Olimpo Informatico

gr00v3 · Mortale pio Registrato: 16/04/07 14:24 Messaggi: 18

dunque dunque finalmente sn riuscito a iscrivermi...ho da un mesetto il computer cn il problema a qnt ne so ricorrente della pubblicità CiD...ora so che bisogna usare hijackthis per eliminarlo ma preferisco nn metterci mano da solo e farmi dire cosa eliminare per evitare di eliminare file di sistema...percio kiedo aiuto a voi perke sto per diventare pazzo...plz risp presto... Shocked

---vi copio il log di hijack

Logfile of HijackThis v1.99.1
Scan saved at 14.41.27, on

16/04/2007
Platform: Windows XP SP2

(WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.ex

e
C:\WINDOWS\system32\winlogon

.exe
C:\WINDOWS\system32\services.

exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.

exe
C:\WINDOWS\System32\svchost.

exe
C:\WINDOWS\system32\spoolsv.

exe
c:\programmi\file

comuni\logitech\lvmvfm\LVPrcSrv.e

xe
C:\Programmi\Alwil

Software\Avast4\aswUpdSv.exe
c:\windows\system32\winlogon.exe
C:\Programmi\Alwil

Software\Avast4\ashServ.exe
C:\Programmi\File

comuni\Microsoft

Shared\VS7Debug\mdm.exe
C:\Programmi\Alcohol Soft\Alcohol

120\StarWind\StarWindService.ex

e
C:\WINDOWS\system32\svchost.

exe
C:\Programmi\Alwil

Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil

Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.

exe
C:\WINDOWS\system32\igfxtray.e

xe
C:\WINDOWS\system32\hkcmd.e

xe
C:\PROGRA~1\ALWILS~1\Avast

4\ashDisp.exe
C:\WINDOWS\system32\GSICO

N.EXE
C:\WINDOWS\system32\dslagent.

exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\LVCO

MSX.EXE
C:\Programmi\Logitech\Video\Cam

eraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.e

xe
C:\WINDOWS\system32\spool\dri

vers\w32x86\3\hpztsb04.exe
C:\DOCUME~1\Federico\IMPOS

T~1\Temp\bomfeb.exe
C:\Programmi\Logitech\Desktop

Messenger\8876480\Program\Logit

echDesktopMessenger.exe
C:\Programmi\Internet

Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.e

xe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Messenger\msmsgs.e

xe
C:\Programmi\MSN

Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.

exe
C:\Programmi\Internet

Explorer\IEXPLORE.EXE
C:\Programmi\Windows Media

Player\wmplayer.exe
C:\Documents and

Settings\Federico\Desktop\program

mi\hijackthis\HijackThis.exe

R0 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.google.it/
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderNam

e = Collegamenti
R3 - URLSearchHook: (no name) -

{A8B28872-3324-4CD2-8AA3-7

D555C872D96} - (no file)
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-7

84B7D6BE0B3} -

C:\Programmi\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.

dll
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS\system32\igfxtray.e

xe
O4 - HKLM\..\Run:

[HotKeysCmds]

C:\WINDOWS\system32\hkcmd.e

xe
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast

4\ashDisp.exe
O4 - HKLM\..\Run:

[GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run:

[DSLAGENTEXE] dslagent.exe

USB
O4 - HKLM\..\Run:

[AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh]

C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LVCOMSX]

C:\WINDOWS\system32\LVCO

MSX.EXE
O4 - HKLM\..\Run:

[LogitechCameraAssistant]

C:\Programmi\Logitech\Video\Cam

eraAssistant.exe
O4 - HKLM\..\Run:

[LogitechVideo[inspector]]

C:\Programmi\Logitech\Video\Instal

lHelper.exe /inspect
O4 - HKLM\..\Run:

[LogitechCameraService(E)]

C:\WINDOWS\system32\ElkCtrl.e

xe /automation
O4 - HKLM\..\Run: [I downloaded

pirated Software from P2P ]

C:\WINDOWS\system32\0106.ex

e
O4 - HKLM\..\Run:

[01234567890123456789012345

678901234567890123456789012

345678901234567890123456789

012345678901234567890123456

789012345678901234567890123

456789012345678901234567890

123456789012345678901234567

890123456789012345678901234

567890123456789012345678901

2345678912345678]

C:\Programmi\user32.exe
O4 - HKLM\..\Run: [keyboard]

c:\\kybrdff_e44.exe
O4 - HKLM\..\Run: [newname]

c:\\nwnmff_e44.exe
O4 - HKLM\..\Run: [defender]

c:\\dfndrff_e44a.exe
O4 - HKLM\..\Run: [HPDJ

Taskbar Utility]

C:\WINDOWS\system32\spool\dri

vers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Delete active

byte meal] C:\Documents and

Settings\All Users\Dati

applicazioni\city burn delete

active\hold inter.exe
O4 - HKLM\..\Run:

[NeroFilterCheck]

C:\WINDOWS\system32\NeroCh

eck.exe
O4 - HKLM\..\Run: [bomfeb.exe]

C:\DOCUME~1\Federico\IMPOS

T~1\Temp\bomfeb.exe
O4 - HKLM\..\Run: [modqdhqs]

"c:\windows\system32\modqdhqs.e

xe"
O4 - HKCU\..\Run: [LDM]

C:\Programmi\Logitech\Desktop

Messenger\8876480\Program\Logit

echDesktopMessenger.exe
O4 - HKCU\..\Run: [hidefrag]

C:\DOCUME~1\Federico\DATIA

P~1\THUNKL~1\blehaim.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.e

xe
O4 - HKCU\..\Run: [MSMSGS]

"C:\Programmi\Messenger\msmsgs.

exe" /background
O4 - Global Startup: Adobe

Gamma Loader.lnk =

C:\Programmi\File

comuni\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: Logitech

Desktop Messenger.lnk =

C:\Programmi\Logitech\Desktop

Messenger\8876480\Program\Logit

echDesktopMessenger.exe
O4 - Global Startup: Microsoft

Office.lnk =

C:\Programmi\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item:

&Point&&Go - C:\Programmi\File

comuni\Expert

System\PGPlatform\PGPlatform.ht

m
O8 - Extra context menu item:

E&sporta in Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\

Office10\EXCEL.EXE/3000
O9 - Extra button: Garzanti

Linguistica -

{B7FE5D70-9AA2-40F1-9C6B-

12A255F085E1} -

C:\Programmi\File

comuni\Garzanti\Dizionari Garzanti

2005\IEExtension.dll
O9 - Extra 'Tools' menuitem:

Garzanti Linguistica -

{B7FE5D70-9AA2-40F1-9C6B-

12A255F085E1} -

C:\Programmi\File

comuni\Garzanti\Dizionari Garzanti

2005\IEExtension.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00

C04F795683} -

C:\Programmi\Messenger\msmsgs.e

xe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00

C04F795683} -

C:\Programmi\Messenger\msmsgs.e

xe
O16 - DPF:

{20A60F0D-9AFA-4515-A0FD-

83BD84642501} (Checkers

Class) -

http://messenger.zone.msn.com/bina

ry/msgrchkr.cab56986.cab
O16 - DPF:

{4F1E5B1A-2A80-42CA-8532-2

D05CB959537} (MSN Photo

Upload Tool) -

http://always-in-the-gr0ove89.spac

es.msn.com//PhotoUpload/MsnPU

pld.cab
O16 - DPF:

{B8BE5E93-A60C-4D26-A2DC-

220313175592} (MSN Games -

Installer) -

http://messenger.zone.msn.com/bina

ry/ZIntro.cab56649.cab
O16 - DPF:

{C3F79A2B-B9B4-4A66-B012-3

EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/bina

ry/MessengerStatsPAClient.cab569

07.cab
O16 - DPF:

{F5A7706B-B9C0-4C89-A715-7

A0C6B05DD48} (Minesweeper

Flags Class) -

http://messenger.zone.msn.com/bina

ry/MineSweeper.cab56986.cab
O17 -

HKLM\System\CCS\Services\Tcpi

p\..\{3AFD1098-C0C2-43C3-A4

A2-2E5596A75F94}:

NameServer = 85.37.17.51

85.38.28.97
O18 - Protocol: bwfile-8876480 -

{9462A756-7B47-47BC-8C80-C

34B9B80B32B} -

C:\Programmi\Logitech\Desktop

Messenger\8876480\Program\GAP

lugProtocol-8876480.dll
O18 - Protocol: livecall -

{828030A1-22C1-4009-854F-8E

305202313F} -

C:\PROGRA~1\MSNMES~1\MS

GRAP~1.DLL
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E

305202313F} -

C:\PROGRA~1\MSNMES~1\MS

GRAP~1.DLL
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsr

vc.dll
O21 - SSODL:

WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-

94D524869DB5} -

C:\WINDOWS\system32\WPDSh

ServiceObj.dll
O23 - Service: avast! iAVS4

Control Service (aswUpdSv) -

Unknown owner -

C:\Programmi\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus -

Unknown owner -

C:\Programmi\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner

- Unknown owner -

C:\Programmi\Alwil

Software\Avast4\ashMaiSv.exe"

/service (file missing)
O23 - Service: avast! Web Scanner

- Unknown owner -

C:\Programmi\Alwil

Software\Avast4\ashWebSv.exe"

/service (file missing)
O23 - Service: Logitech Process

Monitor (LVPrcSrv) - Logitech

Inc. - c:\programmi\file

comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: StarWind iSCSI

Service (StarWindService) -

Rocket Division Software -

C:\Programmi\Alcohol Soft\Alcohol

120\StarWind\StarWindService.exe

grazie a tutti aspetto risp

niklair · Inviato: 16 Apr 2007 15:27 Oggetto:

.. riesci a fare un copia incolla con formattazione migliore? Così è piuttosto dura leggerlo ..... Wink

bdoriano · Inviato: 16 Apr 2007 16:01 Oggetto: Re: CiD-------------------------help!

Con un bel pò di pazienza ho ricostruito le righe sopra indicate...
Questo è un programma che va terminato:

gr00v3 · Mortale pio Registrato: 16/04/07 14:24 Messaggi: 18

gia gia...era al quanto illegibile qll cosa ma ho fatto il tutto di fretta...chiedo scusa lo ricopio ....

altra informazione cm faccio a terminare bomfeb??

eccolo...v ringrazio per la velocità dello scorso messaggio...spero s ripeta thnks Wink

Logfile of HijackThis v1.99.1
Scan saved at 14.21.19, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\DOCUME~1\Federico\IMPOST~1\Temp\bomfeb.exe
C:\windows\system32\winlogon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
F:\emule\emule.exe
C:\Documents and Settings\Federico\Desktop\programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Programmi\user32.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e44.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e44.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e44a.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Delete active byte meal] C:\Documents and Settings\All Users\Dati applicazioni\city burn delete active\hold inter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bomfeb.exe] C:\DOCUME~1\Federico\IMPOST~1\Temp\bomfeb.exe
O4 - HKLM\..\Run: [modqdhqs] "c:\windows\system32\modqdhqs.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [hidefrag] C:\DOCUME~1\Federico\DATIAP~1\THUNKL~1\blehaim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra 'Tools' menuitem: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://always-in-the-gr0ove89.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AFD1098-C0C2-43C3-A4A2-2E5596A75F94}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

clod · Comune mortale Registrato: 17/04/07 16:26 Messaggi: 3

Ciao a tutti, sarò debitrice se qualcuno mi volesse spiegare cosa devo fare per eliminare queste pagine CiD: che mi si aprono ogni minuto; io dire che sono ignorante in matera è veramente poco, ho letto un pò e ho capito che ci vuole il HijackThis...il problema è che non ho idea di cosa sia!!!!!!! che faccio?

clod · Comune mortale Registrato: 17/04/07 16:26 Messaggi: 3

ho trovato su internet il HijackThis ma cosa devo fare...è tutto in inglese!!!!

Orange · Inviato: 17 Apr 2007 16:43 Oggetto:

@ clod
leggi qui
e poi magari apri un topic tuo..
Very Happy

bdoriano · Inviato: 17 Apr 2007 17:44 Oggetto: Re: ehmm....scusate

clod · Comune mortale Registrato: 17/04/07 16:26 Messaggi: 3

Copio di seguito quello che è uscito fuori dalla scansione fatta

Logfile of HijackThis v1.99.1
Scan saved at 18.33.00, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Smartfix2006\osecurity.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [oSecurity] "C:\Programmi\Smartfix2006\osecurity.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hope mfcd user else] C:\Documents and Settings\All Users\Dati applicazioni\JugsErrorHopeMfcd\antebird.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipDiscount] "C:\Programmi\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Else Pop] C:\DOCUME~1\CLAUDI~1\DATIAP~1\LOCKSB~1\Hope Proc.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0000.1105\it-it\msntabres.dll/230?d287834eca744f22b6e11885da47975
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0000.1105\it-it\msntabres.dll/229?d287834eca744f22b6e11885da47975
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Aggiungi a elenco stampa - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Anteprima - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Stampa - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Stampa ad Alta velocità - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.live.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://claumann.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69D23AE6-2D2B-4861-B745-3491181EF386}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SysZds - Unknown owner - \\?\C:\Programmi\File comuni\System\con.exe (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe

ADESSO COSA FACCIO?

gr00v3 · Mortale pio Registrato: 16/04/07 14:24 Messaggi: 18

grazie ancora....
allora...per qnt riguarda alchol nn capisco perke ma mi ha perso dei file d sistema. Io lo ho usato pokissime volte e nn tanto per masterizzare qnt per creare periferiche virtuali.
Avast mi riconosce tranquillamente i virus mi funziona ed ha anche avvertito la presenza di antivir xp che ho momentaneamente installato per far fare no scan...ora nn so...sai per caso che tipo di errori sono?

gr00v3 · Mortale pio Registrato: 16/04/07 14:24 Messaggi: 18

grazie ancora....
allora...per qnt riguarda alchol nn capisco perke ma mi ha perso dei file d sistema. Io lo ho usato pokissime volte e nn tanto per masterizzare qnt per creare periferiche virtuali.
Avast mi riconosce tranquillamente i virus mi funziona ed ha anche avvertito la presenza di antivir xp che ho momentaneamente installato per far fare no scan...ora nn so...sai per caso che tipo di errori sono?

bdoriano · Inviato: 18 Apr 2007 08:58 Oggetto:

Per quanto riguarda Avast (è parecchio che non lo uso), ho visto che i programmi sono effettivamente attivi (anche se HIjack li segnala come "missing")... quindi non dovrai reinstallarlo (salvo problemi).

Per quanto riguarda Alcohol, forse ti conviene disinstallarlo e poi reinstallarlo (dicendogli di non installare il service StarWind... serve per far usare il masterizzatore agli altri pc in rete).

Sei riuscito a risolvere il problema con il virus?

gr00v3 · Mortale pio Registrato: 16/04/07 14:24 Messaggi: 18

guarda nn riesco a capire perke proprio ieri per conferma ho fatto un antivirus cn avast e mi ha trovato un trojan che ho ordinato di eliminare dopo d ke mi presentava lo stato del pc come infetto...inoltre succedeva na cosa strana: nel momento in cui mi connettevo la connessione prima verificava il nome utente e la password,poi subito dopo essersi connesso cadeva.
alchol alla fine mi serve a poco ma cm vedi avast funziona...ora nn so perke CiD credo di averlo risolto e nn m trova neanke più bomfeb però trovo altri virus.
Nn so se può essere di aiuto allegarti di nuovo il log file di hijack ma ci provo... Confused

grazie...

Sergio636 · Comune mortale Registrato: 22/04/07 15:52 Messaggi: 1

ciao ragazzi, purtroppo anch'io mi sono abbattuto in questo problema del cid. ho seguito tutte le info che mi avete dato, ho installato hijackthis ho seguito le istruzioni in italiano che avete dato, ma con scarso successo! aiutatemi, è davvero una tortura. ora vi mando il log. grazie anticipatamente
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\ASUS\Wireless Console\wcourier.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Programmi\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\ASUS\Asus ChkMail\ChkMail.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bart82\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Suchspur - {5D945E9A-DC10-4670-83EB-99DAA616628A} - C:\WINDOWS\system32\Suchspur.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: (no name) - {EC11A7D2-9AD6-4C57-BB62-571928658E2A} - C:\WINDOWS\system32\cpmctl32.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console] C:\Programmi\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AirCardEnabler] C:\Programmi\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WEB MESS MODE WAY] C:\Documents and Settings\All Users\Dati applicazioni\Build bike web mess\Sizefor.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Programmi\XoftSpy\XoftSpy.exe -s
O4 - HKCU\..\Run: [E06IXLRD_1959718] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FACE DELETE] C:\DOCUME~1\Bart82\DATIAP~1\DrawCopy\bendamenball.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: WinZip Quick Pick.lnk = H:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe