popup servizio messengers (windows 2000)

[righi daniela]

Buongiorno a tutti,
da un mesetto mi appaiono dopo alcuni minuti di connessione, delle finestre che suggeriscono continuamente di andare su siti diversi a scaricarmi protezioni per il pc.
Non riesco più a lavorare in quanto le devo chiudere!!
Sono ingannevoli in quanto riportano sulla barra in alto "servizio messengers"
ed in seguito nel testo "messaggio da system a alert".
E la frase: possible critical system errors!

Mio fratello dice che dovrei modificare manualmente il file sys32win.exe
Ma io intanto non lo trovo in windows 2000!!!

Avete per caso dei suggerimenti?
Grazie infinite (non ho fretta, sono rasseganta..)
Daniela

[righi daniela]

scusate, incollo il log come da Vostra richiesta

Logfile of HijackThis v1.99.1
Scan saved at 11.58.45, on 28/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\Temp\pxdc2.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\control.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINNT\Downloaded Program Files\SpSubRx.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\DANIELA\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File

comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File

comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [pxdc1.exe] C:\WINNT\Temp\pxdc1.exe
O4 - HKLM\..\Run: [pxdc2.exe] C:\WINNT\Temp\pxdc2.exe
O4 - HKCU\..\Run: [Creative Detector]

C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe /R
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Programmi\Uniblue\Registry

Booster\RegistryBooster.exe /S
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Google Search -

res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -

res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -

res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -

res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -

http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

http://appldnld.apple.com.edgesuite....QuickTimeInsta

ller.exe
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) -

http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -

http://www.inforiviera.it/newwebcam/...CamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/ms...downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1D19B8C-7618-41DD-9067-7B98D01BEDB8}: NameServer =

193.70.152.15 193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6CAAF4-CD73-4797-92A3-2A290E872D4D}: NameServer =

151.99.125.2,151.99.125.3
O23 - Service: Apache - Unknown owner - C:\Programmi\Apache Group\Apache\Apache.exe"

--ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT

Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software

Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Programmi\File comuni\element5

Shared\Service\Licence Manager ESD.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File

comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/Programmi/mysql/bin/mysqld-nt.exe (file missing)


ciao a tutti