMenu, SetWindowTextW, RemoveMenu, FindWindowExW,
ClientToScreen, GetClientRect, GetMenuItemRect, RemovePropW, GetPropW,
DefWindowProcW, GetWindowTextW, GetWindowTextLengthW, RegisterWindowMessageW,
ReleaseDC, GetDC, CallWindowProcW, DrawTextExW, GetClassNameW, MoveWindow,
ReleaseCapture, InvalidateRgn, GetDesktopWindow, EndPaint, BeginPaint, SetFocus,
GetWindow, IsChild, GetFocus, DestroyAcceleratorTable, GetDlgItem, RedrawWindow,
CreateAcceleratorTableW, SendMessageTimeoutW, GetKeyState, wsprintfW,
EnumChildWindows, SetPropW
> msi.dll: -, -, -, -, -
> CRYPT32.dll: CryptDecodeObject, CryptQueryObject, CertEnumCertificatesInStore,
CertDuplicateCertificateContext, CertNameToStrW, CertFreeCertificateContext
> imagehlp.dll: ImageAddCertificate, ImageGetDigestStream,
ImageGetCertificateData, ImageRemoveCertificate, ImageGetCertificateHeader
> SHLWAPI.dll: SHDeleteKeyW, PathFindExtensionW, SHRegGetUSValueW,
SHDeleteValueW, SHSetValueW, ColorHLSToRGB, ColorRGBToHLS, SHGetValueW,
PathCombineW, UrlGetPartW, SHRegCloseUSKey, SHRegOpenUSKeyW, StrCatBuffA,
SHCopyKeyW, PathAppendW, PathIsDirectoryW, StrRetToStrW, SHOpenRegStream2W,
PathCanonicalizeW, PathRemoveFileSpecW, PathIsRelativeW, PathFileExistsW
> urlmon.dll: CreateURLMoniker
> WININET.dll: HttpOpenRequestA, InternetSetOptionW, InternetCombineUrlW,
InternetSetStatusCallbackA, InternetConnectW, HttpOpenRequestW,
ReadUrlCacheEntryStream, RetrieveUrlCacheEntryStreamW,
UnlockUrlCacheEntryStream, InternetCreateUrlW, InternetCanonicalizeUrlW,
GetUrlCacheEntryInfoW, DeleteUrlCacheEntryW, InternetGetConnectedState,
InternetCrackUrlW, InternetCloseHandle, InternetOpenUrlW, InternetOpenW,
InternetGetCookieExW, InternetConnectA, InternetReadFile,
InternetQueryDataAvailable, HttpSendRequestW, HttpAddRequestHeadersW,
HttpQueryInfoW
> WINMM.dll: PlaySoundW
> WINTRUST.dll: WinVerifyTrust
> WSOCK32.dll: -, -, -, -
> IMM32.dll: ImmGetCompositionStringW, ImmGetOpenStatus, ImmNotifyIME,
ImmReleaseContext, ImmGetContext
> ADVAPI32.dll: RegCreateKeyExW, RegDeleteKeyW, RegCloseKey, RegQueryInfoKeyW,
SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegEnumKeyExW,
CryptDestroyHash, CryptDestroyKey, RegFlushKey, DeregisterEventSource,
ReportEventW, RegisterEventSourceW, GetSidSubAuthority, GetSidSubAuthorityCount,
GetSidIdentifierAuthority, IsValidSid, GetAce, AddAce, InitializeSid,
InitializeAcl, GetSidLengthRequired, GetTokenInformation, OpenProcessToken,
RegEnumValueW, RegSetValueExW, CopySid, GetLengthSid, GetAclInformation,
MakeSelfRelativeSD, GetSecurityDescriptorControl, GetSecurityDescriptorLength,
RegQueryValueExW, RegDeleteValueW, GetSecurityDescriptorSacl,
GetSecurityDescriptorDacl, GetSecurityDescriptorGroup,
GetSecurityDescriptorOwner, MakeAbsoluteSD, RegSetKeySecurity,
RegGetKeySecurity, FreeSid, CheckTokenMembership, AllocateAndInitializeSid,
LookupAccountNameW, ConvertSidToStringSidW, GetUserNameW, RegEnumKeyW,
CryptCreateHash, CryptImportKey, CryptVerifySignatureW, CryptHashData,
CryptAcquireContextW, CryptReleaseContext, RegOpenKeyExW
> ole32.dll: CoRevokeClassObject, CoRegisterClassObject, CoInitialize,
CoUninitialize, StringFromGUID2, CoCreateInstance, CoInitializeEx,
RevokeDragDrop, CreateStreamOnHGlobal, OleInitialize, OleUninitialize,
CoTaskMemAlloc, OleLockRunning, CoGetClassObject, CLSIDFromProgID,
CLSIDFromString, RegisterDragDrop, CoCreateGuid, OleRun, CoTaskMemFree,
CoInitializeSecurity, OleSaveToStream, CoTaskMemRealloc, OleRegEnumVerbs,
OleRegGetUserType, OleRegGetMiscStatus, CreateOleAdviseHolder,
OleLoadFromStream, WriteClassStm
> SHELL32.dll: ShellExecuteW, ShellExecuteExW, SHGetSpecialFolderLocation,
SHGetMalloc, SHGetDesktopFolder, SHGetSpecialFolderPathW, SHGetFolderPathW, -,
CommandLineToArgvW, SHFileOperationW
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -,
-, -, -, -, -, -
> MSIMG32.dll: AlphaBlend
> GDI32.dll: CreateDCW, LPtoDP, SetMapMode, SelectPalette, SetViewportOrgEx,
CreateRectRgnIndirect, GetStretchBltMode, RealizePalette, StretchBlt,
CreateHalftonePalette, SetDIBits, CreateDIBSection, SetPixel, SetWindowOrgEx,
CreateBitmap, CreatePatternBrush, PatBlt, SetStretchBltMode, GetCurrentObject,
GetBkColor, GetTextFaceW, GetTextMetricsW, EnumFontFamiliesExW,
GetTextExtentExPointW, GetDeviceCaps, CreateCompatibleBitmap, DeleteDC,
DeleteObject, RestoreDC, GetStockObject, CreateSolidBrush, BitBlt, SelectObject,
CreateCompatibleDC, CreateFontIndirectW, GetObjectW, GetTextExtentPoint32W,
SaveDC, SetBkColor, SetBkMode, SetTextColor, CreateICW, CreatePen, MoveToEx,
LineTo, GetLayout, ExtTextOutW, TextOutW

( 10 exports )
BrokerWinMain, DllCanUnloadNow, DllGetClassObject, DllInfoA, DllRegisterServer,
DllUnregisterServer, DllUpdated, DllUpdated2, DllVersionStringA,
DllVersionStringW

Ciao Defoibe, ti ho postato ciò che mi hai chiesto, ho esguito tutti i passaggi
ma il problema continua. Spero di non aver commesso qualche errore! Sto
impazzendo .... help me!
 
patate.carote
Scusami Defoibe, mi sono scordato di dirti che ho installato msn.
Non so se ti può essere utile per vedere se ho eseguito correttamente le tue
indicazioni ma ti posto comunque il nuovo log di hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.22.56, on 08/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://gw.aliceadsl.it/minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 10.250.5.250:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Credential Manager for ProtectTools -
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program
Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
-hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools
Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless
Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP
Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe
C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
/autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.mpswy9b"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binar...kr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/IT-IT...1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload
Control) -
http://peppefava91.spaces.live.com/...nPUpldit-it.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) -
http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binar...ro.cab56649.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word
Games) - http://194.244.16.123/g_bin/eng/wor...le_2_0_0_48.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
[url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/u
rl]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
[url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url
]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler
(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition
Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) -
Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner
- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program
Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common
Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 10559 bytes
 
Deifobe
una delle due voci è sparita, mentre l'altra (O4 - HKCU\..\Run:
[Date Jump] "C:\ProgramData\ford win win.mpswy9b") c'è ancora.

Entra in modalità provvisoria e riprova a fixarla. Assicurati che non ci sia
nessun file di nome "ford win win" nel pc e riposta un nuovo hjt.

Sono rimaste anche queste voci:
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

fixa da provvisoria anche queste.

riesegui hjt e posta il rapporto.
 
patate.carote
Ti ringrazio anzitutto per la gentilezza e pazienza che mi stai offrendo nel
seguirmi passo per passo.
ecco qui il nuovo log hij:
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.14.55, on 08/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://gw.aliceadsl.it/minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 10.250.5.250:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local;<local>
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Credential Manager for ProtectTools -
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program
Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
-hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools
Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless
Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP
Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe
C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
/autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binar...kr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/IT-IT...1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload
Control) -
http://peppefava91.spaces.live.com/...nPUpldit-it.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) -
http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binar...ro.cab56649.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word
Games) - http://194.244.16.123/g_bin/eng/wor...le_2_0_0_48.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
[url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/u
rl]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
[url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url
]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler
(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition
Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) -
Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner
- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program
Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common
Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 10323 bytes
 
patate.carote
Porca miseria!! sta continuando ad aprirmi sempre delle pagine indesiderate
pubblicitarie...
 
Deifobe
ok, scarica SystemScan,
disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan =>
clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica
il rapporto che trovi sul desktop su
Savefile e posta il link ottenuto.
 
patate.carote
Ho eseguito lo scan ed ho fatto tutto ciò che mi hai detto.. però è sorto un
problema, non riesco ad inviarti il report. Perdona la mia ignoranza ma come
faccio ad inviartelo?
Ho provato ad allegarlo ma è troppo grande.. Dimmi te..
 
Deifobe
devi caricare il file di testo su www.savefile.com e postare il link
ottenuto
..te lo avevo scritto :)
 
patate.carote
Hai ragione, sono stato uno sbadato! :dhò:
ecco qui: http://www.savefile.com/files/1598757
 
Deifobe
ciao, ho controllato il rapporto più volte ma non trovo nulla eccetto quella
voce di cui parlavamo sopra (O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford
win win.mpswy9b").

Proviamo con una scansione..
vai su
Kaspersky_virusscanner
clicca su "kaspersky online scanner"
clicca su "accept"
--- verrà eseguito il download dei componenti necessari alla scansione
quando è terminato clicca su "next"
clicca su "scan settings"
spunta "extended" e dal l'ok
clicca su "my computer"
clicca su "scan settings"
salva e posta il rapporto di scansione (caricalo su
Savefile e posta il link ottenuto)


vediamo se così esce qualcosa...
 
patate.carote
OK farò subito lo scan e ti farò sapere; allora significa che quel 04-
HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.mpswy9b" è ancora nel mio
pc. Magari dipende solo da questo, no?! e come faccio a scovarlo ed eliminarlo?
thanks.
 
Deifobe
esegui la scansione, vediamo cosa ci dice

ciao


edit:
ciao, cortesemente poi esegui anche questa ricerca nel registro. Scarica
Registry Search Tool (lo trovi
nella pagina) e cerca esattamente prima ford win win
e dopo About Does Save (fai copia/incolla e non aggiungere
spazi a fine parola).
Posta i risultati ottenuti. Grazie
 
patate.carote
Defoibe ho eseguito lo scan e non ti posso postare perfortna nulla , in quanto
non ha rilevato alcun "infected" o "sospicious" object.
 
patate.carote
quando cerco ford win win dice: impossibile esportare
C:\Users\utente\AppData\Local\Temp\RegTmp.tmp errore durante l'apertura del
file. Probabile errore del disco o del file system.
 
patate.carote
per il secondo, About Does Save invece : no instances of "About Does Save"
found.
 
Deifobe
ok

Entra nel registro (start - esegui - digita regedit e dai
l'ok)
clicca su modifica - trova - copia/incolla ford win win e
dai l'ok

Prendi nota della chiave o valore trovato (quello evidenziato in blu) e segna il
percorso (lo vedi nella finestra in basso.. tipo HKEY_LOCAL_MACHINE\... ecc
ecc)

poi premi f3 e vedi se trova altro. Se lo trova, prendi nuovamente nota dei
valori e dei percorsi

Se per errore dai l'invio e si apre qualche finestra, clicca su annulla oppure
chiudila (con la funzione "trova" si preme f3 per spostarsi da un dato
all'altro).

Quando hai finito, chiudi il registro e posta le informazioni.
Nel registro non eliminare/modificare nulla
 
patate.carote
HKEY_USERS\S-1-5-21-4145813751-3626821847-1112377415-1003\Software\Microsoft\Win
dows\CurrentVersion\Run

DATE JUMP REG_SZ C:\ProgramData\Ford win win.lhan2z
 
Deifobe
quindi ne hai trovato solo uno? ok allora ascolta,

rientra nel registro e segui questo percorso:
HKEY_USERS\S-1-5-21-4145813751-3626821847-1112377415-1003\Software\Microsoft\Win
dows\CurrentVersion\Run

clicca su RUN (la cartellina gialla a sinistra) con il tasto destro del mouse e
seleziona "esporta". Salvala come:
nome: RUNpippo.reg
tipo di file: file di registrazione
salvala in c:\

poi, sempre nel registro, individua nella finestra a destra la voce:
DATE JUMP => REG_SZ => C:\ProgramData\Ford win win.lhan2z

clicca su DATE JUMP con il tasto destro del mouse e seleziona "elimina".

chiudi il registro

Usa la funzione cerca di windows e...cerca ford win win nel pc. Cestina tutto
quello che trovi e, cortesemente, prendi nota dei percorsi e postali.




edit :
poi vai in :
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
salva la chiave RUN come RUNpluto.reg ed elimina anche qui la voce:
DATE JUMP => REG_SZ => C:\ProgramData\Ford win win.lhan2z

Riavvia il pc e posta un nuovo hjt.

ciao
 
patate.carote
perdonami l'ignoranza ma non riesco ad andare su
HKCU\Software\Microsoft\Windows\CurrentVersion\Rune.
 
Deifobe
Il percorso e':
HKEY_CURRENT_USER
\Software\Microsoft\Windows\CurrentVersion\Run
 
hell's bells
Presta attenzione la chiave era abbreviata.
 
patate.carote
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.15.22, on 11/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://gw.aliceadsl.it/minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 10.250.5.250:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local;<local>
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Credential Manager for ProtectTools -
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program
Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
-hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools
Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless
Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP
Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe
C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
/autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binar...kr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/IT-IT...1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload
Control) -
http://peppefava91.spaces.live.com/...nPUpldit-it.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) -
http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binar...ro.cab56649.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word
Games) - http://194.244.16.123/g_bin/eng/wor...le_2_0_0_48.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
[url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/u
rl]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
[url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url
]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler
(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition
Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) -
Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner
- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program
Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common
Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 10331 bytes

ti prego dimmi che la soluzione è vicina.... sto impazzendo con questo problema,
e poi ho nototato che oltre le mille diverse pagine pubblicitarie ne ricorre una
: adserver5. Graziee ancora per l'aiuto che mi stai dando.
 
Deifobe
hai cercato/eliminato tutti i file ford win win usando la funzione cerca?
 
patate.carote
l' ho fatto, mi rimane solo quel maledetto file che dice: tipo COLLEGAMENTO
dimensioni 643 byte tipo di file (lnk.)
:\Users\utente\AppData\Roaming\Microsoft\Windows\Recent. e quando lo clicco non
lo apre.
 
Deifobe
devi cliccarci sopra con il tasto destro del mouse e selezionare elimina
 
patate.carote
Mi dice non è più disponibile in
C:\users\utente\appdata\roaming\microsoft\windows\recent. verificare il percorso
deell'elemento e riprovare.
 
Deifobe
ok. il pc da ancora problemi?
se si, ripeti la ricerca dei files ford win win e
About Does Save e controlla non ci sia altro.
 
patate.carote
Grazie.. per il momento non sembrerebbe dare piu problemi.. da oggi non si
aprono piu le pagine pubblicitarie ed altre.. GRAZIE MILLE per il tuo aiuto,
speriamo che non debba averne piu bisogno.. Grazie

CIAO!!!! :)
 
Deifobe
ok, mi fa piacere...
uhmm.. rifai cmq la ricerca che ti avevo suggerito, va.. meglio perdere 2 minuti
ma esserne certi...

Buona serata, :)
 
patate.carote
ricerca nel registro fatta, e non vi è traccia!
ora sembra proprio andare tutto per il meglio! grazie mille
 
Deifobe
uhmm? non nel registro.. devi cercarli nel pc... :)
Ciao
 
patate.carote
nel pc c'è solo quel maledetto file ford win win che non si apre e non si
elimina, quello che ti avevo detto nel precedente messaggio.Non riesco proprio
ad eliminarlo!
 
Deifobe
capito.. cerca il file.
l'importante è che non escano + le finestre.
Per il resto, puoi installare
CCleaner per rilulire i
recent

Trova la soluzione al tuo problema, cerca tra le guide di HTML.it

Loading

Powered by: Search Engine Indexer and vBulletin v2.3.6
Copyright © 2000 - 2002, Jelsoft Enterprises Limited