www.MegaLab.it

[cafettiere]

salve sono nuovo ma sono diversi giorni che mi si annidono in quarantena non so quanti virus (troyan-dieler) e ancora come(link optimizer).
ho chiesto aiuto al forum di libero e dopo vari tentativi che io non sono riuscito a fare mi e stato dato questo link.
ho scaricato hijack this ma non so cosa devo cancellare vi allego il post[url]
non riesco ad allegre il post che mi ha dato hijack [/url]

[crazy.cat]

Copia tutto il testo del log e incollalo qui nella discussione senza allegare niente altro.

[cafettiere]

ok grazie


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.28.19, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\windows\system32\svchost.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9IJ9NV5\SystemDoctor2006FreeInstall_it[1].exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Temporary Internet Files\Content.IE5\80SB341O\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3bf2c56e-e2d6-493e-9dce-a8c8edd8bf80} - C:\WINDOWS\system32\mprext.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp4.tmp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\wvtqop.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: fpxr.exe
O4 - Startup: qbrfmcv.exe
O4 - Startup: rfdoy.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ciaccarella20.spaces.live.com//P ... nPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E806AA6-2A71-4566-AEE3-FED1B6DE006E}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mprext - C:\WINDOWS\SYSTEM32\mprext.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

--
End of file - 8023 bytes

[crazy.cat]

Qui ci sono parecchi problemi visibili (e chissà quanti altri non visibili)
Utilizza unlocker o killbox per eliminare i file indicati qui sotto, poi rifai la scansione con hijackthis selezioni le caselle delle righe indicate e premi fix checked per eliminarle.
O2 - BHO: (no name) - {3bf2c56e-e2d6-493e-9dce-a8c8edd8bf80} - C:\WINDOWS\system32\mprext.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp4.tmp.dll
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\wvtqop.dll",realset
O4 - Startup: fpxr.exe
O4 - Startup: qbrfmcv.exe
O4 - Startup: rfdoy.exe
O20 - Winlogon Notify: mprext - C:\WINDOWS\SYSTEM32\mprext.dll

Il consiglio è sempre quello di eliminare morton antivirus e installare un vero antivirus
http://www.activevirusshield.com/antivi ... /index.adp?
Hai un firewall installato?

[BilloKenobi]

ciao

volevo farti una domanda. prima di effettuare la pulizia che ti ha consigliato crazy.cat, puoi farmi un favore? volevo dare un'occhiata a questo virus che hai sul pc, se mi facessi questo lavoretto veloce mi faresti davvero un piacere.

volevo chiederti se per favore potevi scaricare systemscan

estrailo, avvialo, metti la spunta solo a "Network Settings" e poi premi "Scan". poi vai su www.easy-share.com e metti lì il suo log (che trovi in C:\suspectfile\report.txt). poi dacci il link per scaricarlo (solo quello per scaricarlo, non quello per eliminarlo dal sito di hosting)

te l'ho chiesto perché ho di recente aiutato un utente con lo stesso problema, e vorrei vedere se il vostro virus apre delle porte sul pc infetto, e a quale indirizzo.

grazie davvero

[cafettiere]

questi sono i virus che ho trovato facendo la scanzione on line
C:\WINDOWS\vmm32dll.exe è infettato con Dialer.Generic
C:\WINDOWS\Downloaded Program Files\18.exe è infettato con Dialer.Generic
C:\WINDOWS\Downloaded Program Files\AUTO_154N.exe è infettato con Dialer.Sfonditalia
C:\WINDOWS\Downloaded Program Files\AUTO_220N.exe è infettato con Dialer.Sfonditalia
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\AUTO_220N.exe è infettato con Dialer.Sfonditalia
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\18.exe è infettato con Dialer.Generic
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AUTO_220N.exe è infettato con Dialer.Sfonditalia
C:\Programmi\File comuni\{3C1574D4-07C9-1040-0228-020227020027}\UnInstall.exe è infettato con Adware.MaxSearch
C:\Documents and Settings\Salvatore\Dati applicazioni\UI_Up_SysD32.exe è infettato con Dialer.Generic

[cafettiere]

ciao
ho scaricato sistemscan l'ho avviato ed ho tolto gli altri spunto e ho messo
lo spunto solo su network setting e ho fatto scan.

sono andato su www.easy-share.com e qui non ho capito quello che devo fare (metti li il suo logo) COSA.
perche sono andato in c:\suspectfile\report e qui cosa devo fare dimmelo + semplice anche il fatto del link cosè e dove lo prendo.

SCUSAMI MA NON CI CAPISCO TANTO SE MI POTETE GUIDARE SAREBBE MEGLIO GRAZIE MOLTO

[crazy.cat]

Intanto installati virit
http://www.tgsoft.it/italy/index_ita.html
e dai una spazzolata a qualche virus con questo.

[BilloKenobi]

grazie per aver usato il programma. per log si intende il responso del programma stesso, che viene solitamente salvato come un file di testo con estensione .txt o .log

systemscan lo salva in C:\suspectfile\report.txt

quel sito serve per mettere on line dei file. c'è una bella scritta

Upload your file now

e sotto una casella dove inserire il percorso del file. copia/incolla C:\suspectfile\report.txt in quello spazio, poi premi Upload

otterrai una pagina che ti dirà quale indirizzo url serve per scaricare il file. diccela

ciauz

[cafettiere]

http://w13.easy-share.com/1182066.html

[cafettiere]

ho fatto la scanzione con l'antivirus suspectfile che mi avete detto uno di voi moderatori .
poi ho rifatto la scanzione con hijackthis e mi sono uscite queste cose mica sono le stesse di prima?
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.56.10, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3bf2c56e-e2d6-493e-9dce-a8c8edd8bf80} - C:\WINDOWS\system32\mprext.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [tskqufkr] "c:\windows\system32\tskqufkr.exe"
O4 - HKLM\..\Run: [ycvhaa.exe] C:\WINDOWS\TEMP\ycvhaa.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\mlklii.dll",realset
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ciaccarella20.spaces.live.com//P ... nPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E806AA6-2A71-4566-AEE3-FED1B6DE006E}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mprext - C:\WINDOWS\SYSTEM32\mprext.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Virit eXplorer+Lite (viritsvclite) - Unknown owner - viritsvc.exe (file missing)

--
End of file - 8094 bytes

[crazy.cat]

Qualcosa rispunta fuori cambiando anche nome.
O4 - HKLM\..\Run: [tskqufkr] "c:\windows\system32\tskqufkr.exe"
O4 - HKLM\..\Run: [ycvhaa.exe] C:\WINDOWS\TEMP\ycvhaa.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\mlklii.dll",realset
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com

O2 - BHO: (no name) - {3bf2c56e-e2d6-493e-9dce-a8c8edd8bf80} - C:\WINDOWS\system32\mprext.dll

Evidentemente l'infezione è molto ampia e non si vede tutta nel log.
Puoi provare a fare una scansione sul sito della kaspersky e così vediamo quanti virus ci sono, salvati il log alla fine e incollalo nella discussione.

[cafettiere]

ho fatto la scanzione on line su kaspersky come mi hai detto qesto e il responso fammi saper se posso risolvere il problema .
perche mi sembra di avere qualche porta aperta che mi fa entrare tutti questi virus.
ecco il responso della scanzione:

Scan Statistics
Total number of scanned objects 25963
Number of viruses found 6
Number of infected objects 21 / 0
Number of suspicious objects 0
Duration of the scan process 02:18:23

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80000.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0000.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0001.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000000.VBN Infected: Exploit.Win32.IMG-ANI.k skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Salvatore\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Salvatore\Dati applicazioni\UI_Upd_SYS.exe Infected: Trojan.Win32.Agent.qc skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Cronologia\History.IE5\MSHist012007061020070611\index.dat Object is locked skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\ca.exe Infected: Trojan.Win32.VB.azv skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\crack.exe Infected: Trojan.Win32.VB.azv skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\ff.exe Infected: Trojan.Win32.VB.azv skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp1.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp1A7.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp3CB.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp4.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp7.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp92.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmpA3.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmpA7.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmpAD.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmpE.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temporary Internet Files\Content.IE5\MLGLUDSP\nauj[1] Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\ntuser.dat Object is locked skipped

C:\Documents and Settings\Salvatore\ntuser.dat.LOG Object is locked skipped

C:\Programmi\eMule\Temp\051.part/setup.exe Infected: P2P-Worm.Win32.Kapucen.ac skipped

C:\Programmi\eMule\Temp\051.part RAR: infected - 1 skipped

Scan was interrupted by user!

[crazy.cat]

Scansione che hai interrotto.

Scan was interrupted by user!

Aparte i virus in quarantena di norton, cioè i primi 4 che vedi

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80000.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0000.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0001.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000000.VBN Infected: Exploit.Win32.IMG-ANI.k skipped

questo file prova a cancellarlo a mano o uso killobox per eliminarlo

C:\Documents and Settings\Salvatore\Dati applicazioni\UI_Upd_SYS.exe Infected: Trojan.Win32.Agent.qc skipped

qui elimina tutti i file della cartella temp, puoi usare Ccleaner per fare una pulizia migliore.

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\ca.exe Infected: Trojan.Win32.VB.azv skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\crack.exe Infected: Trojan.Win32.VB.azv skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\ff.exe Infected: Trojan.Win32.VB.azv skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp1.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp1A7.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp3CB.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp4.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp7.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmp92.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmpA3.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmpA7.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmpAD.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\tmpE.tmp.exe Infected: Trojan.Win32.BHO.g skipped

C:\Documents and Settings\Salvatore\Impostazioni locali\Temporary Internet Files\Content.IE5\MLGLUDSP\nauj[1] Infected: Trojan.Win32.BHO.g skipped

qui stai scaricando qualcosa di infetto.

C:\Programmi\eMule\Temp\051.part/setup.exe Infected: P2P-Worm.Win32.Kapucen.ac skipped

C:\Programmi\eMule\Temp\051.part RAR: infected - 1 skipped

[cafettiere]

cancellato manualmente:
C:\Documents and Settings\Salvatore\Dati applicazioni\UI_Upd_SYS.exe Infected: Trojan.Win32.Agent.qc skipped

[cafettiere]

non riesco a eliminare 015 come devo fare?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8.46.14, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3bf2c56e-e2d6-493e-9dce-a8c8edd8bf80} - C:\WINDOWS\system32\mprext.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmpB.tmp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\hgdeba.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ciaccarella20.spaces.live.com//P ... nPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E806AA6-2A71-4566-AEE3-FED1B6DE006E}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mprext - C:\WINDOWS\SYSTEM32\mprext.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Virit eXplorer+Lite (viritsvclite) - Unknown owner - viritsvc.exe (file missing)

--
End of file - 7729 bytes

[rentonboy]

prova a farlo da modalità provvisoria e non connesso...

[cafettiere]

non riesco a rimuovere dei siti (da siti attandibili) li evidenzio a clicco su
rimuovi e vanno via faccio ok ed esco. Ma ci rientro di nuovo e sono ancora li. l'ho fatto anche in modalità provv. ed e la stessa cosa
C'è un altro modo per eliminarli?
Che non siano loro che tengono la porta aperta per tutti questi virus che trovo?
sono siti porno.
Poi trovo nella scazione del registro file infetti da BHO,Agent,es.
sto usando come antivirus VirIT eXplorer lite 6.1.90 poi ho simantec client securty ad aware, ccleniar
poi allimprovviso va in funzione della musica da solo ma non si accende wmp.
LO schermo mi sfarfalla a volte e si blocca non c'è la faccio piu mi petete aiutare ho fatto tutto quello che mi avete detto ma il risultato e sempre lo stesso.
POI SE LO DEVO FORMATTARE MI DITE COME FARE?
vi ringrazio gia da adesso ma anche in seguito.

[crazy.cat]

Passa ad un vero antivirus

Il consiglio è sempre quello di eliminare morton antivirus e installare un vero antivirus
http://www.activevirusshield.com/antivi ... /index.adp?
Hai un firewall installato?

[rentonboy]

ascolta crazy e cambia antivirus