Olimpo Informatico

[petunia]

Ciao ragazzi!! sono nuova nel forum!! vi ho conosciuto girovagando in rete alla dispetrata ricerca di un aiuto per risolvere un problema che da tempo mi affligge: penso che il mio pc sia stato infettato da un virus, dato che mi capita spesso che mi si blocca, o mi si disconnette.
Ora ho risolto (leggendovi) il problema del messaggio che mi compariva Generic Host process win 32 e che mi comportava la disconnessione immediata da internet; altro problema che spero avere risolto (sempre con i vostri consigli ) era che mi si apriva in automatico la cartella documenti all'avvio....
ora, è rimasto da sconfiggere questo "Runtime error 204 at 13142501" che mi crea problemi sia quando sto in internet, sia quando lavoro con word....

ho fatto una scansione e vi posto il "risultato" (scusate la mia carente padronanza di linguagio tecnico-informatico, ma sono un autodidatta )


Logfile of HijackThis v1.99.1
Scan saved at 23.13.01, on 07/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\DOCUME~1\Laura\IMPOST~1\Temp\bak\1083888.exe
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MUSTEK 1248UB\Driver\WATCH.exe
C:\Programmi\Web Accelerator\slipgui.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Web Accelerator\bak\slipcore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Documents and Settings\Laura\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.romoloromani.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.olidata.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 160.128.161.153 bute2ieh.com
O1 - Hosts: 98.142.154.12 catolcwxcav.com
O1 - Hosts: 164.105.11.128 ukjp9mn2.com
O1 - Hosts: 26.61.135.9 vkipqugtsx.com
O1 - Hosts: 74.155.15.232 wvdimh98zhq.com
O1 - Hosts: 21.43.177.216 zobcslgff.com
O1 - Hosts: 217.65.130.117 fullows.com
O1 - Hosts: 7.19.148.180 thumbstring.net
O1 - Hosts: 46.227.219.28 wschooler.com
O1 - Hosts: 237.198.174.168 addwjf6zoy.com
O1 - Hosts: 42.9.237.234 itqoipyqsq.com
O2 - BHO: Class - {79D5FD0B-EDC6-268C-D5B0-84099F83436C} - C:\WINDOWS\xlixg1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [zzz_ImInstaller_Magentic] C:\Documents and Settings\Laura\Impostazioni locali\Temp\ImInstaller\Magentic\magentic_install.exe -startup -product Magentic
O4 - HKLM\..\Run: [yatdd] "C:\DOCUME~1\Laura\IMPOST~1\Temp\bak\1083888.exe"
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\System32\xydzyh.exe
O4 - HKLM\..\Run: [pstg1.exe] C:\WINDOWS\Temp\pstg1.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [MS DLL Library Manager] C:\WINDOWS\System32\dllsys64.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [yatdd] "C:\DOCUME~1\Laura\IMPOST~1\Temp\bak\1083888.exe"
O4 - Global Startup: Watch.lnk = C:\Programmi\MUSTEK 1248UB\Driver\WATCH.exe
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Programmi\Web Accelerator\slipgui.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Mostra immagine originale - res://C:\Programmi\Web Accelerator\gui_resource.dll/328
O8 - Extra context menu item: Mostra tutte le immagini originali - res://C:\Programmi\Web Accelerator\gui_resource.dll/327
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202333708839
O17 - HKLM\System\CCS\Services\Tcpip\..\{F33BC3DD-9099-4A3B-809C-88FB0CBDA140}: NameServer = 193.70.152.25 193.70.192.25
O18 - Protocol: dea - {615A0247-8069-11D2-A019-204C4F4F5020} - C:\Programmi\DeaPro\DeaApp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\com5.oby
O20 - Winlogon Notify: upsctrl0 - upsctrl0.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Indexing Helps (Indexingbox) - Unknown owner - %WINDIR%\system\svchest.exe (file missing)


se qualcuno mi potesse aiutare gliene sarei gratissima!!!

[ste_95]

C'è più di un'infezione:

Esegui una scansione con FindAWF e postane il log.

Esegui entrambe le scansioni con GMER come spiegato qui.

[petunia]

grazie!! appena arrivo a casa faccio quanto mi hai detto poi posto i risultati!! grazie ancora

Ps volevo specificare che come antivirus sto usando AVG e Avast (versioni free) il sistema operativo è windows xp home edition e il pc è un portatitile olidata

[petunia]

Eccomi!!
Questi sono i log delle scansioni
1) scansione effettuata con FindAWF

Logfile of HijackThis v1.99.1
Scan saved at 23.13.01, on 07/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\DOCUME~1\Laura\IMPOST~1\Temp\bak\1083888.exe
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MUSTEK 1248UB\Driver\WATCH.exe
C:\Programmi\Web Accelerator\slipgui.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Web Accelerator\bak\slipcore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Documents and Settings\Laura\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.romoloromani.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.olidata.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 160.128.161.153 bute2ieh.com
O1 - Hosts: 98.142.154.12 catolcwxcav.com
O1 - Hosts: 164.105.11.128 ukjp9mn2.com
O1 - Hosts: 26.61.135.9 vkipqugtsx.com
O1 - Hosts: 74.155.15.232 wvdimh98zhq.com
O1 - Hosts: 21.43.177.216 zobcslgff.com
O1 - Hosts: 217.65.130.117 fullows.com
O1 - Hosts: 7.19.148.180 thumbstring.net
O1 - Hosts: 46.227.219.28 wschooler.com
O1 - Hosts: 237.198.174.168 addwjf6zoy.com
O1 - Hosts: 42.9.237.234 itqoipyqsq.com
O2 - BHO: Class - {79D5FD0B-EDC6-268C-D5B0-84099F83436C} - C:\WINDOWS\xlixg1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [zzz_ImInstaller_Magentic] C:\Documents and Settings\Laura\Impostazioni locali\Temp\ImInstaller\Magentic\magentic_install.exe -startup -product Magentic
O4 - HKLM\..\Run: [yatdd] "C:\DOCUME~1\Laura\IMPOST~1\Temp\bak\1083888.exe"
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\System32\xydzyh.exe
O4 - HKLM\..\Run: [pstg1.exe] C:\WINDOWS\Temp\pstg1.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [MS DLL Library Manager] C:\WINDOWS\System32\dllsys64.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [yatdd] "C:\DOCUME~1\Laura\IMPOST~1\Temp\bak\1083888.exe"
O4 - Global Startup: Watch.lnk = C:\Programmi\MUSTEK 1248UB\Driver\WATCH.exe
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Programmi\Web Accelerator\slipgui.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Mostra immagine originale - res://C:\Programmi\Web Accelerator\gui_resource.dll/328
O8 - Extra context menu item: Mostra tutte le immagini originali - res://C:\Programmi\Web Accelerator\gui_resource.dll/327
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202333708839
O17 - HKLM\System\CCS\Services\Tcpip\..\{F33BC3DD-9099-4A3B-809C-88FB0CBDA140}: NameServer = 193.70.152.25 193.70.192.25
O18 - Protocol: dea - {615A0247-8069-11D2-A019-204C4F4F5020} - C:\Programmi\DeaPro\DeaApp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\com5.oby
O20 - Winlogon Notify: upsctrl0 - upsctrl0.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Indexing Helps (Indexingbox) - Unknown owner - %WINDIR%\system\svchest.exe (file missing)

2) scansioni effettuate con gmer

edit by bdoriano: log eliminato perché incompleto. I logs di GMER vanno caricati su FreeFileHosting come indicato qui.


ora confido nella vostra immensa gentilezza , chiedo perdono se ho fatto qualche pasticcio (non sono un genio dell'informatica ) ed incrocio le dita!!!

[bdoriano]

Data la varietà di infezioni che ti ritrovi sul pc, facciamo prima delle pulizie generali.

Scarica Norman Malware Cleaner e drWeb CureIt.
Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria.
Avvia drWeb CureIt e fagli fare la scansione completa.
Avvia Norman Malware Cleaner e fagli fare la scansione completa.
Viene generato un log sul desktop chiamandolo NFix_2008-02-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.

Poi, segui le istruzioni di questo topic per postare il log di combofix.

[petunia]

io mi connetto d internet tramite cell e non riesco a scaricare questi file c'è un'alternativa??

[bdoriano]