www.MegaLab.it

[Tanty85]

Ciao Ragazzi...ho bisogno del vostro aiuto...è successo sicuramente qocs di grave (spero di no, ma penso di si...)...allora la sera ho spento il pc perfettamente funzionante...il mezzogiorno dopo...puff...allora:
- sparite le connessioni
- apro connessioni di rete ed è vuoto
- provo ad aprire Norton ma non mi considera
- se provo a installare una nuova connessione mi dice che il wireless non trva modem
- non mi vede neanche più le stampante wireless che ho

Aiutatemi vi prego!!!Non vorrei cancellare tutto!!!
Grazie Grazie Grazie mille!!!!!!

[Amantide]

Scarica FindyKill (by Chiquitine29)ed installalo (è in francese però è di facile comprensione).
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt

Poi scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

[Tanty85]

cioè dopo che ho finito tutte e due le scansioni devo scivere un mess di risposta con i log che mi appaiono??scusa ma sono nuova!!

[Amantide]

cioè dopo che ho finito tutte e due le scansioni devo scivere un mess di risposta con i log che mi appaiono??

Si, esatto. Dovrai incollarli in mezzo al tag LOG, così come ti avevo indicato prima.

[Tanty85]

----------------- FindyKill V4.707 ------------------

* User : Taty 2008 - PC-TATY2008
* executed from : C:\Program Files\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 21:59:53 the 10/03/2009
* Windows Vista - Internet Explorer 7.0.6001.18000


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\OGAVerify.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch

Deleted ! - C:\Windows\prefetch\CRAC.EXE-91B2FA15.pf

»»»» Supression files in C:\Windows\system32


»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\Taty 2008\AppData\Roaming


»»»» Supression files in C:\Users\TATY20~1\AppData\Local\Temp


»»»» Supression files in C:\Users\Taty 2008\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\ProgramData\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Users\All Users\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg

--------------- [ Registry / Infected keys ] ----------------


--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unità fissa
D: - Unità fissa
G: - Unità rimovibile

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Taty 2008\AppData\Roaming\Microsoft\Office\Recent\serial.keygen.crack.generator.Microsoft Office Word 2007.LNK
C:\Users\Taty 2008\Desktop\Office 2007-2003 Genuine Advantage (OGA) Cracked [kingbear]
C:\Users\Taty 2008\Desktop\Office 2007-2003 Genuine Advantage (OGA) Cracked [kingbear]\install.bat
C:\Users\Taty 2008\Desktop\Office 2007-2003 Genuine Advantage (OGA) Cracked [kingbear]\OGACheckControl.dll
C:\Users\Taty 2008\Desktop\Office 2007-2003 Genuine Advantage (OGA) Cracked [kingbear]\Readme.txt
C:\Users\Taty 2008\Desktop\Office 2007-2003 Genuine Advantage (OGA) Cracked [kingbear]\uninstall.bat
C:\Users\Taty 2008\Desktop\Tania\Giochi PC\[PC - Game] Need for Speed ProStreet DVD + Seriale + Crack (ITA).iso
C:\Users\Taty 2008\Desktop\Tania\Programmi\rld-sim.crackl.shared.by.N-J0y
C:\Users\Taty 2008\Desktop\Tania\Programmi\The Sims Life Stories-reloaded-Crack.rar
C:\Users\Taty 2008\Desktop\Tania\Programmi\WinRAR.v3.51+ crack.zip
C:\Users\Taty 2008\Desktop\Tania\Programmi\[PC GAME ITA] SimCity 4 Deluxe Edition + Serial + NoCD Crack Sim City
C:\Users\Taty 2008\Desktop\Tania\Programmi\[PC GAME ITA] SimCity 4 Deluxe Edition + Serial + NoCD Crack Sim City.rar
C:\Users\Taty 2008\Desktop\Tania\Programmi\rld-sim.crackl.shared.by.N-J0y\reloaded.nfo
C:\Users\Taty 2008\Desktop\Tania\Programmi\rld-sim.crackl.shared.by.N-J0y\rld-siml.exe
C:\Users\Taty 2008\Desktop\Tania\Programmi\rld-sim.crackl.shared.by.N-J0y\SimsLS.exe
C:\Users\Taty 2008\Desktop\Tania\Programmi\[APP - ITA] - 20000 Basi Midi e Karaoke + Van Basco v2.52\Karaoke\George Harrison\Crackerbox Palace.kar
C:\Users\Taty 2008\Desktop\Tania\Programmi\[APP - ITA] - 20000 Basi Midi e Karaoke + Van Basco v2.52\Karaoke\Zap\Cracklin' Rose (Neil Diamond).kar
C:\Users\Taty 2008\Desktop\Tania\Programmi\[PC GAME ITA] SimCity 4 Deluxe Edition + Serial + NoCD Crack Sim City\Simcity 4 Deluxe Edition CD1.iso
C:\Users\Taty 2008\Desktop\Tania\Programmi\[PC GAME ITA] SimCity 4 Deluxe Edition + Serial + NoCD Crack Sim City\Simcity 4 Deluxe Edition CD2.iso


---------------- ! End of report ! ------------------

[Tanty85]

questo è il primo quello di findykill...dopo che ha finito ti dico già che mi è riapparsa la mia connessione...i computer sono tornati lampeggianti e sembra funzionare tutto bene...continuo con Combinox??Grazie

[Amantide]

questo è il primo quello di findykill...dopo che ha finito ti dico già che mi è riapparsa la mia connessione...i computer sono tornati lampeggianti e sembra funzionare tutto bene...continuo con Combinox??

Si, continua anche con Combofix... anche perché, ammeno che non hai eseguito il FindyKill per due volte e non hai postato solo il secondo log, questo ha rimosso ben poco e quindi non capisco come mai il tuo problema si è risolto

[Tanty85]

forse perché prima avevo sgeuito le istruzioni di qualcun'altro che mi faceva fare con Fidykill prima 1 anzichè 2 che mi hai fatto fare tu, e l'ho fatto poi ho lanciato comboFix ma non avevo risolto niente...ora invece appena ho finito con Findykill è partita la connessione comunque adesso ti posto qui sotto il rapporto di ComboFix...

ComboFix 09-03-10.01 - Taty 2008 2009-03-10 22.21.58.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3070.2073 [GMT 1:00]
Eseguito da: c:\users\Taty 2008\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2009-02-10 al 2009-03-10 )))))))))))))))))))))))))))))))))))
.

2009-03-10 21:53 . 2009-03-10 22:05 <DIR> d-------- c:\program files\FindyKill
2009-03-09 21:36 . 2009-03-09 21:36 <DIR> d-------- c:\program files\Eset
2009-03-09 21:15 . 2009-03-10 14:06 <DIR> d-a------ c:\users\All Users\TEMP
2009-03-09 21:15 . 2009-03-10 14:06 <DIR> d-a------ c:\progra~2\TEMP
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\users\TATY20~1\AppData\Roaming\Simply Super Software
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\users\Taty 2008\AppData\Roaming\Simply Super Software
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\users\All Users\Simply Super Software
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\program files\Trojan Remover
2009-03-09 21:14 . 2009-03-09 21:14 <DIR> d-------- c:\progra~2\Simply Super Software
2009-03-09 21:14 . 2006-05-25 14:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2009-03-09 21:14 . 2003-02-02 19:06 153,088 --a------ c:\windows\System32\UNRAR3.dll
2009-03-09 21:14 . 2005-08-26 00:50 77,312 --a------ c:\windows\System32\ztvunace26.dll
2009-03-09 21:14 . 2002-03-06 00:00 75,264 --a------ c:\windows\System32\unacev2.dll
2009-03-09 21:14 . 2006-06-19 12:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2009-03-08 20:03 . 2009-03-08 20:03 69 --a------ c:\windows\NeroDigital.ini
2009-03-07 12:37 . 2009-03-07 12:37 <DIR> d-------- c:\windows\Sun
2009-03-06 19:50 . 2009-03-10 21:01 <DIR> d--h----- c:\users\TATY20~1\AppData\Roaming\drivers
2009-03-06 19:50 . 2009-03-10 21:01 <DIR> d--h----- c:\users\Taty 2008\AppData\Roaming\drivers
2009-02-19 21:24 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\System32\drivers\symndisv.sys
2009-02-19 11:31 . 2009-02-19 11:31 24,112 --a------ c:\windows\System32\drivers\SymIMV.sys
2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\System32\drivers\SymRedir.cat
2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\System32\drivers\SymRedir.inf
2009-02-15 18:56 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 18:56 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 18:56 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 18:56 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 18:56 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 12:54 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 12:54 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 20:50 --------- d-----w c:\program files\KaraFun
2009-03-10 18:37 --------- d-----w c:\program files\Hewlett-Packard
2009-03-09 20:43 --------- d-----w c:\users\TATY20~1\AppData\Roaming\GTek
2009-03-09 20:43 --------- d-----w c:\users\Taty 2008\AppData\Roaming\GTek
2009-03-09 17:58 --------- d-----w c:\program files\Norton 360
2009-03-09 17:58 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-09 17:58 --------- d-----w c:\progra~2\HP Product Assistant
2009-03-06 19:06 --------- d-----w c:\progra~2\NVIDIA
2009-03-06 18:50 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-25 21:02 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-19 20:23 --------- d-----w c:\program files\Windows Live
2009-02-16 19:41 27,715 ----a-w c:\users\TATY20~1\AppData\Roaming\nvModes.dat
2009-02-16 19:41 27,715 ----a-w c:\users\Taty 2008\AppData\Roaming\nvModes.dat
2009-02-12 18:59 --------- d-----w c:\users\TATY20~1\AppData\Roaming\Skype
2009-02-12 18:59 --------- d-----w c:\users\Taty 2008\AppData\Roaming\Skype
2009-02-11 12:14 --------- d-----w c:\program files\Windows Mail
2009-02-08 17:08 --------- d-----w c:\users\TATY20~1\AppData\Roaming\skypePM
2009-02-08 17:08 --------- d-----w c:\users\Taty 2008\AppData\Roaming\skypePM
2009-02-06 19:01 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-01 19:06 --------- d-----w c:\program files\Yontoo Layers Client for Internet Explorer
2009-02-01 19:06 --------- d-----w c:\progra~2\Tarma Installer
2009-01-22 11:52 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-22 11:52 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-22 11:52 --------- d-----w c:\program files\Symantec
2009-01-18 22:12 --------- d-----w c:\progra~2\Symantec
2008-12-31 16:04 528,744 ----a-w c:\windows\System32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\System32\OGAAddin.dll
2008-12-24 11:59 372,783 ----a-w c:\windows\Screen Ugly54.scr
2008-11-12 12:02 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-12 12:02 56 ---ha-w c:\progra~2\ezsidmv.dat
2008-09-22 17:48 174 --sha-w c:\program files\desktop.ini
2008-06-18 18:33 13,012 ----a-w c:\users\Taty 2008\Bubblets.dat
2008-05-11 10:08 22,644 ----a-w c:\program files\filelist.txt
2008-03-27 12:40 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-27 12:40 32 ----a-w c:\progra~2\ezsid.dat
2008-03-26 20:43 2,402,320 ----a-w c:\users\Taty 2008\Messenger.exe
2003-04-11 05:35 274,432 ----a-w c:\program files\eauninstall.exe
2003-04-11 05:16 364,544 ----a-w c:\program files\SC4_UNINST.EXE
2003-03-28 01:35 70,878,429 ----a-w c:\program files\SimCity_1.dat
2003-03-28 01:35 129,061,232 ----a-w c:\program files\SimCity_2.dat
2003-03-28 01:35 110,195,371 ----a-w c:\program files\SimCity_3.dat
2003-03-28 01:35 103,486,981 ----a-w c:\program files\SimCity_4.dat
2003-03-28 01:35 103,004,482 ----a-w c:\program files\SimCity_5.dat
2003-03-28 01:35 102,921,266 ----a-w c:\program files\Sound.dat
2003-03-28 00:31 9,444 ----a-w c:\program files\Video Cards.sgr
2003-03-28 00:24 19,116 ----a-w c:\program files\Graphics Rules.sgr
2003-03-28 00:20 10,134 ----a-w c:\program files\eauninstall.ico
2008-10-13 16:57 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-13 16:57 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-13 16:57 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-10_21.12.15.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-10 20:04:06 7,352 ----a-w c:\windows\bthservsdp.dat
+ 2009-03-10 20:58:13 6,604 ----a-w c:\windows\bthservsdp.dat
- 2009-03-10 20:05:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-10 20:59:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-10 20:05:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-10 20:59:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-10 20:06:08 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-10 21:00:14 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-10 21:00:14 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-10 20:06:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-10 21:00:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-03-10 20:06:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-10 20:59:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-10 20:06:01 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-10 20:59:50 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-10 20:06:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-10 20:59:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-10 19:58:40 101,556 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-10 21:06:56 101,556 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-10 19:58:41 120,666 ----a-w c:\windows\System32\perfc010.dat
+ 2009-03-10 21:06:56 120,666 ----a-w c:\windows\System32\perfc010.dat
- 2009-03-10 19:58:41 587,484 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-10 21:06:56 587,484 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-10 19:58:41 663,170 ----a-w c:\windows\System32\perfh010.dat
+ 2009-03-10 21:06:56 663,170 ----a-w c:\windows\System32\perfh010.dat
- 2009-03-10 20:07:51 12,410 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-531358516-4118287844-1083438711-1000_UserData.bin
+ 2009-03-10 21:01:27 12,560 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-531358516-4118287844-1083438711-1000_UserData.bin
- 2009-03-10 20:07:51 84,962 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-10 21:01:27 84,978 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-10 19:55:32 56,520 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-10 21:01:23 56,520 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 08:40 192960 --------- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-02-06 1036640]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-09 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2009-03-09 988512]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-09 1303432]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-30 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tbjqft.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-531358516-4118287844-1083438711-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BEFF7975-0F8C-43B2-8C00-47FE8F0F2C60}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{9850EA47-725B-484D-B8B3-1A8770AFE626}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{19EA3698-B235-47D9-AFC2-1A2DB2B6E424}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{939C8CCD-EBE8-4E77-9A2E-191285F5973F}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{BFA311FB-BE3B-49E1-933C-5DE005643B40}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{4350B14F-29E4-45F0-B943-B0F889769464}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{9EABB65A-B754-4FED-9B6F-BC3C8AE84CB8}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{DD336CC8-B87A-4BB2-8D51-017BEBA2B4DE}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{C1208205-23BB-4364-AE1D-E678724DB461}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{11140054-4470-49E1-98C3-4B925D16DB07}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{2B1E5DF3-CE84-4B9D-B543-B48ACB4D91D8}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{B07AE44C-5789-4661-8FE8-04A8E4406B51}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{59F1694F-FCBF-44A7-99D1-3133BBEFA857}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{5C1FEB21-A716-4019-9FC0-514FF607B0A8}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{1A4C8B22-D173-4E61-B374-795A843E3F91}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{A9F7D2B1-A21B-4446-96D8-CEBFF01EA7C5}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{188FA873-AE1B-4D76-AE8F-942530873000}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{37727A45-0C9A-4132-9202-4BC096C86740}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{CCBBF607-0A78-4798-8A52-9D796A0446EE}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{0323AC17-C858-4DAA-BCD2-08366D2ADCB1}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{A67CAC04-DEAF-4BE4-83E1-FF02E5E32E65}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{BEA709CC-9351-4319-97E1-28DF81724264}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{5BAE0B9A-405F-419F-8126-630DB9C562F4}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{47899C76-9CC9-4FDC-B867-321D6BC64184}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"TCP Query User{A41FB04E-7B0C-41DE-A46B-CECBC3A5C12B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{40255A77-44D7-4375-81FB-4A783E3E3B6B}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{8EE5DCDC-B52C-406D-8B13-50FFA99B3421}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{093AAA80-A0AE-4958-A724-86F22C38DA06}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{EFA2CE8F-38EF-43F8-BE17-77DA0C54C8AA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{394FB335-464A-4785-ABC2-14B58014CA79}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090303.001\IDSvix86.sys [2009-03-05 270384]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-19 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f898278-4877-11dd-91be-001e37a7111b}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7588e14a-9946-11dd-9427-001e37a7111b}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7588e150-9946-11dd-9427-001e37a7111b}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4fab8de-af52-11dd-8cc6-001e37a7111b}]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=home
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm177YYIT
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 22:24:38
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3632)
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll
.
Ora fine scansione: 2009-03-10 22.27.32
ComboFix-quarantined-files.txt 2009-03-10 21:27:28
ComboFix2.txt 2009-03-10 20:24:18
ComboFix3.txt 2009-03-10 20:13:51

Pre-Run: 115.523.616.768 byte disponibili
Post-Run: 115,490,406,400 byte disponibili

287 --- E O F --- 2009-02-25 19:43:59

[Amantide]

poi ho lanciato comboFix ma non avevo risolto niente

Ah, ecco!! Ora si che mi ridanno i conti. Forse dopo aver eseguito anche FindyKill il pc si è riavviato e solo al riavvio sono apparsi visibili gli effetti della scansione con Combofix.

Ora il pc dovrebbe essere pulito, nel log non si vede nient'altro di sospetto.

[Tanty85]

ok se dovessi avere bisogno ti ricontatto...ma devo cancellare combofix e findykill??Grazie

[Tanty85]

ultima cosa, sono connessa ma non riesco a connetermi a internet, in centro connessioni di rete mi dice che da Pc TAty a rete non identificata è ok ma dalla rete ad internet c'è una bella croce rossa...secondo te cosa devo fare??

[Amantide]

ok se dovessi avere bisogno ti ricontatto...ma devo cancellare combofix e findykill??Grazie

A questo punto direi di si.
Per rimuovere Combofix vai su Start>> Esegui e digita combofix /u, FindyKill invece puoi rimuovere dal pannello di controllo.

ultima cosa, sono connessa ma non riesco a connetermi a internet, in centro connessioni di rete mi dice che da Pc TAty a rete non identificata è ok ma dalla rete ad internet c'è una bella croce rossa...secondo te cosa devo fare??

Postami il log di Hijackthis, vediamo se riusciamo a scavare il problema.

[Tanty85]

ehm...scusa...maaaa... cos'è il log di Hijafitc cioè quello che mi hai scritto?

[Amantide]

ehm...scusa...maaaa... cos'è il log di Hijafitc cioè quello che mi hai scritto?

Google?
http://www.trendsecure.com/portal/en-US ... s/download
http://www.MegaLab.it/2286/pagina-inizi ... hijackthis

[Tanty85]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.11.00, on 10/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.113.72
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Piylzq2tOn.lnk = C:\Users\Taty 2008\AppData\Local\Temp\mfjwtwos.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm177YYIT
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: tbjqft.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

--
End of file - 13328 bytes

[Tanty85]

Anche Norton non funziona...clicco sull'icona ma non funziona...comunque quello al max lo reinstallo...

[Amantide]

Rifai la scansione con Hijackthis, seleziona le seguenti voci e clicca su Fix Checked:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.113.72
O4 - Startup: Piylzq2tOn.lnk = C:\Users\Taty 2008\AppData\Local\Temp\mfjwtwos.exe
O20 - AppInit_DLLs: tbjqft.dll

Poi abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti) e controlla se è ancora presente il file che ho evidenziato in rosso.

Anche Norton non funziona...clicco sull'icona ma non funziona...comunque quello al max lo reinstallo...

Si, questo dev'essere reinstallato. Se vuoi azzardare di cambiare l'antivirus con uno migliore, ti consiglio Avira.

[Tanty85]

Ciao!!!Allora ho fatto tutto come mi hai detto...mi sono intrippata solo su una cosa, avendo VIsta, non trovo come visualizzare i contenuti nascosti di una cartella ...pardon!!

[Amantide]

Ciao!!!Allora ho fatto tutto come mi hai detto...mi sono intrippata solo su una cosa, avendo VIsta, non trovo come visualizzare i contenuti nascosti di una cartella ...pardon!!

Ops... scusa... avevo fatto il copia-incolla delle istruzioni

Guarda le istruzioni in questo articolo http://www.MegaLab.it/2707/disabilitare ... dows-vista

[Tanty85]

Figurati...sei stata gentilissima!!!Allora no quel file che mi hai evidenziato non ce l'ho...però ti posso dire che Internet non funziona...uffi che nocciole...come sono noiosi quando si ci mettono questi pc!!