PDA

Visualizza la versione completa : finestre popup impazzite!!


 
patate.carote
07-06-2008, 17:43
ciao ragazzi...vi scrivo perchè ho un problema...mentre navigo mi si aprono continuamente un sacco di finestre di popup nonostante io abbia bloccato i popup sia su IE che su firefox....ho facco una scansione con spybot e con adware...ma il problema rimane...
vi posto i log di HijackThis codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.32.25, on 06/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\utente\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\9DO8SA16\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.ldrja"
O4 - HKCU\..\Run: [Sixth exit vga dash] "C:\ProgramData\About Does Save.z2a7xsi"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Alice - {50D51729-CA2B-41F4-8D6C-382C84995D2E} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT...1/GAME_UNO1.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binar...ro.cab56649.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://194.244.16.123/g_bin/eng/wor...le_2_0_0_48.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.57 85.38.28.80
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 10842 bytes

che posso fare? grazie per gli aiuti

Deifobe
07-06-2008, 18:35
Disinstalla hijackthis (deve trovarsi in una cartella dedicata per conservare il backup dei fix).
Scarica nuovamente Hijackthis (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download) e mettilo in un cartella dedicata (tipo: c:\programmi\Hijackthis) oppure clicca su "download hijackthis installer".

Eseguilo, clicca sul tasto "Do a system scan only", spunta le seguenti voci e clicca su "fix Checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.ldrja"
O4 - HKCU\..\Run: [Sixth exit vga dash] "C:\ProgramData\About Does Save.z2a7xsi"
O13 - Gopher Prefix:

analizza su Virustotal (http://www.virustotal.com/it/) il files c:\program files\google\googletoolbar1.dll e posta i risultati.


Vai in C:\ProgramData ed elimina i files:

About Does Save.z2a7xsi
ford win win.ldrja

(o meglio, elimina tutti i files che hanno come nome la parte evidenziata in rosso)

Hai installato msn?

Ciao

patate.carote
08-06-2008, 13:07
File GoogleToolbar1.dll ricevuto il 2008.04.27 10:33:26 (CET)
Stato corrente: finito

Risultato: 0/32 (0.00%)
Formattato Stampa risultati
Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.4.25.2 2008.04.25 -
AntiVir 7.8.0.10 2008.04.25 -
Authentium 4.93.8 2008.04.27 -
Avast 4.8.1169.0 2008.04.26 -
AVG 7.5.0.516 2008.04.26 -
BitDefender 7.2 2008.04.27 -
CAT-QuickHeal 9.50 2008.04.26 -
ClamAV 0.92.1 2008.04.27 -
DrWeb 4.44.0.09170 2008.04.27 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5736 2008.04.26 -
Ewido 4.0 2008.04.26 -
F-Prot 4.4.2.54 2008.04.26 -
F-Secure 6.70.13260.0 2008.04.26 -
FileAdvisor 1 2008.04.27 -
Fortinet 3.14.0.0 2008.04.27 -
Ikarus T3.1.1.26.0 2008.04.27 -
Kaspersky 7.0.0.125 2008.04.27 -
McAfee 5282 2008.04.25 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3057 2008.04.26 -
Norman 5.80.02 2008.04.25 -
Panda 9.0.0.4 2008.04.26 -
Prevx1 V2 2008.04.27 -
Rising 20.41.60.00 2008.04.27 -
Sophos 4.28.0 2008.04.26 -
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.27 -
TheHacker 6.2.92.294 2008.04.26 -
VBA32 3.12.6.5 2008.04.26 -
VirusBuster 4.3.26:9 2008.04.26 -
Webwasher-Gateway 6.6.2 2008.04.27 -
Informazioni addizionali
File size: 2423872 bytes
MD5...: f0b634b957e774e90edf0f90d0039303
SHA1..: 801b383244caee681c21e95bb1da792431d80824
SHA256: fa73cba48ba9f0a20be43a8042d248ff2c1216445d1708418b 13df0de7f423b4
SHA512: b62f9f132310ba581b5489220284329116ab8ed5ee88fff92e cb4ab38d438511
6bff26d1e3686d1d41b4df67037d389af7d77bad2906687192 ea980f4dee3074
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100c5c2c
timedatestamp.....: 0x45b1bc45 (Sat Jan 20 06:52:53 2007)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe3826 0xe4000 6.65 1462df2a2d37f42dd10a1907a83e2f7a
.rdata 0xe5000 0x29b64 0x2a000 4.89 d496c4b12492175f1b38571ba29aedf2
.data 0x10f000 0x140abc 0xb000 2.93 29b0a52b5113dead39a8266b54b9ffc7
shared 0x250000 0x4 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x251000 0x122aa8 0x123000 6.43 3470f4799dd56d9a81fd4a31bc01a997
.reloc 0x374000 0xfc9a 0x10000 5.85 f1cdcf4dec75c531e1e383ee90fb519c

( 18 imports )
> KERNEL32.dll: GetFileTime, GetStringTypeExW, FileTimeToSystemTime, GetSystemTime, SystemTimeToFileTime, CompareFileTime, MapViewOfFile, OpenFileMappingW, GetVersionExA, VirtualAlloc, GetLocaleInfoW, SearchPathW, UnmapViewOfFile, CreateFileMappingW, MapViewOfFileEx, SetEndOfFile, GetProcessTimes, GetSystemTimeAsFileTime, SetFileAttributesW, VerSetConditionMask, VerifyVersionInfoW, LocalAlloc, HeapDestroy, HeapReAlloc, HeapSize, ExitThread, ResumeThread, IsBadReadPtr, GetTimeZoneInformation, FileTimeToLocalFileTime, GetFileInformationByHandle, PeekNamedPipe, GetFileType, VirtualProtect, GetSystemInfo, ExitProcess, RtlUnwind, LCMapStringA, LCMapStringW, GetCPInfo, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue, HeapCreate, VirtualFree, IsBadWritePtr, UnhandledExceptionFilter, SetHandleCount, GetStdHandle, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetStringTypeA, GetStringTypeW, SetStdHandle, GetTimeFormatA, GetDateFormatA, QueryPerformanceCounter, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadCodePtr, CreateFileA, CompareStringA, CompareStringW, SetEnvironmentVariableA, FreeLibrary, LoadLibraryExW, CreateMutexW, WideCharToMultiByte, ReleaseMutex, SetEvent, CreateProcessW, lstrcpynW, GetTempPathW, FlushFileBuffers, VirtualQuery, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, SetUnhandledExceptionFilter, ExpandEnvironmentStringsW, TryEnterCriticalSection, SetFilePointer, ReadFile, GetPrivateProfileStringW, lstrlenA, EnumResourceNamesW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FindFirstFileW, FindNextFileW, FindClose, TerminateProcess, GetExitCodeProcess, GetFileSize, WaitForMultipleObjects, GlobalHandle, GlobalFree, GetTempFileNameW, GlobalSize, GetTickCount, lstrcmpW, MulDiv, GlobalAlloc, GlobalLock, GlobalUnlock, LoadLibraryA, InterlockedExchangeAdd, MultiByteToWideChar, HeapAlloc, GetProcessHeap, HeapFree, FlushInstructionCache, LeaveCriticalSection, EnterCriticalSection, OpenProcess, GetCurrentProcess, DuplicateHandle, GetCurrentThreadId, lstrcatW, CreateEventW, CreateThread, WaitForSingleObject, GetExitCodeThread, CopyFileW, MoveFileExW, RemoveDirectoryW, DeleteFileW, GetCurrentProcessId, Sleep, GetCommandLineW, GetFullPathNameW, OutputDebugStringA, GetModuleFileNameW, LoadLibraryW, WriteFile, CreateFileW, GetFileAttributesW, FormatMessageW, SetLastError, lstrlenW, lstrcmpiW, lstrcpyW, CloseHandle, InterlockedDecrement, InterlockedIncrement, GetLastError, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetVersionExW, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, LocalFree, GetVersion, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetCommandLineA
> USER32.dll: IsWindowEnabled, GetScrollInfo, DrawFrameControl, SetMenuInfo, GetMessagePos, IsDlgButtonChecked, SystemParametersInfoA, LoadImageW, CharLowerBuffW, MsgWaitForMultipleObjects, PeekMessageW, GetSubMenu, SetMenuItemInfoW, LoadMenuW, MonitorFromRect, GetMonitorInfoW, GetComboBoxInfo, LoadIconW, SendDlgItemMessageW, MapWindowPoints, SetDlgItemTextW, PtInRect, CharUpperBuffW, CheckMenuItem, DrawFocusRect, MessageBoxIndirectW, AppendMenuW, TrackPopupMenu, EnableWindow, EndDialog, MapDialogRect, SetWindowContextHelpId, DialogBoxIndirectParamW, GetClassInfoW, SetParent, GetClassLongW, GetCapture, UpdateWindow, SetWindowsHookExW, RegisterClipboardFormatW, GetDlgCtrlID, ShowCursor, CloseClipboard, GetClipboardData, OpenClipboard, DrawEdge, SetWindowRgn, EqualRect, CharLowerW, GetWindowDC, UnionRect, IsCharAlphaNumericW, wvsprintfW, MonitorFromPoint, IsMenu, SetMenuDefaultItem, GetDoubleClickTime, GetSysColorBrush, EndDeferWindowPos, BeginDeferWindowPos, TrackMouseEvent, TrackPopupMenuEx, CreateMenu, UnhookWindowsHookEx, DestroyCursor, GetMenuStringW, ModifyMenuW, GetForegroundWindow, GetWindowThreadProcessId, CallNextHookEx, IsWindowVisible, GetActiveWindow, MessageBeep, PostThreadMessageW, GetMessageW, TranslateMessage, DispatchMessageW, CharUpperW, CharNextW, InSendMessage, MessageBoxW, UnregisterClassW, GetWindowLongW, SetCursor, LoadCursorW, GetAsyncKeyState, GetSysColor, DestroyMenu, SetWindowLongW, DestroyWindow, GetWindowRect, ScreenToClient, ShowWindow, SetCapture, IsWindow, SendMessageW, SetTimer, KillTimer, BringWindowToTop, SetWindowPos, GetMenuItemID, GetMenuItemCount, InvalidateRect, GetParent, FillRect, FrameRect, SetRectEmpty, PostMessageW, CopyRect, IsRectEmpty, InflateRect, OffsetRect, IntersectRect, EndMenu, WindowFromPoint, GetCursorPos, DeleteMenu, GetMenuState, InsertMenuW, DrawTextW, RegisterClassW, RegisterClassExW, GetClassInfoExW, CreateWindowExW, SystemParametersInfoW, GetSystemMetrics, DialogBoxParamW, GetMenuItemInfoW, InsertMenuItemW, CreatePopupMenu, SetWindowTextW, RemoveMenu, FindWindowExW, ClientToScreen, GetClientRect, GetMenuItemRect, RemovePropW, GetPropW, DefWindowProcW, GetWindowTextW, GetWindowTextLengthW, RegisterWindowMessageW, ReleaseDC, GetDC, CallWindowProcW, DrawTextExW, GetClassNameW, MoveWindow, ReleaseCapture, InvalidateRgn, GetDesktopWindow, EndPaint, BeginPaint, SetFocus, GetWindow, IsChild, GetFocus, DestroyAcceleratorTable, GetDlgItem, RedrawWindow, CreateAcceleratorTableW, SendMessageTimeoutW, GetKeyState, wsprintfW, EnumChildWindows, SetPropW
> msi.dll: -, -, -, -, -
> CRYPT32.dll: CryptDecodeObject, CryptQueryObject, CertEnumCertificatesInStore, CertDuplicateCertificateContext, CertNameToStrW, CertFreeCertificateContext
> imagehlp.dll: ImageAddCertificate, ImageGetDigestStream, ImageGetCertificateData, ImageRemoveCertificate, ImageGetCertificateHeader
> SHLWAPI.dll: SHDeleteKeyW, PathFindExtensionW, SHRegGetUSValueW, SHDeleteValueW, SHSetValueW, ColorHLSToRGB, ColorRGBToHLS, SHGetValueW, PathCombineW, UrlGetPartW, SHRegCloseUSKey, SHRegOpenUSKeyW, StrCatBuffA, SHCopyKeyW, PathAppendW, PathIsDirectoryW, StrRetToStrW, SHOpenRegStream2W, PathCanonicalizeW, PathRemoveFileSpecW, PathIsRelativeW, PathFileExistsW
> urlmon.dll: CreateURLMoniker
> WININET.dll: HttpOpenRequestA, InternetSetOptionW, InternetCombineUrlW, InternetSetStatusCallbackA, InternetConnectW, HttpOpenRequestW, ReadUrlCacheEntryStream, RetrieveUrlCacheEntryStreamW, UnlockUrlCacheEntryStream, InternetCreateUrlW, InternetCanonicalizeUrlW, GetUrlCacheEntryInfoW, DeleteUrlCacheEntryW, InternetGetConnectedState, InternetCrackUrlW, InternetCloseHandle, InternetOpenUrlW, InternetOpenW, InternetGetCookieExW, InternetConnectA, InternetReadFile, InternetQueryDataAvailable, HttpSendRequestW, HttpAddRequestHeadersW, HttpQueryInfoW
> WINMM.dll: PlaySoundW
> WINTRUST.dll: WinVerifyTrust
> WSOCK32.dll: -, -, -, -
> IMM32.dll: ImmGetCompositionStringW, ImmGetOpenStatus, ImmNotifyIME, ImmReleaseContext, ImmGetContext
> ADVAPI32.dll: RegCreateKeyExW, RegDeleteKeyW, RegCloseKey, RegQueryInfoKeyW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegEnumKeyExW, CryptDestroyHash, CryptDestroyKey, RegFlushKey, DeregisterEventSource, ReportEventW, RegisterEventSourceW, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, IsValidSid, GetAce, AddAce, InitializeSid, InitializeAcl, GetSidLengthRequired, GetTokenInformation, OpenProcessToken, RegEnumValueW, RegSetValueExW, CopySid, GetLengthSid, GetAclInformation, MakeSelfRelativeSD, GetSecurityDescriptorControl, GetSecurityDescriptorLength, RegQueryValueExW, RegDeleteValueW, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, MakeAbsoluteSD, RegSetKeySecurity, RegGetKeySecurity, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, LookupAccountNameW, ConvertSidToStringSidW, GetUserNameW, RegEnumKeyW, CryptCreateHash, CryptImportKey, CryptVerifySignatureW, CryptHashData, CryptAcquireContextW, CryptReleaseContext, RegOpenKeyExW
> ole32.dll: CoRevokeClassObject, CoRegisterClassObject, CoInitialize, CoUninitialize, StringFromGUID2, CoCreateInstance, CoInitializeEx, RevokeDragDrop, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoTaskMemAlloc, OleLockRunning, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, RegisterDragDrop, CoCreateGuid, OleRun, CoTaskMemFree, CoInitializeSecurity, OleSaveToStream, CoTaskMemRealloc, OleRegEnumVerbs, OleRegGetUserType, OleRegGetMiscStatus, CreateOleAdviseHolder, OleLoadFromStream, WriteClassStm
> SHELL32.dll: ShellExecuteW, ShellExecuteExW, SHGetSpecialFolderLocation, SHGetMalloc, SHGetDesktopFolder, SHGetSpecialFolderPathW, SHGetFolderPathW, -, CommandLineToArgvW, SHFileOperationW
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSIMG32.dll: AlphaBlend
> GDI32.dll: CreateDCW, LPtoDP, SetMapMode, SelectPalette, SetViewportOrgEx, CreateRectRgnIndirect, GetStretchBltMode, RealizePalette, StretchBlt, CreateHalftonePalette, SetDIBits, CreateDIBSection, SetPixel, SetWindowOrgEx, CreateBitmap, CreatePatternBrush, PatBlt, SetStretchBltMode, GetCurrentObject, GetBkColor, GetTextFaceW, GetTextMetricsW, EnumFontFamiliesExW, GetTextExtentExPointW, GetDeviceCaps, CreateCompatibleBitmap, DeleteDC, DeleteObject, RestoreDC, GetStockObject, CreateSolidBrush, BitBlt, SelectObject, CreateCompatibleDC, CreateFontIndirectW, GetObjectW, GetTextExtentPoint32W, SaveDC, SetBkColor, SetBkMode, SetTextColor, CreateICW, CreatePen, MoveToEx, LineTo, GetLayout, ExtTextOutW, TextOutW

( 10 exports )
BrokerWinMain, DllCanUnloadNow, DllGetClassObject, DllInfoA, DllRegisterServer, DllUnregisterServer, DllUpdated, DllUpdated2, DllVersionStringA, DllVersionStringW

Ciao Defoibe, ti ho postato ciò che mi hai chiesto, ho esguito tutti i passaggi ma il problema continua. Spero di non aver commesso qualche errore! Sto impazzendo .... help me!

patate.carote
08-06-2008, 13:26
Scusami Defoibe, mi sono scordato di dirti che ho installato msn.
Non so se ti può essere utile per vedere se ho eseguito correttamente le tue indicazioni ma ti posto comunque il nuovo log di hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.22.56, on 08/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.250.5.250:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.mpswy9b"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://peppefava91.spaces.live.com/PhotoUpload/VistaMsnPUpldit-it.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://194.244.16.123/g_bin/eng/wordssingle_2_0_0_48.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 10559 bytes

Deifobe
08-06-2008, 13:42
una delle due voci è sparita, mentre l'altra (O4 - HKCU\..\Run: [Date Jump] "C:\ProgramData\ford win win.mpswy9b") c'è ancora.

Entra in modalità provvisoria e riprova a fixarla. Assicurati che non ci sia nessun file di nome "ford win win" nel pc e riposta un nuovo hjt.

Sono rimaste anche queste voci:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
fixa da provvisoria anche queste.

riesegui hjt e posta il rapporto.

patate.carote
08-06-2008, 15:17
Ti ringrazio anzitutto per la gentilezza e pazienza che mi stai offrendo nel seguirmi passo per passo.
ecco qui il nuovo log hij:
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.14.55, on 08/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.250.5.250:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://peppefava91.spaces.live.com/PhotoUpload/VistaMsnPUpldit-it.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://194.244.16.123/g_bin/eng/wordssingle_2_0_0_48.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 10323 bytes

patate.carote
08-06-2008, 15:23
Porca miseria!! sta continuando ad aprirmi sempre delle pagine indesiderate pubblicitarie...

Deifobe
08-06-2008, 15:31
ok, scarica SystemScan (http://www.suspectfile.com/systemscan), disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi sul desktop su Savefile (http://www.savefile.com/) e posta il link ottenuto.

patate.carote
08-06-2008, 21:42
Ho eseguito lo scan ed ho fatto tutto ciò che mi hai detto.. però è sorto un problema, non riesco ad inviarti il report. Perdona la mia ignoranza ma come faccio ad inviartelo?
Ho provato ad allegarlo ma è troppo grande.. Dimmi te..

Deifobe
08-06-2008, 22:57
devi caricare il file di testo su www.savefile.com e postare il link ottenuto
..te lo avevo scritto :)

Loading